xref: /freebsd/contrib/openbsm/etc/audit_event (revision dd41de95a84d979615a2ef11df6850622bf6184e) 
1#
2# $FreeBSD$
3#
4# The mapping between event identifiers and values is also hard-coded in
5# audit_kevents.h and audit_uevents.h, so changes must occur in both places,
6# and programs, such as the kernel, may need to be recompiled to recognize
7# those changes.  It is advisable not to change the numbering or naming of
8# kernel audit events.
9#
10# Allocation of BSM event identifier ranges:
11#
12# 0                    Reserved and invalid
13# 1     - 2047         Reserved for Solaris kernel events
14# 2048  - 5999         Reserved and unallocated
15# 6000  - 9999         Reserved for Solaris user events
16# 10000 - 32767        Reserved and unallocated
17# 32768 - 65535        Available for third party applications
18#
19# Of the third party range, OpenBSM allocates from the following ranges:
20#
21# 43000 - 44999        Reserved for OpenBSM kernel events
22# 45000 - 46999        Reserved for OpenBSM application events
23#
240:AUE_NULL:indir system call:no
251:AUE_EXIT:exit(2):pc
262:AUE_FORK:fork(2):pc
273:AUE_OPEN:open(2) - attr only:fa
284:AUE_CREAT:creat(2):fc
295:AUE_LINK:link(2):fc
306:AUE_UNLINK:unlink(2):fd
317:AUE_EXEC:exec(2):pc,ex
328:AUE_CHDIR:chdir(2):pc
339:AUE_MKNOD:mknod(2):fc
3410:AUE_CHMOD:chmod(2):fm
3511:AUE_CHOWN:chown(2):fm
3612:AUE_UMOUNT:umount(2) - old version:ad
3713:AUE_JUNK:junk:no
3814:AUE_ACCESS:access(2):fa
3915:AUE_KILL:kill(2):pc
4016:AUE_STAT:stat(2):fa
4117:AUE_LSTAT:lstat(2):fa
4218:AUE_ACCT:acct(2):ad
4319:AUE_MCTL:mctl(2):no
4420:AUE_REBOOT:reboot(2):ad
4521:AUE_SYMLINK:symlink(2):fc
4622:AUE_READLINK:readlink(2):fr
4723:AUE_EXECVE:execve(2):pc,ex
4824:AUE_CHROOT:chroot(2):pc
4925:AUE_VFORK:vfork(2):pc
5026:AUE_SETGROUPS:setgroups(2):pc
5127:AUE_SETPGRP:setpgrp(2):pc
5228:AUE_SWAPON:swapon(2):ad
5329:AUE_SETHOSTNAME:sethostname(2):ad
5430:AUE_FCNTL:fcntl(2):fm
5531:AUE_SETPRIORITY:setpriority(2):pc
5632:AUE_CONNECT:connect(2):nt
5733:AUE_ACCEPT:accept(2):nt
5834:AUE_BIND:bind(2):nt
5935:AUE_SETSOCKOPT:setsockopt(2):nt
6036:AUE_VTRACE:vtrace(2):pc
6137:AUE_SETTIMEOFDAY:settimeofday(2):ad
6238:AUE_FCHOWN:fchown(2):fm
6339:AUE_FCHMOD:fchmod(2):fm
6440:AUE_SETREUID:setreuid(2):pc
6541:AUE_SETREGID:setregid(2):pc
6642:AUE_RENAME:rename(2):fc,fd
6743:AUE_TRUNCATE:truncate(2):fw
6844:AUE_FTRUNCATE:ftruncate(2):fw
6945:AUE_FLOCK:flock(2):fm
7046:AUE_SHUTDOWN:shutdown(2):nt
7147:AUE_MKDIR:mkdir(2):fc
7248:AUE_RMDIR:rmdir(2):fd
7349:AUE_UTIMES:utimes(2):fm
7450:AUE_ADJTIME:adjtime(2):ad
7551:AUE_SETRLIMIT:setrlimit(2):pc
7652:AUE_KILLPG:killpg(2):pc
7753:AUE_NFS_SVC:nfs_svc(2):ad
7854:AUE_STATFS:statfs(2):fa
7955:AUE_FSTATFS:fstatfs(2):fa
8056:AUE_UNMOUNT:unmount(2):ad
8157:AUE_ASYNC_DAEMON:async_daemon(2):ad
8258:AUE_NFS_GETFH:nfs_getfh(2):ad
8359:AUE_SETDOMAINNAME:setdomainname(2):ad
8460:AUE_QUOTACTL:quotactl(2):ad
8561:AUE_EXPORTFS:exportfs(2):ad
8662:AUE_MOUNT:mount(2):ad
8763:AUE_SEMSYS:semsys(2):ip
8864:AUE_MSGSYS:msgsys(2):ip
8965:AUE_SHMSYS:shmsys(2):ip
9066:AUE_BSMSYS:bsmsys(2):ad
9167:AUE_RFSSYS:rfssys(2):ad
9268:AUE_FCHDIR:fchdir(2):pc
9369:AUE_FCHROOT:fchroot(2):pc
9470:AUE_VPIXSYS:vpixsys(2):no
9571:AUE_PATHCONF:pathconf(2):fa
9672:AUE_OPEN_R:open(2) - read:fr
9773:AUE_OPEN_RC:open(2) - read,creat:fc,fr,fa,fm
9874:AUE_OPEN_RT:open(2) - read,trunc:fd,fr,fa,fm
9975:AUE_OPEN_RTC:open(2) - read,creat,trunc:fc,fd,fr,fa,fm
10076:AUE_OPEN_W:open(2) - write:fw
10177:AUE_OPEN_WC:open(2) - write,creat:fc,fw,fa,fm
10278:AUE_OPEN_WT:open(2) - write,trunc:fd,fw,fa,fm
10379:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw,fa,fm
10480:AUE_OPEN_RW:open(2) - read,write:fr,fw
10581:AUE_OPEN_RWC:open(2) - read,write,creat:fc,fw,fr,fa,fm
10682:AUE_OPEN_RWT:open(2) - read,write,trunc:fd,fr,fw,fa,fm
