audit_kevents.h revision 12273:63678502e95e
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25#ifndef _BSM_AUDIT_KEVENTS_H 26#define _BSM_AUDIT_KEVENTS_H 27 28#ifdef __cplusplus 29extern "C" { 30#endif 31 32/* 33 * Audit event numbers. 34 * 35 * 0 Reserved as an invalid event number. 36 * 1 - 511 Allocated for Solaris kernel 37 * 512 - 2047 (reserved but not allocated) 38 * 2048 - 32767 Reserved for the Solaris TCB application. 39 * 32768 - 65535 Available for third party applications. 40 * 41 * NOTE: libbsm/audit_event.txt must be updated elsewhere when changes 42 * are made to kernel events. 43 */ 44 45#define AUE_NULL 0 /* =no indir system call */ 46#define AUE_EXIT 1 /* =ps exit(2) */ 47#define AUE_FORKALL 2 /* =ps forkall(2) */ 48#define AUE_OPEN 3 /* =no open(2): place holder */ 49#define AUE_CREAT 4 /* =no obsolete */ 50#define AUE_LINK 5 /* =fc link(2) */ 51#define AUE_UNLINK 6 /* =fd unlink(2) */ 52#define AUE_EXEC 7 /* =no obsolete */ 53#define AUE_CHDIR 8 /* =pm chdir(2) */ 54#define AUE_MKNOD 9 /* =fc mknod(2) */ 55#define AUE_CHMOD 10 /* =fm chmod(2) */ 56#define AUE_CHOWN 11 /* =fm chown(2) */ 57#define AUE_UMOUNT 12 /* =as umount(2): old version */ 58#define AUE_JUNK 13 /* =no non existant event */ 59#define AUE_ACCESS 14 /* =fa access(2) */ 60#define AUE_KILL 15 /* =pm kill(2) */ 61#define AUE_STAT 16 /* =fa stat(2) */ 62#define AUE_LSTAT 17 /* =fa lstat(2) */ 63#define AUE_ACCT 18 /* =as acct(2) */ 64#define AUE_MCTL 19 /* =no mctl(2) */ 65#define AUE_REBOOT 20 /* =no reboot(2) */ 66#define AUE_SYMLINK 21 /* =fc symlink(2) */ 67#define AUE_READLINK 22 /* =fr readlink(2) */ 68#define AUE_EXECVE 23 /* =ps,ex execve(2) */ 69#define AUE_CHROOT 24 /* =pm chroot(2) */ 70#define AUE_VFORK 25 /* =ps vfork(2) */ 71#define AUE_SETGROUPS 26 /* =pm setgroups(2) */ 72#define AUE_SETPGRP 27 /* =pm setpgrp(2) */ 73#define AUE_SWAPON 28 /* =no swapon(2) */ 74#define AUE_SETHOSTNAME 29 /* =no sethostname(2) */ 75#define AUE_FCNTL 30 /* =fm fcntl(2) */ 76#define AUE_SETPRIORITY 31 /* =no setpriority(2) */ 77#define AUE_CONNECT 32 /* =nt connect(2) */ 78#define AUE_ACCEPT 33 /* =nt accept(2) */ 79#define AUE_BIND 34 /* =nt bind(2) */ 80#define AUE_SETSOCKOPT 35 /* =nt setsockopt(2) */ 81#define AUE_VTRACE 36 /* =no vtrace(2) */ 82#define AUE_SETTIMEOFDAY 37 /* =no settimeofday(2) */ 83#define AUE_FCHOWN 38 /* =fm fchown(2) */ 84#define AUE_FCHMOD 39 /* =fm fchmod(2) */ 85#define AUE_SETREUID 40 /* =pm setreuid(2) */ 86#define AUE_SETREGID 41 /* =pm