Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
121122123124125126127128129130
Table A-9 File/Directories Template Properties
Default ValueTypeName
^/.rhosts$ | ^/\.shosts$ | ^/\.profile$ | ^/bin/ | ^/sbin/ |
^/usr/bin/ | ^/usr/sbin/ | ^/usr/local/bin/ | ^/lib/ |^/usr/lib/ |
^/usr/local/lib/ | ^/stand/build/dlkm\.vmunix_test/ |
^/stand/vmunix$ | ^/stand/kernrel$ | ^/stand/bootconf$ |
^/stand/system$ | ^/dev/dsk/ | ^/dev/rdsk/ | ^/dev/rmt/ |
^/dev/rsdsi/ | ^/dev/vg[0-9]*/ | ^/dev/idds$ |
^/usr/dt/config/Xconfig$ | ^/tcb/files/devassign$ |
^/etc/rc\.config\.d/ | ^/etc/opt/sec_mgmt/bastille/ | ^/etc/rbac/
| ^/etc/cmpt/ | ^/etc/passwd$ | ^/etc/shadow$ | ^/etc/group$
| ^/etc/hosts\.equiv$ | ^/etc/hosts\.allow$ | ^/etc/hosts\.deny$
| ^/etc/inetd\.conf$ | ^/etc/auto_master$ | ^/etc/csh\.login$
| ^/etc/ftpd/ftpaccess$ | ^/etc/ftpd/ftpusers$ | ^/etc/inittab$ |
^/etc/opt/ipf/ipf\.conf$ | ^/etc/issue$ | ^/etc/motd$ |
^/etc/mnttab$ | ^/etc/named\.conf$ | ^/etc/securetty$ |
^/etc/default/security$ | ^/etc/mail/sendmail\.cf$ | ^/etc/shells$
| ^/etc/zprofile$ | ^/etc/nsswitch\.conf$ | ^/etc/pam\.conf$ |
^/etc/profile$ | ^/etc/acps\.conf$ | ^/etc/default/security$ |
^/etc/security\.dsc$ | ^/etc/opt/ids/ | ^/opt/ | ^/var/opt/ids/ |
^/opt/ids/ | ^/sbin/init\.d/idsagent$
I
pathnames_to_watch
<empty>I
pathnames_to_not_watch
<empty>II
pathnames_0
<empty>II
programs_0
^/etc/mnttab$ & ^/etc/fstab$ | ^/dev/vg[0-9]*/II
pathnames_1
^/usr/bin/nfsstat$ & ^/usr/sbin/syncer$ & ^/sbin/mount$ &
^/sbin/umount$ & ^/sbin/fs/.*/mount$ &
^/opt/cifsclient/bin/cifsmount$ & ^/sbin/fs/.*/umount$ &
^/opt/cifsclient/bin/cifsumount$ & ^/usr/bin/df$ &
^/usr/bin/bdf$ | ^/sbin/.*display$
II
programs_1
<empty>II
pathnames_X
<empty>II
programs_X
Properties
A brief description about the configurable properties are enlisted below:
pathnames_to_watch
Path names of files to be monitored for modification.
pathnames_to_not_watch
Path names of files that can be safely ignored for
modification, regardless of which program modifies them.
pathnames_X, programs_X
Use these properties to filter out alerts generated when a
particular program modifies a particular file. See “Type II:
Path Names/Programs Pairs” (page 116) for a detailed
description of these property pairs.
Alerts generated by this template
130 Templates and Alerts