HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Table 48 Additional Arguments Passed to Response Programs While Generating Aggregated
Alerts
DescriptionAlert Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number of
template alerts
aggregated as part of
the aggregated alert.
<number of
alerts>
IntegerThe number of alerts
in the aggregated
alert
argv [10]
Process ID (pid) of the
attacker.
<pid>IntegerAttacker process idargv [11]
Parent Process ID
(ppid) of the attacker.
<ppid>IntegerAttacker parent
process id
argv [12]
User ID (uid) of the
attacker.
<uid>IntegerAttacker user IDargv [13]
Group ID (gid) of the
attacker.
<gid>IntegerAttacker group IDargv [14]
Effective User ID (euid)
of the attacker.
<euid>IntegerAttacker effective
user ID
argv [15]
Effective Group OD
(egid) of the attacker.
<egid>IntegerAttacker effective
Group ID
argv [16]
Full pathname of the
attack program. If it is
a multi-process alert,
then the full pathname
of the ancestor
program.
<pathname>StringAttack program
pathname
argv [17]
File type of the attack
program. Corresponds
to an enum vtype
value defined in
vnode.h.
<filetype>IntegerAttack program file
type
argv [18]
File mode of the attack
program.
<file mode>IntegerFile modeargv [19]
Owner of the attack
program (uid).
<uid>IntegerAttack program
owner
argv [20]
Group of the attack
program (gid).
<gid>IntegerAttack program
group
argv [21]
Inode number of the
attack program.
<inode>IntegerAttack program
inode number
argv [22]
Device number of the
attack program.
<device number>IntegerAttack program
device number
argv [23]
Number of arguments
passed to the attack
program.
<number of
arguments>
IntegerNumber of
arguments
argv [24]
Program arguments of
the attack program.
<program
arguments>
StringAttack program
arguments
argv [25]
Name of pty on
which the attacker is
or was connected to.
Set to empty string if
not known.
<pty>StringName of ptyargv [26]
156 Automated Response for Alerts