1<?xml version="1.0" encoding="UTF-8" ?> 2 3<!-- 4 Copyright 2006 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 ident "%Z%%M% %I% %E% SMI" 27--> 28 29 30<!--Entity Definitions--> 31 32<!-- timeattr or iso8601 33 34timeattr: 35 the time/date to the second in strftime(3C) default format, 36 followed by milliseconds offset. 37 38 Example: time="Mon May 06 12:10:18 2002" msec="750" 39 40iso8601: 41 ISO 8601 standard format date time and timezone; 42 YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with 43 milliseconds + or - offset from Universal Time (UTC, aka GMT) 44 45 Example: iso8601="2003-09-17 16:47:41.831 -07:00" 46 47--> 48<!ENTITY % timeattr "time CDATA #IMPLIED 49 msec CDATA #IMPLIED"> 50 51<!ENTITY % iso8601 "iso8601 CDATA #IMPLIED"> 52 53<!-- xinfo Generic info for X related tokens. --> 54<!ENTITY % xinfo "xid CDATA #REQUIRED 55 xcreator-uid CDATA #REQUIRED"> 56 57<!-- reserved_toks 58 59This represents the set of "reserved" tokens whose placement is 60fixed. 61 62--> 63<!ENTITY % reserved_toks "( 64 file | 65 record | 66 host | 67 sequence 68 ) 69"> 70 71<!-- normaltoks 72 73This represents the set of all tokens other than the "reserved" 74tokens. 75 76--> 77<!ENTITY % normaltoks "( 78 acl | 79 arbitrary | 80 argument | 81 attribute | 82 clearance | 83 cmd | 84 exit | 85 exec_args | 86 exec_env | 87 fmri | 88 group | 89 information_label | 90 ip | 91 ip_address | 92 IPC | 93 IPC_perm | 94 ip_port | 95 liaison | 96 opaque | 97 path | 98 path_attr | 99 privilege | 100 process | 101 return | 102 sensitivity_label | 103 old_socket | 104 socket | 105 subject | 106 text | 107 use_of_authorization | 108 use_of_privilege | 109 X_atom | 110 X_client | 111 X_color_map | 112 X_cursor | 113 X_font | 114 X_graphic_context | 115 X_pixmap | 116 X_property | 117 X_selection | 118 X_window | 119 zone 120 ) 121"> 122 123<!--Element Definitions--> 124 125<!-- 126 127The main element, "audit", consists of a sequence of file & record tokens. 128 129--> 130<!ELEMENT audit (file | record)*> 131 132<!-- file token --> 133<!ELEMENT file (#PCDATA)> 134<!ATTLIST file %iso8601;> 135 136 137<!-- record token 138 139Audit records will have this general layout of tokens after the 140first token (which is the record token): 141 (tokens),subject,group,(tokens),return,sequence,host 142 143(all tokens after the record token are optional; host is TSOL only.) 144 145--> 146<!ELEMENT record ( 147 (%normaltoks;)*, 148 sequence?, 149 host? 150 ) 151> 152<!ATTLIST record 153 version CDATA #REQUIRED 154 event CDATA #REQUIRED 155 modifier CDATA #IMPLIED 156 host CDATA #IMPLIED 157 %iso8601; 158> 159 160<!-- text token --> 161<!ELEMENT text (#PCDATA)> 162 163<!-- path token --> 164<!ELEMENT path (#PCDATA)> 165 166<!-- path_attr token --> 167<!ELEMENT path_attr (xattr*)> 168<!ELEMENT xattr (#PCDATA)> 169 170<!-- host token --> 171<!ELEMENT host (#PCDATA)> 172 173<!