1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25#ifndef _BSM_AUDIT_KEVENTS_H
26#define	_BSM_AUDIT_KEVENTS_H
27
28#ifdef	__cplusplus
29extern "C" {
30#endif
31
32/*
33 * Audit event numbers.
34 *
35 *	0		Reserved as an invalid event number.
36 *	1 -   511	Allocated for Solaris kernel
37 *	512 -  2047	(reserved but not allocated)
38 *	2048 - 32767	Reserved for the Solaris TCB application.
39 *	32768 - 65535	Available for third party applications.
40 *
41 *	NOTE:	libbsm/audit_event.txt must be updated elsewhere when changes
42 *		are made to kernel events.
43 */
44
45#define	AUE_NULL		0	/* =no indir system call */
46#define	AUE_EXIT		1	/* =ps exit(2) */
47#define	AUE_FORKALL		2	/* =ps forkall(2) */
48#define	AUE_OPEN		3	/* =no open(2): place holder */
49#define	AUE_CREAT		4	/* =no obsolete */
50#define	AUE_LINK		5	/* =fc link(2) */
51#define	AUE_UNLINK		6	/* =fd unlink(2) */
52#define	AUE_EXEC		7	/* =no obsolete */
53#define	AUE_CHDIR		8	/* =pm chdir(2) */
54#define	AUE_MKNOD		9	/* =fc mknod(2) */
55#define	AUE_CHMOD		10	/* =fm chmod(2) */
56#define	AUE_CHOWN		11	/* =fm chown(2) */
57#define	AUE_UMOUNT		12	/* =as umount(2): old version */
58#define	AUE_JUNK		13	/* =no non existant event */
59#define	AUE_ACCESS		14	/* =fa access(2) */
60#define	AUE_KILL		15	/* =pm kill(2) */
61#define	AUE_STAT		16	/* =fa stat(2) */
62#define	AUE_LSTAT		17	/* =fa lstat(2) */
63#define	AUE_ACCT		18	/* =as acct(2) */
64#define	AUE_MCTL		19	/* =no mctl(2) */
65#define	AUE_REBOOT		20	/* =no reboot(2) */
66#define	AUE_SYMLINK		21	/* =fc symlink(2) */
67#define	AUE_READLINK		22	/* =fr readlink(2) */
68#define	AUE_EXECVE		23	/* =ps,ex execve(2) */
69#define	AUE_CHROOT		24	/* =pm chroot(2) */
70#define	AUE_VFORK		25	/* =ps vfork(2) */
71#define	AUE_SETGROUPS		26	/* =pm setgroups(2) */
72#define	AUE_SETPGRP		27	/* =pm setpgrp(2) */
73#define	AUE_SWAPON		28	/* =no swapon(2) */
74#define	AUE_SETHOSTNAME		29	/* =no sethostname(2) */
75#define	AUE_FCNTL		30	/* =fm fcntl(2) */
76#define	AUE_SETPRIORITY		31	/* =no setpriority(2) */
77#define	AUE_CONNECT		32	/* =nt connect(2) */
78#define	AUE_ACCEPT		33	/* =nt accept(2) */
79#define	AUE_BIND		34	/* =nt bind(2) */
80#define	AUE_SETSOCKOPT		35	/* =nt setsockopt(2) */
81#define	AUE_VTRACE		36	/* =no vtrace(2) */
82#define	AUE_SETTIMEOFDAY	37	/* =no settimeofday(2) */
83#define	AUE_FCHOWN		38	/* =fm fchown(2) */
84#define	AUE_FCHMOD		39	/* =fm fchmod(2) */
85#define	AUE_SETREUID		40	/* =pm setreuid(2) */
86#define	AUE_SETREGID		41	/* =pm setregid(2) */
87#define	AUE_RENAME		42	/* =fc,fd rename(2) */
88#define	AUE_TRUNCATE		43	/* =no truncate(2) */
