Filter
Top Products
181
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Writing Custom Signatures
Solaris Custom Signatures
A
Solaris Custom Signatures
This topic describes how to write Solaris custom signatures.
The class of the signature depends on the nature of the security issue and on the
protection the rules can offer. The table below lists the available Solaris classes:
Class UNIX_file
The following table lists the possible sections of the class Files.
Note
Rules in the Windows class Files use double slashes and rules in the Solaris Class
UNIX_Files use a single slash.
class meaning / remarks
UNIX_file Used for file or directory operations. SeeClass UNIX_file.
UNIX_apache Used for http operations. See Class UNIX_apache.
section values meaning/remarks
Class UNIX_file
Id 4000 - 7999
level 0, 1, 2, 3, 4
time *
user_name user or system account
application user or system account path +
application name
files source file(s) Files to look for. This is optional if
section source is used; see Note 1.
source target file names This is optional. See Note 1.
file permission] list of permissions of source file
names
This is optional. See Note 2.
new permission permission mode of newly
created file or modified
permission
This is optional. See Note 2.
directives unixfile:symlink Creating a symbolic link.
unixfile:link Creating a hard link. See Note 3.
unixfile:read Opening the file in Read mode.
unixfile:write Opening the file in Write mode.
unixfile:unlink Deleting a file from a directory or
deleting the directory.
unixfile:rename Renaming the file. See Note 4.
unixfile:chmod Changing the permissions on the
directory or file.
unixfile:chown Changing the file ownership of the
directory or file.
unixfile:create Creating a file.
unixfile:mkdir Creating a directory.
unixfile:rmdir Removing a directory.
unixfile:chdir Changing the working directory