10783:AUE_OPEN_RWTC:open(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm
10884:AUE_MSGCTL:msgctl(2) - illegal command:ip
10985:AUE_MSGCTL_RMID:msgctl(2) - IPC_RMID command:ip
11086:AUE_MSGCTL_SET:msgctl(2) - IPC_SET command:ip
11187:AUE_MSGCTL_STAT:msgctl(2) - IPC_STAT command:ip
11288:AUE_MSGGET:msgget(2):ip
11389:AUE_MSGRCV:msgrcv(2):ip
11490:AUE_MSGSND:msgsnd(2):ip
11591:AUE_SHMCTL:shmctl(2) - illegal command:ip
11692:AUE_SHMCTL_RMID:shmctl(2) - IPC_RMID command:ip
11793:AUE_SHMCTL_SET:shmctl(2) - IPC_SET command:ip
11894:AUE_SHMCTL_STAT:shmctl(2) - IPC_STAT command:ip
11995:AUE_SHMGET:shmget(2):ip
12096:AUE_SHMAT:shmat(2):ip
12197:AUE_SHMDT:shmdt(2):ip
12298:AUE_SEMCTL:semctl(2) - illegal command:ip
12399:AUE_SEMCTL_RMID:semctl(2) - IPC_RMID command:ip
124100:AUE_SEMCTL_SET:semctl(2) - IPC_SET command:ip
125101:AUE_SEMCTL_STAT:semctl(2) - IPC_STAT command:ip
126102:AUE_SEMCTL_GETNCNT:semctl(2) - GETNCNT command:ip
127103:AUE_SEMCTL_GETPID:semctl(2) - GETPID command:ip
128104:AUE_SEMCTL_GETVAL:semctl(2) - GETVAL command:ip
129105:AUE_SEMCTL_GETALL:semctl(2) - GETALL command:ip
130106:AUE_SEMCTL_GETZCNT:semctl(2) - GETZCNT command:ip
131107:AUE_SEMCTL_SETVAL:semctl(2) - SETVAL command:ip
132108:AUE_SEMCTL_SETALL:semctl(2) - SETALL command:ip
133109:AUE_SEMGET:semget(2):ip
134110:AUE_SEMOP:semop(2):ip
135111:AUE_CORE:process dumped core:fc
136112:AUE_CLOSE:close(2):cl
137113:AUE_SYSTEMBOOT:system booted:na
138114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad
139115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad
140128:AUE_WRITEL:writel(2):no
141129:AUE_WRITEVL:writevl(2):no
142130:AUE_GETAUID:getauid(2):ad
143131:AUE_SETAUID:setauid(2):ad
144132:AUE_GETAUDIT:getaudit(2):ad
145133:AUE_SETAUDIT:setaudit(2):ad
146134:AUE_GETUSERAUDIT:getuseraudit(2):ad
147135:AUE_SETUSERAUDIT:setuseraudit(2):ad
148136:AUE_AUDITSVC:auditsvc(2):ad
149137:AUE_AUDITUSER:audituser(2):ad
150138:AUE_AUDITON:auditon(2):ad
151139:AUE_AUDITON_GTERMID:auditon(2) - GETTERMID command:ad
152140:AUE_AUDITON_STERMID:auditon(2) - SETTERMID command:ad
153141:AUE_AUDITON_GPOLICY:auditon(2) - GPOLICY command:ad
154142:AUE_AUDITON_SPOLICY:auditon(2) - SPOLICY command:ad
155143:AUE_AUDITON_GESTATE:auditon(2) - GESTATE command:ad
156144:AUE_AUDITON_SESTATE:auditon(2) - SESTATE command:ad
157145:AUE_AUDITON_GQCTRL:auditon(2) - GQCTRL command:ad
158146:AUE_AUDITON_SQCTRL:auditon(2) - SQCTRL command:ad
159147:AUE_GETKERNSTATE:getkernstate(2):ad
160148:AUE_SETKERNSTATE:setkernstate(2):ad
161149:AUE_GETPORTAUDIT:getportaudit(2):ad
162150:AUE_AUDITSTAT:auditstat(2):ad
163151:AUE_REVOKE:revoke(2):cl
164152:AUE_MAC:Solaris AUE_MAC:no
165153:AUE_ENTERPROM:enter prom:ad
166154:AUE_EXITPROM:exit prom:ad
167155:AUE_IFLOAT:Solaris AUE_IFLOAT:no
168156:AUE_PFLOAT:Solaris AUE_PFLOAT:no
169157:AUE_UPRIV:Solaris AUE_UPRIV:no
170158:AUE_IOCTL:ioctl(2):io
171173:AUE_ONESIDE:one-sided session record:nt
172174:AUE_MSGGETL:msggetl(2):ip
173175:AUE_MSGRCVL:msgrcvl(2):ip
174176:AUE_MSGSNDL:msgsndl(2):ip
175177:AUE_SEMGETL:semgetl(2):ip
176178:AUE_SHMGETL:shmgetl(2):ip
177183:AUE_SOCKET:socket(2):nt
178184:AUE_SENDTO:sendto(2):nt
179185:AUE_PIPE:pipe(2):ip
180186:AUE_SOCKETPAIR:socketpair(2):nt
181187:AUE_SEND:send(2):nt
182188:AUE_SENDMSG:sendmsg(2):nt
183189:AUE_RECV:recv(2):nt
184190:AUE_RECVMSG:recvmsg(2):nt
185191:AUE_RECVFROM:recvfrom(2):nt
186192:AUE_READ:read(2):no
187193:AUE_GETDENTS:getdents(2):no
188194:AUE_LSEEK:lseek(2):no
189195:AUE_WRITE:write(2):no
190196:AUE_WRITEV:writev(2):no
191197:AUE_NFS:nfs server:ad
192198:AUE_READV:readv(2):no
193199:AUE_OSTAT:Solaris old stat(2):fa
194200:AUE_SETUID:setuid(2):pc
195201:AUE_STIME:old stime(2):ad
196202:AUE_UTIME:old utime(2):fm
197203:AUE_NICE:old nice(2):pc
198204:AUE_OSETPGRP:Solaris old setpgrp(2):pc