89#define	AUE_FTRUNCATE		44	/* =no ftruncate(2) */
90#define	AUE_FLOCK		45	/* =no flock(2) */
91#define	AUE_SHUTDOWN		46	/* =nt shutdown(2) */
92#define	AUE_MKDIR		47	/* =fc mkdir(2) */
93#define	AUE_RMDIR		48	/* =fd rmdir(2) */
94#define	AUE_UTIMES		49	/* =fm futimens(2), utimensat(2) */
95#define	AUE_ADJTIME		50	/* =as adjtime(2) */
96#define	AUE_SETRLIMIT		51	/* =ua setrlimit(2) */
97#define	AUE_KILLPG		52	/* =no killpg(2) */
98#define	AUE_NFS_SVC		53	/* =no nfs_svc(2) */
99#define	AUE_STATFS		54	/* =fa statfs(2) */
100#define	AUE_FSTATFS		55	/* =fa fstatfs(2) */
101#define	AUE_UNMOUNT		56	/* =no unmount(2) */
102#define	AUE_ASYNC_DAEMON	57	/* =no async_daemon(2) */
103#define	AUE_NFS_GETFH		58	/* =no nfs_getfh(2) */
104#define	AUE_SETDOMAINNAME	59	/* =no setdomainname(2) */
105#define	AUE_QUOTACTL		60	/* =no quotactl(2) */
106#define	AUE_EXPORTFS		61	/* =no exportfs(2) */
107#define	AUE_MOUNT		62	/* =as mount(2) */
108#define	AUE_SEMSYS		63	/* =no semsys(2): place holder */
109#define	AUE_MSGSYS		64	/* =no msgsys(2): place holder */
110#define	AUE_SHMSYS		65	/* =no shmsys(2): place holder */
111#define	AUE_BSMSYS		66	/* =no bsmsys(2): place holder */
112#define	AUE_RFSSYS		67	/* =no rfssys(2): place holder */
113#define	AUE_FCHDIR		68	/* =pm fchdir(2) */
114#define	AUE_FCHROOT		69	/* =pm fchroot(2) */
115#define	AUE_VPIXSYS		70	/* =no obsolete */
116#define	AUE_PATHCONF		71	/* =fa pathconf(2) */
117#define	AUE_OPEN_R		72	/* =fr open(2): read */
118#define	AUE_OPEN_RC		73	/* =fc,fr open(2): read,creat */
119#define	AUE_OPEN_RT		74	/* =fd,fr open(2): read,trunc */
120#define	AUE_OPEN_RTC		75	/* =fc,fd,fr open(2): rd,cr,tr */
121#define	AUE_OPEN_W		76	/* =fw open(2): write */
122#define	AUE_OPEN_WC		77	/* =fc,fw open(2): write,creat */
123#define	AUE_OPEN_WT		78	/* =fd,fw open(2): write,trunc */
124#define	AUE_OPEN_WTC		79	/* =fc,fd,fw open(2): wr,cr,tr */
125#define	AUE_OPEN_RW		80	/* =fr,fw open(2): read,write */
126#define	AUE_OPEN_RWC		81	/* =fc,fw,fr open(2): rd,wr,cr */
127#define	AUE_OPEN_RWT		82	/* =fd,fr,fw open(2): rd,wr,tr */
128#define	AUE_OPEN_RWTC		83	/* =fc,fd,fw,fr open(2): rd,wr,cr,tr */
129#define	AUE_MSGCTL		84	/* =ip msgctl(2): illegal command */
130#define	AUE_MSGCTL_RMID		85	/* =ip msgctl(2): IPC_RMID command */
131#define	AUE_MSGCTL_SET		86	/* =ip msgctl(2): IPC_SET command */
132#define	AUE_MSGCTL_STAT		87	/* =ip msgctl(2): IPC_STAT command */
133#define	AUE_MSGGET		88	/* =ip msgget(2) */
134#define	AUE_MSGRCV		89	/* =ip msgrcv(2) */
135#define	AUE_MSGSND		90	/* =ip msgsnd(2) */
