HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table E-1 Template Mapping
DescriptionKeyword
Race Conditionrace_condition
Buffer Overflowbuffer_overflow
Login/Logoutlogin_logout
Changes to Log Fileappend_only
Modification of files/directoriesread_only
Creation and Modification of setuid/setgid Filesetuid or setgid
Creation of World-Writable Fileworld_writable
Repeated Failed Logins Templatefailed_login
Repeated Failed su Commands Templatefailed_su
Modification of Another User’s Filesnon_owned
The template property specification is described in “Template Property Syntax”
(page 253). The template properties for each template are described in “Templates and
Alerts” (page 135).
For example, the following template section is for an instance of the Modification of
files/directories template:
TEMPLATE read_onlypathnames_to_watch |^/bin/ |^/sbin/ |
^/usr/sbin/ | ^/lib/ | ^/opt/ pathnames_1 | ^/etc/mnttab$ &
^/etc/fstab$programs_1 | ^/usr/bin/nfsstat$ENDTEMPLATE
Template Property Syntax
This section describes the syntax used to specify template properties described in the
“Group Files” (page 252). The syntax for specifying template property values is also
used when entering values in the Schedule Manager window.
A template property specification has the following syntax:
Property-name | N1 | N2 | ... | Np
Template Property Syntax 253