xref: /illumos-gate/usr/src/uts/common/c2/audit_kevents.h (revision a07094369b21309434206d9b3601d162693466fc)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _BSM_AUDIT_KEVENTS_H
28 #define	_BSM_AUDIT_KEVENTS_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef	__cplusplus
33 extern "C" {
34 #endif
35 
36 /*
37  * Audit event numbers.
38  *
39  *	0		Reserved as an invalid event number.
40  *	1 -   511	Allocated for Solaris kernel
41  *	512 -  1023	Allocated for Trusted Solaris kernel
42  *	1024 -  2047	(reserved but not allocated)
43  *	2048 - 32767	Reserved for the Solaris TCB application.
44  *	32768 - 65535	Available for other Trusted applications.
45  *
46  *	NOTE:	libbsm/audit_event.txt must be updated elsewhere when changes
47  *		are made to kernel events.
48  */
49 
50 #define	AUE_NULL		0	/* =no indir system call */
51 #define	AUE_EXIT		1	/* =ps exit(2) */
52 #define	AUE_FORKALL		2	/* =ps forkall(2) */
53 #define	AUE_FORK	AUE_FORKALL	/* historical */
54 #define	AUE_OPEN		3	/* =no open(2): place holder */
55 #define	AUE_CREAT		4	/* =fc create(2) */
56 #define	AUE_LINK		5	/* =fc link(2) */
57 #define	AUE_UNLINK		6	/* =fd unlink(2) */
58 #define	AUE_EXEC		7	/* =ps,ex exec(2) */
59 #define	AUE_CHDIR		8	/* =pm chdir(2) */
60 #define	AUE_MKNOD		9	/* =fc mknod(2) */
61 #define	AUE_CHMOD		10	/* =fm chmod(2) */
62 #define	AUE_CHOWN		11	/* =fm chown(2) */
63 #define	AUE_UMOUNT		12	/* =as umount(2): old version */
64 #define	AUE_JUNK		13	/* =no non existant event */
65 #define	AUE_ACCESS		14	/* =fa access(2) */
66 #define	AUE_KILL		15	/* =pm kill(2) */
67 #define	AUE_STAT		16	/* =fa stat(2) */
68 #define	AUE_LSTAT		17	/* =fa lstat(2) */
69 #define	AUE_ACCT		18	/* =as acct(2) */
70 #define	AUE_MCTL		19	/* =no mctl(2) */
71 #define	AUE_REBOOT		20	/* =no reboot(2) */
72 #define	AUE_SYMLINK		21	/* =fc symlink(2) */
73 #define	AUE_READLINK		22	/* =fr readlink(2) */
74 #define	AUE_EXECVE		23	/* =ps,ex execve(2) */
75 #define	AUE_CHROOT		24	/* =pm chroot(2) */
76 #define	AUE_VFORK		25	/* =ps vfork(2) */
77 #define	AUE_SETGROUPS		26	/* =pm setgroups(2) */
78 #define	AUE_SETPGRP		27	/* =pm setpgrp(2) */
79 #define	AUE_SWAPON		28	/* =no swapon(2) */
80 #define	AUE_SETHOSTNAME		29	/* =no sethostname(2) */
81 #define	AUE_FCNTL		30	/* =fm fcntl(2) */
82 #define	AUE_SETPRIORITY		31	/* =no setpriority(2) */
83 #define	AUE_CONNECT		32	/* =nt connect(2) */
84 #define	AUE_ACCEPT		33	/* =nt accept(2) */
85 #define	AUE_BIND		34	/* =nt bind(2) */
86 #define	AUE_SETSOCKOPT		35	/* =nt setsockopt(2) */
87 #define	AUE_VTRACE		36	/* =pm vtrace(2) */
88 #define	AUE_SETTIMEOFDAY	37	/* =no settimeofday(2) */
89 #define	AUE_FCHOWN		38	/* =fm fchown(2) */
90 #define	AUE_FCHMOD		39	/* =fm fchmod(2) */
91 #define	AUE_SETREUID		40	/* =pm setreuid(2) */
92 #define	AUE_SETREGID		41	/* =pm setregid(2) */
93 #define	AUE_RENAME		42	/* =fc,fd rename(2) */
94 #define	AUE_TRUNCATE		43	/* =no truncate(2) */
95 #define	AUE_FTRUNCATE		44	/* =no ftruncate(2) */
96 #define	AUE_FLOCK		45	/* =no flock(2) */
97 #define	AUE_SHUTDOWN		46	/* =nt shutdown(2) */
98 #define	AUE_MKDIR		47	/* =fc mkdir(2) */
99 #define	AUE_RMDIR		48	/* =fd rmdir(2) */
