HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Table A-20 Non-Owned File Being Modified Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Alert summaryNon-owned file being modifiedStringSummaryargv[7]
Detailed alert descriptionUser with uid <uid> <performed
action on the file> <full pathname>
(type=<type>, inode=<inode>,
device<device) when executing
<program> (type=<type>,
inode=<inode>, device=<device>),
invoked as follows: <argv[0]>
<argv[1]>..., as process with pid
<pid> and ppid <ppid> and running
with effective uid=<euid> and with
effective gid=<egid>.where
<performed action on the file> is set
to one of the following:
• changed the owner
• changed the permission
• opened for
modification/truncation
• renamed the file
• created the named file (and
overwrote any existing file)
• truncated the file
• deleted the file
• deleted the directory
• performed system call <number>
on the file
StringDetailsargv[8]
The event that triggered
the alert.
Following are the possible values:
• File ownership modified
• File permission modified
• File opened for modification
• File renamed
• File created
• File truncated
• File deleted
• Directory deleted
• Miscellaneous event
StringEventargv[9]
Failed Attempt to Modify Non-Owned Files
Table A-21 “Failed Attempt to Modify Non-Owned File Alert Properties” lists the alert details
and event properties the Modification of Another User’s File template generates and
forwards to a response program when there is an unsuccessful modification of a monitored file
by someone other than the owner. All other alert properties for failed attempts are listed in
Table A-20 (page 145).
146 Templates and Alerts