17c478bd9Sstevel@tonic-gate<?xml version="1.0"?> 27c478bd9Sstevel@tonic-gate<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 37c478bd9Sstevel@tonic-gate<!-- 4*97a81520SMarek Pospisil Copyright 2010 Sun Microsystems, Inc. All rights reserved. 57c478bd9Sstevel@tonic-gate Use is subject to license terms. 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate CDDL HEADER START 87c478bd9Sstevel@tonic-gate 97c478bd9Sstevel@tonic-gate The contents of this file are subject to the terms of the 10d670ce0bSMarek Pospisil Common Development and Distribution License (the "License"). 11d670ce0bSMarek Pospisil You may not use this file except in compliance with the License. 127c478bd9Sstevel@tonic-gate 137c478bd9Sstevel@tonic-gate You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 147c478bd9Sstevel@tonic-gate or http://www.opensolaris.org/os/licensing. 157c478bd9Sstevel@tonic-gate See the License for the specific language governing permissions 167c478bd9Sstevel@tonic-gate and limitations under the License. 177c478bd9Sstevel@tonic-gate 187c478bd9Sstevel@tonic-gate When distributing Covered Code, include this CDDL HEADER in each 197c478bd9Sstevel@tonic-gate file and include the License file at usr/src/OPENSOLARIS.LICENSE. 207c478bd9Sstevel@tonic-gate If applicable, add the following below this CDDL HEADER, with the 217c478bd9Sstevel@tonic-gate fields enclosed by brackets "[]" replaced with your own identifying 227c478bd9Sstevel@tonic-gate information: Portions Copyright [yyyy] [name of copyright owner] 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate CDDL HEADER END 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate NOTE: This service manifest is not editable; its contents will 277c478bd9Sstevel@tonic-gate be overwritten by package or patch operations, including 287c478bd9Sstevel@tonic-gate operating system upgrade. Make customizations in a different 297c478bd9Sstevel@tonic-gate file. 307c478bd9Sstevel@tonic-gate--> 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate<service_bundle type='manifest' name='SUNWcsr:auditd'> 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate<service 357c478bd9Sstevel@tonic-gate name='system/auditd' 367c478bd9Sstevel@tonic-gate type='service' 377c478bd9Sstevel@tonic-gate version='1'> 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate <single_instance /> 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate <dependency 427c478bd9Sstevel@tonic-gate name='usr' 437c478bd9Sstevel@tonic-gate type='service' 447c478bd9Sstevel@tonic-gate grouping='require_all' 457c478bd9Sstevel@tonic-gate restart_on='none'> 467c478bd9Sstevel@tonic-gate <service_fmri value='svc:/system/filesystem/local' /> 477c478bd9Sstevel@tonic-gate </dependency> 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate <dependency 507c478bd9Sstevel@tonic-gate name='ns' 517c478bd9Sstevel@tonic-gate type='service' 527c478bd9Sstevel@tonic-gate grouping='require_all' 537c478bd9Sstevel@tonic-gate restart_on='none'> 547c478bd9Sstevel@tonic-gate <service_fmri value='svc:/milestone/name-services' /> 557c478bd9Sstevel@tonic-gate </dependency> 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate <dependency 587c478bd9Sstevel@tonic-gate name='syslog' 597c478bd9Sstevel@tonic-gate type='service' 60d670ce0bSMarek Pospisil grouping='optional_all' 617c478bd9Sstevel@tonic-gate restart_on='none'> 627c478bd9Sstevel@tonic-gate <service_fmri value='svc:/system/system-log' /> 637c478bd9Sstevel@tonic-gate </dependency> 647c478bd9Sstevel@tonic-gate 658523fda3SJan Friedel 667c478bd9Sstevel@tonic-gate <dependent 678523fda3SJan Friedel name='multi-user' 687c478bd9Sstevel@tonic-gate grouping='optional_all' 697c478bd9Sstevel@tonic-gate restart_on='none'> 707c478bd9Sstevel@tonic-gate <service_fmri value='svc:/milestone/multi-user'/> 717c478bd9Sstevel@tonic-gate </dependent> 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate <dependent 747c478bd9Sstevel@tonic-gate name='console-login' 757c478bd9Sstevel@tonic-gate grouping='optional_all' 767c478bd9Sstevel@tonic-gate restart_on='none'> 777c478bd9Sstevel@tonic-gate <service_fmri value='svc:/system/console-login'/> 787c478bd9Sstevel@tonic-gate </dependent> 797c478bd9Sstevel@tonic-gate 808523fda3SJan Friedel 817c478bd9Sstevel@tonic-gate <exec_method 827c478bd9Sstevel@tonic-gate type='method' 837c478bd9Sstevel@tonic-gate name='start' 847c478bd9Sstevel@tonic-gate exec='/lib/svc/method/svc-auditd' 85*97a81520SMarek Pospisil timeout_seconds='60'> 867c478bd9Sstevel@tonic-gate <method_context> 877c478bd9Sstevel@tonic-gate <method_credential user='root' group='root' /> 887c478bd9Sstevel@tonic-gate </method_context> 897c478bd9Sstevel@tonic-gate </exec_method> 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate <exec_method 927c478bd9Sstevel@tonic-gate type='method' 937c478bd9Sstevel@tonic-gate name='refresh' 948523fda3SJan Friedel exec='/lib/svc/method/svc-auditd' 957c478bd9Sstevel@tonic-gate timeout_seconds='30'> 967c478bd9Sstevel@tonic-gate <method_context> 977c478bd9Sstevel@tonic-gate <method_credential user='root' group='root' /> 987c478bd9Sstevel@tonic-gate </method_context> 997c478bd9Sstevel@tonic-gate </exec_method> 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate <!-- 1028523fda3SJan Friedel auditd waits for c2audit to quiet down after catching a -TERM 1038523fda3SJan Friedel before exiting; auditd's timeout is 20 seconds 1047c478bd9Sstevel@tonic-gate --> 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate <exec_method 1077c478bd9Sstevel@tonic-gate type='method' 1087c478bd9Sstevel@tonic-gate name='stop' 1097c478bd9Sstevel@tonic-gate exec=':kill -TERM' 1107c478bd9Sstevel@tonic-gate timeout_seconds='30'> 1117c478bd9Sstevel@tonic-gate <method_context> 1127c478bd9Sstevel@tonic-gate <method_credential user='root' group='root' /> 1137c478bd9Sstevel@tonic-gate </method_context> 1147c478bd9Sstevel@tonic-gate </exec_method> 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate <!-- SIGs HUP, TERM, and USR1 are all expected by auditd --> 1177c478bd9Sstevel@tonic-gate <property_group name='startd' type='framework'> 1187c478bd9Sstevel@tonic-gate <propval name='ignore_error' type='astring' 1197c478bd9Sstevel@tonic-gate value='core,signal' /> 1207c478bd9Sstevel@tonic-gate </property_group> 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate <property_group name='general' type='framework'> 1238523fda3SJan Friedel <!-- to start/stop auditd --> 1247c478bd9Sstevel@tonic-gate <propval name='action_authorization' type='astring' 1257c478bd9Sstevel@tonic-gate value='solaris.audit.config' /> 12616f0fd39SJan Friedel <propval name='value_authorization' type='astring' 12716f0fd39SJan Friedel value='solaris.audit.config' /> 1287c478bd9Sstevel@tonic-gate </property_group> 1297c478bd9Sstevel@tonic-gate 1308523fda3SJan Friedel 1318523fda3SJan Friedel <instance name='default' enabled='false'> 1328523fda3SJan Friedel 1338523fda3SJan Friedel <!-- 1348523fda3SJan Friedel Audit Queue Control Properties - see auditconfig(1M) 1358523fda3SJan Friedel 1368523fda3SJan Friedel Note, that the default value for all the queue control 1378523fda3SJan Friedel configuration parameters is 0, which makes auditd(1M) to 1388523fda3SJan Friedel use current active system parameters. 