HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Table A-14 Failed Attempt to Modify Append-Only File Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Detailed alert descriptionUser with uid <uid> <performed action
on the file> <full pathname>
(type=<type>, inode=<inode>,
device<device>) when executing
<program> (type=<type>,inode=<inode>
,device=<device>), invoked as follows:
<argv[0]> <argv[1]>..., as process with
pid <pid> and ppid <ppid> and running
with effective uid=<euid> and with
effective gid=<egid>.where <performed
action on the file> is set to one of the
following when the file is attempted for
modification:
• failed attempt to open for
modification/truncation
• failed attempt to rename the file
• failed attempt to create the file (and
overwrote any existing file) named
• failed attempt to overwrite an
existing file named
• failed attempt to truncate the file
• failed attempt to create a hard link
to
• failed attempt to create as a hard link
• failed attempt to delete the file
• failed attempt to delete the directory
StringDetailsargv[8]
The event that triggered
the alert.
Following are the possible values:
• Failed to open for
modification/truncation
• Failed to rename the file
• Failed to create the file (and
overwrote any existing file) named
• Failed to overwrite an existing file
named
• Failed to truncate the file
• Failed to create a hard link to
• Failed to create as a hard link
• Failed to delete the file
• Failed to delete the directory
StringEventargv[9]
Changes to Log File Template 137