199205:AUE_SETGID:setgid(2):pc
200206:AUE_READL:readl(2):no
201207:AUE_READVL:readvl(2):no
202208:AUE_FSTAT:fstat(2):fa
203209:AUE_DUP2:dup2(2):no
204210:AUE_MMAP:mmap(2):no
205211:AUE_AUDIT:audit(2):ot
206212:AUE_PRIOCNTLSYS:Solaris priocntlsys(2):pc
207213:AUE_MUNMAP:munmap(2):cl
208214:AUE_SETEGID:setegid(2):pc
209215:AUE_SETEUID:seteuid(2):pc
210216:AUE_PUTMSG:putmsg(2):nt
211217:AUE_GETMSG:getmsg(2):nt
212218:AUE_PUTPMSG:putpmsg(2):nt
213219:AUE_GETPMSG:getpmsg(2):nt
214220:AUE_AUDITSYS:audit system calls place holder:no
215221:AUE_AUDITON_GETKMASK:auditon(2) - get kernel mask:ad
216222:AUE_AUDITON_SETKMASK:auditon(2) - set kernel mask:ad
217223:AUE_AUDITON_GETCWD:auditon(2) - get cwd:ad
218224:AUE_AUDITON_GETCAR:auditon(2) - get car:ad
219225:AUE_AUDITON_GETSTAT:auditon(2) - get audit statistics:ad
220226:AUE_AUDITON_SETSTAT:auditon(2) - reset audit statistics:ad
221227:AUE_AUDITON_SETUMASK:auditon(2) - set mask per uid:ad
222228:AUE_AUDITON_SETSMASK:auditon(2) - set mask per session ID:ad
223229:AUE_AUDITON_GETCOND:auditon(2) - get audit state:ad
224230:AUE_AUDITON_SETCOND:auditon(2) - set audit state:ad
225231:AUE_AUDITON_GETCLASS:auditon(2) - get event class:ad
226232:AUE_AUDITON_SETCLASS:auditon(2) - set event class:ad
227233:AUE_UTSSYS:utssys(2) - fusers:ad
228234:AUE_STATVFS:statvfs(2):fa
229235:AUE_XSTAT:xstat(2):fa
230236:AUE_LXSTAT:lxstat(2):fa
231237:AUE_LCHOWN:lchown(2):fm
232238:AUE_MEMCNTL:memcntl(2):ot
233239:AUE_SYSINFO:sysinfo(2):ad
234240:AUE_XMKNOD:xmknod(2):fc
235241:AUE_FORK1:fork1(2):pc
236242:AUE_MODCTL:modctl(2) system call place holder:no
237243:AUE_MODLOAD:modctl(2) - load module:ad
238244:AUE_MODUNLOAD:modctl(2) - unload module:ad
239245:AUE_MODCONFIG:modctl(2) - configure module:ad
240246:AUE_MODADDMAJ:modctl(2) - bind module:ad
241247:AUE_SOCKACCEPT:getmsg-accept:nt
242248:AUE_SOCKCONNECT:putmsg-connect:nt
243249:AUE_SOCKSEND:putmsg-send:nt
244250:AUE_SOCKRECEIVE:getmsg-receive:nt
245251:AUE_ACLSET:acl(2) - SETACL comand:fm
246252:AUE_FACLSET:facl(2) - SETACL command:fm
247253:AUE_DOORFS:doorfs(2) - system call place holder:no
248254:AUE_DOORFS_DOOR_CALL:doorfs(2) - DOOR_CALL:ip
249255:AUE_DOORFS_DOOR_RETURN:doorfs(2) - DOOR_RETURN:ip
250256:AUE_DOORFS_DOOR_CREATE:doorfs(2) - DOOR_CREATE:ip
251257:AUE_DOORFS_DOOR_REVOKE:doorfs(2) - DOOR_REVOKE:ip
252258:AUE_DOORFS_DOOR_INFO:doorfs(2) - DOOR_INFO:ip
253259:AUE_DOORFS_DOOR_CRED:doorfs(2) - DOOR_CRED:ip
254260:AUE_DOORFS_DOOR_BIND:doorfs(2) - DOOR_BIND:ip
255261:AUE_DOORFS_DOOR_UNBIND:doorfs(2) - DOOR_UNBIND:ip
256262:AUE_P_ONLINE:p_online(2):ad
257263:AUE_PROCESSOR_BIND:processor_bind(2):ad
258264:AUE_INST_SYNC:inst_sync(2):ad
259265:AUE_SOCKCONFIG:configure socket:nt
260266:AUE_SETAUDIT_ADDR:setaudit_addr(2):ad
261267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
262268:AUE_UMOUNT2:Solaris umount(2):ad
263269:AUE_FSAT:fsat(2) - place holder:no
264270:AUE_OPENAT_R:openat(2) - read:fr
265271:AUE_OPENAT_RC:openat(2) - read,creat:fc,fr,fa,fm
266272:AUE_OPENAT_RT:openat(2) - read,trunc:fd,fr,fa,fm
267273:AUE_OPENAT_RTC:openat(2) - read,creat,trunc:fc,fd,fr,fa,fm
268274:AUE_OPENAT_W:openat(2) - write:fw
269275:AUE_OPENAT_WC:openat(2) - write,creat:fc,fw,fa,fm
270276:AUE_OPENAT_WT:openat(2) - write,trunc:fd,fw,fa,fm
271277:AUE_OPENAT_WTC:openat(2) - write,creat,trunc:fc,fd,fw,fa,fm
272278:AUE_OPENAT_RW:openat(2) - read,write:fr,fw
273279:AUE_OPENAT_RWC:openat(2) - read,write,create:fc,fw,fr,fa,fm
274280:AUE_OPENAT_RWT:openat(2) - read,write,trunc:fd,fw,fr,fa,fm
275281:AUE_OPENAT_RWTC:openat(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm
276282:AUE_RENAMEAT:renameat(2):fc,fd
277283:AUE_FSTATAT:fstatat(2):fa
278284:AUE_FCHOWNAT:fchownat(2):fm
279285:AUE_FUTIMESAT:futimesat(2):fm
280286:AUE_UNLINKAT:unlinkat(2):fd
281287:AUE_CLOCK_SETTIME:clock_settime(2):ad
