1<?xml version="1.0" encoding="UTF-8" ?> 2 3<!-- 4 Copyright 2005 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License, Version 1.0 only 11 (the "License"). You may not use this file except in compliance 12 with the License. 13 14 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 15 or http://www.opensolaris.org/os/licensing. 16 See the License for the specific language governing permissions 17 and limitations under the License. 18 19 When distributing Covered Code, include this CDDL HEADER in each 20 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 21 If applicable, add the following below this CDDL HEADER, with the 22 fields enclosed by brackets "[]" replaced with your own identifying 23 information: Portions Copyright [yyyy] [name of copyright owner] 24 25 CDDL HEADER END 26 27 ident "%Z%%M% %I% %E% SMI" 28--> 29 30 31<!--Entity Definitions--> 32 33<!-- timeattr or iso8601 34 35timeattr: 36 the time/date to the second in strftime(3C) default format, 37 followed by milliseconds offset. 38 39 Example: time="Mon May 06 12:10:18 2002" msec="750" 40 41iso8601: 42 ISO 8601 standard format date time and timezone; 43 YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with 44 milliseconds + or - offset from Universal Time (UTC, aka GMT) 45 46 Example: iso8601="2003-09-17 16:47:41.831 -07:00" 47 48--> 49<!ENTITY % timeattr "time CDATA #IMPLIED 50 msec CDATA #IMPLIED"> 51 52<!ENTITY % iso8601 "iso8601 CDATA #IMPLIED"> 53 54<!-- xinfo Generic info for X related tokens. --> 55<!ENTITY % xinfo "xid CDATA #REQUIRED 56 xcreator-uid CDATA #REQUIRED"> 57 58<!-- reserved_toks 59 60This represents the set of "reserved" tokens whose placement is 61fixed. 62 63--> 64<!ENTITY % reserved_toks "( 65 file | 66 record | 67 host | 68 sequence 69 ) 70"> 71 72<!-- normaltoks 73 74This represents the set of all tokens other than the "reserved" 75tokens. 76 77--> 78<!ENTITY % normaltoks "( 79 acl | 80 arbitrary | 81 argument | 82 attribute | 83 clearance | 84 cmd | 85 exit | 86 exec_args | 87 exec_env | 88 group | 89 information_label | 90 ip | 91 ip_address | 92 IPC | 93 IPC_perm | 94 ip_port | 95 liaison | 96 opaque | 97 path | 98 path_attr | 99 privilege | 100 process | 101 return | 102 sensitivity_label | 103 old_socket | 104 socket | 105 subject | 106 text | 107 use_of_authorization | 108 use_of_privilege | 109 X_atom | 110 X_client | 111 X_color_map | 112 X_cursor | 113 X_font | 114 X_graphic_context | 115 X_pixmap | 116 X_property | 117 X_selection | 118 X_window | 119 zone 120 ) 121"> 122 123<!--Element Definitions--> 124 125<!-- 126 127The main element, "audit", consists of a sequence of file & record tokens. 128 129--> 130<!ELEMENT audit (file | record)*> 131 132<!-- file token --> 133<!ELEMENT file (#PCDATA)> 134<!ATTLIST file %iso8601;> 135 136 137<!-- record token 138 139Audit records will have this general layout of tokens after the 140first token (which is the record token): 141 (tokens),subject,group,(tokens),return,sequence,host 142 143(all tokens after the record token are optional; host is TSOL only.) 144 145--> 146<!ELEMENT record ( 147 (%normaltoks;)*, 148 sequence?, 149 host? 150 ) 151> 152<!ATTLIST record 153 version CDATA #REQUIRED 154 event CDATA #REQUIRED 155 modifier CDATA #IMPLIED 156 host CDATA #IMPLIED 157 %iso8601; 158> 159 160<!