HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

151

152

153

154

155

156

157

158

159

160

Table 43 Additional Arguments Passed to Response Programs for File Modification Failed

Attempt Alerts

DescriptionAlert Value/ FormatAlert Field TypeAlert Field

Response Program

Argument

Number representing

the error.

<Error Number>IntegerError Numberargv[36]

Return value of the

system call.

<System Call

Return Value>

IntegerSystem Call Return

Value

argv[37]

Table 44 lists the additional arguments that are passed to response programs while attempting

the modification of files that belong to Modification of files/directories template,

Changes to Log File template, and Modification of Another User’s File

template when Duplicate Alert Suppression (DAS) is enabled.

Table 44 Additional Arguments Passed to Response Programs for File Modification Failed

Attempt Alerts With DAS Enabled

DescriptionAlert Value/ FormatAlert Field TypeAlert Field

Response Program

Argument

Number representing

the error.

<Error Number>IntegerError Numberargv[38]

Return value of the

system call.

<System Call

Return Value>

IntegerSystem Call Return

Value

argv[39]

Table 45 (page 152) lists the additional arguments that are passed to response programs for

Race Condition Template alerts.

Table 45 Additional Arguments Passed to Response Programs for Race Condition Template

Alerts

DescriptionAlert Value/FormatAlert Data TypeAlert FieldResponse

Program

Argument

Full path name of the program under

attack

<full pathname>StringAttacked

Program Path

name

argv[36]

File type of the program under

attack. Corresponds to an enum

vtype value defined invnode.h

<type>IntegerAttacked

Program File

Type

argv[37]

Mode of the program under attack<mode> (decimal)IntegerAttacked

Program Mode

argv[38]

Owner of the program under attack

(uid)

<uid>IntegerAttacked

Program Owner

argv[39]

Group of the program under attack

(gid)

<gid>IntegerAttacked

Program Group

argv[40]

Inode number of the program under

attack

<inode>IntegerAttacked

Program Inode

argv[41]

Device number of the program under

attack

<device>IntegerAttacked

Program Device

argv[42]

152 Automated Response for Alerts