282288:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
283289:AUE_SETPPRIV:setppriv(2):pc
284290:AUE_MODDEVPLCY:modctl(2) - configure device policy:ad
285291:AUE_MODADDPRIV:modctl(2) - configure additional privilege:ad
286292:AUE_CRYPTOADM:kernel cryptographic framework:ad
287293:AUE_CONFIGKSSL:configure kernel SSL:ad
288294:AUE_BRANDSYS:brandsys(2):ot
289295:AUE_PF_POLICY_ADDRULE:Add IPsec policy rule:ad
290296:AUE_PF_POLICY_DELRULE:Delete IPsec policy rule:ad
291297:AUE_PF_POLICY_CLONE:Clone IPsec policy:ad
292298:AUE_PF_POLICY_FLIP:Flip IPsec policy:ad
293299:AUE_PF_POLICY_FLUSH:Flush IPsec policy rules:ad
294300:AUE_PF_POLICY_ALGS:Update IPsec algorithms:ad
295301:AUE_PORTFS:portfs:fa
296#
297# What follows are deprecated Darwin event numbers that may soon^H^H^H^Hnow
298# conflict with Solaris events.
299#
300301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa
301302:AUE_DARWIN_PTRACE:ptrace(2):pc
302303:AUE_DARWIN_CHFLAGS:chflags(2):fm
303304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm
304305:AUE_DARWIN_PROFILE:profil(2):pc
305306:AUE_DARWIN_KTRACE:ktrace(2):pc
306307:AUE_DARWIN_SETLOGIN:setlogin(2):pc
307308:AUE_DARWIN_REBOOT:reboot(2):ad
308309:AUE_DARWIN_REVOKE:revoke(2):cl
309310:AUE_DARWIN_UMASK:umask(2):pc
310311:AUE_DARWIN_MPROTECT:mprotect(2):fm
311312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot
312313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad
313314:AUE_DARWIN_FLOCK:flock(2):fm
314315:AUE_DARWIN_MKFIFO:mkfifo(2):fc
315316:AUE_DARWIN_POLL:poll(2):no
316317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt
317318:AUE_DARWIN_FUTIMES:futimes(2):fm
318319:AUE_DARWIN_SETSID:setsid(2):pc
319320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc
320321:AUE_DARWIN_NFSSVC:nfssvc(2):ad
321322:AUE_DARWIN_GETFH:getfh(2):fa
322323:AUE_DARWIN_QUOTACTL:quotactl(2):ad
323324:AUE_DARWIN_ADDPROFILE:add_profil():pc
324325:AUE_DARWIN_KDEBUGTRACE:kdebug_trace():pc
325326:AUE_DARWIN_FSTAT:fstat(2):fa
326327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
327328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no
328329:AUE_DARWIN_TRUNCATE:truncate(2):fw
329330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
330331:AUE_DARWIN_SYSCTL:sysctl(3):ad
331332:AUE_DARWIN_MLOCK:mlock(2):pc
332333:AUE_DARWIN_MUNLOCK:munlock(2):pc
333334:AUE_DARWIN_UNDELETE:undelete(2):fm
334335:AUE_DARWIN_GETATTRLIST:getattrlist():fa
335336:AUE_DARWIN_SETATTRLIST:setattrlist():fm
336337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa
337338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw
338339:AUE_DARWIN_SEARCHFS:searchfs():fa
339340:AUE_DARWIN_MINHERIT:minherit(2):pc
340341:AUE_DARWIN_SEMCONFIG:semconfig():ip
341342:AUE_DARWIN_SEMOPEN:sem_open(2):ip
342343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip
343344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip
344345:AUE_DARWIN_SHMOPEN:shm_open(2):ip
345346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip
346347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr
347348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot
348349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot
349350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc
350351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc
351352:AUE_DARWIN_AUDITCTL:auditctl(2):ad
352353:AUE_DARWIN_RFORK:rfork(2):pc
353354:AUE_DARWIN_LCHMOD:lchmod(2):fm
354355:AUE_DARWIN_SWAPOFF:swapoff(2):ad
355356:AUE_DARWIN_INITPROCESS:init_process():pc
356357:AUE_DARWIN_MAPFD:map_fd():fa
357358:AUE_DARWIN_TASKFORPID:task_for_pid():pc
358359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc
359360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot
360361:AUE_DARWIN_COPYFILE:copyfile():fr,fw
361#
362# OpenBSM-specific kernel events.