1398523fda3SJan Friedel --> 1408523fda3SJan Friedel <property_group name='queuectrl' type='application' > 1418523fda3SJan Friedel <propval name='qbufsz' type='count' 1428523fda3SJan Friedel value='0' /> 1438523fda3SJan Friedel <propval name='qdelay' type='count' 1448523fda3SJan Friedel value='0' /> 1458523fda3SJan Friedel <propval name='qhiwater' type='count' 1468523fda3SJan Friedel value='0' /> 1478523fda3SJan Friedel <propval name='qlowater' type='count' 1488523fda3SJan Friedel value='0' /> 1498523fda3SJan Friedel <propval name='read_authorization' type='astring' 1508523fda3SJan Friedel value='solaris.audit.config' /> 1518523fda3SJan Friedel </property_group> 1528523fda3SJan Friedel 1538523fda3SJan Friedel <!-- 1548523fda3SJan Friedel Audit Policies - see auditconfig(1M) 1558523fda3SJan Friedel 1568523fda3SJan Friedel Note, that "all" and "none" policies available as a 1578523fda3SJan Friedel auditconfig(1M) policy flags actually means a full/empty set 1588523fda3SJan Friedel of other policy flags. Thus they are not configurable in the 1598523fda3SJan Friedel auditd service manifest, but set all the policies to true 1608523fda3SJan Friedel (all) or false (none). 1618523fda3SJan Friedel --> 1628523fda3SJan Friedel <property_group name='policy' type='application' > 1638523fda3SJan Friedel <propval name='ahlt' type='boolean' 1648523fda3SJan Friedel value='false' /> 1658523fda3SJan Friedel <propval name='arge' type='boolean' 1668523fda3SJan Friedel value='false' /> 1678523fda3SJan Friedel <propval name='argv' type='boolean' 1688523fda3SJan Friedel value='false' /> 1698523fda3SJan Friedel <propval name='cnt' type='boolean' 1708523fda3SJan Friedel value='true' /> 1718523fda3SJan Friedel <propval name='group' type='boolean' 1728523fda3SJan Friedel value='false' /> 1738523fda3SJan Friedel <propval name='path' type='boolean' 1748523fda3SJan Friedel value='false' /> 1758523fda3SJan Friedel <propval name='perzone' type='boolean' 1768523fda3SJan Friedel value='false' /> 1778523fda3SJan Friedel <propval name='public' type='boolean' 1788523fda3SJan Friedel value='false' /> 1798523fda3SJan Friedel <propval name='seq' type='boolean' 1808523fda3SJan Friedel value='false' /> 1818523fda3SJan Friedel <propval name='trail' type='boolean' 1828523fda3SJan Friedel value='false' /> 1838523fda3SJan Friedel <propval name='windata_down' type='boolean' 1848523fda3SJan Friedel value='false' /> 1858523fda3SJan Friedel <propval name='windata_up' type='boolean' 1868523fda3SJan Friedel value='false' /> 1878523fda3SJan Friedel <propval name='zonename' type='boolean' 1888523fda3SJan Friedel value='false' /> 1898523fda3SJan Friedel <propval name='read_authorization' type='astring' 1908523fda3SJan Friedel value='solaris.audit.config' /> 1918523fda3SJan Friedel </property_group> 1928523fda3SJan Friedel 1938523fda3SJan Friedel </instance> 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate <stability value='Evolving' /> 1967c478bd9Sstevel@tonic-gate 1978523fda3SJan Friedel 1987c478bd9Sstevel@tonic-gate <template> 1997c478bd9Sstevel@tonic-gate <common_name> 2007c478bd9Sstevel@tonic-gate <loctext xml:lang='C'> 2017c478bd9Sstevel@tonic-gate Solaris audit daemon 2027c478bd9Sstevel@tonic-gate </loctext> 2037c478bd9Sstevel@tonic-gate </common_name> 2047c478bd9Sstevel@tonic-gate <documentation> 2057c478bd9Sstevel@tonic-gate <manpage title='auditd' 2067c478bd9Sstevel@tonic-gate section='1M' 2077c478bd9Sstevel@tonic-gate manpath='/usr/share/man'/> 2087c478bd9Sstevel@tonic-gate <manpage title='audit' 2097c478bd9Sstevel@tonic-gate section='1M' 2107c478bd9Sstevel@tonic-gate manpath='/usr/share/man'/> 2118523fda3SJan Friedel <manpage title='auditconfig' 2128523fda3SJan Friedel section='1M' 2138523fda3SJan Friedel manpath='/usr/share/man'/> 2147c478bd9Sstevel@tonic-gate </documentation> 2157c478bd9Sstevel@tonic-gate </template> 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate</service> 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate</service_bundle> 220