HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Table 20 File Being Modified Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
• created the file
• created the character special file
• created the directory
• created the block special file created
the pipe (fifo) file
• deleted the file
• deleted the directory
• performed system call <number> on
the file
The event that triggered
the alert.
Following are the possible values:
• File ownership modified
• File permission modified
• File opened for modification
• File created
• File truncated
• File renamed
• File modified
• Hard link created
• Symbolic link created
• Directory created
• Special file created
• File deleted
• Directory deleted
• Miscellaneous event
StringEventargv[9]
Failed Attempts to Modify Files
Table 21 (page 125) lists the alert details and event properties this template generates and forwards
to a response program when there is an unsuccessful modification of a file that is monitored by
this template and when the monitor_failed_attempt global property is set to 1. All other
alert properties for failed attempts are listed in Table 20 (page 123).
124 Templates and Alerts