HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Table A-11 Failed Attempt to Modify Read-Only File Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Detailed alert descriptionUser with uid<uid> <performed action
on the file> <full pathname>
(type=<type>, inode=<inode>,
device=<device>) when executing
<program> (type=<type>,
inode=<inode>, device=<device>),
invoked as follows:
<argv[0]><argv[1]>..., as process with
pid <pid> and ppid <ppid> and running
with effective uid=<euid> and with
effective gid=<egid>.where <performed
action on the file> is set to one of the
following:
• failed to change the owner of
• failed to change the permissions of
• failed to open for
modification/truncation
• failed to open for modification
• failed to rename the file
• failed to overwrite an existing file
• failed to truncate the file
• failed to create a hard link to
• failed to create a symbolic link
• failed to create the directory
• failed to create the character special
• failed to create the block special file
• failed to create the pipe (fifo) file
• failed to create the file
• failed to delete the file
• failed to delete the directory
StringDetailsargv[8]
The event that triggered
the alert.
StringEventargv[9]
Modification of files/directories Template 133