100 #define	AUE_UTIMES		49	/* =fm utimes(2) */
101 #define	AUE_ADJTIME		50	/* =as adjtime(2) */
102 #define	AUE_SETRLIMIT		51	/* =ua setrlimit(2) */
103 #define	AUE_KILLPG		52	/* =no killpg(2) */
104 #define	AUE_NFS_SVC		53	/* =no nfs_svc(2) */
105 #define	AUE_STATFS		54	/* =fa statfs(2) */
106 #define	AUE_FSTATFS		55	/* =fa fstatfs(2) */
107 #define	AUE_UNMOUNT		56	/* =no unmount(2) */
108 #define	AUE_ASYNC_DAEMON	57	/* =no async_daemon(2) */
109 #define	AUE_NFS_GETFH		58	/* =no nfs_getfh(2) */
110 #define	AUE_SETDOMAINNAME	59	/* =no setdomainname(2) */
111 #define	AUE_QUOTACTL		60	/* =no quotactl(2) */
112 #define	AUE_EXPORTFS		61	/* =no exportfs(2) */
113 #define	AUE_MOUNT		62	/* =as mount(2) */
114 #define	AUE_SEMSYS		63	/* =no semsys(2): place holder */
115 #define	AUE_MSGSYS		64	/* =no msgsys(2): place holder */
116 #define	AUE_SHMSYS		65	/* =no shmsys(2): place holder */
117 #define	AUE_BSMSYS		66	/* =no bsmsys(2): place holder */
118 #define	AUE_RFSSYS		67	/* =no rfssys(2): place holder */
119 #define	AUE_FCHDIR		68	/* =pm fchdir(2) */
120 #define	AUE_FCHROOT		69	/* =pm fchroot(2) */
121 #define	AUE_VPIXSYS		70	/* =no vpixsys(2): obsolete */
122 #define	AUE_PATHCONF		71	/* =fa pathconf(2) */
123 #define	AUE_OPEN_R		72	/* =fr open(2): read */
124 #define	AUE_OPEN_RC		73	/* =fc,fr open(2): read,creat */
125 #define	AUE_OPEN_RT		74	/* =fd,fr open(2): read,trunc */
126 #define	AUE_OPEN_RTC		75	/* =fc,fd,fr open(2): rd,cr,tr */
127 #define	AUE_OPEN_W		76	/* =fw open(2): write */
128 #define	AUE_OPEN_WC		77	/* =fc,fw open(2): write,creat */
129 #define	AUE_OPEN_WT		78	/* =fd,fw open(2): write,trunc */
130 #define	AUE_OPEN_WTC		79	/* =fc,fd,fw open(2): wr,cr,tr */
131 #define	AUE_OPEN_RW		80	/* =fr,fw open(2): read,write */
132 #define	AUE_OPEN_RWC		81	/* =fc,fw,fr open(2): rd,wr,cr */
133 #define	AUE_OPEN_RWT		82	/* =fd,fr,fw open(2): rd,wr,tr */
134 #define	AUE_OPEN_RWTC		83	/* =fc,fd,fw,fr open(2): rd,wr,cr,tr */
135 #define	AUE_MSGCTL		84	/* =ip msgctl(2): illegal command */
136 #define	AUE_MSGCTL_RMID		85	/* =ip msgctl(2): IPC_RMID command */
137 #define	AUE_MSGCTL_SET		86	/* =ip msgctl(2): IPC_SET command */
138 #define	AUE_MSGCTL_STAT		87	/* =ip msgctl(2): IPC_STAT command */
139 #define	AUE_MSGGET		88	/* =ip msgget(2) */
140 #define	AUE_MSGRCV		89	/* =ip msgrcv(2) */
141 #define	AUE_MSGSND		90	/* =ip msgsnd(2) */
142 #define	AUE_SHMCTL		91	/* =ip shmctl(2): Illegal command */
143 #define	AUE_SHMCTL_RMID		92	/* =ip shmctl(2): IPC_RMID command */
144 #define	AUE_SHMCTL_SET		93	/* =ip shmctl(2): IPC_SET command */
145 #define	AUE_SHMCTL_STAT		94	/* =ip shmctl(2): IPC_STAT command */
146 #define	AUE_SHMGET		95	/* =ip shmget(2) */
147 #define	AUE_SHMAT 		96	/* =ip shmat(2) */
148 #define	AUE_SHMDT 		97	/* =ip shmdt(2) */
149 #define	AUE_SEMCTL		98	/* =ip semctl(2): illegal command */
150 #define	AUE_SEMCTL_RMID		99	/* =ip semctl(2): IPC_RMID command */
151 #define	AUE_SEMCTL_SET		100	/* =ip semctl(2): IPC_SET command */
152 #define	AUE_SEMCTL_STAT		101	/* =ip semctl(2): IPC_STAT command */
153 #define	AUE_SEMCTL_GETNCNT	102	/* =ip semctl(2): GETNCNT command */
154 #define	AUE_SEMCTL_GETPID	103	/* =ip semctl(2): GETPID command */
