Manualshelf

HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
101102103104105106107108109110
Table 11 Detection Templates (continued)
Detection TemplateAlert SeverityAttackAlert
Creation of
World-Writable File
Template
3A file with world-writable
permission was created by a
privileged user, the world-writable
bit was set on an existing file
owned by a privileged user, the
owner of a world-writable file was
changed to a privileged user from
a non- privileged user, or a
world-writable file owned by a
privileged user was renamed from
a location that is not being
monitored to a location that is
being monitored.
World-writable file created
Modification of Another
User’s File Template
2The following operations were
either unsuccessfully or successfully
performed on a file by a user other
than the owner of the file:
Truncation
Deletion
Renaming
Non-owned file being
modified
Modification of Another
User’s File Template
3The following operations were
either unsuccessfully or successfully
performed on a file by a user other
than the owner:
Modification of file’s mode or
ownership
Opening the file for
modification that may (or may
not) be followed by an actual
file modification.
Non-owned file being
modified
Login/Logout Template2
2
A successful login as a user
specified as privileged
Start of a successful login
session
Login/Logout Template3
2
A successful login as a user not
specified as privileged
Start of a successful login
session
Login/Logout Template2Logout of a user specified as
privileged
End of a login session
Login/Logout Template3Logout of a user not specified as
privileged
End of a login session
Login/Logout Template2A successful switch to a user
specified as privileged
Successful su session
Login/Logout Template3A successful switch to a user not
specified as privileged
Successful su session
Repeated Failed Logins
Template
3Repeated attempts to log in as a
user specified as privileged
Failed login attempts
Repeated Failed Logins
Template
3Repeated attempts to log in as a
user not specified as privileged
Failed login attempts
Repeated Failed su
Commands Template
2Repeated attempts to switch to a
user specified as privileged
Failed su attempts
Repeated Failed su
Commands Template
3Repeated attempts to switch to a
user not specified as privileged
Failed su attempts
Alert Summary 105