-- text token --> 161<!ELEMENT text (#PCDATA)> 162 163<!-- path token --> 164<!ELEMENT path (#PCDATA)> 165 166<!-- path_attr token --> 167<!ELEMENT path_attr (xattr*)> 168<!ELEMENT xattr (#PCDATA)> 169 170<!-- host token --> 171<!ELEMENT host (#PCDATA)> 172 173<!-- subject token --> 174<!ELEMENT subject EMPTY> 175<!ATTLIST subject 176 audit-uid CDATA #REQUIRED 177 uid CDATA #REQUIRED 178 gid CDATA #REQUIRED 179 ruid CDATA #REQUIRED 180 rgid CDATA #REQUIRED 181 pid CDATA #REQUIRED 182 sid CDATA #REQUIRED 183 tid CDATA #REQUIRED 184> 185 186<!-- process token --> 187<!ELEMENT process EMPTY> 188<!ATTLIST process 189 audit-uid CDATA #REQUIRED 190 uid CDATA #REQUIRED 191 gid CDATA #REQUIRED 192 ruid CDATA #REQUIRED 193 rgid CDATA #REQUIRED 194 pid CDATA #REQUIRED 195 sid CDATA #REQUIRED 196 tid CDATA #REQUIRED 197> 198 199<!-- return token --> 200<!ELEMENT return EMPTY> 201<!ATTLIST return 202 errval CDATA #REQUIRED 203 retval CDATA #REQUIRED 204> 205 206<!-- exit token --> 207<!ELEMENT exit EMPTY> 208<!ATTLIST exit 209 errval CDATA #REQUIRED 210 retval CDATA #REQUIRED 211> 212 213<!-- sequence token --> 214<!ELEMENT sequence EMPTY> 215<!ATTLIST sequence 216 seq-num CDATA #REQUIRED 217> 218 219<!-- group token --> 220<!ELEMENT group (gid)*> 221<!ELEMENT gid (#PCDATA)> 222 223<!-- opaque token --> 224<!ELEMENT opaque (#PCDATA)> 225 226<!-- liaison token --> 227<!-- (NOTE: liaison is obsolete and is no longer generated --> 228<!ELEMENT liaison (#PCDATA)> 229 230<!-- argument token --> 231<!ELEMENT argument EMPTY> 232<!ATTLIST argument 233 arg-num CDATA #REQUIRED 234 value CDATA #REQUIRED 235 desc CDATA #REQUIRED 236> 237 238<!-- attribute token --> 239<!ELEMENT attribute EMPTY> 240<!ATTLIST attribute 241 mode CDATA #REQUIRED 242 uid CDATA #REQUIRED 243 gid CDATA #REQUIRED 244 fsid CDATA #REQUIRED 245 nodeid CDATA #REQUIRED 246 device CDATA #REQUIRED 247> 248 249<!-- cmd token --> 250<!ELEMENT cmd (argv*, arge*)> 251<!ELEMENT argv (#PCDATA)> 252<!ELEMENT arge (#PCDATA)> 253 254<!-- exec_args token --> 255<!ELEMENT exec_args (arg*)> 256<!ELEMENT arg (#PCDATA)> 257 258<!-- exec_env token --> 259<!ELEMENT exec_env (env*)> 260<!ELEMENT env (#PCDATA)> 261 262<!-- arbitrary token --> 263<!ELEMENT arbitrary (#PCDATA)> 264<!ATTLIST arbitrary 265 print CDATA #REQUIRED 266 type CDATA #REQUIRED 267 count CDATA #REQUIRED 268> 269 270<!-- clearance token --> 271<!ELEMENT clearance (#PCDATA)> 272 273<!-- privilege token --> 274<!ELEMENT privilege (#PCDATA)> 275<!ATTLIST privilege 276 set-type CDATA #REQUIRED 277> 278 279<!-- use_of_privilege token --> 280<!ELEMENT use_of_privilege (#PCDATA)> 281<!ATTLIST use_of_privilege 282 result CDATA #REQUIRED 283> 284 285<!-- sensitivity_label token --> 286<!ELEMENT sensitivity_label (#PCDATA)> 287 288<!-- information_label token --> 289<!ELEMENT information_label (#PCDATA)> 290 291<!