auditd.h revision 171537
1/* 2 * Copyright (c) 2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 15 * its contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#8 $ 30 */ 31 32#ifndef _AUDITD_H_ 33#define _AUDITD_H_ 34 35#include <sys/types.h> 36#include <sys/queue.h> 37#include <syslog.h> 38 39#define MAX_DIR_SIZE 255 40#define AUDITD_NAME "auditd" 41 42/* 43 * If defined, then the audit daemon will attempt to chown newly created logs 44 * to this group. Otherwise, they will be the default for the user running 45 * auditd, likely the audit group. 46 */ 47#define AUDIT_REVIEW_GROUP "audit" 48 49#define POSTFIX_LEN 16 50#define NOT_TERMINATED ".not_terminated" 51 52struct dir_ent { 53 char *dirname; 54 char softlim; 55 TAILQ_ENTRY(dir_ent) dirs; 56}; 57 58#define HARDLIM_ALL_WARN "allhard" 59#define SOFTLIM_ALL_WARN "allsoft" 60#define AUDITOFF_WARN "auditoff" 61#define CLOSEFILE_WARN "closefile" 62#define EBUSY_WARN "ebusy" 63#define GETACDIR_WARN "getacdir" 64#define HARDLIM_WARN "hard" 65#define NOSTART_WARN "nostart" 66#define POSTSIGTERM_WARN "postsigterm" 67#define SOFTLIM_WARN "soft" 68#define TMPFILE_WARN "tmpfile" 69 70#define AUDITWARN_SCRIPT "/etc/security/audit_warn" 71#define AUDITD_PIDFILE "/var/run/auditd.pid" 72 73int audit_warn_allhard(int count); 74int audit_warn_allsoft(void); 75int audit_warn_auditoff(void); 76int audit_warn_closefile(char *filename); 77int audit_warn_ebusy(void); 78int audit_warn_getacdir(char *filename); 79int audit_warn_hard(char *filename); 80int audit_warn_nostart(void); 81int audit_warn_postsigterm(void); 82int audit_warn_soft(char *filename); 83int audit_warn_tmpfile(void); 84 85#endif /* !_AUDITD_H_ */ 86