136#define	AUE_SHMCTL		91	/* =ip shmctl(2): Illegal command */
137#define	AUE_SHMCTL_RMID		92	/* =ip shmctl(2): IPC_RMID command */
138#define	AUE_SHMCTL_SET		93	/* =ip shmctl(2): IPC_SET command */
139#define	AUE_SHMCTL_STAT		94	/* =ip shmctl(2): IPC_STAT command */
140#define	AUE_SHMGET		95	/* =ip shmget(2) */
141#define	AUE_SHMAT 		96	/* =ip shmat(2) */
142#define	AUE_SHMDT 		97	/* =ip shmdt(2) */
143#define	AUE_SEMCTL		98	/* =ip semctl(2): illegal command */
144#define	AUE_SEMCTL_RMID		99	/* =ip semctl(2): IPC_RMID command */
145#define	AUE_SEMCTL_SET		100	/* =ip semctl(2): IPC_SET command */
146#define	AUE_SEMCTL_STAT		101	/* =ip semctl(2): IPC_STAT command */
147#define	AUE_SEMCTL_GETNCNT	102	/* =ip semctl(2): GETNCNT command */
148#define	AUE_SEMCTL_GETPID	103	/* =ip semctl(2): GETPID command */
149#define	AUE_SEMCTL_GETVAL	104	/* =ip semctl(2): GETVAL command */
150#define	AUE_SEMCTL_GETALL	105	/* =ip semctl(2): GETALL command */
151#define	AUE_SEMCTL_GETZCNT	106	/* =ip semctl(2): GETZCNT command */
152#define	AUE_SEMCTL_SETVAL	107	/* =ip semctl(2): SETVAL command */
153#define	AUE_SEMCTL_SETALL	108	/* =ip semctl(2): SETALL command */
154#define	AUE_SEMGET		109	/* =ip semget(2) */
155#define	AUE_SEMOP		110	/* =ip semop(2) */
156#define	AUE_CORE		111	/* =fc process dumped core */
157#define	AUE_CLOSE		112	/* =cl close(2) */
158#define	AUE_SYSTEMBOOT		113	/* =na system booted */
159#define	AUE_ASYNC_DAEMON_EXIT	114	/* =no async_daemon(2) exited */
160#define	AUE_NFSSVC_EXIT		115	/* =no nfssvc(2) exited */
161#define	AUE_PFEXEC		116	/* =ps,ex,ua,as execve(2) w/ pfexec */
162#define	AUE_OPEN_S		117	/* =fr open(2): search */
163#define	AUE_OPEN_E		118	/* =fr open(2): exec */
164/*
165 * 119 - 129 are available for future growth (old SunOS_CMW events
166 * that had no libbsm or praudit support or references)
167 */
168#define	AUE_GETAUID		130	/* =aa getauid(2) */
169#define	AUE_SETAUID		131	/* =aa setauid(2) */
170#define	AUE_GETAUDIT		132	/* =aa getaudit(2) */
171#define	AUE_SETAUDIT		133	/* =aa setaudit(2) */
172/*				134	    OBSOLETE */
173/*				135	    OBSOLETE */
174#define	AUE_AUDITSVC		136	/* =no obsolete */
175/*				137	    OBSOLETE */
176#define	AUE_AUDITON		138	/* =no auditon(2) */
177#define	AUE_AUDITON_GTERMID	139	/* =no auditctl(2): GETTERMID */
178#define	AUE_AUDITON_STERMID	140	/* =no auditctl(2): SETTERMID */
179#define	AUE_AUDITON_GPOLICY	141	/* =aa auditctl(2): GETPOLICY */
180#define	AUE_AUDITON_SPOLICY	142	/* =as auditctl(2): SETPOLICY */
181#define	AUE_AUDITON_GESTATE	143	/* =no auditctl(2): GETESTATE */
182#define	AUE_AUDITON_SESTATE	144	/* =no auditctl(2): SETESTATE */
