HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Example E-1 A Sample Surveillance Schedule Text File
Following sample surveillance schedule text file illustrates the usage of different keywords in a
schedule :
SCHEDULE TestSched
GLOBALS
aggregation | 1
rt_alerts | 0
aggr_tuples | ^/usr/lbin/swagent$ , 28800 suppression | 1 suppression_report | 1 suppression_interval | 6h
suppression_count | 100 suppression_targets_to_ignore | ^/etc/passwd$ | ^/etc/group$ | ^/stand/vmunix$ |
^/stand/system$ | ^/\.rhosts$ | ^/etc/inetd\.conf$
suppression | 1
suppression_report | 1
suppression_interval | 1
suppression_count | 100
suppression_targets_to_ignore |
^/etc/passwd$|^/etc/group$|^/stand/vmunix$|^/stand/system$|^/\.rhosts$|^/etc/inetd\.conf$
monitor_failed_attempts | 0
log_severity_def | 3
ENDGLOBALS
GROUPPERIOD
NAME FileModificationGroup
GMT 0
STARTTIME 0:00:0
ENDTIME 23:59:6
GROUP FileModificationGroup
ENDGROUP
ENDGROUPPERIOD
GROUPPERIOD
NAME LoginMonitoringGroup
GMT 0
STARTTIME 0:00:0
ENDTIME 23:59:6
GROUP LoginMonitoringGroup
ENDGROUP
ENDGROUPPERIOD
GROUPPERIOD
NAME LogFileMonitoringGroup
GMT 0
STARTTIME 0:00:0
ENDTIME 23:59:6
GROUP LogFileMonitoringGroup
ENDGROUP
ENDGROUPPERIOD
ENDSCHEDULE
Surveillance Group Section 201