HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Table 11 Detection Templates (continued)
Detection TemplateAlert SeverityAttackAlert
Modification of
files/directories Template
3The following operations were
either unsuccessfully or successfully
performed on a read-only file:
• Modification of the mode or
ownership
• Modification of the file content
• Creation
• Opening the file for writing or
appending that may (or may
not) be followed by an actual
file modification.
File system modification or
potential modification
Modification of
files/directories Template
3An unsuccessful or successful
modification of an append-only or
read-only file using a hard link to
the file.
File system modification or
potential modification
“Log File Monitoring
Template” (page 147)
3
1
A log file entry of interest was
logged.
Message logged
Creation and
Modification of
setuid/setgid File
Template
1
• A privileged setuid file was
created, potentially created, or
the setuid bit was turned on
a regular file owned by a
privileged user, or the owner
of a setuid file was changed
from a non privileged user to a
privileged user.
• A privileged setgid file was
created, potentially created, or
the setgid bit was turned on
by a privileged group or the
group that owns a setgid file
was changed from a non
privileged group to a privileged
group.
A setuid or setgid file
is created
Creation and
Modification of
setuid/setgid File
Template
1A privileged setuid or setgid
file was truncated or potentially
modified.
A setuid or setgid file
is modified
Changes to Log File
Template
2The following operations were
either unsuccessfully or successfully
performed on an append-only file:
• Truncation
• Deletion
• Renaming
• Opening the file with write
permission in non-append
mode that may (or may not) be
followed by an actual file
modification.
Append-only file modified
or potentially modified
104 Templates and Alerts