183#define	AUE_AUDITON_GQCTRL	145	/* =as auditctl(2): GETQCTRL */
184#define	AUE_AUDITON_SQCTRL	146	/* =as auditctl(2): SETQCTRL */
185/*				147	    OBSOLETE */
186/*				148	    OBSOLETE */
187/*				149	    OBSOLETE */
188/*				150	    OBSOLETE */
189/*				151	    OBSOLETE */
190/*				152	    OBSOLETE */
191#define	AUE_ENTERPROM		153	/* =na enter prom */
192#define	AUE_EXITPROM		154	/* =na exit prom */
193/*				155	    OBSOLETE */
194/*				156	    OBSOLETE */
195/*				157	    OBSOLETE */
196#define	AUE_IOCTL		158	/* =io ioctl(2) */
197/*				159	    OBSOLETE */
198/*				160	    OBSOLETE */
199/*				161	    OBSOLETE */
200/*				162	    OBSOLETE */
201/*				163	    OBSOLETE */
202/*				164	    OBSOLETE */
203/*				165	    OBSOLETE */
204/*				166	    OBSOLETE */
205/*				167	    OBSOLETE */
206/*				168	    OBSOLETE */
207/*				169	    OBSOLETE */
208/*				170	    OBSOLETE */
209/*				171	    OBSOLETE */
210/*				172	    OBSOLETE */
211#define	AUE_ONESIDE		173	/* =no one-sided session record */
212#define	AUE_MSGGETL		174	/* =no msggetl(2) */
213#define	AUE_MSGRCVL		175	/* =no msgrcvl(2) */
214#define	AUE_MSGSNDL		176	/* =no msgsndl(2) */
215#define	AUE_SEMGETL		177	/* =no semgetl(2) */
216#define	AUE_SHMGETL		178	/* =no shmgetl(2) */
217/*				179	    OBSOLETE */
218/*				180	    OBSOLETE */
219/*				181	    OBSOLETE */
220/*				182	    OBSOLETE */
221#define	AUE_SOCKET		183	/* =nt socket(2) */
222#define	AUE_SENDTO		184	/* =nt sendto(2) */
223#define	AUE_PIPE		185	/* =no pipe(2) */
224#define	AUE_SOCKETPAIR		186	/* =no socketpair(2) */
225#define	AUE_SEND		187	/* =no send(2) */
226#define	AUE_SENDMSG		188	/* =nt sendmsg(2) */
227#define	AUE_RECV		189	/* =no recv(2) */
228#define	AUE_RECVMSG		190	/* =nt recvmsg(2) */
229#define	AUE_RECVFROM		191	/* =nt recvfrom(2) */
230#define	AUE_READ		192	/* =no read(2) */
231#define	AUE_GETDENTS		193	/* =no getdents(2) */
232#define	AUE_LSEEK		194	/* =no lseek(2) */
233#define	AUE_WRITE		195	/* =no write(2) */
234#define	AUE_WRITEV		196	/* =no writev(2) */
235#define	AUE_NFS			197	/* =no NFS server */
236#define	AUE_READV		198	/* =no readv(2) */
237#define	AUE_OSTAT		199	/* =no obsolete */
238#define	AUE_SETUID		200	/* =pm old setuid(2) */
239#define	AUE_STIME		201	/* =as old stime(2) */
240#define	AUE_UTIME		202	/* =no obsolete */
241#define	AUE_NICE		203	/* =pm old nice(2) */
242#define	AUE_OSETPGRP		204	/* =no old setpgrp(2) */
243#define	AUE_SETGID		205	/* =pm old setgid(2) */
244#define	AUE_READL		206	/* =no readl(2) */
245#define	AUE_READVL		207	/* =no readvl(2) */
246#define	AUE_FSTAT		208	/* =no fstat(2) */
