auditd.h revision 259065
1221807Sstas/*- 2221807Sstas * Copyright (c) 2005-2009 Apple Inc. 3221807Sstas * All rights reserved. 4221807Sstas * 5221807Sstas * Redistribution and use in source and binary forms, with or without 6221807Sstas * modification, are permitted provided that the following conditions 7221807Sstas * are met: 8221807Sstas * 9221807Sstas * 1. Redistributions of source code must retain the above copyright 10221807Sstas * notice, this list of conditions and the following disclaimer. 11221807Sstas * 2. Redistributions in binary form must reproduce the above copyright 12221807Sstas * notice, this list of conditions and the following disclaimer in the 13221807Sstas * documentation and/or other materials provided with the distribution. 14221807Sstas * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15221807Sstas * its contributors may be used to endorse or promote products derived 16221807Sstas * from this software without specific prior written permission. 17221807Sstas * 18221807Sstas * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19221807Sstas * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20221807Sstas * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21221807Sstas * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22221807Sstas * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23221807Sstas * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24221807Sstas * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25221807Sstas * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26221807Sstas * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27221807Sstas * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28221807Sstas * 29221807Sstas * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $ 30221807Sstas */ 31221807Sstas 32221807Sstas#ifndef _AUDITD_H_ 33221807Sstas#define _AUDITD_H_ 34221807Sstas 35221807Sstas#include <sys/types.h> 36221807Sstas#include <sys/queue.h> 37221807Sstas#include <syslog.h> 38221807Sstas 39221807Sstas#define MAX_DIR_SIZE 255 40221807Sstas#define AUDITD_NAME "auditd" 41221807Sstas 42221807Sstas/* 43221807Sstas * If defined, then the audit daemon will attempt to chown newly created logs 44221807Sstas * to this group. Otherwise, they will be the default for the user running 45221807Sstas * auditd, likely the audit group. 46221807Sstas */ 47221807Sstas#define AUDIT_REVIEW_GROUP "audit" 48221807Sstas 49221807Sstas#define HARDLIM_ALL_WARN "allhard" 50221807Sstas#define SOFTLIM_ALL_WARN "allsoft" 51221807Sstas#define AUDITOFF_WARN "auditoff" 52221807Sstas#define CLOSEFILE_WARN "closefile" 53221807Sstas#define EBUSY_WARN "ebusy" 54221807Sstas#define GETACDIR_WARN "getacdir" 55221807Sstas#define HARDLIM_WARN "hard" 56221807Sstas#define NOSTART_WARN "nostart" 57221807Sstas#define POSTSIGTERM_WARN "postsigterm" 58221807Sstas#define SOFTLIM_WARN "soft" 59221807Sstas#define TMPFILE_WARN "tmpfile" 60221807Sstas#define EXPIRED_WARN "expired" 61221807Sstas 62221807Sstas#define AUDITWARN_SCRIPT "/etc/security/audit_warn" 63221807Sstas#define AUDITD_PIDFILE "/var/run/auditd.pid" 64221807Sstas 65221807Sstas#define AUD_STATE_INIT -1 66221807Sstas#define AUD_STATE_DISABLED 0 67221807Sstas#define AUD_STATE_ENABLED 1 68221807Sstas 69221807Sstasint audit_warn_allhard(void); 70221807Sstasint audit_warn_allsoft(void); 71221807Sstasint audit_warn_auditoff(void); 72221807Sstasint audit_warn_closefile(char *filename); 73221807Sstasint audit_warn_ebusy(void); 74221807Sstasint audit_warn_getacdir(char *filename); 75221807Sstasint audit_warn_hard(char *filename); 76221807Sstasint audit_warn_nostart(void); 77221807Sstasint audit_warn_postsigterm(void); 78221807Sstasint audit_warn_soft(char *filename); 79221807Sstasint audit_warn_tmpfile(void); 80221807Sstasint audit_warn_expired(char *filename); 81221807Sstas 82221807Sstasvoid auditd_openlog(int debug, gid_t gid); 83221807Sstasvoid auditd_log_err(const char *fmt, ...); 84221807Sstasvoid auditd_log_debug(const char *fmt, ...); 85221807Sstasvoid auditd_log_info(const char *fmt, ...); 86221807Sstasvoid auditd_log_notice(const char *fmt, ...); 87221807Sstas 88221807Sstasvoid auditd_set_state(int state); 89221807Sstasint auditd_get_state(void); 90221807Sstas 91221807Sstasint auditd_open_trigger(int launchd_flag); 92221807Sstasint auditd_close_trigger(void); 93221807Sstasvoid auditd_handle_trigger(int trigger); 94221807Sstas 95221807Sstasvoid auditd_wait_for_events(void); 96221807Sstasvoid auditd_relay_signal(int signal); 97221807Sstasvoid auditd_terminate(void); 98221807Sstasint auditd_config_controls(void); 99221807Sstasvoid auditd_reap_children(void); 100221807Sstas 101221807Sstas 102221807Sstas#endif /* !_AUDITD_H_ */ 103221807Sstas