HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Table B-5 Additional Arguments Passed to Response Programs for Race Condition Template
Alerts (continued)
DescriptionAlert Value/FormatAlert Data TypeAlert FieldResponse
Program
Argument
Number of arguments passed to the
program under attack (for example,
argc)
<argc>IntegerAttacked
Program
Number of
Arguments
argv[43]
Program arguments of the program
under attack (first 1024 characters)
<argv[0]> <argv[1]>
....
IntegerAttacked
Program
Arguments
argv[44]
Table B-6 lists the additional arguments that are set for system templates while generating
login and logout alerts.
Table B-6 Additional Arguments Passed to Response Programs for Login or Logout Alerts
DescriptionAlert Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number 1
indicates that it is a
login or logout alert.
IntegerNumber indicating
the type of alert
argv [10]
Name of the user who
logged in or logged
out.
<username>
StringUser name
argv [11]
Device number of
device associated
with login session.
<device number>
IntegerDevice number
argv [12]
Name of remote host
from which login was
initiated
<remote
hostname>
StringHost name
argv [13]
IP address of remote
host from which login
was initiated
<A.B.C.D> (IPv4) or
<X:X:X:...> (IPv6
address)
StringHost IP address
argv [14]
Table B-7 lists the additional arguments that are set for system templates while generating
su alerts.
Table B-7 Additional Arguments Passed to Response Programs for su Alerts
DescriptionAlert Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number 2
indicates an su alert
IntegerType of Alert
argv [10]
The pty from which
a su attempt was
made.
<pty>
Stringpseudo-terminal
argv [11]
The name of the user
attempting to su.
<username>
StringUser name (attacker)
argv [12]
The name of the user
to switch to.
<username>
StringUser name (target)
argv [13]
Table B-8 lists the additional arguments that are passed to response programs while
generating aggregated alerts.
164 Automated Response for Alerts