2N/A<?xml version="1.0" encoding="UTF-8" ?>
2N/A
2N/A<!--
2N/A Copyright 2010 Sun Microsystems, Inc. All rights reserved.
2N/A Use is subject to license terms.
2N/A
2N/A CDDL HEADER START
2N/A
2N/A The contents of this file are subject to the terms of the
2N/A Common Development and Distribution License (the "License").
2N/A You may not use this file except in compliance with the License.
2N/A
2N/A You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A or http://www.opensolaris.org/os/licensing.
2N/A See the License for the specific language governing permissions
2N/A and limitations under the License.
2N/A
2N/A When distributing Covered Code, include this CDDL HEADER in each
2N/A file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A If applicable, add the following below this CDDL HEADER, with the
2N/A fields enclosed by brackets "[]" replaced with your own identifying
2N/A information: Portions Copyright [yyyy] [name of copyright owner]
2N/A
2N/A CDDL HEADER END
2N/A-->
2N/A
2N/A
2N/A<!--Entity Definitions-->
2N/A
2N/A<!-- timeattr or iso8601
2N/A
2N/Atimeattr:
2N/A the time/date to the second in strftime(3C) default format,
2N/A followed by milliseconds offset.
2N/A
2N/A Example: time="Mon May 06 12:10:18 2002" msec="750"
2N/A
2N/Aiso8601:
2N/A ISO 8601 standard format date time and timezone;
2N/A YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
2N/A milliseconds + or - offset from Universal Time (UTC, aka GMT)
2N/A
2N/A Example: iso8601="2003-09-17 16:47:41.831 -07:00"
2N/A
2N/A-->
2N/A<!ENTITY % timeattr "time CDATA #IMPLIED
2N/A msec CDATA #IMPLIED">
2N/A
2N/A<!ENTITY % iso8601 "iso8601 CDATA #IMPLIED">
2N/A
2N/A<!-- xinfo Generic info for X related tokens. -->
2N/A<!ENTITY % xinfo "xid CDATA #REQUIRED
2N/A xcreator-uid CDATA #REQUIRED">
2N/A
2N/A<!-- reserved_toks
2N/A
2N/AThis represents the set of "reserved" tokens whose placement is
2N/Afixed.
2N/A
2N/A-->
2N/A<!ENTITY % reserved_toks "(
2N/A file |
2N/A record |
2N/A host |
2N/A sequence
2N/A )
2N/A">
2N/A
2N/A<!-- normaltoks
2N/A
2N/AThis represents the set of all tokens other than the "reserved"
2N/Atokens.
2N/A
2N/A-->
2N/A<!ENTITY % normaltoks "(
2N/A acl |
2N/A arbitrary |
2N/A argument |
2N/A attribute |
2N/A cmd |
2N/A exit |
2N/A exec_args |
2N/A exec_env |
2N/A fmri |
2N/A group |
2N/A ip |
2N/A ip_address |
2N/A IPC |
2N/A IPC_perm |
2N/A ip_port |
2N/A liaison |
2N/A opaque |
2N/A path |
2N/A path_attr |
2N/A privilege |
2N/A process |
2N/A return |
2N/A sensitivity_label |
2N/A old_socket |
2N/A socket |
2N/A subject |
2N/A text |
2N/A user |
2N/A use_of_authorization |
2N/A use_of_privilege |
2N/A X_atom |
2N/A X_client |
2N/A X_color_map |
2N/A X_cursor |
2N/A X_font |
2N/A X_graphic_context |
2N/A X_pixmap |
2N/A X_property |
2N/A X_selection |
2N/A X_window |
2N/A zone
2N/A )
2N/A">
2N/A
2N/A<!--Element Definitions-->
2N/A
2N/A<!--
2N/A
2N/AThe main element, "audit", consists of a sequence of file & record tokens.
2N/A
2N/A-->
2N/A<!ELEMENT audit (file | record)*>
2N/A
2N/A<!-- file token -->
2N/A<!ELEMENT file (#PCDATA)>
2N/A<!ATTLIST file %iso8601;>
2N/A
2N/A
2N/A<!-- record token
2N/A
2N/AAudit records will have this general layout of tokens after the
2N/Afirst token (which is the record token):
2N/A (tokens),subject,group,(tokens),return,sequence,host
2N/A
2N/A(all tokens after the record token are optional; the host token is unused.)
2N/A
2N/A-->
2N/A<!ELEMENT record (
2N/A (%normaltoks;)*,
2N/A sequence?,
2N/A host?
