Filter
Top Products
185
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Writing Custom Signatures
Linux Custom Signatures
A
Linux Custom Signatures
This topic describes how to write Linux custom signatures.
The class of the signature depends on the nature of the security issue and on the
protection the rules offer. The table below lists the available Linux classes:
Class UNIX_file
The following table lists the possible sections of the class Files.
class meaning / remarks
UNIX_file Used for file or directory operations. See Class UNIX_file.
section values meaning/remarks
Class UNIX_file
Id 4000 - 7999
level 0, 1, 2, 3, 4
time *
user_name user or system account
application user or system account path +
application name
files source file(s) Files to look for. This is optional if
section source is used; see Note 1.
directives unixfile:link Creating hard links.
unixfile:read Opening the file in Read mode.
unixfile:write Opening the file in Write mode.
unixfile:unlink Deleting a file from a directory or
deleting the directory.
unixfile:rename Renaming the file.
unixfile:setattr Changing the permissions and file
ownership of the directory or file.
unixfile:create Creating a file.
unixfile:mkdir Creating a directory.
unixfile:rmdir Removing a directory.