audit.h revision 799bd2909999424ef8acb8293caeb3e2af3fccc7
0N/A * The contents of this file are subject to the terms of the 0N/A * Common Development and Distribution License (the "License"). 0N/A * You may not use this file except in compliance with the License. 0N/A * See the License for the specific language governing permissions 0N/A * and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL HEADER in each 0N/A * If applicable, add the following below this CDDL HEADER, with the 0N/A * fields enclosed by brackets "[]" replaced with your own identifying 0N/A * information: Portions Copyright [yyyy] [name of copyright owner] 157N/A * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 157N/A * Use is subject to license terms. 0N/A * This file contains the declarations of the various data structures 0N/A * used by the auditing module(s). 0N/A#
pragma ident "%Z%%M% %I% %E% SMI" #
include <
sys/
sem.h>
/* for semid_ds structure */#
include <
sys/
msg.h>
/* for msqid_ds structure */ * Audit conditions, statements reguarding what's to be done with * audit records. Neither AUC_ENABLED, AUC_DISABLED, nor AUC_UNSET * are returned on an auditconfig -getcond call. #
define AUC_DISABLED -
1 /* audit module loaded but not enabled */#
define AUC_INIT_AUDIT 4 /* c2audit is ready but auditd has not run */#
define AUC_NOSPACE 3 /* audit enabled, no space for audit records */ * The user id -2 is never audited - in fact, a setauid(AU_NOAUDITID) * will turn off auditing. #
define AUM_SUCC 1 /* use the system success preselection mask */#
define AUM_FAIL 2 /* use the system failure preselection mask */ * Defines for event modifier field #
define PAD_READ 0x0001 /* object read */#
define PAD_NONATTR 0x4000 /* non-attributable event */#
define PAD_SPRIVUSE 0x0080 /* successfully used privileged */ * Some typedefs for the fundamentals #
define AU_MASK_ALL 0xFFFFFFFF /* all bits on for unsigned int */#
define AU_MASK_NONE 0x0 /* all bits off = no:invalid class */ * The structure of the terminal ID (ipv4) * The structure of the terminal ID (ipv6) * Generic network address structure * au_generic_tid_t gt_type values * 0 is reserved for uninitialized data * at_type values - address length used to identify address type #
define AU_IPv4 4 /* ipv4 type IP address */#
define AU_IPv6 16 /* ipv6 type IP address */ * Compatability with SunOS 4.x BSM module * New code should not contain audit_state_t, * au_state_t, nor au_termid as these types * may go away in future releases. * typedef new-5.x-bsm-name old-4.x-bsm-name * Opcodes for bsm system calls #
define A_GETKMASK 4 /* get kernel event preselection mask */#
define A_SETKMASK 5 /* set kernel event preselection mask */#
define A_GETQCTRL 6 /* get kernel audit queue ctrl parameters */#
define A_SETQCTRL 7 /* set kernel audit queue ctrl parameters */#
define A_GETCWD 8 /* get process current working directory */#
define A_GETCAR 9 /* get process current active root */#
define A_GETSTAT 12 /* get audit statistics */#
define A_SETSTAT 13 /* (re)set audit statistics */#
define A_SETUMASK 14 /* set preselection mask for procs with auid */#
define A_SETSMASK 15 /* set preselection mask for procs with asid */#
define A_GETCLASS 22 /* get audit event to class mapping */#
define A_SETCLASS 23 /* set audit event to class mapping */#
define A_GETPINFO 24 /* get audit info for an arbitrary pid */#
define A_SETPMASK 25 /* set preselection mask for an given pid */#
define A_GETKAUDIT 29 /* get kernel audit characteristics */#
define A_SETKAUDIT 30 /* set kernel audit characteristics */ * Audit Policy parameters (32 bits) #
define AUDIT_CNT 0x0001 /* do NOT sleep undelivered synch events */#
define AUDIT_AHLT 0x0002 /* HALT machine on undelivered async event */#
define AUDIT_ARGV 0x0004 /* include argv with execv system call events */#
define AUDIT_ARGE 0x0008 /* include arge with execv system call events */#
define AUDIT_SEQ 0x0010 /* include sequence attribute */#
define AUDIT_WINDATA 0x0020 /* include interwindow moved data */#
define AUDIT_GROUP 0x0040 /* include group attribute with each record */#
define AUDIT_PATH 0x0100 /* allow multiple paths per event */#
define AUDIT_SCNT 0x0200 /* sleep user events but not kernel events */#
define AUDIT_PERZONE 0x1000 /* auditd and audit queue for each zone */ * If AUDIT_GLOBAL changes, corresponding changes are required in * Kernel audit queue control parameters * audit record recording blocks at hiwater # undelived records * audit record recording resumes at lowwater # undelivered audit records * bufsz determines how big the data xfers will be to the audit trail * default values of hiwater and lowater (note hi > lo) unsigned int as_version;
/* version of kernel audit code */ unsigned int as_numevent;
/* number of kernel audit events */ * Secondary stat structure for file size stuff. The stat structure was * not combined to preserve the semantics of the 5.1 - 5.3 A_GETSTAT call /* get kernel audit context dependent on AUDIT_PERZONE policy */ /* get kernel audit context of global zone */ /* get kernel audit context of non-global zone */ * audit token IPC types (shm, sem, msg) [for ipc attribute] #
define AT_IPC_SEM ((
char)
2)
/* semaphore IPC id */#
define AT_IPC_SHM ((
char)
3)
/* shared memory IPC id */ unsigned char *,
int *,
int);
unsigned char,
int,
int);
#
endif /* _BSM_AUDIT_H */