247#define	AUE_DUP2		209	/* =no obsolete */
248#define	AUE_MMAP		210	/* =no mmap(2) u-o-p */
249#define	AUE_AUDIT		211	/* =no audit(2) u-o-p */
250#define	AUE_PRIOCNTLSYS		212	/* =pm priocntlsys */
251#define	AUE_MUNMAP		213	/* =cl munmap(2) u-o-p */
252#define	AUE_SETEGID		214	/* =pm setegid(2) */
253#define	AUE_SETEUID		215	/* =pm seteuid(2) */
254#define	AUE_PUTMSG		216	/* =nt */
255#define	AUE_GETMSG		217	/* =nt */
256#define	AUE_PUTPMSG		218	/* =nt */
257#define	AUE_GETPMSG		219	/* =nt */
258#define	AUE_AUDITSYS		220	/* =no place holder */
259#define	AUE_AUDITON_GETKMASK	221	/* =aa */
260#define	AUE_AUDITON_SETKMASK	222	/* =as */
261#define	AUE_AUDITON_GETCWD	223	/* =aa,as */
262#define	AUE_AUDITON_GETCAR	224	/* =aa,as */
263#define	AUE_AUDITON_GETSTAT	225	/* =as */
264#define	AUE_AUDITON_SETSTAT	226	/* =as */
265#define	AUE_AUDITON_SETUMASK	227	/* =as */
266#define	AUE_AUDITON_SETSMASK	228	/* =as */
267#define	AUE_AUDITON_GETCOND	229	/* =aa */
268#define	AUE_AUDITON_SETCOND	230	/* =as */
269#define	AUE_AUDITON_GETCLASS	231	/* =aa,as */
270#define	AUE_AUDITON_SETCLASS	232	/* =as */
271#define	AUE_FUSERS		233	/* =fa */
272#define	AUE_STATVFS		234	/* =fa */
273#define	AUE_XSTAT		235	/* =no obsolete */
274#define	AUE_LXSTAT		236	/* =no obsolete */
275#define	AUE_LCHOWN		237	/* =fm */
276#define	AUE_MEMCNTL		238	/* =ot */
277#define	AUE_SYSINFO		239	/* =as */
278#define	AUE_XMKNOD		240	/* =no obsolete */
279#define	AUE_FORK1		241	/* =ps */
280#define	AUE_MODCTL		242	/* =no */
281#define	AUE_MODLOAD		243	/* =as */
282#define	AUE_MODUNLOAD		244	/* =as */
283#define	AUE_MODCONFIG		245	/* =no obsolete */
284#define	AUE_MODADDMAJ		246	/* =as */
285#define	AUE_SOCKACCEPT		247	/* =nt */
286#define	AUE_SOCKCONNECT		248	/* =nt */
287#define	AUE_SOCKSEND		249	/* =nt */
288#define	AUE_SOCKRECEIVE		250	/* =nt */
289#define	AUE_ACLSET		251	/* =fm */
290#define	AUE_FACLSET		252	/* =fm */
291#define	AUE_DOORFS		253	/* =no */
292#define	AUE_DOORFS_DOOR_CALL	254	/* =ip */
293#define	AUE_DOORFS_DOOR_RETURN	255	/* =ip */
294#define	AUE_DOORFS_DOOR_CREATE	256	/* =ip */
295#define	AUE_DOORFS_DOOR_REVOKE	257	/* =ip */
296#define	AUE_DOORFS_DOOR_INFO	258	/* =ip */
297#define	AUE_DOORFS_DOOR_CRED	259	/* =ip */
298#define	AUE_DOORFS_DOOR_BIND	260	/* =ip */
299#define	AUE_DOORFS_DOOR_UNBIND	261	/* =ip */
300#define	AUE_P_ONLINE		262	/* =as */
301#define	AUE_PROCESSOR_BIND	263	/* =as */
302#define	AUE_INST_SYNC		264	/* =as */
303#define	AUE_SOCKCONFIG		265	/* =nt */
304#define	AUE_SETAUDIT_ADDR	266	/* =aa setaudit_addr(2) */
305#define	AUE_GETAUDIT_ADDR	267	/* =aa getaudit_addr(2) */
