Templates and Alerts

Creation of World-Writable File Template

Table A-16

World-writable File Created Alert Properties (Continued)

 

 

 

 

 

 

 

Response

Alert

Alert

 

 

 

Program

Field

Alert Value/Format

Description

 

Field

 

Argument

Type

 

 

 

 

 

 

 

 

 

 

 

 

 

argv[2]

Version

Integer

2

Version of the

 

 

 

 

 

template

 

 

 

 

 

 

 

argv[3]

Severity

Integer

3

Severity

 

 

 

 

 

 

 

argv[4]

UTC Time

Integer

<secs>

UTC time in

 

 

 

 

 

number of

 

 

 

 

 

seconds since

 

 

 

 

 

epoch when a

 

 

 

 

 

world writable

 

 

 

 

 

file is created

 

 

 

 

 

 

 

argv[5]

Attacker

String

“uid=<uid>, gid=<gid>, pid=<pid>,

The user ID,

 

 

 

 

ppid=<ppid>”

group ID,

 

 

 

 

 

process ID, and

 

 

 

 

 

parent process

 

 

 

 

 

ID of the process

 

 

 

 

 

that created the

 

 

 

 

 

world writable

 

 

 

 

 

file

 

 

 

 

 

 

 

argv[6]

Target of

String

“file=<full pathname>,

The full

 

 

Attack

 

mode=<mode>,uid=<uid>,gid=<gid>,

pathname of the

 

 

 

 

world writable

 

 

 

 

 

 

 

 

 

inode=<inode>,device=<device>”

file and the file’s

 

 

 

 

 

mode, uid, gid,

 

 

 

 

 

inode, and

 

 

 

 

 

device number

 

 

 

 

 

 

 

argv[7]

Summary

String

“World writable file created”

Alert summary

 

 

 

 

 

 

160

Appendix A

Page 172
Image 172
HP Host Intrusion Detection System (HIDS) manual 160