HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
# Exit with no error
exit 0
Sample Response Programs
The following sections contain examples of C and shell script response programs.
Sample C Language Program Source Code
This is a sample C language source code for a response program. It is available in /opt/ids/
share/examples/ids_alertResponse.c.
Modify the source code below to take appropriate action in response to intrusions. This source
code can be compiled with a standard C compiler. For information on arguments and environment
variables, see Table 41 (page 150), Table 49 (page 155) and Appendix A (page 102).
Example 1 Response Program
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
#if 0 /* insert your response code here */
int i;
for(i=0; i < argc; i++) {
fprintf(stderr, "argv[%d] = %s n", i, argv[i]);
}
#endif
exit(0);
}
Sample Shell Script Alert Responses
IMPORTANT: Some of these sample shell scripts require root privileges. It must not be run as
setuid root. These scripts are for illustrative purposes only. Having a privileged setuid shell script
on your system makes it vulnerable to a well known race condition attack, which enables a
nonprivileged user to easily acquire a root shell and gain complete control of the system.
For shell scripts that require root privilege, follow the instructions in “Writing Privileged Response
Programs” (page 156).
Forwarding Information
The response script program can either send the alerts to the user through an e-mail or store the
alerts in a log file.
Sending an e-mail
HP-UX HIDS logs alerts to a file on the local system and sends the alert information to the HP-UX
HIDS System Manager. Alert information can also be sent through e-mail, as demonstrated in the
following script:
160 Automated Response for Alerts