363#
36443001:AUE_GETFSSTAT:getfsstat(2):fa
36543002:AUE_PTRACE:ptrace(2):pc
36643003:AUE_CHFLAGS:chflags(2):fm
36743004:AUE_FCHFLAGS:fchflags(2):fm
36843005:AUE_PROFILE:profil(2):pc
36943006:AUE_KTRACE:ktrace(2):pc
37043007:AUE_SETLOGIN:setlogin(2):pc
37143008:AUE_OPENBSM_REVOKE:revoke(2):cl
37243009:AUE_UMASK:umask(2):pc
37343010:AUE_MPROTECT:mprotect(2):fm
37443011:AUE_MKFIFO:mkfifo(2):fc
37543012:AUE_POLL:poll(2):no
37643013:AUE_FUTIMES:futimes(2):fm
37743014:AUE_SETSID:setsid(2):pc
37843015:AUE_SETPRIVEXEC:setprivexec(2):pc
37943016:AUE_ADDPROFILE:add_profil():pc
38043017:AUE_KDEBUGTRACE:kdebug_trace():pc
38143018:AUE_OPENBSM_FSTAT:fstat(2):fa
38243019:AUE_FPATHCONF:fpathconf(2):fa
38343020:AUE_GETDIRENTRIES:getdirentries(2):no
38443021:AUE_SYSCTL:sysctl(3):ot
38543022:AUE_MLOCK:mlock(2):pc
38643023:AUE_MUNLOCK:munlock(2):pc
38743024:AUE_UNDELETE:undelete(2):fm
38843025:AUE_GETATTRLIST:getattrlist():fa
38943026:AUE_SETATTRLIST:setattrlist():fm
39043027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
39143028:AUE_EXCHANGEDATA:exchangedata():fw
39243029:AUE_SEARCHFS:searchfs():fa
39343030:AUE_MINHERIT:minherit(2):pc
39443031:AUE_SEMCONFIG:semconfig():ip
39543032:AUE_SEMOPEN:sem_open(2):ip
39643033:AUE_SEMCLOSE:sem_close(2):ip
39743034:AUE_SEMUNLINK:sem_unlink(2):ip
39843035:AUE_SHMOPEN:shm_open(2):ip
39943036:AUE_SHMUNLINK:shm_unlink(2):ip
40043037:AUE_LOADSHFILE:load_shared_file():fr
40143038:AUE_RESETSHFILE:reset_shared_file():ot
40243039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
40343040:AUE_PTHREADKILL:pthread_kill(2):pc
40443041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
40543042:AUE_AUDITCTL:auditctl(2):ad
40643043:AUE_RFORK:rfork(2):pc
40743044:AUE_LCHMOD:lchmod(2):fm
40843045:AUE_SWAPOFF:swapoff(2):ad
40943046:AUE_INITPROCESS:init_process():pc
41043047:AUE_MAPFD:map_fd():fa
41143048:AUE_TASKFORPID:task_for_pid():pc
41243049:AUE_PIDFORTASK:pid_for_task():pc
41343050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
41443051:AUE_COPYFILE:copyfile(2):fr,fw
41543052:AUE_LUTIMES:lutimes(2):fm
41643053:AUE_LCHFLAGS:lchflags(2):fm
41743054:AUE_SENDFILE:sendfile(2):nt
41843055:AUE_USELIB:uselib(2):fa
41943056:AUE_GETRESUID:getresuid(2):pc
42043057:AUE_SETRESUID:setresuid(2):pc
42143058:AUE_GETRESGID:getresgid(2):pc
42243059:AUE_SETRESGID:setresgid(2):pc
42343060:AUE_WAIT4:wait4(2):pc
42443061:AUE_LGETFH:lgetfh(2):fa
42543062:AUE_FHSTATFS:fhstatfs(2):fa
42643063:AUE_FHOPEN:fhopen(2):fa
42743064:AUE_FHSTAT:fhstat(2):fa
42843065:AUE_JAIL:jail(2):pc
42943066:AUE_EACCESS:eaccess(2):fa
43043067:AUE_KQUEUE:kqueue(2):no
43143068:AUE_KEVENT:kevent(2):no
43243069:AUE_FSYNC:fsync(2):fm
43343070:AUE_NMOUNT:nmount(2):ad
43443071:AUE_BDFLUSH:bdflush(2):ad
43543072:AUE_SETFSUID:setfsuid(2):ot
43643073:AUE_SETFSGID:setfsgid(2):ot
43743074:AUE_PERSONALITY:personality(2):pc
43843075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
43943076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
44043077:AUE_PRCTL:prctl(2):pc
44143078:AUE_GETCWD:getcwd(2):pc
44243079:AUE_CAPGET:capget(2):pc
44343080:AUE_CAPSET:capset(2):pc
44443081:AUE_PIVOT_ROOT:pivot_root(2):pc
44543082:AUE_RTPRIO::rtprio(2):pc
44643083:AUE_SCHED_GETPARAM:sched_getparam(2):ad
44743084:AUE_SCHED_SETPARAM:sched_setparam(2):ad
44843085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
44943086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
45043087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
45143088:AUE_ACL_GET_FILE:acl_get_file(2):fa
45243089:AUE_ACL_SET_FILE:acl_set_file(2):fm
45343090:AUE_ACL_GET_FD:acl_get_fd(2):fa
45443091:AUE_ACL_SET_FD:acl_set_fd(2):fm
45543092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
45643093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