155 #define	AUE_SEMCTL_GETVAL	104	/* =ip semctl(2): GETVAL command */
156 #define	AUE_SEMCTL_GETALL	105	/* =ip semctl(2): GETALL command */
157 #define	AUE_SEMCTL_GETZCNT	106	/* =ip semctl(2): GETZCNT command */
158 #define	AUE_SEMCTL_SETVAL	107	/* =ip semctl(2): SETVAL command */
159 #define	AUE_SEMCTL_SETALL	108	/* =ip semctl(2): SETALL command */
160 #define	AUE_SEMGET		109	/* =ip semget(2) */
161 #define	AUE_SEMOP		110	/* =ip semop(2) */
162 #define	AUE_CORE		111	/* =fc process dumped core */
163 #define	AUE_CLOSE		112	/* =cl close(2) */
164 #define	AUE_SYSTEMBOOT		113	/* =na system booted */
165 #define	AUE_ASYNC_DAEMON_EXIT	114	/* =no async_daemon(2) exited */
166 #define	AUE_NFSSVC_EXIT		115	/* =no nfssvc(2) exited */
167 /*
168  * 116 - 127 are available for future growth (old SunOS_CMW events
169  * that had no libbsm or praudit support or references)
170  */
171 #define	AUE_WRITEL		128	/* =no writel(2) */
172 #define	AUE_WRITEVL		129	/* =no writevl(2) */
173 #define	AUE_GETAUID		130	/* =aa getauid(2) */
174 #define	AUE_SETAUID		131	/* =aa setauid(2) */
175 #define	AUE_GETAUDIT		132	/* =aa getaudit(2) */
176 #define	AUE_SETAUDIT		133	/* =aa setaudit(2) */
177 #define	AUE_GETUSERAUDIT	134	/* =no getuseraudit(2) */
178 #define	AUE_SETUSERAUDIT	135	/* =no setuseraudit(2) */
179 #define	AUE_AUDITSVC		136	/* =as auditsvc(2) */
180 #define	AUE_AUDITUSER		137	/* =no audituser(2) */
181 #define	AUE_AUDITON		138	/* =no auditon(2) */
182 #define	AUE_AUDITON_GTERMID	139	/* =no auditctl(2): GETTERMID */
183 #define	AUE_AUDITON_STERMID	140	/* =no auditctl(2): SETTERMID */
184 #define	AUE_AUDITON_GPOLICY	141	/* =aa auditctl(2): GETPOLICY */
185 #define	AUE_AUDITON_SPOLICY	142	/* =as auditctl(2): SETPOLICY */
186 #define	AUE_AUDITON_GESTATE	143	/* =no auditctl(2): GETESTATE */
187 #define	AUE_AUDITON_SESTATE	144	/* =no auditctl(2): SETESTATE */
188 #define	AUE_AUDITON_GQCTRL	145	/* =as auditctl(2): GETQCTRL */
189 #define	AUE_AUDITON_SQCTRL	146	/* =as auditctl(2): SETQCTRL */
190 #define	AUE_GETKERNSTATE	147	/* =no getkernstate(2) */
191 #define	AUE_SETKERNSTATE	148	/* =no setkernstate(2) */
192 #define	AUE_GETPORTAUDIT	149	/* =no getportaudit(2) */
193 #define	AUE_AUDITSTAT		150	/* =no auditstat(2) */
194 #define	AUE_REVOKE		151	/* =no revoke(2) */
195 #define	AUE_MAC			152	/* =no MAC use */
196 #define	AUE_ENTERPROM		153	/* =na enter prom */
197 #define	AUE_EXITPROM		154	/* =na exit prom */
198 #define	AUE_IFLOAT		155	/* =no inode IL float */
199 #define	AUE_PFLOAT		156	/* =no process IL float */
200 #define	AUE_UPRIV		157	/* =no privilege use */
201 #define	AUE_IOCTL		158	/* =io ioctl(2) */
202 #define	AUE_FIND_RH		159	/* =no ipintr: pkt from unknown host */
203 #define	AUE_BADSATTR		160	/* =no ipintr: unknown security attr */
204 #define	AUE_TN_GEN		161	/* =no ipintr: out-of-sync generat */
205 #define	AUE_TFRWRD		162	/* =no ipintr: bad forward route */
206 #define	AUE_TN_BYPASS		163	/* =no ipintr: bypassed security */
207 #define	AUE_TN_ISPRIV		164	/* =no ipintr: insufficient privilege */
208 #define	AUE_TN_CKRT		165	/* =no ipintr: route security reject */