-- use_of_authorization token --> 292<!ELEMENT use_of_authorization (#PCDATA)> 293 294<!-- IPC token --> 295<!ELEMENT IPC EMPTY> 296<!ATTLIST IPC 297 ipc-type CDATA #REQUIRED 298 ipc-id CDATA #REQUIRED 299> 300 301<!-- IPC_perm token --> 302<!ELEMENT IPC_perm EMPTY> 303<!ATTLIST IPC_perm 304 uid CDATA #REQUIRED 305 gid CDATA #REQUIRED 306 creator-uid CDATA #REQUIRED 307 creator-gid CDATA #REQUIRED 308 mode CDATA #REQUIRED 309 seq CDATA #REQUIRED 310 key CDATA #REQUIRED 311> 312 313<!-- ip_address token --> 314<!ELEMENT ip_address (#PCDATA)> 315 316<!-- ip_port token --> 317<!-- (NOTE: ip_port is obsolete and is no longer generated --> 318<!ELEMENT ip_port (#PCDATA)> 319 320<!-- ip token --> 321<!-- (NOTE: ip is obsolete and is no longer generated --> 322<!ELEMENT ip EMPTY> 323<!ATTLIST ip 324 version CDATA #REQUIRED 325 service_type CDATA #REQUIRED 326 len CDATA #REQUIRED 327 id CDATA #REQUIRED 328 offset CDATA #REQUIRED 329 time_to_live CDATA #REQUIRED 330 protocol CDATA #REQUIRED 331 cksum CDATA #REQUIRED 332 src_addr CDATA #REQUIRED 333 dest_addr CDATA #REQUIRED 334> 335 336<!-- old_socket token --> 337<!ELEMENT old_socket EMPTY> 338<!ATTLIST old_socket 339 type CDATA #REQUIRED 340 port CDATA #REQUIRED 341 addr CDATA #REQUIRED 342> 343 344<!-- socket token --> 345<!ELEMENT socket EMPTY> 346<!ATTLIST socket 347 sock_domain CDATA #REQUIRED 348 sock_type CDATA #REQUIRED 349 lport CDATA #REQUIRED 350 laddr CDATA #REQUIRED 351 fport CDATA #REQUIRED 352 faddr CDATA #REQUIRED 353> 354 355<!-- acl token --> 356<!ELEMENT acl EMPTY> 357<!ATTLIST acl 358 type CDATA #REQUIRED 359 value CDATA #REQUIRED 360 mode CDATA #REQUIRED 361> 362 363<!-- tid token --> 364<!-- future intent: contain one of ipadr | MTUadr | device --> 365<!ELEMENT tid (ipadr*)> 366<!ATTLIST tid 367 type CDATA #REQUIRED 368> 369 370<!-- ipadr content of tid token --> 371<!ELEMENT ipadr EMPTY> 372<!ATTLIST ipadr 373 local-port CDATA #REQUIRED 374 remote-port CDATA #REQUIRED 375 host CDATA #REQUIRED 376> 377 378<!-- X_atom token --> 379<!ELEMENT X_atom (#PCDATA)> 380 381<!-- X_color_map token --> 382<!ELEMENT X_color_map EMPTY> 383<!ATTLIST X_color_map %xinfo;> 384 385<!-- X_cursor token --> 386<!ELEMENT X_cursor EMPTY> 387<!ATTLIST X_cursor %xinfo;> 388 389<!-- X_font token --> 390<!ELEMENT X_font EMPTY> 391<!ATTLIST X_font %xinfo;> 392 393<!-- X_graphic_context token --> 394<!ELEMENT X_graphic_context EMPTY> 395<!ATTLIST X_graphic_context %xinfo;> 396 397<!-- X_pixmap token --> 398<!ELEMENT X_pixmap EMPTY> 399<!ATTLIST X_pixmap %xinfo;> 400 401<!-- X_window token --> 402<!ELEMENT X_window EMPTY> 403<!ATTLIST X_window %xinfo;> 404 405<!-- X_property token --> 406<!ELEMENT X_property (#PCDATA)> 407<!ATTLIST X_property %xinfo;> 408 409<!-- X_client token --> 410<!ELEMENT X_client (#PCDATA)> 411 412<!-- X_selection token --> 413<!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)> 414<!ELEMENT x_sel_text (#PCDATA)> 415<!ELEMENT x_sel_type (#PCDATA)> 416<!ELEMENT x_sel_data (#PCDATA)> 417 418<!-- zonename token --> 419<!ELEMENT zone EMPTY> 420<!ATTLIST zone 421 name CDATA #REQUIRED 422> 423