setregid(2) */ 87#define AUE_RENAME 42 /* =fc,fd rename(2) */ 88#define AUE_TRUNCATE 43 /* =no truncate(2) */ 89#define AUE_FTRUNCATE 44 /* =no ftruncate(2) */ 90#define AUE_FLOCK 45 /* =no flock(2) */ 91#define AUE_SHUTDOWN 46 /* =nt shutdown(2) */ 92#define AUE_MKDIR 47 /* =fc mkdir(2) */ 93#define AUE_RMDIR 48 /* =fd rmdir(2) */ 94#define AUE_UTIMES 49 /* =fm futimens(2), utimensat(2) */ 95#define AUE_ADJTIME 50 /* =as adjtime(2) */ 96#define AUE_SETRLIMIT 51 /* =ua setrlimit(2) */ 97#define AUE_KILLPG 52 /* =no killpg(2) */ 98#define AUE_NFS_SVC 53 /* =no nfs_svc(2) */ 99#define AUE_STATFS 54 /* =fa statfs(2) */ 100#define AUE_FSTATFS 55 /* =fa fstatfs(2) */ 101#define AUE_UNMOUNT 56 /* =no unmount(2) */ 102#define AUE_ASYNC_DAEMON 57 /* =no async_daemon(2) */ 103#define AUE_NFS_GETFH 58 /* =no nfs_getfh(2) */ 104#define AUE_SETDOMAINNAME 59 /* =no setdomainname(2) */ 105#define AUE_QUOTACTL 60 /* =no quotactl(2) */ 106#define AUE_EXPORTFS 61 /* =no exportfs(2) */ 107#define AUE_MOUNT 62 /* =as mount(2) */ 108#define AUE_SEMSYS 63 /* =no semsys(2): place holder */ 109#define AUE_MSGSYS 64 /* =no msgsys(2): place holder */ 110#define AUE_SHMSYS 65 /* =no shmsys(2): place holder */ 111#define AUE_BSMSYS 66 /* =no bsmsys(2): place holder */ 112#define AUE_RFSSYS 67 /* =no rfssys(2): place holder */ 113#define AUE_FCHDIR 68 /* =pm fchdir(2) */ 114#define AUE_FCHROOT 69 /* =pm fchroot(2) */ 115#define AUE_VPIXSYS 70 /* =no obsolete */ 116#define AUE_PATHCONF 71 /* =fa pathconf(2) */ 117#define AUE_OPEN_R 72 /* =fr open(2): read */ 118#define AUE_OPEN_RC 73 /* =fc,fr open(2): read,creat */ 119#define AUE_OPEN_RT 74 /* =fd,fr open(2): read,trunc */ 120#define AUE_OPEN_RTC 75 /* =fc,fd,fr open(2): rd,cr,tr */ 121#define AUE_OPEN_W 76 /* =fw open(2): write */ 122#define AUE_OPEN_WC 77 /* =fc,fw open(2): write,creat */ 123#define AUE_OPEN_WT 78 /* =fd,fw open(2): write,trunc */ 124#define AUE_OPEN_WTC 79 /* =fc,fd,fw open(2): wr,cr,tr */ 125#define AUE_OPEN_RW 80 /* =fr,fw open(2): read,write */ 126#define AUE_OPEN_RWC 81 /* =fc,fw,fr open(2): rd,wr,cr */ 127#define AUE_OPEN_RWT 82 /* =fd,fr,fw open(2): rd,wr,tr */ 128#define AUE_OPEN_RWTC 83 /* =fc,fd,fw,fr open(2): rd,wr,cr,tr */ 129#define AUE_MSGCTL 84 /* =ip msgctl(2): illegal command */ 130#define AUE_MSGCTL_RMID 85 /* =ip msgctl(2): IPC_RMID command */ 131#define AUE_MSGCTL_SET 86 /* =ip msgctl(2): IPC_SET command */ 132#define AUE_MSGCTL_STAT 87 /* =ip msgctl(2): IPC_STAT command */ 133#define AUE_MSGGET 