1 /*- 2 * Copyright (c) 2005-2009 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15 * its contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $ 30 */ 31 32 #ifndef _AUDITD_H_ 33 #define _AUDITD_H_ 34 35 #include <sys/types.h> 36 #include <sys/queue.h> 37 #include <syslog.h> 38 39 #define MAX_DIR_SIZE 255 40 #define AUDITD_NAME "auditd" 41 42 /* 43 * If defined, then the audit daemon will attempt to chown newly created logs 44 * to this group. Otherwise, they will be the default for the user running 45 * auditd, likely the audit group. 46 */ 47 #define AUDIT_REVIEW_GROUP "audit" 48 49 #define HARDLIM_ALL_WARN "allhard" 50 #define SOFTLIM_ALL_WARN "allsoft" 51 #define AUDITOFF_WARN "auditoff" 52 #define CLOSEFILE_WARN "closefile" 53 #define EBUSY_WARN "ebusy" 54 #define GETACDIR_WARN "getacdir" 55 #define HARDLIM_WARN "hard" 56 #define NOSTART_WARN "nostart" 57 #define POSTSIGTERM_WARN "postsigterm" 58 #define SOFTLIM_WARN "soft" 59 #define TMPFILE_WARN "tmpfile" 60 #define EXPIRED_WARN "expired" 61 62 #define AUDITWARN_SCRIPT "/etc/security/audit_warn" 63 #define AUDITD_PIDFILE "/var/run/auditd.pid" 64 65 #define AUD_STATE_INIT -1 66 #define AUD_STATE_DISABLED 0 67 #define AUD_STATE_ENABLED 1 68 69 int audit_warn_allhard(void); 70 int audit_warn_allsoft(void); 71 int audit_warn_auditoff(void); 72 int audit_warn_closefile(char *filename); 73 int audit_warn_ebusy(void); 74 int audit_warn_getacdir(char *filename); 75 int audit_warn_hard(char *filename); 76 int audit_warn_nostart(void); 77 int audit_warn_postsigterm(void); 78 int audit_warn_soft(char *filename); 79 int audit_warn_tmpfile(void); 80 int audit_warn_expired(char *filename); 81 82 void auditd_openlog(int debug, gid_t gid); 83 void auditd_log_err(const char *fmt, ...); 84 void auditd_log_debug(const char *fmt, ...); 85 void auditd_log_info(const char *fmt, ...); 86 void auditd_log_notice(const char *fmt, ...); 87 88 void auditd_set_state(int state); 89 int auditd_get_state(void); 90 91 int auditd_open_trigger(int launchd_flag); 92 int auditd_close_trigger(void); 93 void auditd_handle_trigger(int trigger); 94 95 void auditd_wait_for_events(void); 96 void auditd_relay_signal(int signal); 97 void auditd_terminate(void); 98 int auditd_config_controls(void); 99 void auditd_reap_children(void); 100 101 102 #endif /* !_AUDITD_H_ */ 103