HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
Table 30 Non-Owned File Being Modified Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Detailed alert descriptionUser with uid <uid> <performed
action on the file> <full pathname>
StringDetailsargv[8]
(type=<type>, inode=<inode>,
device<device) when executing
<program> (type=<type>,
inode=<inode>, device=<device>),
invoked as follows: <argv[0]>
<argv[1]>..., as process with pid
<pid> and ppid <ppid> and running
with effective uid=<euid> and with
effective gid=<egid>.where
<performed action on the file> is set
to one of the following:
• changed the owner
• changed the permission
• opened for
modification/truncation
• renamed the file
• created the named file (and
overwrote any existing file)
• truncated the file
• deleted the file
• deleted the directory
• performed system call <number>
on the file
The event that triggered the
alert.
Following are the possible values:StringEventargv[9]
• File ownership modified
• File permission modified
• File opened for modification
• File renamed
• File created
• File truncated
• File deleted
• Directory deleted
• Miscellaneous event
Failed Attempt to Modify Non-Owned Files
Table 31 (page 137) lists the alert details and event properties the Modification of Another
User’s File template generates and forwards to a response program when there is an
unsuccessful modification of a monitored file by someone other than the owner. All other alert
properties for failed attempts are listed in Table 30 (page 135).
136 Templates and Alerts