Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
Security Checks...........................................................................................................193
Programming Notes....................................................................................................193
Programming Guidelines.................................................................................................201
Perl Versus Shell Response Scripts..............................................................................201
Writing Privileged Response Programs......................................................................202
Code Examples............................................................................................................203
Solution A...............................................................................................................203
Code for scriptA.sh...........................................................................................203
Code for privA Program...................................................................................204
Solution B...............................................................................................................204
Code for privB program...................................................................................205
Solution C...............................................................................................................206
Code for the privC Program.............................................................................206
Code for the scriptC.sh Script...........................................................................206
Sample Response Programs..............................................................................................207
Sample C Language Program Source Code ...............................................................207
Sample Shell Script Alert Responses...........................................................................208
Forwarding Information........................................................................................209
Sending an Email..............................................................................................209
Logging to a Central syslog Server...................................................................209
Halting Further Attacks.........................................................................................211
Disabling a user's account.................................................................................211
Disable Remote Networking.............................................................................213
Preserving Evidence...............................................................................................214
Putting a Process to Sleep.................................................................................214
Snapshot of Critical System State.....................................................................215
System Restoration to a Stable state.......................................................................216
HP OpenView Operations SMART Plug-In.....................................................................216
OVO Enablement in HP-UX HIDS..............................................................................217
C Tuning Schedules and Generating Alert Reports........................................................................219
Tuning Schedules Using the idsadmin Command...........................................................219
Functioning of the tune Command.............................................................................219
During Initial Deployment.....................................................................................219
After HIDS Deployment........................................................................................220
Schedule Tuning Process.............................................................................................220
Step 1: Analyzing Alerts and Tuning Schedules....................................................221
Section Related to File Related Alerts...............................................................223
Section Related to Aggregated Alerts...............................................................223
Section Related to System Alerts......................................................................224
Using the tune Command.................................................................................224
Step 2: Modifying the Filters in the Tune Command Report.................................225
Step 3: Updating and Deploying the Schedule......................................................227
8 Table of Contents