2N/A )
2N/A>
2N/A<!ATTLIST record
2N/A version CDATA #REQUIRED
2N/A event CDATA #REQUIRED
2N/A modifier CDATA #IMPLIED
2N/A host CDATA #IMPLIED
2N/A %iso8601;
2N/A>
2N/A
2N/A<!-- text token -->
2N/A<!ELEMENT text (#PCDATA)>
2N/A
2N/A<!-- user token -->
2N/A<!ELEMENT user EMPTY>
2N/A<!ATTLIST user
2N/A uid CDATA #REQUIRED
2N/A username CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- path token -->
2N/A<!ELEMENT path (#PCDATA)>
2N/A
2N/A<!-- path_attr token -->
2N/A<!ELEMENT path_attr (xattr*)>
2N/A<!ELEMENT xattr (#PCDATA)>
2N/A
2N/A<!-- host token -->
2N/A<!ELEMENT host (#PCDATA)>
2N/A
2N/A<!-- subject token -->
2N/A<!ELEMENT subject EMPTY>
2N/A<!ATTLIST subject
2N/A audit-uid CDATA #REQUIRED
2N/A uid CDATA #REQUIRED
2N/A gid CDATA #REQUIRED
2N/A ruid CDATA #REQUIRED
2N/A rgid CDATA #REQUIRED
2N/A pid CDATA #REQUIRED
2N/A sid CDATA #REQUIRED
2N/A tid CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- process token -->
2N/A<!ELEMENT process EMPTY>
2N/A<!ATTLIST process
2N/A audit-uid CDATA #REQUIRED
2N/A uid CDATA #REQUIRED
2N/A gid CDATA #REQUIRED
2N/A ruid CDATA #REQUIRED
2N/A rgid CDATA #REQUIRED
2N/A pid CDATA #REQUIRED
2N/A sid CDATA #REQUIRED
2N/A tid CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- return token -->
2N/A<!ELEMENT return EMPTY>
2N/A<!ATTLIST return
2N/A errval CDATA #REQUIRED
2N/A retval CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- exit token -->
2N/A<!ELEMENT exit EMPTY>
2N/A<!ATTLIST exit
2N/A errval CDATA #REQUIRED
2N/A retval CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- sequence token -->
2N/A<!ELEMENT sequence EMPTY>
2N/A<!ATTLIST sequence
2N/A seq-num CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- fmri token -->
2N/A<!ELEMENT fmri (#PCDATA)>
2N/A
2N/A<!-- group token -->
2N/A<!ELEMENT group (gid)*>
2N/A<!ELEMENT gid (#PCDATA)>
2N/A
2N/A<!-- opaque token -->
2N/A<!ELEMENT opaque (#PCDATA)>
2N/A
2N/A<!-- liaison token -->
2N/A<!-- (NOTE: liaison is obsolete and is no longer generated -->
2N/A<!ELEMENT liaison (#PCDATA)>
2N/A
2N/A<!-- argument token -->
2N/A<!ELEMENT argument EMPTY>
2N/A<!ATTLIST argument
2N/A arg-num CDATA #REQUIRED
2N/A value CDATA #REQUIRED
2N/A desc CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- attribute token -->
2N/A<!ELEMENT attribute EMPTY>
2N/A<!ATTLIST attribute
2N/A mode CDATA #REQUIRED
2N/A uid CDATA #REQUIRED
2N/A gid CDATA #REQUIRED
2N/A fsid CDATA #REQUIRED
2N/A nodeid CDATA #REQUIRED
2N/A device CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- cmd token -->
2N/A<!ELEMENT cmd (argv*, arge*)>
2N/A<!ELEMENT argv (#PCDATA)>
2N/A<!ELEMENT arge (#PCDATA)>
2N/A
2N/A<!-- exec_args token -->
2N/A<!ELEMENT exec_args (arg*)>
2N/A<!ELEMENT arg (#PCDATA)>
2N/A
2N/A<!-- exec_env token -->
2N/A<!ELEMENT exec_env (env*)>
2N/A<!ELEMENT env (#PCDATA)>
2N/A
2N/A<!-- arbitrary token -->
2N/A<!ELEMENT arbitrary (#PCDATA)>
2N/A<!ATTLIST arbitrary
2N/A print CDATA #REQUIRED
2N/A type CDATA #REQUIRED
2N/A count CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- privilege token -->
2N/A<!ELEMENT privilege (#PCDATA)>
2N/A<!ATTLIST privilege
2N/A set-type CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- use_of_privilege token -->
2N/A<!ELEMENT use_of_privilege (#PCDATA)>
2N/A<!ATTLIST use_of_privilege
2N/A result CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- sensitivity_label token -->
2N/A<!ELEMENT sensitivity_label (#PCDATA)>
2N/A
