Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
A Templates and Alerts..............................................................................................................135
Alert Summary..................................................................................................................135
UNIX Regular Expressions ..............................................................................................138
Limitations........................................................................................................................139
Template Property Types..................................................................................................140
Type I: Path Names to [Not] Monitor..........................................................................140
Type II: Path Names/Programs Pairs...........................................................................141
Type III: User Names/UIDs.........................................................................................143
Type IV: User Name/UID Pairs....................................................................................144
Type V: Network Triplets............................................................................................144
Type VI: Time Strings..................................................................................................145
Type VII: Flags.............................................................................................................145
Type VIII: Scalars.........................................................................................................145
Type IX: Path Names / Integer Pairs............................................................................145
Buffer Overflow Template................................................................................................146
Execute on Stack..........................................................................................................148
Unusual Argument Length.........................................................................................149
Argument with Nonprintable Character....................................................................150
Race Condition Template..................................................................................................152
File Reference Modification.........................................................................................154
Privileged setuid Script Executed...............................................................................155
Modification of files/directories Template........................................................................157
File Being Modified.....................................................................................................160
Changes to Log File Template...........................................................................................163
Append-Only File Being Modified..............................................................................164
Creation and Modification of setuid/setgid File Template...............................................166
Setuid or setgid File Created or Modified...................................................................167
Creation of World-Writable File Template........................................................................170
World-Writable File Created........................................................................................172
Modification of Another Users File Template.................................................................175
Non-Owned File Being Modified................................................................................176
Login/Logout Template....................................................................................................179
Login/Logout...............................................................................................................181
Successful su Detected.................................................................................................183
Repeated Failed Logins Template.....................................................................................185
Failed Login Attempts.................................................................................................186
Repeated Failed su Commands Template........................................................................188
Repeated Failed su Attempts......................................................................................188
B Automated Response for Alerts.................................................................................................191
Response Methods............................................................................................................192
How Automated Response Works in HP-UX HIDS.........................................................192
Alert Process................................................................................................................192
Table of Contents 7