1/*-
| 1/*-
|
2 * Copyright (c) 2005 Apple Inc.
| 2 * Copyright (c) 2005-2009 Apple Inc.
|
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
| 3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
|
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#12 $
| 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $
|
30 */
31
32#ifndef _AUDITD_H_
33#define _AUDITD_H_
34
35#include <sys/types.h>
36#include <sys/queue.h>
37#include <syslog.h>
38
39#define MAX_DIR_SIZE 255
40#define AUDITD_NAME "auditd"
41
42/*
43 * If defined, then the audit daemon will attempt to chown newly created logs
44 * to this group. Otherwise, they will be the default for the user running
45 * auditd, likely the audit group.
46 */
47#define AUDIT_REVIEW_GROUP "audit"
48
49#define HARDLIM_ALL_WARN "allhard"
50#define SOFTLIM_ALL_WARN "allsoft"
51#define AUDITOFF_WARN "auditoff"
52#define CLOSEFILE_WARN "closefile"
53#define EBUSY_WARN "ebusy"
54#define GETACDIR_WARN "getacdir"
55#define HARDLIM_WARN "hard"
56#define NOSTART_WARN "nostart"
57#define POSTSIGTERM_WARN "postsigterm"
58#define SOFTLIM_WARN "soft"
59#define TMPFILE_WARN "tmpfile"
| 30 */
31
32#ifndef _AUDITD_H_
33#define _AUDITD_H_
34
35#include <sys/types.h>
36#include <sys/queue.h>
37#include <syslog.h>
38
39#define MAX_DIR_SIZE 255
40#define AUDITD_NAME "auditd"
41
42/*
43 * If defined, then the audit daemon will attempt to chown newly created logs
44 * to this group. Otherwise, they will be the default for the user running
45 * auditd, likely the audit group.
46 */
47#define AUDIT_REVIEW_GROUP "audit"
48
49#define HARDLIM_ALL_WARN "allhard"
50#define SOFTLIM_ALL_WARN "allsoft"
51#define AUDITOFF_WARN "auditoff"
52#define CLOSEFILE_WARN "closefile"
53#define EBUSY_WARN "ebusy"
54#define GETACDIR_WARN "getacdir"
55#define HARDLIM_WARN "hard"
56#define NOSTART_WARN "nostart"
57#define POSTSIGTERM_WARN "postsigterm"
58#define SOFTLIM_WARN "soft"
59#define TMPFILE_WARN "tmpfile"
|
| 60#define EXPIRED_WARN "expired"
|
60
61#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
62#define AUDITD_PIDFILE "/var/run/auditd.pid"
63
64#define AUD_STATE_INIT -1
65#define AUD_STATE_DISABLED 0
66#define AUD_STATE_ENABLED 1
67
68int audit_warn_allhard(void);
69int audit_warn_allsoft(void);
70int audit_warn_auditoff(void);
71int audit_warn_closefile(char *filename);
72int audit_warn_ebusy(void);
73int audit_warn_getacdir(char *filename);
74int audit_warn_hard(char *filename);
75int audit_warn_nostart(void);
76int audit_warn_postsigterm(void);
77int audit_warn_soft(char *filename);
78int audit_warn_tmpfile(void);
| 61
62#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
63#define AUDITD_PIDFILE "/var/run/auditd.pid"
64
65#define AUD_STATE_INIT -1
66#define AUD_STATE_DISABLED 0
67#define AUD_STATE_ENABLED 1
68
69int audit_warn_allhard(void);
70int audit_warn_allsoft(void);
71int audit_warn_auditoff(void);
72int audit_warn_closefile(char *filename);
73int audit_warn_ebusy(void);
74int audit_warn_getacdir(char *filename);
75int audit_warn_hard(char *filename);
76int audit_warn_nostart(void);
77int audit_warn_postsigterm(void);
78int audit_warn_soft(char *filename);
79int audit_warn_tmpfile(void);
|
| 80int audit_warn_expired(char *filename);
|
79
80void auditd_openlog(int debug, gid_t gid);
81void auditd_log_err(const char *fmt, ...);
82void auditd_log_debug(const char *fmt, ...);
83void auditd_log_info(const char *fmt, ...);
84void auditd_log_notice(const char *fmt, ...);
85
86void auditd_set_state(int state);
87int auditd_get_state(void);
88
89int auditd_open_trigger(int launchd_flag);
90int auditd_close_trigger(void);
91void auditd_handle_trigger(int trigger);
92
93void auditd_wait_for_events(void);
94void auditd_relay_signal(int signal);
95void auditd_terminate(void);
96int auditd_config_controls(void);
97void auditd_reap_children(void);
98
99
100#endif /* !_AUDITD_H_ */
| 81
82void auditd_openlog(int debug, gid_t gid);
83void auditd_log_err(const char *fmt, ...);
84void auditd_log_debug(const char *fmt, ...);
85void auditd_log_info(const char *fmt, ...);
86void auditd_log_notice(const char *fmt, ...);
87
88void auditd_set_state(int state);
89int auditd_get_state(void);
90
91int auditd_open_trigger(int launchd_flag);
92int auditd_close_trigger(void);
93void auditd_handle_trigger(int trigger);
94
95void auditd_wait_for_events(void);
96void auditd_relay_signal(int signal);
97void auditd_terminate(void);
98int auditd_config_controls(void);
99void auditd_reap_children(void);
100
101
102#endif /* !_AUDITD_H_ */
|