88 /* =ip msgget(2) */ 134#define AUE_MSGRCV 89 /* =ip msgrcv(2) */ 135#define AUE_MSGSND 90 /* =ip msgsnd(2) */ 136#define AUE_SHMCTL 91 /* =ip shmctl(2): Illegal command */ 137#define AUE_SHMCTL_RMID 92 /* =ip shmctl(2): IPC_RMID command */ 138#define AUE_SHMCTL_SET 93 /* =ip shmctl(2): IPC_SET command */ 139#define AUE_SHMCTL_STAT 94 /* =ip shmctl(2): IPC_STAT command */ 140#define AUE_SHMGET 95 /* =ip shmget(2) */ 141#define AUE_SHMAT 96 /* =ip shmat(2) */ 142#define AUE_SHMDT 97 /* =ip shmdt(2) */ 143#define AUE_SEMCTL 98 /* =ip semctl(2): illegal command */ 144#define AUE_SEMCTL_RMID 99 /* =ip semctl(2): IPC_RMID command */ 145#define AUE_SEMCTL_SET 100 /* =ip semctl(2): IPC_SET command */ 146#define AUE_SEMCTL_STAT 101 /* =ip semctl(2): IPC_STAT command */ 147#define AUE_SEMCTL_GETNCNT 102 /* =ip semctl(2): GETNCNT command */ 148#define AUE_SEMCTL_GETPID 103 /* =ip semctl(2): GETPID command */ 149#define AUE_SEMCTL_GETVAL 104 /* =ip semctl(2): GETVAL command */ 150#define AUE_SEMCTL_GETALL 105 /* =ip semctl(2): GETALL command */ 151#define AUE_SEMCTL_GETZCNT 106 /* =ip semctl(2): GETZCNT command */ 152#define AUE_SEMCTL_SETVAL 107 /* =ip semctl(2): SETVAL command */ 153#define AUE_SEMCTL_SETALL 108 /* =ip semctl(2): SETALL command */ 154#define AUE_SEMGET 109 /* =ip semget(2) */ 155#define AUE_SEMOP 110 /* =ip semop(2) */ 156#define AUE_CORE 111 /* =fc process dumped core */ 157#define AUE_CLOSE 112 /* =cl close(2) */ 158#define AUE_SYSTEMBOOT 113 /* =na system booted */ 159#define AUE_ASYNC_DAEMON_EXIT 114 /* =no async_daemon(2) exited */ 160#define AUE_NFSSVC_EXIT 115 /* =no nfssvc(2) exited */ 161#define AUE_PFEXEC 116 /* =ps,ex,ua,as execve(2) w/ pfexec */ 162/* 163 * 117 - 129 are available for future growth (old SunOS_CMW events 164 * that had no libbsm or praudit support or references) 165 */ 166#define AUE_GETAUID 130 /* =aa getauid(2) */ 167#define AUE_SETAUID 131 /* =aa setauid(2) */ 168#define AUE_GETAUDIT 132 /* =aa getaudit(2) */ 169#define AUE_SETAUDIT 133 /* =aa setaudit(2) */ 170/* 134 OBSOLETE */ 171/* 135 OBSOLETE */ 172#define AUE_AUDITSVC 136 /* =no obsolete */ 173/* 137 OBSOLETE */ 174#define AUE_AUDITON 138 /* =no auditon(2) */ 175#define AUE_AUDITON_GTERMID 139 /* =no auditctl(2): GETTERMID */ 176#define AUE_AUDITON_STERMID 140 /* =no auditctl(2): SETTERMID */ 177#define AUE_AUDITON_GPOLICY 141 /* =aa auditctl(2): GETPOLICY */ 178#define AUE_AUDITON_SPOLICY 142 /* =as auditctl(2): SETPOLICY */ 179#define AUE_AUDITON_GESTATE 