HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Alert Events Preferences......................................................................................................95

Error Events Preferences......................................................................................................96

System Manager Preferences...............................................................................................97

9 Support and other resources......................................................................99

New and changed information in this edition.............................................................................99

HP-UX Release Name and Release Identifier...............................................................................99

Information to collect before you contact HP...............................................................................99

How to contact HP..................................................................................................................99

HP authorized resellers............................................................................................................99

Related Information...............................................................................................................100

Typographic Conventions.......................................................................................................100

10 Documentation feedback.......................................................................101

A Templates and Alerts..............................................................................102

Alert Summary.....................................................................................................................102

UNIX Regular Expressions .....................................................................................................105

Limitations...........................................................................................................................105

Template Property Types........................................................................................................106

Type I: Path Names to [Not] Monitor..................................................................................106

Type II: Path Names/Programs Pairs...................................................................................107

Type III: User Names/UIDs................................................................................................108

Type IV: User Name/UID Pairs...........................................................................................109

Type V: Network Triplets...................................................................................................109

Type VI: Time Strings........................................................................................................110

Type VII: Flags.................................................................................................................110

Type VIII: Scalars.............................................................................................................110

Type IX: Path Names / Integer Pairs...................................................................................110

Type X: String Patterns......................................................................................................111

Type XI: String.................................................................................................................111

Buffer Overflow Template.......................................................................................................111

Execute on Stack..............................................................................................................113

Unusual Argument Length..................................................................................................113

Argument with Nonprintable Character...............................................................................114

Race Condition Template.......................................................................................................115

File Reference Modification...............................................................................................117

Privileged setuid Script Executed........................................................................................118

Modification of files/directories Template.................................................................................119

File Being Modified..........................................................................................................120

Failed Attempts to Modify Files..........................................................................................122

Changes to Log File Template.................................................................................................124

Append-Only File Being Modified......................................................................................125

Failed Attempt to Modify Append-Only Files........................................................................126

Creation and Modification of setuid/setgid File Template...........................................................128

Setuid or setgid File Created or Modified............................................................................129

Creation of World-Writable File Template.................................................................................131

World-Writable File Created..............................................................................................132

Modification of Another User’s File Template............................................................................133

Non-Owned File Being Modified.......................................................................................135

Failed Attempt to Modify Non-Owned Files.........................................................................136

Login/Logout Template..........................................................................................................137

Login/Logout...................................................................................................................139

Successful su Detected......................................................................................................140

Repeated Failed Logins Template............................................................................................141

Failed Login Attempts.......................................................................................................142

6 Contents