xref: /freebsd/contrib/openbsm/bin/auditd/auditd.h (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1 /*-
2  * Copyright (c) 2005-2009 Apple Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1.  Redistributions of source code must retain the above copyright
10  *     notice, this list of conditions and the following disclaimer.
11  * 2.  Redistributions in binary form must reproduce the above copyright
12  *     notice, this list of conditions and the following disclaimer in the
13  *     documentation and/or other materials provided with the distribution.
14  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
15  *     its contributors may be used to endorse or promote products derived
16  *     from this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $
30  */
31 
32 #ifndef _AUDITD_H_
33 #define	_AUDITD_H_
34 
35 #include <sys/types.h>
36 #include <sys/queue.h>
37 #include <syslog.h>
38 
39 #define	MAX_DIR_SIZE	255
40 #define	AUDITD_NAME	"auditd"
41 
42 /*
43  * If defined, then the audit daemon will attempt to chown newly created logs
44  * to this group.  Otherwise, they will be the default for the user running
45  * auditd, likely the audit group.
46  */
47 #define	AUDIT_REVIEW_GROUP	"audit"
48 
49 #define	HARDLIM_ALL_WARN	"allhard"
50 #define	SOFTLIM_ALL_WARN	"allsoft"
51 #define	AUDITOFF_WARN		"auditoff"
52 #define	CLOSEFILE_WARN		"closefile"
53 #define	EBUSY_WARN		"ebusy"
54 #define	GETACDIR_WARN		"getacdir"
55 #define	HARDLIM_WARN		"hard"
56 #define	NOSTART_WARN		"nostart"
57 #define	POSTSIGTERM_WARN	"postsigterm"
58 #define	SOFTLIM_WARN		"soft"
59 #define	TMPFILE_WARN		"tmpfile"
60 #define	EXPIRED_WARN		"expired"
61 
62 #define	AUDITWARN_SCRIPT	"/etc/security/audit_warn"
63 #define	AUDITD_PIDFILE		"/var/run/auditd.pid"
64 
65 #define	AUD_STATE_INIT		-1
66 #define	AUD_STATE_DISABLED	 0
67 #define	AUD_STATE_ENABLED	 1
68 
69 int	audit_warn_allhard(void);
70 int	audit_warn_allsoft(void);
71 int	audit_warn_auditoff(void);
72 int	audit_warn_closefile(char *filename);
73 int	audit_warn_ebusy(void);
74 int	audit_warn_getacdir(char *filename);
75 int	audit_warn_hard(char *filename);
76 int	audit_warn_nostart(void);
77 int	audit_warn_postsigterm(void);
78 int	audit_warn_soft(char *filename);
79 int	audit_warn_tmpfile(void);
80 int	audit_warn_expired(char *filename);
81 
82 void	auditd_openlog(int debug, gid_t gid);
83 void	auditd_log_err(const char *fmt, ...);
84 void	auditd_log_debug(const char *fmt, ...);
85 void	auditd_log_info(const char *fmt, ...);
86 void	auditd_log_notice(const char *fmt, ...);
87 
88 void	auditd_set_state(int state);
89 int	auditd_get_state(void);
90 
91 int	auditd_open_trigger(int launchd_flag);
92 int	auditd_close_trigger(void);
93 void	auditd_handle_trigger(int trigger);
94 
95 void	auditd_wait_for_events(void);
96 void	auditd_relay_signal(int signal);
97 void	auditd_terminate(void);
98 int	auditd_config_controls(void);
99 void	auditd_reap_children(void);
100 
101 
102 #endif /* !_AUDITD_H_ */
103