HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

101

102

103

104

105

106

107

108

109

110

Table 11 Detection Templates (continued)

Detection TemplateAlert SeverityAttackAlert

changed to a privileged user from

a non- privileged user, or a

world-writable file owned by a

privileged user was renamed from

a location that is not being

monitored to a location that is

being monitored.

???2The following operations were

either unsuccessfully or successfully

Non-owned file being

modified

performed on a file by a user other

than the owner of the file:

• Truncation

• Deletion

• Renaming

Modification of Another

User’s File Template

3The following operations were

either unsuccessfully or successfully

Non-owned file being

modified

performed on a file by a user other

than the owner:

• Modification of file’s mode or

ownership

• Opening the file for

modification that may (or may

not) be followed by an actual

file modification.

???2

A successful login as a user

specified as privileged

Start of a successful login

session

???3

A successful login as a user not

specified as privileged

Start of a successful login

session

???2Logout of a user specified as

privileged

End of a login session

???3Logout of a user not specified as

privileged

End of a login session

???2A successful switch to a user

specified as privileged

Successful su session

specified as privileged

Successful su session

???3Repeated attempts to log in as a

user specified as privileged

Failed login attempts

Repeated Failed Logins

Template

3Repeated attempts to log in as a

user not specified as privileged

Failed login attempts

???2Repeated attempts to switch to a

user specified as privileged

Failed su attempts

Repeated Failed su

Commands Template

3Repeated attempts to switch to a

user not specified as privileged

Failed su attempts

Higher severity if specified by the severity template property or the log_severity_def global property. For more

information about the severity property, see ???. For more information about the log_severity_def global

property, see “Surveillance Schedule Section” (page 189)

Higher severity if specified by an ip_filter property. For more information about the ip_filter property, see ???.

104 Templates and Alerts