45743094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
45843095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
45943096:AUE_ACL_GET_LINK:acl_get_link(2):fa
46043097:AUE_ACL_SET_LINK:acl_set_link(2):fm
46143098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
46243099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
46343100:AUE_SYSARCH:sysarch(2):ot
46443101:AUE_EXTATTRCTL:extattrctl(2):fm
46543102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
46643103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
46743104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
46843105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
46943106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
47043107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
47143108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
47243109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
47343110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
47443111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
47543112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
47643113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
47743114:AUE_KENV:kenv(8):ad
47843115:AUE_JAIL_ATTACH:jail_attach(2):ad
47943116:AUE_SYSCTL_WRITE:sysctl(3):ad
48043117:AUE_IOPERM:linux ioperm:ad
48143118:AUE_READDIR:readdir(3):no
48243119:AUE_IOPL:linux iopl:ad
48343120:AUE_VM86:linux vm86:pc
48443121:AUE_MAC_GET_PROC:mac_get_proc(2):pc
48543122:AUE_MAC_SET_PROC:mac_set_proc(2):pc
48643123:AUE_MAC_GET_FD:mac_get_fd(2):fa
48743124:AUE_MAC_GET_FILE:mac_get_file(2):fa
48843125:AUE_MAC_SET_FD:mac_set_fd(2):fm
48943126:AUE_MAC_SET_FILE:mac_set_file(2):fm
49043127:AUE_MAC_SYSCALL:mac_syscall(2):ad
49143128:AUE_MAC_GET_PID:mac_get_pid(2):pc
49243129:AUE_MAC_GET_LINK:mac_get_link(2):fa
49343130:AUE_MAC_SET_LINK:mac_set_link(2):fm
49443131:AUE_MAC_EXECVE:mac_execve(2):ex,pc
49543132:AUE_GETPATH_FROMFD:getpath_fromfd(2):fa
49643133:AUE_GETPATH_FROMADDR:getpath_fromaddr(2):fa
49743134:AUE_MQ_OPEN:mq_open(2):ip
49843135:AUE_MQ_SETATTR:mq_setattr(2):ip
49943136:AUE_MQ_TIMEDRECEIVE:mq_timedreceive(2):ip
50043137:AUE_MQ_TIMEDSEND:mq_timedsend(2):ip
50143138:AUE_MQ_NOTIFY:mq_notify(2):ip
50243139:AUE_MQ_UNLINK:mq_unlink(2):ip
50343140:AUE_LISTEN:listen(2):nt
50443141:AUE_MLOCKALL:mlockall(2):pc
50543142:AUE_MUNLOCKALL:munlockall(2):pc
50643143:AUE_CLOSEFROM:closefrom(2):cl
50743144:AUE_FEXECVE:fexecve(2):pc,ex
50843145:AUE_FACCESSAT:faccessat(2):fa
50943146:AUE_FCHMODAT:fchmodat(2):fm
51043147:AUE_LINKAT:linkat(2):fc
51143148:AUE_MKDIRAT:mkdirat(2):fc
51243149:AUE_MKFIFOAT:mkfifoat(2):fc
51343150:AUE_MKNODAT:mknodat(2):fc
51443151:AUE_READLINKAT:readlinkat(2):fr
51543152:AUE_SYMLINKAT:symlinkat(2):fc
51643153:AUE_MAC_GETFSSTAT:mac_getfsstat(2):fa
51743154:AUE_MAC_GET_MOUNT:mac_get_mount(2):fa
51843155:AUE_MAC_GET_LCID:mac_get_lcid(2):pc
51943156:AUE_MAC_GET_LCTX:mac_get_lctx(2):pc
52043157:AUE_MAC_SET_LCTX:mac_set_lctx(2):pc
52143158:AUE_MAC_MOUNT:mac_mount(2):ad
52243159:AUE_GETLCID:getlcid(2):pc
52343160:AUE_SETLCID:setlcid(2):pc
52443161:AUE_TASKNAMEFORPID:taskname_for_pid():pc
52543162:AUE_ACCESS_EXTENDED:access_extended(2):fa
52643163:AUE_CHMOD_EXTENDED:chmod_extended(2):fm
52743164:AUE_FCHMOD_EXTENDED:fchmod_extended(2):fm
52843165:AUE_FSTAT_EXTENDED:fstat_extended(2):fa
52943166:AUE_LSTAT_EXTENDED:lstat_extended(2):fa
53043167:AUE_MKDIR_EXTENDED:mkdir_extended(2):fc
53143168:AUE_MKFIFO_EXTENDED:mkfifo_extended(2):fc
53243169:AUE_OPEN_EXTENDED:open_extended(2) - attr only:fa
53343170:AUE_OPEN_EXTENDED_R:open_extended(2) - read:fr
53443171:AUE_OPEN_EXTENDED_RC:open_extended(2) - read,creat:fc,fr,fa,fm
53543172:AUE_OPEN_EXTENDED_RT:open_extended(2) - read,trunc:fd,fr,fa,fm
