Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
101102103104105106107108109110
Table 11 Detection Templates (continued)
Detection TemplateAlert SeverityAttackAlert
???3The following operations were
either unsuccessfully or successfully
performed on a read-only file:
File system modification or
potential modification
Modification of the mode or
ownership
Modification of the file content
Creation
Opening the file for writing or
appending that may (or may
not) be followed by an actual
file modification.
Modification of
files/directories Template
3An unsuccessful or successful
modification of an append-only or
File system modification or
potential modification
read-only file using a hard link to
the file.
“Log File Monitoring
Template (page 145)
3
1
A log file entry of interest was
logged.
Message logged
???1A setuid or setgid file
is created
A privileged setuid file was
created, potentially created, or
the setuid bit was turned on
a regular file owned by a
privileged user, or the owner
of a setuid file was changed
from a non privileged user to a
privileged user.
A privileged setgid file was
created, potentially created, or
the setgid bit was turned on
by a privileged group or the
group that owns a setgid file
was changed from a non
privileged group to a privileged
group.
Creation and
Modification of
1A privileged setuid or setgid
file was truncated or potentially
modified.
A setuid or setgid file
is modified
setuid/setgid File
Template
Changes to Log File
Template
2The following operations were
either unsuccessfully or successfully
performed on an append-only file:
Append-only file modified
or potentially modified
Truncation
Deletion
Renaming
Opening the file with write
permission in non-append
mode that may (or may not) be
followed by an actual file
modification.
Creation of
World-Writable File
Template
3A file with world-writable
permission was created by a
privileged user, the world-writable
World-writable file created
bit was set on an existing file
owned by a privileged user, the
owner of a world-writable file was
Alert Summary 103