HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
Table 21 Failed Attempt to Modify Read-Only File Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Detailed alert descriptionUser with uid<uid> <performed action
on the file> <full pathname>
StringDetailsargv[8]
(type=<type>, inode=<inode>,
device=<device>) when executing
<program> (type=<type>,
inode=<inode>, device=<device>),
invoked as follows:
<argv[0]><argv[1]>..., as process with
pid <pid> and ppid <ppid> and running
with effective uid=<euid> and with
effective gid=<egid>.where <performed
action on the file> is set to one of the
following:
• failed to change the owner of
• failed to change the permissions of
• failed to open for
modification/truncation
• failed to open for modification
• failed to rename the file
• failed to overwrite an existing file
• failed to truncate the file
• failed to create a hard link to
• failed to create a symbolic link
• failed to create the directory
• failed to create the character special
• failed to create the block special file
• failed to create the pipe (fifo) file
• failed to create the file
• failed to delete the file
• failed to delete the directory
The event that triggered
the alert.
Following are the possible values:StringEventargv[9]
• Failed attempt to change the owner
• Failed attempt to change the
permissions of
• Failed attempt to open for
modification/truncation
• Failed attempt to open for
modification
• Failed attempt to rename the file
• Failed attempt to overwrite an existing
file
• Failed attempt to truncate the file
• Failed attempt to create a hard link
to
• Failed attempt to create a symbolic
link
• Failed attempt to create the directory
• Failed attempt to create the character
special
Modification of files/directories Template 123