McAfee® Host Intrusion Prevention 6.1 Product Guide

Writing Custom Signatures

 

Solaris Custom Signatures

Note 1

Relevant (X) directives per section:

directive

file

source

file permission

new permission

 

 

 

 

 

symlink

X

X

-

X

 

 

 

 

 

read

X

-

-

-

 

 

 

 

 

write

X

-

-

-

 

 

 

 

 

unlink

X

-

-

-

 

 

 

 

 

rename

X

X

-

-

 

 

 

 

 

chmod

X

-

X

X

 

 

 

 

 

chown

X

-

-

-

 

 

 

 

 

create

X

-

X

X

 

 

 

 

 

mkdir

X

-

-

-

 

 

 

 

 

rmdir

X

-

-

-

 

 

 

 

 

chdir

X

-

-

-

 

 

 

 

 

Note 2

The value of the sections file permissions and new permissions corresponds to the

Access Control List (acl). These can have values of “SUID” or “SGID” only.

Note 3

The directive Unixfile:link has a different meaning when combined with section files and section source:

„Combined with section files, it means that creating a link to the file in the section files is monitored.

„Combined with section source, it means that no link can be created with the name as specified in the section source.

Note 4

The directive Unixfile:rename has a different meaning when combined with section files and section source:

„Combined with section files, it means that renaming of the file in the section files is monitored.

„Combined with section source, it means that no file can be renamed to the file in the section source.

A

182

Page 182
Image 182
McAfee 6.1 manual Relevant X directives per section, Directive File Source File permission New permission