HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Table A-10 File Being Modified Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
• created the file
• created the character special file
• created the directory
• created the block special file created
the pipe (fifo) file
• deleted the file
• deleted the directory
• performed system call <number> on
the file
The event that triggered
the alert.
Following are the possible values:
• File ownership modified
• File permission modified
• File opened for modification
• File created
• File truncated
• File renamed
• File modified
• Hard link created
• Symbolic link created
• Directory created
• Special file created
• File deleted
• Directory deleted
• Miscellaneous event
StringEventargv[9]
Failed Attempts to Modify Files
Table A-11 “Failed Attempt to Modify Read-Only File Alert Properties” lists the alert details and
event properties this template generates and forwards to a response program when there is an
unsuccessful modification of a file that is monitored by this template and when the
monitor_failed_attempt global property is set to 1. All other alert properties for failed
attempts are listed in Table A-10 (page 131).
132 Templates and Alerts