-- subject token --> 174<!ELEMENT subject EMPTY> 175<!ATTLIST subject 176 audit-uid CDATA #REQUIRED 177 uid CDATA #REQUIRED 178 gid CDATA #REQUIRED 179 ruid CDATA #REQUIRED 180 rgid CDATA #REQUIRED 181 pid CDATA #REQUIRED 182 sid CDATA #REQUIRED 183 tid CDATA #REQUIRED 184> 185 186<!-- process token --> 187<!ELEMENT process EMPTY> 188<!ATTLIST process 189 audit-uid CDATA #REQUIRED 190 uid CDATA #REQUIRED 191 gid CDATA #REQUIRED 192 ruid CDATA #REQUIRED 193 rgid CDATA #REQUIRED 194 pid CDATA #REQUIRED 195 sid CDATA #REQUIRED 196 tid CDATA #REQUIRED 197> 198 199<!-- return token --> 200<!ELEMENT return EMPTY> 201<!ATTLIST return 202 errval CDATA #REQUIRED 203 retval CDATA #REQUIRED 204> 205 206<!-- exit token --> 207<!ELEMENT exit EMPTY> 208<!ATTLIST exit 209 errval CDATA #REQUIRED 210 retval CDATA #REQUIRED 211> 212 213<!-- sequence token --> 214<!ELEMENT sequence EMPTY> 215<!ATTLIST sequence 216 seq-num CDATA #REQUIRED 217> 218 219<!-- fmri token --> 220<!ELEMENT fmri (#PCDATA)> 221 222<!-- group token --> 223<!ELEMENT group (gid)*> 224<!ELEMENT gid (#PCDATA)> 225 226<!-- opaque token --> 227<!ELEMENT opaque (#PCDATA)> 228 229<!-- liaison token --> 230<!-- (NOTE: liaison is obsolete and is no longer generated --> 231<!ELEMENT liaison (#PCDATA)> 232 233<!-- argument token --> 234<!ELEMENT argument EMPTY> 235<!ATTLIST argument 236 arg-num CDATA #REQUIRED 237 value CDATA #REQUIRED 238 desc CDATA #REQUIRED 239> 240 241<!-- attribute token --> 242<!ELEMENT attribute EMPTY> 243<!ATTLIST attribute 244 mode CDATA #REQUIRED 245 uid CDATA #REQUIRED 246 gid CDATA #REQUIRED 247 fsid CDATA #REQUIRED 248 nodeid CDATA #REQUIRED 249 device CDATA #REQUIRED 250> 251 252<!-- cmd token --> 253<!ELEMENT cmd (argv*, arge*)> 254<!ELEMENT argv (#PCDATA)> 255<!ELEMENT arge (#PCDATA)> 256 257<!-- exec_args token --> 258<!ELEMENT exec_args (arg*)> 259<!ELEMENT arg (#PCDATA)> 260 261<!-- exec_env token --> 262<!ELEMENT exec_env (env*)> 263<!ELEMENT env (#PCDATA)> 264 265<!-- arbitrary token --> 266<!ELEMENT arbitrary (#PCDATA)> 267<!ATTLIST arbitrary 268 print CDATA #REQUIRED 269 type CDATA #REQUIRED 270 count CDATA #REQUIRED 271> 272 273<!-- clearance token --> 274<!ELEMENT clearance (#PCDATA)> 275 276<!-- privilege token --> 277<!ELEMENT privilege (#PCDATA)> 278<!ATTLIST privilege 279 set-type CDATA #REQUIRED 280> 281 282<!-- use_of_privilege token --> 283<!ELEMENT use_of_privilege (#PCDATA)> 284<!ATTLIST use_of_privilege 285 result CDATA #REQUIRED 286> 287 288<!-- sensitivity_label token --> 289<!ELEMENT sensitivity_label (#PCDATA)> 290 291<!-- information_label token --> 292<!ELEMENT information_label (#PCDATA)> 293 294<!-- use_of_authorization token --> 295<!ELEMENT use_of_authorization (#PCDATA)> 296 297<!-- IPC token --> 298<!ELEMENT IPC EMPTY> 299<!ATTLIST IPC 300 ipc-type CDATA #REQUIRED 301 ipc-id CDATA #REQUIRED 302> 303 304<!