HPE Community
Operating System - HP-UX
1827293 Members
2773 Online
109717 Solutions
New Discussion

IDS 900 Shell Script Alert Response

 
SOLVED
Go to solution
John Henrikson
Regular Advisor

‎04-01-2003 09:04 AM

‎04-01-2003 09:04 AM

IDS 900 Shell Script Alert Response

Hello,
I recently installed ids/9000 and was trying to use the sample shell script alert response shown in appendix b of the user manual. The instructions say to simply write the code into files in /opt/ids/response on the agent system. I've done that, but wonder how I can test it to see if it will work?
It seems really sparse.. thanks.
0 Kudos
2 REPLIES 2
Chris Wong
Trusted Contributor

‎04-01-2003 01:37 PM

‎04-01-2003 01:37 PM

Solution

Re: IDS 900 Shell Script Alert Response

You need to trigger an event. This will depend on what you have configured to be monitored on this client. For example, you may be able to use "su" to root unsuccesfully a number of times to spark an event.

- Chris
Pierre Pasturel
Respected Contributor

‎04-28-2003 01:47 PM

‎04-28-2003 01:47 PM

Re: IDS 900 Shell Script Alert Response

As Chris mentioned, the easiest way to test your script is to generate an alert, such as failed su or failed login, while running the appropriate schedule.

FYI, for the next release of IDS (V2.2), this appendix has been expanded to include a discussion on writing privileged response programs. Many of the example response scripts in the appendix need to run with privilege and you should NOT make these setuid privileged scripts on an 11.0/11i system, as this will make your system completely vulnerable to a well known RC attack.

Pierre
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.