HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Marking Entries as Seen or Unseen...............................................................................................100

Saving a Log File Set......................................................................................................................100

Saving the Current Log File Set................................................................................................101

Saving a New Log File Set........................................................................................................101

Opening a Log File Set...................................................................................................................102

Log File Rotation............................................................................................................................102

8 Using the Preferences Screen...................................................................................105

General Preferences.............................................................................................................................105

Browser Preferences............................................................................................................................106

Alert Events Preferences................................................................................................................106

Error Events Preferences................................................................................................................107

System Manager Preferences.........................................................................................................108

A Templates and Alerts.................................................................................................111

Alert Summary....................................................................................................................................111

UNIX Regular Expressions ................................................................................................................114

Limitations..........................................................................................................................................115

Template Property Types....................................................................................................................115

Type I: Path Names to [Not] Monitor............................................................................................115

Type II: Path Names/Programs Pairs.............................................................................................116

Type III: User Names/UIDs............................................................................................................118

Type IV: User Name/UID Pairs......................................................................................................118

Type V: Network Triplets...............................................................................................................119

Type VI: Time Strings....................................................................................................................119

Type VII: Flags...............................................................................................................................120

Type VIII: Scalars...........................................................................................................................120

Type IX: Path Names / Integer Pairs..............................................................................................120

Type X: String Patterns..................................................................................................................120

Type XI: String...............................................................................................................................121

Buffer Overflow Template...................................................................................................................121

Execute on Stack............................................................................................................................122

Unusual Argument Length............................................................................................................123

Argument with Nonprintable Character.......................................................................................124

Race Condition Template....................................................................................................................125

File Reference Modification...........................................................................................................127

Privileged setuid Script Executed...............................................................................................128

Modification of files/directories Template..........................................................................................129

File Being Modified........................................................................................................................131

Failed Attempts to Modify Files....................................................................................................132

Changes to Log File Template.............................................................................................................134

Append-Only File Being Modified................................................................................................135

Failed Attempt to Modify Append-Only Files..............................................................................136

Creation and Modification of setuid/setgid File Template.................................................................138

Setuid or setgid File Created or Modified.....................................................................................139

Creation of World-Writable File Template..........................................................................................141

World-Writable File Created..........................................................................................................142

Modification of Another User’s File Template....................................................................................144

Non-Owned File Being Modified..................................................................................................145

Failed Attempt to Modify Non-Owned Files................................................................................146

Login/Logout Template.......................................................................................................................147

Login/Logout.................................................................................................................................149

Successful su Detected..................................................................................................................150

6 Table of Contents