HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Selecting with the Mouse................................................................................................92

Simple Version.........................................................................................................92

Detailed Version.......................................................................................................92

Searching for the Next Unseen Entry....................................................................................92

Searching for a String........................................................................................................93

Deleting an Entry...............................................................................................................93

Marking Entries as Seen or Unseen......................................................................................94

Saving a Log File Set..........................................................................................................94

Saving the Current Log File Set........................................................................................95

Saving a New Log File Set.............................................................................................95

Opening a Log File Set.......................................................................................................96

Log File Rotation................................................................................................................97

8 Using the Preferences Screen.....................................................................98

General Preferences................................................................................................................98

Browser Preferences................................................................................................................99

Alert Events Preferences......................................................................................................99

Error Events Preferences....................................................................................................100

System Manager Preferences.............................................................................................101

A Templates and Alerts..............................................................................103

Alert Summary.....................................................................................................................103

UNIX Regular Expressions .....................................................................................................106

Limitations...........................................................................................................................107

Template Property Types........................................................................................................107

Type I: Path Names to [Not] Monitor..................................................................................107

Type II: Path Names/Programs Pairs...................................................................................108

Type III: User Names/UIDs................................................................................................110

Type IV: User Name/UID Pairs...........................................................................................110

Type V: Network Triplets...................................................................................................111

Type VI: Time Strings........................................................................................................111

Type VII: Flags.................................................................................................................112

Type VIII: Scalars.............................................................................................................112

Type IX: Path Names / Integer Pairs...................................................................................112

Type X: String Patterns......................................................................................................112

Type XI: String.................................................................................................................113

Buffer Overflow Template.......................................................................................................113

Execute on Stack..............................................................................................................114

Unusual Argument Length..................................................................................................115

Argument with Nonprintable Character...............................................................................116

Race Condition Template.......................................................................................................117

File Reference Modification...............................................................................................119

Privileged setuid Script Executed........................................................................................120

Modification of files/directories Template.................................................................................121

File Being Modified..........................................................................................................122

Failed Attempts to Modify Files..........................................................................................124

Changes to Log File Template.................................................................................................126

Append-Only File Being Modified......................................................................................127

Failed Attempt to Modify Append-Only Files........................................................................129

Creation and Modification of setuid/setgid File Template...........................................................130

Setuid or setgid File Created or Modified............................................................................131

Creation of World-Writable File Template.................................................................................133

World-Writable File Created..............................................................................................134

6 Contents