McAfee HISCDE-AB-IA Product Guide - Page 132
Solaris class UNIX_bo, By default
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 132 highlights
Appendix A - Writing Custom Signatures and Exceptions Non-Windows custom signatures Section level time user_name Executable zone directives Values Notes Name of the zone to which the Solaris 10 or later. signature applies unixmisc:killagent Prevents SIGKILL signal to be sent to the client. Solaris class UNIX_bo The following table lists the possible sections and values for the Solaris class_bo (Buffer Overflow): Section Class Id level time user_name Executable program zone directives Values UNIX_bo See Common sections. Notes Program name Program to look for. Name of the zone to which the Solaris 10 or later. See note 1. signature applies unixbo:binargs Binary arguments. unixbo:illegal_address Illegal address, such as running a program from the stack. unixbo:exec Program execution. unixbo:environment Program environment. unixbo:binenv Binary environment. unixbo:libc Used when the return address for a function is not in the proper stack frame. Note 1 By default, all zones are protected by the signature. To restrict protection to a particular zone, add a zone section in the signature and include the name of the zone. For example, if you have a zone named "app_zone" whose root is /zones/app, then the rule: Rule { ... file { Include "/tmp/test.log" } zone { Include "app_zone" } 132 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5