15e8dbd04SDag-Erling Smørgrav /* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ 25e8dbd04SDag-Erling Smørgrav 35e8dbd04SDag-Erling Smørgrav /* 45e8dbd04SDag-Erling Smørgrav * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 55e8dbd04SDag-Erling Smørgrav * 65e8dbd04SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 75e8dbd04SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 85e8dbd04SDag-Erling Smørgrav * are met: 95e8dbd04SDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 105e8dbd04SDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer. 115e8dbd04SDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 125e8dbd04SDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 135e8dbd04SDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 145e8dbd04SDag-Erling Smørgrav * 155e8dbd04SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 165e8dbd04SDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 175e8dbd04SDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 185e8dbd04SDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 195e8dbd04SDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 205e8dbd04SDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 215e8dbd04SDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 225e8dbd04SDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 235e8dbd04SDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 245e8dbd04SDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 255e8dbd04SDag-Erling Smørgrav */ 265e8dbd04SDag-Erling Smørgrav 275e8dbd04SDag-Erling Smørgrav #include "auth.h" 285e8dbd04SDag-Erling Smørgrav 295e8dbd04SDag-Erling Smørgrav #ifndef _SSH_AUDIT_H 305e8dbd04SDag-Erling Smørgrav # define _SSH_AUDIT_H 315e8dbd04SDag-Erling Smørgrav enum ssh_audit_event_type { 325e8dbd04SDag-Erling Smørgrav SSH_LOGIN_EXCEED_MAXTRIES, 335e8dbd04SDag-Erling Smørgrav SSH_LOGIN_ROOT_DENIED, 345e8dbd04SDag-Erling Smørgrav SSH_AUTH_SUCCESS, 355e8dbd04SDag-Erling Smørgrav SSH_AUTH_FAIL_NONE, 365e8dbd04SDag-Erling Smørgrav SSH_AUTH_FAIL_PASSWD, 375e8dbd04SDag-Erling Smørgrav SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ 385e8dbd04SDag-Erling Smørgrav SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ 395e8dbd04SDag-Erling Smørgrav SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ 405e8dbd04SDag-Erling Smørgrav SSH_AUTH_FAIL_GSSAPI, 415e8dbd04SDag-Erling Smørgrav SSH_INVALID_USER, 425e8dbd04SDag-Erling Smørgrav SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ 435e8dbd04SDag-Erling Smørgrav SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ 445e8dbd04SDag-Erling Smørgrav SSH_CONNECTION_ABANDON, /* closed without completing auth */ 455e8dbd04SDag-Erling Smørgrav SSH_AUDIT_UNKNOWN 465e8dbd04SDag-Erling Smørgrav }; 475e8dbd04SDag-Erling Smørgrav typedef enum ssh_audit_event_type ssh_audit_event_t; 485e8dbd04SDag-Erling Smørgrav 495e8dbd04SDag-Erling Smørgrav void audit_connection_from(const char *, int); 505e8dbd04SDag-Erling Smørgrav void audit_event(ssh_audit_event_t); 515e8dbd04SDag-Erling Smørgrav void audit_session_open(const char *); 525e8dbd04SDag-Erling Smørgrav void audit_session_close(const char *); 535e8dbd04SDag-Erling Smørgrav void audit_run_command(const char *); 545e8dbd04SDag-Erling Smørgrav ssh_audit_event_t audit_classify_auth(const char *); 555e8dbd04SDag-Erling Smørgrav 565e8dbd04SDag-Erling Smørgrav #endif /* _SSH_AUDIT_H */ 57