143 /* =no auditctl(2): GETESTATE */ 180#define AUE_AUDITON_SESTATE 144 /* =no auditctl(2): SETESTATE */ 181#define AUE_AUDITON_GQCTRL 145 /* =as auditctl(2): GETQCTRL */ 182#define AUE_AUDITON_SQCTRL 146 /* =as auditctl(2): SETQCTRL */ 183/* 147 OBSOLETE */ 184/* 148 OBSOLETE */ 185/* 149 OBSOLETE */ 186/* 150 OBSOLETE */ 187/* 151 OBSOLETE */ 188/* 152 OBSOLETE */ 189#define AUE_ENTERPROM 153 /* =na enter prom */ 190#define AUE_EXITPROM 154 /* =na exit prom */ 191/* 155 OBSOLETE */ 192/* 156 OBSOLETE */ 193/* 157 OBSOLETE */ 194#define AUE_IOCTL 158 /* =io ioctl(2) */ 195/* 159 OBSOLETE */ 196/* 160 OBSOLETE */ 197/* 161 OBSOLETE */ 198/* 162 OBSOLETE */ 199/* 163 OBSOLETE */ 200/* 164 OBSOLETE */ 201/* 165 OBSOLETE */ 202/* 166 OBSOLETE */ 203/* 167 OBSOLETE */ 204/* 168 OBSOLETE */ 205/* 169 OBSOLETE */ 206/* 170 OBSOLETE */ 207/* 171 OBSOLETE */ 208/* 172 OBSOLETE */ 209#define AUE_ONESIDE 173 /* =no one-sided session record */ 210#define AUE_MSGGETL 174 /* =no msggetl(2) */ 211#define AUE_MSGRCVL 175 /* =no msgrcvl(2) */ 212#define AUE_MSGSNDL 176 /* =no msgsndl(2) */ 213#define AUE_SEMGETL 177 /* =no semgetl(2) */ 214#define AUE_SHMGETL 178 /* =no shmgetl(2) */ 215/* 179 OBSOLETE */ 216/* 180 OBSOLETE */ 217/* 181 OBSOLETE */ 218/* 182 OBSOLETE */ 219#define AUE_SOCKET 183 /* =nt socket(2) */ 220#define AUE_SENDTO 184 /* =nt sendto(2) */ 221#define AUE_PIPE 185 /* =no pipe(2) */ 222#define AUE_SOCKETPAIR 186 /* =no socketpair(2) */ 223#define AUE_SEND 187 /* =no send(2) */ 224#define AUE_SENDMSG 188 /* =nt sendmsg(2) */ 225#define AUE_RECV 189 /* =no recv(2) */ 226#define AUE_RECVMSG 190 /* =nt recvmsg(2) */ 227#define AUE_RECVFROM 191 /* =nt recvfrom(2) */ 228#define AUE_READ 192 /* =no read(2) */ 229#define AUE_GETDENTS 193 /* =no getdents(2) */ 230#define AUE_LSEEK 194 /* =no lseek(2) */ 231#define AUE_WRITE 195 /* =no write(2) */ 232#define AUE_WRITEV 196 /* =no writev(2) */ 233#define AUE_NFS 197 /* =no NFS server */ 234#define AUE_READV 198 /* =no readv(2) */ 235#define AUE_OSTAT 199 /* =no obsolete */ 236#define AUE_SETUID 200 /* =pm old setuid(2) */ 237#define AUE_STIME 201 /* =as old stime(2) */ 238#define AUE_UTIME 202 /* =no obsolete */ 239#define AUE_NICE 203 /* =pm old nice(2) */ 240#define AUE_OSETPGRP 204 /* =no old setpgrp(2) */ 241#define AUE_SETGID 205 /* =pm old setgid(2) */ 242#define AUE_READL 206 /* =no readl(2) */ 243#define AUE_READVL 207 /* =no readvl(2) */ 244#define AUE_FSTAT 208 /* =no fstat(2) */ 245#define AUE_DUP2 