2N/A<!-- use_of_authorization token -->
2N/A<!ELEMENT use_of_authorization (#PCDATA)>
2N/A
2N/A<!-- IPC token -->
2N/A<!ELEMENT IPC EMPTY>
2N/A<!ATTLIST IPC
2N/A ipc-type CDATA #REQUIRED
2N/A ipc-id CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- IPC_perm token -->
2N/A<!ELEMENT IPC_perm EMPTY>
2N/A<!ATTLIST IPC_perm
2N/A uid CDATA #REQUIRED
2N/A gid CDATA #REQUIRED
2N/A creator-uid CDATA #REQUIRED
2N/A creator-gid CDATA #REQUIRED
2N/A mode CDATA #REQUIRED
2N/A seq CDATA #REQUIRED
2N/A key CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- ip_address token -->
2N/A<!ELEMENT ip_address (#PCDATA)>
2N/A
2N/A<!-- ip_port token -->
2N/A<!-- (NOTE: ip_port is obsolete and is no longer generated -->
2N/A<!ELEMENT ip_port (#PCDATA)>
2N/A
2N/A<!-- ip token -->
2N/A<!-- (NOTE: ip is obsolete and is no longer generated -->
2N/A<!ELEMENT ip EMPTY>
2N/A<!ATTLIST ip
2N/A version CDATA #REQUIRED
2N/A service_type CDATA #REQUIRED
2N/A len CDATA #REQUIRED
2N/A id CDATA #REQUIRED
2N/A offset CDATA #REQUIRED
2N/A time_to_live CDATA #REQUIRED
2N/A protocol CDATA #REQUIRED
2N/A cksum CDATA #REQUIRED
2N/A src_addr CDATA #REQUIRED
2N/A dest_addr CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- old_socket token -->
2N/A<!ELEMENT old_socket EMPTY>
2N/A<!ATTLIST old_socket
2N/A type CDATA #REQUIRED
2N/A port CDATA #REQUIRED
2N/A addr CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- socket token -->
2N/A<!ELEMENT socket EMPTY>
2N/A<!ATTLIST socket
2N/A sock_domain CDATA #REQUIRED
2N/A sock_type CDATA #REQUIRED
2N/A lport CDATA #REQUIRED
2N/A laddr CDATA #REQUIRED
2N/A fport CDATA #REQUIRED
2N/A faddr CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- acl token -->
2N/A<!ELEMENT acl EMPTY>
2N/A<!ATTLIST acl
2N/A type CDATA #IMPLIED
2N/A value CDATA #IMPLIED
2N/A mode CDATA #IMPLIED
2N/A flags CDATA #IMPLIED
2N/A id CDATA #IMPLIED
2N/A access_mask CDATA #IMPLIED
2N/A>
2N/A
2N/A<!-- tid token -->
2N/A<!-- future intent: contain one of ipadr | MTUadr | device -->
2N/A<!ELEMENT tid (ipadr*)>
2N/A<!ATTLIST tid
2N/A type CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- ipadr content of tid token -->
2N/A<!ELEMENT ipadr EMPTY>
2N/A<!ATTLIST ipadr
2N/A local-port CDATA #REQUIRED
2N/A remote-port CDATA #REQUIRED
2N/A host CDATA #REQUIRED
2N/A>
2N/A
2N/A<!-- X_atom token -->
2N/A<!ELEMENT X_atom (#PCDATA)>
2N/A
2N/A<!-- X_color_map token -->
2N/A<!ELEMENT X_color_map EMPTY>
2N/A<!ATTLIST X_color_map %xinfo;>
2N/A
2N/A<!-- X_cursor token -->
2N/A<!ELEMENT X_cursor EMPTY>
2N/A<!ATTLIST X_cursor %xinfo;>
2N/A
2N/A<!-- X_font token -->
2N/A<!ELEMENT X_font EMPTY>
2N/A<!ATTLIST X_font %xinfo;>
2N/A
2N/A<!-- X_graphic_context token -->
2N/A<!ELEMENT X_graphic_context EMPTY>
2N/A<!ATTLIST X_graphic_context %xinfo;>
2N/A
2N/A<!-- X_pixmap token -->
2N/A<!ELEMENT X_pixmap EMPTY>
2N/A<!ATTLIST X_pixmap %xinfo;>
2N/A
2N/A<!-- X_window token -->
2N/A<!ELEMENT X_window EMPTY>
2N/A<!ATTLIST X_window %xinfo;>
2N/A
2N/A<!-- X_property token -->
2N/A<!ELEMENT X_property (#PCDATA)>
2N/A<!ATTLIST X_property %xinfo;>
2N/A
2N/A<!-- X_client token -->
2N/A<!ELEMENT X_client (#PCDATA)>
2N/A
2N/A<!-- X_selection token -->
2N/A<!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)>
2N/A<!ELEMENT x_sel_text (#PCDATA)>
2N/A<!ELEMENT x_sel_type (#PCDATA)>
2N/A<!ELEMENT x_sel_data (#PCDATA)>
2N/A
2N/A<!-- zonename token -->
2N/A<!ELEMENT zone EMPTY>
2N/A<!ATTLIST zone
2N/A name CDATA #REQUIRED
2N/A>