HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Forwarding Information
The response script program can either send the alerts to the user through an email or
store the alerts in a log file.
Sending an Email
HP-UX HIDS logs alerts to a file on the local system and sends the alert information
to the HP-UX HIDS System Manager. Alert information can also be sent through email,
as demonstrated in the following script:
Example B-2 Sending Alerts Through Email
#!/usr/bin/sh
#
# Sample HP-UX HIDS alert response script
#
# Send an e-mail to root if a severity 1 alert is received
# Replace this comment with the target e-mail address
RECIPIENT=”root”
# If there is a severity 1 alert then send the details in
#e-mail
if [ $3 = “1” ]
then
echo “$8” | /usr/bin/mailx -s “$7” ${RECIPIENT}
fi
Logging to a Central syslog Server
While the HP-UX HIDS System Manager provides a central location for alerts, you can
also log alerts to a syslog server. The following script shows how this can be done.
Sample Response Programs 209