xref: /freebsd/contrib/openbsm/bin/auditd/auditd.h (revision 9336e0699bda8a301cd2bfa37106b6ec5e32012e) 
1 /*
2  * Copyright (c) 2005 Apple Computer, Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1.  Redistributions of source code must retain the above copyright
10  *     notice, this list of conditions and the following disclaimer.
11  * 2.  Redistributions in binary form must reproduce the above copyright
12  *     notice, this list of conditions and the following disclaimer in the
13  *     documentation and/or other materials provided with the distribution.
14  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15  *     its contributors may be used to endorse or promote products derived
16  *     from this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#8 $
30  */
31 
32 #ifndef _AUDITD_H_
33 #define	_AUDITD_H_
34 
35 #include <sys/types.h>
36 #include <sys/queue.h>
37 #include <syslog.h>
38 
39 #define	MAX_DIR_SIZE	255
40 #define	AUDITD_NAME	"auditd"
41 
42 /*
43  * If defined, then the audit daemon will attempt to chown newly created logs
44  * to this group.  Otherwise, they will be the default for the user running
45  * auditd, likely the audit group.
46  */
47 #define	AUDIT_REVIEW_GROUP	"audit"
48 
49 #define	POSTFIX_LEN		16
50 #define	NOT_TERMINATED	".not_terminated"
51 
52 struct dir_ent {
53 	char			*dirname;
54 	char			 softlim;
55 	TAILQ_ENTRY(dir_ent)	 dirs;
56 };
57 
58 #define	HARDLIM_ALL_WARN	"allhard"
59 #define	SOFTLIM_ALL_WARN	"allsoft"
60 #define	AUDITOFF_WARN		"auditoff"
61 #define	CLOSEFILE_WARN		"closefile"
62 #define	EBUSY_WARN		"ebusy"
63 #define	GETACDIR_WARN		"getacdir"
64 #define	HARDLIM_WARN		"hard"
65 #define	NOSTART_WARN		"nostart"
66 #define	POSTSIGTERM_WARN	"postsigterm"
67 #define	SOFTLIM_WARN		"soft"
68 #define	TMPFILE_WARN		"tmpfile"
69 
70 #define	AUDITWARN_SCRIPT	"/etc/security/audit_warn"
71 #define	AUDITD_PIDFILE		"/var/run/auditd.pid"
72 
73 int	audit_warn_allhard(int count);
74 int	audit_warn_allsoft(void);
75 int	audit_warn_auditoff(void);
76 int	audit_warn_closefile(char *filename);
77 int	audit_warn_ebusy(void);
78 int	audit_warn_getacdir(char *filename);
79 int	audit_warn_hard(char *filename);
80 int	audit_warn_nostart(void);
81 int	audit_warn_postsigterm(void);
82 int	audit_warn_soft(char *filename);
83 int	audit_warn_tmpfile(void);
84 
85 #endif /* !_AUDITD_H_ */
86