HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Table 27 World-Writable File Template Properties (continued)
Default ValueTypeProperty
<empty>IIpathnames_X
<empty>IIprograms_X
Properties
The configurable properties are listed as follows:
priv_user_list A list of system-level user IDs or user names.
This list contains users that have elevated access to the system.
Removing any of these users means that this template does
not detect the creation of a world-writable file owned by that
users.
pathnames_to_not_watch Path names of files that can be safely ignored if they are made
world writable.
pathnames_X, programs_X Filter out alerts generated when a specified program creates
a specified world-writable file. See “Type II: Path
Names/Programs Pairs” (page 108) for a detailed description
of these property pairs.
Alerts generated by this template
World-Writable File Created
Table A-18 lists the configurable properties that this template supports.
Table 28 World-Writable File Created Alert Properties
DescriptionAlert Value/FormatAlert Field TypeAlert FieldResponse
Program
Argument
Unique code assigned to
template
5IntegerTemplate codeargv[1]
Template Version<version>IntegerVersionargv[2]
Alert Severity3IntegerSeverityargv[3]
UTC time in number of
seconds since the epoch
when a world-writable file
was created
<secs>IntegerUTC timeargv[4]
The user ID, group ID,
process ID, and parent
process ID of the process
that created the
world-writable file
uid=<uid>, gid=<gid>,
pid=<pid>, ppid=<ppid>
StringAttackerargv[5]
The full path name of the
world-writable file and the
file’s type, mode, uid,
gid, inode, and device
number
file=<full pathname>,
type=<type>, mode=<mode>,
uid=<uid>, gid=<gid>,
inode=<inode>,
device=<device>
StringTarget of Attackargv[6]
Alert summaryworld-writable file createdStringSummaryargv[7]
134 Templates and Alerts