209 /* =no obsolete */ 246#define AUE_MMAP 210 /* =no mmap(2) u-o-p */ 247#define AUE_AUDIT 211 /* =no audit(2) u-o-p */ 248#define AUE_PRIOCNTLSYS 212 /* =pm priocntlsys */ 249#define AUE_MUNMAP 213 /* =cl munmap(2) u-o-p */ 250#define AUE_SETEGID 214 /* =pm setegid(2) */ 251#define AUE_SETEUID 215 /* =pm seteuid(2) */ 252#define AUE_PUTMSG 216 /* =nt */ 253#define AUE_GETMSG 217 /* =nt */ 254#define AUE_PUTPMSG 218 /* =nt */ 255#define AUE_GETPMSG 219 /* =nt */ 256#define AUE_AUDITSYS 220 /* =no place holder */ 257#define AUE_AUDITON_GETKMASK 221 /* =aa */ 258#define AUE_AUDITON_SETKMASK 222 /* =as */ 259#define AUE_AUDITON_GETCWD 223 /* =aa,as */ 260#define AUE_AUDITON_GETCAR 224 /* =aa,as */ 261#define AUE_AUDITON_GETSTAT 225 /* =as */ 262#define AUE_AUDITON_SETSTAT 226 /* =as */ 263#define AUE_AUDITON_SETUMASK 227 /* =as */ 264#define AUE_AUDITON_SETSMASK 228 /* =as */ 265#define AUE_AUDITON_GETCOND 229 /* =aa */ 266#define AUE_AUDITON_SETCOND 230 /* =as */ 267#define AUE_AUDITON_GETCLASS 231 /* =aa,as */ 268#define AUE_AUDITON_SETCLASS 232 /* =as */ 269#define AUE_FUSERS 233 /* =fa */ 270#define AUE_STATVFS 234 /* =fa */ 271#define AUE_XSTAT 235 /* =no obsolete */ 272#define AUE_LXSTAT 236 /* =no obsolete */ 273#define AUE_LCHOWN 237 /* =fm */ 274#define AUE_MEMCNTL 238 /* =ot */ 275#define AUE_SYSINFO 239 /* =as */ 276#define AUE_XMKNOD 240 /* =no obsolete */ 277#define AUE_FORK1 241 /* =ps */ 278#define AUE_MODCTL 242 /* =no */ 279#define AUE_MODLOAD 243 /* =as */ 280#define AUE_MODUNLOAD 244 /* =as */ 281#define AUE_MODCONFIG 245 /* =no obsolete */ 282#define AUE_MODADDMAJ 246 /* =as */ 283#define AUE_SOCKACCEPT 247 /* =nt */ 284#define AUE_SOCKCONNECT 248 /* =nt */ 285#define AUE_SOCKSEND 249 /* =nt */ 286#define AUE_SOCKRECEIVE 250 /* =nt */ 287#define AUE_ACLSET 251 /* =fm */ 288#define AUE_FACLSET 252 /* =fm */ 289#define AUE_DOORFS 253 /* =no */ 290#define AUE_DOORFS_DOOR_CALL 254 /* =ip */ 291#define AUE_DOORFS_DOOR_RETURN 255 /* =ip */ 292#define AUE_DOORFS_DOOR_CREATE 256 /* =ip */ 293#define AUE_DOORFS_DOOR_REVOKE 257 /* =ip */ 294#define AUE_DOORFS_DOOR_INFO 258 /* =ip */ 295#define AUE_DOORFS_DOOR_CRED 259 /* =ip */ 296#define AUE_DOORFS_DOOR_BIND 260 /* =ip */ 297#define AUE_DOORFS_DOOR_UNBIND 261 /* =ip */ 298#define AUE_P_ONLINE 262 /* =as */ 299#define AUE_PROCESSOR_BIND 263 /* =as */ 300#define AUE_INST_SYNC 264 /* =as */ 301#define AUE_SOCKCONFIG 265 /* =nt */ 302#define AUE_SETAUDIT_ADDR 266 /* =aa setaudit_addr(2) */ 303#define