53643173:AUE_OPEN_EXTENDED_RTC:open_extended(2) - read,creat,trunc:fc,fd,fr,fa,fm
53743174:AUE_OPEN_EXTENDED_W:open_extended(2) - write:fw
53843175:AUE_OPEN_EXTENDED_WC:open_extended(2) - write,creat:fc,fw,fa,fm
53943176:AUE_OPEN_EXTENDED_WT:open_extended(2) - write,trunc:fd,fw,fa,fm
54043177:AUE_OPEN_EXTENDED_WTC:open_extended(2) - write,creat,trunc:fc,fd,fw,fa,fm
54143178:AUE_OPEN_EXTENDED_RW:open_extended(2) - read,write:fr,fw
54243179:AUE_OPEN_EXTENDED_RWC:open_extended(2) - read,write,creat:fc,fw,fr,fa,fm
54343180:AUE_OPEN_EXTENDED_RWT:open_extended(2) - read,write,trunc:fd,fr,fw,fa,fm
54443181:AUE_OPEN_EXTENDED_RWTC:open_extended(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm
54543182:AUE_STAT_EXTENDED:stat_extended(2):fa
54643183:AUE_UMASK_EXTENDED:umask_extended(2):pc
54743184:AUE_OPENAT:openat(2) - attr only:fa
54843185:AUE_POSIX_OPENPT:posix_openpt(2):ip
54943186:AUE_CAP_NEW:cap_new(2):fm
55043187:AUE_CAP_RIGHTS_GET:cap_rights_get(2):fm
55143188:AUE_CAP_ENTER:cap_enter(2):pc
55243189:AUE_CAP_GETMODE:cap_getmode(2):pc
55343190:AUE_POSIX_SPAWN:posix_spawn(2):pc
55443191:AUE_FSGETPATH:fsgetpath(2):ot
55543192:AUE_PREAD:pread(2):no
55643193:AUE_PWRITE:pwrite(2):no
55743194:AUE_FSCTL:fsctl():fm
55843195:AUE_FFSCTL:ffsctl():fm
55943196:AUE_LPATHCONF:lpathconf(2):fa
56043197:AUE_PDFORK:pdfork(2):pc
56143198:AUE_PDKILL:pdkill(2):pc
56243199:AUE_PDGETPID:pdgetpid(2):pc
56343200:AUE_PDWAIT:pdwait(2):pc
56443201:AUE_WAIT6:wait6(2):pc
56543202:AUE_CAP_RIGHTS_LIMIT:cap_rights_limit(2):fm
56643203:AUE_CAP_IOCTLS_LIMIT:cap_ioctls_limit(2):fm
56743204:AUE_CAP_IOCTLS_GET:cap_ioctls_get(2):fm
56843205:AUE_CAP_FCNTLS_LIMIT:cap_fcntls_limit(2):fm
56943206:AUE_CAP_FCNTLS_GET:cap_fcntls_get(2):fm
57043207:AUE_BINDAT:bindat(2):nt
57143208:AUE_CONNECTAT:connectat(2):nt
57243209:AUE_CHFLAGSAT:chflagsat(2):fm
57343210:AUE_PREADV:preadv(2):no
57443211:AUE_PWRITEV:pwritev(2):no
57543212:AUE_POSIX_FALLOCATE:posix_fallocate(2):no
57643213:AUE_AIO_MLOCK:aio_mlock(2):pc
57743214:AUE_PROCCTL:procctl(2):pc
57843215:AUE_AIO_READ:aio_read(2):no
57943216:AUE_AIO_WRITE:aio_write(2):no
58043217:AUE_AIO_RETURN:aio_return(2):no
58143218:AUE_AIO_SUSPEND:aio_suspend(2):no
58243219:AUE_AIO_CANCEL:aio_cancel(2):no
58343220:AUE_AIO_ERROR:aio_error(2):no
58443221:AUE_AIO_WAITCOMPLETE:aio_waitcomplete(2):no
58543222:AUE_AIO_FSYNC:aio_fsync(2):no
58643223:AUE_THR_CREATE:thr_create(2):pc
58743224:AUE_THR_NEW:thr_new(2):pc
58843225:AUE_THR_EXIT:thr_exit(2):pc
58943226:AUE_THR_KILL:thr_kill(2):pc
59043227:AUE_THR_KILL2:thr_kill(2):pc
59143228:AUE_SETFIB:setfib(2):nt
59243229:AUE_LIO_LISTIO:lio_listio(2):no
59343230:AUE_SETUGID:__setugid(2):pc
59443231:AUE_SCTP_PEELOFF:sctp_peeloff(2):nt
59543232:AUE_SCTP_GENERIC_SENDMSG:sctp_generic_sendmsg(2):nt
59643233:AUE_SCTP_GENERIC_RECVMSG:sctp_generic_recvmsg(2):nt
59743234:AUE_JAIL_GET:jail_get(2):pc
59843235:AUE_JAIL_SET:jail_set(2):pc
59943236:AUE_JAIL_REMOVE:jail_remove(2):pc
60043237:AUE_GETLOGINCLASS:getloginclass(2):pc
60143238:AUE_SETLOGINCLASS:setloginclass(2):pc
60243239:AUE_POSIX_FADVISE:posix_fadvise(2):no
60343240:AUE_SCTP_GENERIC_SENDMSG_IOV:sctp_generic_sendmsg_iov(2):nt
60443241:AUE_ABORT2:abort(2):pc
60543242:AUE_SEMTIMEDWAIT:sem_timedwait(3):ip
60643243:AUE_SEMDESTROY:sem_destroy(3):ip
60743244:AUE_SEMGETVALUE:sem_getvalue(3):ip
60843245:AUE_SEMINIT:sem_init(3):ip
60943246:AUE_SEMPOST:sem_post(3):ip
61043247:AUE_SEMTRYWAIT:sem_trywait(3):ip
61143258:AUE_SEMWAIT:sem_wait(3):ip
61243259:AUE_FGETUUID:fgetuuid(2):ip
61343260:AUE_GETUUID:getuuid(2):ip
61443261:AUE_LGETUUID:lgetuuid(2):ip
61543262:AUE_EXECVEAT:execveat(2):pc,ex
61643263:AUE_SHMRENAME:shm_rename(2):ip
61743264:AUE_REALPATHAT:realpathat(2):fa
61843265:AUE_CLOSERANGE:close_range(2):cl
619#
620# Solaris userspace events.
