Manualshelf

HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
151152153154155156157158159160
Table 45 Additional Arguments Passed to Response Programs for Race Condition Template
Alerts (continued)
DescriptionAlert Value/FormatAlert Data TypeAlert FieldResponse
Program
Argument
Number of arguments passed to the
program under attack (for example,
argc)
<argc>IntegerAttacked
Program
Number of
Arguments
argv[43]
Program arguments of the program
under attack (first 1024 characters)
<argv[0]>
<argv[1]> ....
IntegerAttacked
Program
Arguments
argv[44]
Table 46 lists the additional arguments that are set for system templates while generating login
and logout alerts.
Table 46 Additional Arguments Passed to Response Programs for Login or Logout Alerts
DescriptionAlert Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number 1
indicates that it is a
login or logout alert.
IntegerNumber indicating
the type of alert
argv [10]
Name of the user who
logged in or logged
out.
<username>StringUser nameargv [11]
Device number of
device associated with
login session.
<device number>IntegerDevice numberargv [12]
Name of remote host
from which login was
initiated
<remote
hostname>
StringHost nameargv [13]
IP address of remote
host from which login
was initiated
<A.B.C.D> (IPv4) or
<X:X:X:...> (IPv6
address)
StringHost IP addressargv [14]
Table 47 lists the additional arguments that are set for system templates while generating su
alerts.
Table 47 Additional Arguments Passed to Response Programs for su Alerts
DescriptionAlert Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number 2
indicates an su alert
IntegerType of Alertargv [10]
The pty from which
a su attempt was
made.
<pty>Stringpseudo-terminalargv [11]
The name of the user
attempting to su.
<username>StringUser name (attacker)argv [12]
The name of the user
to switch to.
<username>StringUser name (target)argv [13]
Table 48 lists the additional arguments that are passed to response programs while generating
aggregated alerts.
How Automated Response Works in HP-UX HIDS 155