HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

191

192

193

194

195

196

197

198

199

200

using the syntax described in “Type VII: Flags” (page 112) and is equivalent to the Schedule

Manager Monitor Failed Attempts To Create / Modify / Delete Critical Files option described

in “Configuring Monitor Failed Attempts” (page 70). The property set to “1” is equivalent to

the Monitor Failed Attempts To Create / Modify / Delete Critical Files option box that is

selected in the GUI Schedule Manager. The property set to "0" is equivalent to the Monitor

Failed Attempts To Create / Modify / Delete Critical Files option box that is not selected. By

default, the property value is set to “0”.

• log_severity_def: This property defines the default severity level for alerts that are

generated by the Log File Monitoring Template. For more information, see “Log File

Monitoring Template” (page 147). The property value is specified using the syntax described

in “Type VIII: Scalars” (page 112). By default, the property value is set to “3”. For a list of valid

severity levels, see “Alerts Tab” (page 90).

For more information on regular expressions, see “UNIX Regular Expressions ” (page 106).

Container (SRP) Configuration Section

The section is required only if the agent is configured to monitor HP-UX Containers.

The section contains the following keywords and syntax:

SRP

NAME <SRP name>

GROUPPERIOD

NAME <group name>

GMT <integer>

STARTTIME hh:mm:d

ENDTIME hh:mm:d

GROUP <group name>...

ENDGROUP

ENDGROUPPERIOD

ENDSRP

This is a subsection of the surveillance schedule section. The section is bracketed by the SRP and

ENDSRP keywords. Each SRP section can have any number of GROUPPERIOD sections. See

Surveillance Group section for details about GROUPPERIOD. The name in the SRP NAME keyword

is the name of the Container (SRP) configured on the host that needs to be monitored. For monitoring

Global SRP (init Containers) specify SRP name as “init” in lower case.

This section can be repeated based on the number of Containers (SRPs) that needs to be monitored.

Surveillance Group Section

The section contains the following keywords and syntax:

GROUPPERIOD

NAME <group name>

GMT <integer>

STARTTIME hh:mm:d

ENDTIME hh:mm:d

GROUP <group name>...

ENDGROUP

ENDGROUPPERIOD

This section is a subsection of the surveillance schedule section. The section is bracketed by the

GROUPPERIOD and ENDGROUPPERIOD keywords. Each GROUPPERIOD section can have only

one GROUP or ENDGROUP section. The templates and their property values are stored in the

corresponding group file and not in the schedule file. Each group exists as individual files within

the groups subdirectory and can be used across multiple schedules. To include a group in a

schedule, the name of the group must be added within the GROUPPERIOD NAME keyword in the

schedule file. If a change is made to a particular group file, that change is applicable to all the

schedules that reference that group. However, the GMT , STARTTIME , and ENDTIME keywords

Container (SRP) Configuration Section 195