IMPORTANT

Automated Response

Sample Response Programs

Sample Response Programs

The following sections contain examples of C and shell script response programs.

Sample C Language Program Source Code

This is sample C language source code for a response program. It is distributed in /opt/ids/share/examples/ids_alertResponse.c.

Modify the source code below to take appropriate action in response to intrusions. This source code can be compiled with your standard C compiler. See Table B-1 on

page 186,Table B-3 on page 188 and Appendix A for information on arguments and environment variables.

#include <stdio.h> #include <stdlib.h>

int main(int argc, char **argv) {

#if 0 /* insert your response code here */ int i;

for(i=0; i < argc; i++) {

fprintf(stderr, "argv[%d] = %s\n", i, argv[i]);

}

#endif

exit(0);

}

Sample Shell Script Alert Responses

Some of these sample shell scripts require root privilege and should not be run as setuid root. Having a privileged setuid shell script on your system will make it completely vulnerable to a well-known race condition attack that allows a nonprivileged user to easily acquire a root shell and thus gain complete control of your system.

For shell scripts that require root privilege, follow the suggestions in “Writing Privileged Response Programs” on page 190.

Appendix B

195

Page 207
Image 207
HP Host Intrusion Detection System (HIDS) manual Sample Response Programs, Sample C Language Program Source Code