https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940826#M752713 As Chris mentioned, the easiest way to test your script is to generate an alert, such as failed su or failed login, while running the appropriate schedule. <BR /><BR />FYI, for the next release of IDS (V2.2), this appendix has been expanded to include a discussion on writing privileged response programs. Many of the example response scripts in the appendix need to run with privilege and you should NOT make these setuid privileged scripts on an 11.0/11i system, as this will make your system completely vulnerable to a well known RC attack.<BR /><BR />Pierre<BR /> Mon, 28 Apr 2003 20:47:18 GMT Pierre Pasturel 2003-04-28T20:47:18Z https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940824#M752711 Hello, <BR />I recently installed ids/9000 and was trying to use the sample shell script alert response shown in appendix b of the user manual. The instructions say to simply write the code into files in /opt/ids/response on the agent system. I've done that, but wonder how I can test it to see if it will work? <BR />It seems really sparse.. thanks. <BR /> Tue, 01 Apr 2003 17:04:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940824#M752711 John Henrikson 2003-04-01T17:04:52Z https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940825#M752712 You need to trigger an event. This will depend on what you have configured to be monitored on this client. For example, you may be able to use "su" to root unsuccesfully a number of times to spark an event.<BR /><BR />- Chris Tue, 01 Apr 2003 21:37:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940825#M752712 Chris Wong 2003-04-01T21:37:45Z https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940826#M752713 As Chris mentioned, the easiest way to test your script is to generate an alert, such as failed su or failed login, while running the appropriate schedule. <BR /><BR />FYI, for the next release of IDS (V2.2), this appendix has been expanded to include a discussion on writing privileged response programs. Many of the example response scripts in the appendix need to run with privilege and you should NOT make these setuid privileged scripts on an 11.0/11i system, as this will make your system completely vulnerable to a well known RC attack.<BR /><BR />Pierre<BR /> Mon, 28 Apr 2003 20:47:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/ids-900-shell-script-alert-response/m-p/2940826#M752713 Pierre Pasturel 2003-04-28T20:47:18Z