HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Table A-1 Detection Templates (continued)
Detection TemplateAlert SeverityAttackAlert
Modification of
files/directories
Template
3The following operations were
either unsuccessfully or
successfully performed on a
read-only file:
• Modification of the mode or
ownership
• Modification of the file content
• Creation
• Opening the file for writing or
appending that may (or may
not) be followed by an actual
file modification.
File system modification
or potential modification
Modification of
files/directories
Template
3An unsuccessful or successful
modification of an append-only
or read-only file using a hard link
to the file.
File system modification
or potential modification
“Log File Monitoring
Template”
3
1
A log file entry of interest was
logged.
Message logged
Creation and
Modification of
setuid/setgid File
Template
1
• A privileged setuid file was
created, potentially created, or
the setuid bit was turned on
a regular file owned by a
privileged user, or the owner
of a setuid file was changed
from a non privileged user to
a privileged user.
• A privileged setgid file was
created, potentially created, or
the setgid bit was turned on
by a privileged group or the
group that owns a setgid file
was changed from a non
privileged group to a
privileged group.
A setuid or setgid file
is created
Creation and
Modification of
setuid/setgid File
Template
1
A privileged setuid or setgid
file was truncated or potentially
modified.
A setuid or setgid file
is modified
Changes to Log File
Template
2The following operations were
either unsuccessfully or
successfully performed on an
append-only file:
• Truncation
• Deletion
• Renaming
• Opening the file with write
permission in non-append
mode that may (or may not) be
followed by an actual file
modification.
Append-only file modified
or potentially modified
112 Templates and Alerts