HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

Example B-1 Response Program

#include <stdio.h>

#include <stdlib.h>

int main(int argc, char **argv) {

#if 0 /* insert your response code here */

int i;

for(i=0; i < argc; i++) {

fprintf(stderr, "argv[%d] = %s n", i, argv[i]);

}

#endif

exit(0);

}

Sample Shell Script Alert Responses

IMPORTANT: Some of these sample shell scripts require root privileges. It must not

be run as setuid root. These scripts are for illustrative purposes only. Having a privileged

setuid shell script on your system makes it vulnerable to a well known race condition

attack, which enables a nonprivileged user to easily acquire a root shell and gain

complete control of the system.

For shell scripts that require root privilege, follow the instructions in “Writing Privileged

Response Programs” (page 202).

208 Automated Response for Alerts