xref: /freebsd/contrib/openbsm/bin/auditd/auditd.h (revision 3b97a967e1e992eaa2010e8a42f23f51760bc8cb) 
1 /*
2  * Copyright (c) 2005 Apple Computer, Inc.
3  * All rights reserved.
4  *
5  * @APPLE_BSD_LICENSE_HEADER_START@
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1.  Redistributions of source code must retain the above copyright
12  *     notice, this list of conditions and the following disclaimer.
13  * 2.  Redistributions in binary form must reproduce the above copyright
14  *     notice, this list of conditions and the following disclaimer in the
15  *     documentation and/or other materials provided with the distribution.
16  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17  *     its contributors may be used to endorse or promote products derived
18  *     from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  *
31  * @APPLE_BSD_LICENSE_HEADER_END@
32  *
33  * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#5 $
34  */
35 
36 #ifndef _AUDITD_H_
37 #define	_AUDITD_H_
38 
39 #include <sys/types.h>
40 #include <sys/queue.h>
41 #include <syslog.h>
42 
43 #define	MAX_DIR_SIZE	255
44 #define	AUDITD_NAME	"auditd"
45 
46 /*
47  * If defined, then the audit daemon will attempt to chown newly created logs
48  * to this group.  Otherwise, they will be the default for the user running
49  * auditd, likely the audit group.
50  */
51 #define	AUDIT_REVIEW_GROUP	"audit"
52 
53 #define	POSTFIX_LEN		16
54 #define	NOT_TERMINATED	".not_terminated"
55 
56 struct dir_ent {
57 	char			*dirname;
58 	char			 softlim;
59 	TAILQ_ENTRY(dir_ent)	 dirs;
60 };
61 
62 #define	HARDLIM_ALL_WARN	"allhard"
63 #define	SOFTLIM_ALL_WARN	"allsoft"
64 #define	AUDITOFF_WARN		"aditoff"
65 #define	EBUSY_WARN		"ebusy"
66 #define	GETACDIR_WARN		"getacdir"
67 #define	HARDLIM_WARN		"hard"
68 #define	NOSTART_WARN		"nostart"
69 #define	POSTSIGTERM_WARN	"postsigterm"
70 #define	SOFTLIM_WARN		"soft"
71 #define	TMPFILE_WARN		"tmpfile"
72 
73 #define	AUDITWARN_SCRIPT	"/etc/security/audit_warn"
74 #define	AUDITD_PIDFILE		"/var/run/auditd.pid"
75 
76 int	audit_warn_allhard(int count);
77 int	audit_warn_allsoft(void);
78 int	audit_warn_auditoff(void);
79 int	audit_warn_ebusy(void);
80 int	audit_warn_getacdir(char *filename);
81 int	audit_warn_hard(char *filename);
82 int	audit_warn_nostart(void);
83 int	audit_warn_postsigterm(void);
84 int	audit_warn_soft(char *filename);
85 int	audit_warn_tmpfile(void);
86 
87 #endif /* !_AUDITD_H_ */
88