HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

251

252

253

254

255

256

257

258

259

260

Example E-1 Example of a Sample Surveillance Schedule Text File

Following example illustrates the usage of the different keywords in a sample

surveillance schedule text file:

SCHEDULE FileAndLoginMonitoringAlwaysOn

GLOBALS

aggregation | 1

rt_alerts | 0

aggr_tuples | ^/usr/lbin/swagent$, 28800

suppression | 1

suppression_report | 1

suppression_interval | 6h

suppression_count | 100

suppression_targets_to_ignore | ^/etc/passwd$ |

^/etc/group$ | ^/stand/vmunix$ | ^/stand/system$ |

^/\.rhosts$ | ^/etc/inetd\.conf$

ENDGLOBALS

GROUPPERIOD

NAME FileModificationGroup

GMT 0

STARTTIME 0:0:0

ENDTIME 23:59:6

GROUP FileModificationGroup

ENDGROUP

ENDGROUPPERIOD

GROUPPERIOD

NAME LoginMonitoringGroup

GMT 0

STARTTIME 0:0:0

ENDTIME 23:59:6

GROUP LoginMonitoringGroup

ENDGROUP

ENDGROUPPERIOD

ENDSCHEDULE

Group Files

Each group file contains the settings of the template properties for a particular group.

These files contain the following keywords and syntax:

TEMPLATE <template name><Template property specification>

<Template property specification>....

ENDTEMPLATE

These template files contain zero or more template property specifications.

The name after the TEMPLATE keyword denotes the template name and must be set to

one the names listed in Table E-1

252 The Surveillance Schedule Text File