# # Copyright (c) 1992, 2012, Oracle and/or its affiliates. All rights reserved. # # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Audit Event Class Masks # # "Meta-classes" can be created; these are supersets composed of multiple base # classes, and thus will have more than 1 bit in its mask. See "ad", "all", # "am", and "pc" below for examples. # # The "no" (invalid) class below is commonly (but not exclusively) used in # audit_event for obsolete events. # # The "frcp" class is a reserved name. It will force preselection of # any user-land event that is mapped to it. "frcp" is used for events # which should always be generated, for example boot messages and # events around discontinuity of operation. # It must not be renamed. However, the "frcp" value may be changed in a # compatible way. # # The "cusa" meta-class represents a general administrative and system # audit group of events particularly recommended to be used with roles. # Audit classes covered by "cusa" are: lo, xa, ss, as, ua (am meta-class), # ft, ap, ex. # # Classes matching 0xff00000000000000 are reserved for local site use. # # File Format: # # mask:class name:class description # # Length limits: class name up to 8, class description up to 72 and # the entire configuration line up to 256 single byte characters. # 0x0000000000000000:no:invalid class 0x0000000000000001:fr:file read 0x0000000000000002:fw:file write 0x0000000000000004:fa:file attribute access 0x0000000000000008:fm:file attribute modify 0x0000000000000010:fc:file create 0x0000000000000020:fd:file delete 0x0000000000000040:cl:file close 0x0000000000000080:ft:file transfer 0x0000000000000100:nt:network 0x0000000000000200:ip:ipc 0x0000000000000400:na:non-attributed 0x0000000000000800:frcp:forced preselection 0x0000000000001000:lo:login or logout 0x0000000000004000:ap:application 0x0000000000008000:cy:cryptographic 0x0000000000010000:ss:change system state 0x0000000000020000:as:system-wide administration 0x0000000000040000:ua:user administration 0x0000000000070000:am:administrative (meta-class) 0x0000000000080000:aa:audit utilization 0x00000000000f0000:ad:old administrative (meta-class) 0x0000000000100000:ps:process start/stop 0x0000000000200000:pm:process modify 0x0000000000300000:pc:process (meta-class) 0x0000000000400000:xa:X - server access 0x0000000000800000:xp:X - privileged/administrative operations 0x0000000001000000:xc:X - object create/destroy 0x0000000002000000:xs:X - operations that always silently fail, if bad 0x0000000003c00000:xx:X - all X events (meta-class) 0x0000000040000000:io:ioctl 0x0000000080000000:ex:exec 0x0000000080475080:cusa:common user or role activity and sysadmin actions (meta-class) 0x0000000100000000:ot:other 0xffffffffffffffff:all:all classes (meta-class)