HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
Table 24 Failed Attempt to Modify Append-Only File Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Detailed alert descriptionUser with uid <uid> <performed action
on the file> <full pathname>
StringDetailsargv[8]
(type=<type>, inode=<inode>,
device<device>) when executing
<program>
(type=<type>,inode=<inode>
,device=<device>), invoked as follows:
<argv[0]> <argv[1]>..., as process with
pid <pid> and ppid <ppid> and running
with effective uid=<euid> and with
effective gid=<egid>.where <performed
action on the file> is set to one of the
following when the file is attempted for
modification:
• failed attempt to open for
modification/truncation
• failed attempt to rename the file
• failed attempt to create the file (and
overwrote any existing file) named
• failed attempt to overwrite an existing
file named
• failed attempt to truncate the file
• failed attempt to create a hard link to
• failed attempt to create as a hard link
• failed attempt to delete the file
• failed attempt to delete the directory
The event that triggered
the alert.
Following are the possible values:StringEventargv[9]
• Failed to open for
modification/truncation
• Failed to rename the file
• Failed to create the file (and
overwrote any existing file) named
• Failed to overwrite an existing file
named
• Failed to truncate the file
• Failed to create a hard link to
• Failed to create as a hard link
• Failed to delete the file
• Failed to delete the directory
NOTE: See Table 41 (page 150) for the definition of additional arguments that can be used to
access specific alert information (for example, pid and ppid) without having to parse the string
alert fields above.
Changes to Log File Template 127