McAfee HISCDE-AB-IA Product Guide - Page 127
Non-Windows custom signatures, Solaris/Linux class UNIX_file
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 127 highlights
Appendix A - Writing Custom Signatures and Exceptions Non-Windows custom signatures Non-Windows custom signatures This section describes how to write custom signatures for the Solaris and Linux platforms. NOTE: Rules in the Windows class Files use double slashes, while rules in the non-Windows class UNIX_file use a single slash. The class of the signature depends on the nature of the security issue and the protection the signature can offer. For Solaris and Linux, these classes are available: Class UNIX_file UNIX_apache UNIX_Misc UNIX_bo UNIX_map UNIX_GUID When to use For file or directory operations on Solaris and Linux. For http requests on Solaris and Linux. For safeguarding access protection on Solaris and Linux. For buffer overflow. Solaris only. For mapping files or devices into memory. Solaris only. For allowing users to run an executable with the permissions of the executable's owner or group. Solaris only. Solaris/Linux class UNIX_file The following table lists the possible sections and values for the Unix-based class UNIX_file: Section Class Id level time user_name Executable files source file new zone directives Values UNIX_file See Common sections. Notes File or folder involved in the operation One of the required parameters. Files to look for. See Note 1. Target file names One of the required parameters. See Note 1. List of permissions of source file Solaris Only. Optional. See Note 2. names Permission mode of newly created file or modified permission Solaris Only. Optional. See Note 2. Name of the zone to which the Solaris 10 or later. See Note 5. signature applies unixfile:chdir Changes the working directory. unixfile:chmod Changes the permissions on a directory or file. unixfile:chown Changes the ownership of a directory or file. unixfile:create Creates a file. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 127