-- IPC_perm token --> 305<!ELEMENT IPC_perm EMPTY> 306<!ATTLIST IPC_perm 307 uid CDATA #REQUIRED 308 gid CDATA #REQUIRED 309 creator-uid CDATA #REQUIRED 310 creator-gid CDATA #REQUIRED 311 mode CDATA #REQUIRED 312 seq CDATA #REQUIRED 313 key CDATA #REQUIRED 314> 315 316<!-- ip_address token --> 317<!ELEMENT ip_address (#PCDATA)> 318 319<!-- ip_port token --> 320<!-- (NOTE: ip_port is obsolete and is no longer generated --> 321<!ELEMENT ip_port (#PCDATA)> 322 323<!-- ip token --> 324<!-- (NOTE: ip is obsolete and is no longer generated --> 325<!ELEMENT ip EMPTY> 326<!ATTLIST ip 327 version CDATA #REQUIRED 328 service_type CDATA #REQUIRED 329 len CDATA #REQUIRED 330 id CDATA #REQUIRED 331 offset CDATA #REQUIRED 332 time_to_live CDATA #REQUIRED 333 protocol CDATA #REQUIRED 334 cksum CDATA #REQUIRED 335 src_addr CDATA #REQUIRED 336 dest_addr CDATA #REQUIRED 337> 338 339<!-- old_socket token --> 340<!ELEMENT old_socket EMPTY> 341<!ATTLIST old_socket 342 type CDATA #REQUIRED 343 port CDATA #REQUIRED 344 addr CDATA #REQUIRED 345> 346 347<!-- socket token --> 348<!ELEMENT socket EMPTY> 349<!ATTLIST socket 350 sock_domain CDATA #REQUIRED 351 sock_type CDATA #REQUIRED 352 lport CDATA #REQUIRED 353 laddr CDATA #REQUIRED 354 fport CDATA #REQUIRED 355 faddr CDATA #REQUIRED 356> 357 358<!-- acl token --> 359<!ELEMENT acl EMPTY> 360<!ATTLIST acl 361 type CDATA #REQUIRED 362 value CDATA #REQUIRED 363 mode CDATA #REQUIRED 364> 365 366<!-- tid token --> 367<!-- future intent: contain one of ipadr | MTUadr | device --> 368<!ELEMENT tid (ipadr*)> 369<!ATTLIST tid 370 type CDATA #REQUIRED 371> 372 373<!-- ipadr content of tid token --> 374<!ELEMENT ipadr EMPTY> 375<!ATTLIST ipadr 376 local-port CDATA #REQUIRED 377 remote-port CDATA #REQUIRED 378 host CDATA #REQUIRED 379> 380 381<!-- X_atom token --> 382<!ELEMENT X_atom (#PCDATA)> 383 384<!-- X_color_map token --> 385<!ELEMENT X_color_map EMPTY> 386<!ATTLIST X_color_map %xinfo;> 387 388<!-- X_cursor token --> 389<!ELEMENT X_cursor EMPTY> 390<!ATTLIST X_cursor %xinfo;> 391 392<!-- X_font token --> 393<!ELEMENT X_font EMPTY> 394<!ATTLIST X_font %xinfo;> 395 396<!-- X_graphic_context token --> 397<!ELEMENT X_graphic_context EMPTY> 398<!ATTLIST X_graphic_context %xinfo;> 399 400<!-- X_pixmap token --> 401<!ELEMENT X_pixmap EMPTY> 402<!ATTLIST X_pixmap %xinfo;> 403 404<!-- X_window token --> 405<!ELEMENT X_window EMPTY> 406<!ATTLIST X_window %xinfo;> 407 408<!-- X_property token --> 409<!ELEMENT X_property (#PCDATA)> 410<!ATTLIST X_property %xinfo;> 411 412<!-- X_client token --> 413<!ELEMENT X_client (#PCDATA)> 414 415<!-- X_selection token --> 416<!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)> 417<!ELEMENT x_sel_text (#PCDATA)> 418<!ELEMENT x_sel_type (#PCDATA)> 419<!ELEMENT x_sel_data (#PCDATA)> 420 421<!-- zonename token --> 422<!ELEMENT zone EMPTY> 423<!ATTLIST zone 424 name CDATA #REQUIRED 425> 426