Deleted Added
sdiff udiff text old ( 185573 ) new ( 186647 )
full compact
auditd.h (185573) auditd.h (186647)
1/*-
2 * Copyright (c) 2005 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *

--- 12 unchanged lines hidden (view full) ---

21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
1/*-
2 * Copyright (c) 2005 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *

--- 12 unchanged lines hidden (view full) ---

21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#11 $
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#12 $
30 */
31
32#ifndef _AUDITD_H_
33#define _AUDITD_H_
34
35#include <sys/types.h>
36#include <sys/queue.h>
37#include <syslog.h>
38
39#define MAX_DIR_SIZE 255
40#define AUDITD_NAME "auditd"
41
42/*
43 * If defined, then the audit daemon will attempt to chown newly created logs
44 * to this group. Otherwise, they will be the default for the user running
45 * auditd, likely the audit group.
46 */
47#define AUDIT_REVIEW_GROUP "audit"
48
30 */
31
32#ifndef _AUDITD_H_
33#define _AUDITD_H_
34
35#include <sys/types.h>
36#include <sys/queue.h>
37#include <syslog.h>
38
39#define MAX_DIR_SIZE 255
40#define AUDITD_NAME "auditd"
41
42/*
43 * If defined, then the audit daemon will attempt to chown newly created logs
44 * to this group. Otherwise, they will be the default for the user running
45 * auditd, likely the audit group.
46 */
47#define AUDIT_REVIEW_GROUP "audit"
48
49#define NOT_TERMINATED "not_terminated"
50#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1)
51#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2)
52#define TIMESTAMP_LEN (POSTFIX_LEN + 1)
53
54struct dir_ent {
55 char *dirname;
56 char softlim;
57 TAILQ_ENTRY(dir_ent) dirs;
58};
59
60#define HARDLIM_ALL_WARN "allhard"
61#define SOFTLIM_ALL_WARN "allsoft"
62#define AUDITOFF_WARN "auditoff"
63#define CLOSEFILE_WARN "closefile"
64#define EBUSY_WARN "ebusy"
65#define GETACDIR_WARN "getacdir"
66#define HARDLIM_WARN "hard"
67#define NOSTART_WARN "nostart"
68#define POSTSIGTERM_WARN "postsigterm"
69#define SOFTLIM_WARN "soft"
70#define TMPFILE_WARN "tmpfile"
71
72#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
73#define AUDITD_PIDFILE "/var/run/auditd.pid"
74
49#define HARDLIM_ALL_WARN "allhard"
50#define SOFTLIM_ALL_WARN "allsoft"
51#define AUDITOFF_WARN "auditoff"
52#define CLOSEFILE_WARN "closefile"
53#define EBUSY_WARN "ebusy"
54#define GETACDIR_WARN "getacdir"
55#define HARDLIM_WARN "hard"
56#define NOSTART_WARN "nostart"
57#define POSTSIGTERM_WARN "postsigterm"
58#define SOFTLIM_WARN "soft"
59#define TMPFILE_WARN "tmpfile"
60
61#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
62#define AUDITD_PIDFILE "/var/run/auditd.pid"
63
75int audit_warn_allhard(int count);
64#define AUD_STATE_INIT -1
65#define AUD_STATE_DISABLED 0
66#define AUD_STATE_ENABLED 1
67
68int audit_warn_allhard(void);
76int audit_warn_allsoft(void);
77int audit_warn_auditoff(void);
78int audit_warn_closefile(char *filename);
79int audit_warn_ebusy(void);
80int audit_warn_getacdir(char *filename);
81int audit_warn_hard(char *filename);
82int audit_warn_nostart(void);
83int audit_warn_postsigterm(void);
84int audit_warn_soft(char *filename);
85int audit_warn_tmpfile(void);
86
69int audit_warn_allsoft(void);
70int audit_warn_auditoff(void);
71int audit_warn_closefile(char *filename);
72int audit_warn_ebusy(void);
73int audit_warn_getacdir(char *filename);
74int audit_warn_hard(char *filename);
75int audit_warn_nostart(void);
76int audit_warn_postsigterm(void);
77int audit_warn_soft(char *filename);
78int audit_warn_tmpfile(void);
79
80void auditd_openlog(int debug, gid_t gid);
81void auditd_log_err(const char *fmt, ...);
82void auditd_log_debug(const char *fmt, ...);
83void auditd_log_info(const char *fmt, ...);
84void auditd_log_notice(const char *fmt, ...);
85
86void auditd_set_state(int state);
87int auditd_get_state(void);
88
89int auditd_open_trigger(int launchd_flag);
90int auditd_close_trigger(void);
91void auditd_handle_trigger(int trigger);
92
93void auditd_wait_for_events(void);
94void auditd_relay_signal(int signal);
95void auditd_terminate(void);
96int auditd_config_controls(void);
97void auditd_reap_children(void);
98
99
87#endif /* !_AUDITD_H_ */
100#endif /* !_AUDITD_H_ */