306#define	AUE_UMOUNT2		268	/* =as umount2(2) */
307#define	AUE_FSAT		269	/* =no obsolete */
308#define	AUE_OPENAT_R		270	/* =no obsolete */
309#define	AUE_OPENAT_RC		271	/* =no obsolete */
310#define	AUE_OPENAT_RT		272	/* =no obsolete */
311#define	AUE_OPENAT_RTC		273	/* =no obsolete */
312#define	AUE_OPENAT_W		274	/* =no obsolete */
313#define	AUE_OPENAT_WC		275	/* =no obsolete */
314#define	AUE_OPENAT_WT		276	/* =no obsolete */
315#define	AUE_OPENAT_WTC		277	/* =no obsolete */
316#define	AUE_OPENAT_RW		278	/* =no obsolete */
317#define	AUE_OPENAT_RWC		279	/* =no obsolete */
318#define	AUE_OPENAT_RWT		280	/* =no obsolete */
319#define	AUE_OPENAT_RWTC		281	/* =no obsolete */
320#define	AUE_RENAMEAT		282	/* =no obsolete */
321#define	AUE_FSTATAT		283	/* =no obsolete */
322#define	AUE_FCHOWNAT		284	/* =no obsolete */
323#define	AUE_FUTIMESAT		285	/* =no obsolete */
324#define	AUE_UNLINKAT		286	/* =no obsolete */
325#define	AUE_CLOCK_SETTIME	287	/* =as clock_settime(3RT) */
326#define	AUE_NTP_ADJTIME		288	/* =as ntp_adjtime(2) */
327#define	AUE_SETPPRIV		289	/* =pm setppriv(2) */
328#define	AUE_MODDEVPLCY		290	/* =as modctl(2) */
329#define	AUE_MODADDPRIV		291	/* =as modctl(2) */
330#define	AUE_CRYPTOADM		292	/* =as kernel cryptographic framework */
331#define	AUE_CONFIGKSSL		293	/* =as kernel SSL */
332#define	AUE_BRANDSYS		294	/* =ot */
333#define	AUE_PF_POLICY_ADDRULE	295	/* =as Add IPsec policy rule */
334#define	AUE_PF_POLICY_DELRULE	296	/* =as Delete IPsec policy rule */
335#define	AUE_PF_POLICY_CLONE	297	/* =as Clone IPsec policy */
336#define	AUE_PF_POLICY_FLIP	298	/* =as Flip IPsec policy */
337#define	AUE_PF_POLICY_FLUSH	299	/* =as Flush IPsec policy rules */
338#define	AUE_PF_POLICY_ALGS	300	/* =as Update IPsec algorithms */
339#define	AUE_PORTFS		301	/* =no portfs(2) - place holder */
340#define	AUE_LABELSYS_TNRH	302	/* =as tnrh(2) */
341#define	AUE_LABELSYS_TNRHTP	303	/* =as tnrhtp(2) */
342#define	AUE_LABELSYS_TNMLP	304	/* =as tnmlp(2) */
343#define	AUE_PORTFS_ASSOCIATE	305	/* =fa portfs(2) - port associate */
344#define	AUE_PORTFS_DISSOCIATE	306	/* =fa portfs(2) - port disassociate */
345#define	AUE_SETSID		307	/* =pm setsid(2) */
346#define	AUE_SETPGID		308	/* =pm setpgid(2) */
347#define	AUE_FACCESSAT		309	/* =no obsolete */
348#define	AUE_AUDITON_GETAMASK	310	/* =aa */
349#define	AUE_AUDITON_SETAMASK	311	/* =as */
350
351
352
353/* NOTE: update MAX_KEVENTS below if events are added. */
354
355#define	MAX_KEVENTS		311
356
357
358#ifdef __cplusplus
359}
360#endif
361
362#endif /* _BSM_AUDIT_KEVENTS_H */
363