AUE_GETAUDIT_ADDR 267 /* =aa getaudit_addr(2) */ 304#define AUE_UMOUNT2 268 /* =as umount2(2) */ 305#define AUE_FSAT 269 /* =no obsolete */ 306#define AUE_OPENAT_R 270 /* =no obsolete */ 307#define AUE_OPENAT_RC 271 /* =no obsolete */ 308#define AUE_OPENAT_RT 272 /* =no obsolete */ 309#define AUE_OPENAT_RTC 273 /* =no obsolete */ 310#define AUE_OPENAT_W 274 /* =no obsolete */ 311#define AUE_OPENAT_WC 275 /* =no obsolete */ 312#define AUE_OPENAT_WT 276 /* =no obsolete */ 313#define AUE_OPENAT_WTC 277 /* =no obsolete */ 314#define AUE_OPENAT_RW 278 /* =no obsolete */ 315#define AUE_OPENAT_RWC 279 /* =no obsolete */ 316#define AUE_OPENAT_RWT 280 /* =no obsolete */ 317#define AUE_OPENAT_RWTC 281 /* =no obsolete */ 318#define AUE_RENAMEAT 282 /* =no obsolete */ 319#define AUE_FSTATAT 283 /* =no obsolete */ 320#define AUE_FCHOWNAT 284 /* =no obsolete */ 321#define AUE_FUTIMESAT 285 /* =no obsolete */ 322#define AUE_UNLINKAT 286 /* =no obsolete */ 323#define AUE_CLOCK_SETTIME 287 /* =as clock_settime(3RT) */ 324#define AUE_NTP_ADJTIME 288 /* =as ntp_adjtime(2) */ 325#define AUE_SETPPRIV 289 /* =pm setppriv(2) */ 326#define AUE_MODDEVPLCY 290 /* =as modctl(2) */ 327#define AUE_MODADDPRIV 291 /* =as modctl(2) */ 328#define AUE_CRYPTOADM 292 /* =as kernel cryptographic framework */ 329#define AUE_CONFIGKSSL 293 /* =as kernel SSL */ 330#define AUE_BRANDSYS 294 /* =ot */ 331#define AUE_PF_POLICY_ADDRULE 295 /* =as Add IPsec policy rule */ 332#define AUE_PF_POLICY_DELRULE 296 /* =as Delete IPsec policy rule */ 333#define AUE_PF_POLICY_CLONE 297 /* =as Clone IPsec policy */ 334#define AUE_PF_POLICY_FLIP 298 /* =as Flip IPsec policy */ 335#define AUE_PF_POLICY_FLUSH 299 /* =as Flush IPsec policy rules */ 336#define AUE_PF_POLICY_ALGS 300 /* =as Update IPsec algorithms */ 337#define AUE_PORTFS 301 /* =no portfs(2) - place holder */ 338#define AUE_LABELSYS_TNRH 302 /* =as tnrh(2) */ 339#define AUE_LABELSYS_TNRHTP 303 /* =as tnrhtp(2) */ 340#define AUE_LABELSYS_TNMLP 304 /* =as tnmlp(2) */ 341#define AUE_PORTFS_ASSOCIATE 305 /* =fa portfs(2) - port associate */ 342#define AUE_PORTFS_DISSOCIATE 306 /* =fa portfs(2) - port disassociate */ 343#define AUE_SETSID 307 /* =pm setsid(2) */ 344#define AUE_SETPGID 308 /* =pm setpgid(2) */ 345#define AUE_FACCESSAT 309 /* =no obsolete */ 346 347 348 349/* NOTE: update MAX_KEVENTS below if events are added. */ 350 351#define MAX_KEVENTS 309 352 353 354#ifdef __cplusplus 355} 356#endif 357 358#endif /* _BSM_AUDIT_KEVENTS_H */ 359