621#
6226144:AUE_at_create:at-create atjob:ad
6236145:AUE_at_delete:at-delete atjob (at or atrm):ad
6246146:AUE_at_perm:at-permission:no
6256147:AUE_cron_invoke:cron-invoke:ad
6266148:AUE_crontab_create:crontab-crontab created:ad
6276149:AUE_crontab_delete:crontab-crontab deleted:ad
6286150:AUE_crontab_perm:crontab-permission:no
6296151:AUE_inetd_connect:inetd connection:na
6306152:AUE_login:login - local:lo
6316153:AUE_logout:logout - local:lo
6326154:AUE_telnet:login - telnet:lo
6336155:AUE_rlogin:login - rlogin:lo
6346156:AUE_mountd_mount:mount:na
6356157:AUE_mountd_umount:unmount:na
6366158:AUE_rshd:rsh access:lo
6376159:AUE_su:su(1):lo
6386160:AUE_halt:system halt:ad
6396161:AUE_reboot:system reboot:ad
6406162:AUE_rexecd:rexecd:lo
6416163:AUE_passwd:passwd:lo
6426164:AUE_rexd:rexd:lo
6436165:AUE_ftpd:ftp access:lo
6446166:AUE_init:init:lo
6456167:AUE_uadmin:uadmin:no
6466168:AUE_shutdown:system shutdown:ad
6476168:AUE_poweroff:system poweroff:ad
6486170:AUE_crontab_mod:crontab-modify:ad
6496171:AUE_ftpd_logout:ftp logout:lo
6506172:AUE_ssh:login - ssh:lo
6516173:AUE_role_login:role login:lo
6526180:AUE_prof_cmd: profile command:ad
6536181:AUE_filesystem_add:add filesystem:ad
6546182:AUE_filesystem_delete:delete filesystem:ad
6556183:AUE_filesystem_modify:modify filesystem:ad
6566200:AUE_allocate_succ:allocate-device success:ot
6576201:AUE_allocate_fail:allocate-device failure:ot
6586202:AUE_deallocate_succ:deallocate-device success:ot
6596203:AUE_deallocate_fail:deallocate-device failure:ot
6606204:AUE_listdevice_succ:allocate-list devices success:ot
6616205:AUE_listdevice_fail:allocate-list devices failure:ot
6626207:AUE_create_user:create user:ad
6636208:AUE_modify_user:modify user:ad
6646209:AUE_delete_user:delete user:ad
6656210:AUE_disable_user:disable user:ad
6666211:AUE_enable_user:enable users:ad
6676212:AUE_newgrp_login:newgrp login:lo
6686213:AUE_admin_authenticate:admin login:lo
6696214:AUE_kadmind_auth:authenticated kadmind request:ua
6706215:AUE_kadmind_unauth:unauthenticated kadmind req:ua
6716216:AUE_krb5kdc_as_req:kdc authentication svc request:ap
6726217:AUE_krb5kdc_tgs_req:kdc tkt-grant svc request:ap
6736218:AUE_krb5kdc_tgs_req_2ndtktmm:kdc tgs 2ndtkt mismtch:ap
6746219:AUE_krb5kdc_tgs_req_alt_tgt:kdc tgs issue alt tgt:ap
675#
676# Historic Darwin use of low event numbering space, which collided with the
677# Solaris event space.  Now obsoleted and new, higher, event numbers assigned
678# to make it easier to interpret Solaris events using the OpenBSM tools.
679#
6806171:AUE_DARWIN_audit_startup:audit startup:ad
6816172:AUE_DARWIN_audit_shutdown:audit shutdown:ad
6826300:AUE_DARWIN_sudo:sudo(1):ad
6836501:AUE_DARWIN_modify_password:modify password:ad
6846511:AUE_DARWIN_create_group:create group:ad
6856512:AUE_DARWIN_delete_group:delete group:ad
6866513:AUE_DARWIN_modify_group:modify group:ad
6876514:AUE_DARWIN_add_to_group:add to group:ad
6886515:AUE_DARWIN_remove_from_group:remove from group:ad
6896521:AUE_DARWIN_revoke_obj:revoke object priv:fm
6906600:AUE_DARWIN_lw_login:loginwindow login:lo
6916601:AUE_DARWIN_lw_logout:loginwindow logout:lo
6927000:AUE_DARWIN_auth_user:user authentication:aa
6937001:AUE_DARWIN_ssconn:SecSrvr connection setup:aa
6947002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:aa
6957003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:aa
696#
697# Historic/third-party application allocations of event identifiers.
698#
69932800:AUE_openssh:OpenSSH login:lo
700#
701# OpenBSM-managed application event space.
702#
70345000:AUE_audit_startup:audit startup:ad
70445001:AUE_audit_shutdown:audit shutdown:ad
70545014:AUE_modify_password:modify password:ad
70645015:AUE_create_group:create group:ad
70745016:AUE_delete_group:delete group:ad
70845017:AUE_modify_group:modify group:ad
70945018:AUE_add_to_group:add to group:ad
71045019:AUE_remove_from_group:remove from group:ad
71145020:AUE_revoke_obj:revoke object priv:fm
71245021:AUE_lw_login:loginwindow login:lo
71345022:AUE_lw_logout:loginwindow logout:lo
71445023:AUE_auth_user:user authentication:aa
71545024:AUE_ssconn:SecSrvr connection setup:aa
71645025:AUE_ssauthorize:SecSrvr AuthEngine:aa
71745026:AUE_ssauthint:SecSrvr authinternal mech:aa
71845027:AUE_calife:Calife:ad
71945028:AUE_sudo:sudo(1):aa
72045029:AUE_audit_recovery:audit crash recovery:ad
72145030:AUE_ssauthmech:SecSrvr AuthMechanism:aa
722