209 #define	AUE_TN_CKIPOUT		166	/* =no ipintr: ip outpt securty rjct */
210 #define	AUE_KTNETD		167	/* =no tnetd turned off */
211 #define	AUE_STNETD		168	/* =no tnetd started */
212 #define	AUE_HLTSR		169	/* =no session record halted */
213 #define	AUE_STRTSR		170	/* =no session record started */
214 #define	AUE_FREESR		171	/* =no session record freed */
215 #define	AUE_TN_ACCRED		172	/* =no import accred failed */
216 #define	AUE_ONESIDE		173	/* =no one-sided session record */
217 #define	AUE_MSGGETL		174	/* =no msggetl(2) */
218 #define	AUE_MSGRCVL		175	/* =no msgrcvl(2) */
219 #define	AUE_MSGSNDL		176	/* =no msgsndl(2) */
220 #define	AUE_SEMGETL		177	/* =no semgetl(2) */
221 #define	AUE_SHMGETL		178	/* =no shmgetl(2) */
222 #define	AUE_GETMLDADORN		179	/* =no getmldadorn(2) */
223 #define	AUE_GETSLDNAME		180	/* =no getsldname(2) */
224 #define	AUE_MLDLSTAT		181	/* =no mldlstat(2) */
225 #define	AUE_MLDSTAT		182	/* =no mldstat(2) */
226 #define	AUE_SOCKET		183	/* =nt socket(2) */
227 #define	AUE_SENDTO		184	/* =nt sendto(2) */
228 #define	AUE_PIPE		185	/* =no pipe(2) */
229 #define	AUE_SOCKETPAIR		186	/* =no socketpair(2) */
230 #define	AUE_SEND		187	/* =no send(2) */
231 #define	AUE_SENDMSG		188	/* =nt sendmsg(2) */
232 #define	AUE_RECV		189	/* =no recv(2) */
233 #define	AUE_RECVMSG		190	/* =nt recvmsg(2) */
234 #define	AUE_RECVFROM		191	/* =nt recvfrom(2) */
235 #define	AUE_READ		192	/* =no read(2) */
236 #define	AUE_GETDENTS		193	/* =no getdents(2) */
237 #define	AUE_LSEEK		194	/* =no lseek(2) */
238 #define	AUE_WRITE		195	/* =no write(2) */
239 #define	AUE_WRITEV		196	/* =no writev(2) */
240 #define	AUE_NFS			197	/* =no NFS server */
241 #define	AUE_READV		198	/* =no readv(2) */
242 #define	AUE_OSTAT		199	/* =no old stat(2) */
243 #define	AUE_SETUID		200	/* =pm old setuid(2) */
244 #define	AUE_STIME		201	/* =as old stime(2) */
245 #define	AUE_UTIME		202	/* =fm old utime(2) */
246 #define	AUE_NICE		203	/* =pm old nice(2) */
247 #define	AUE_OSETPGRP		204	/* =no old setpgrp(2) */
248 #define	AUE_SETGID		205	/* =pm old setgid(2) */
249 #define	AUE_READL		206	/* =no readl(2) */
250 #define	AUE_READVL		207	/* =no readvl(2) */
251 #define	AUE_FSTAT		208	/* =no fstat(2) */
252 #define	AUE_DUP2		209	/* =no dup2(2) u-o-p */
253 #define	AUE_MMAP		210	/* =no mmap(2) u-o-p */
254 #define	AUE_AUDIT		211	/* =no audit(2) u-o-p */
255 #define	AUE_PRIOCNTLSYS		212	/* =pm priocntlsys */
256 #define	AUE_MUNMAP		213	/* =cl munmap(2) u-o-p */
257 #define	AUE_SETEGID		214	/* =pm setegid(2) */
258 #define	AUE_SETEUID		215	/* =pm seteuid(2) */
259 #define	AUE_PUTMSG		216	/* =nt */
260 #define	AUE_GETMSG		217	/* =nt */
261 #define	AUE_PUTPMSG		218	/* =nt */
262 #define	AUE_GETPMSG		219	/* =nt */
263 #define	AUE_AUDITSYS		220	/* =no place holder */
264 #define	AUE_AUDITON_GETKMASK	221	/* =aa */
265 #define	AUE_AUDITON_SETKMASK	222	/* =as */
266 #define	AUE_AUDITON_GETCWD	223	/* =as */
267 #define	AUE_AUDITON_GETCAR	224	/* =as */
268 #define	AUE_AUDITON_GETSTAT	225	/* =as */
269 #define	AUE_AUDITON_SETSTAT	226	/* =as */
270 #define	AUE_AUDITON_SETUMASK	227	/* =as */
271 #define	AUE_AUDITON_SETSMASK	228	/* =as */
272 #define	AUE_AUDITON_GETCOND	229	/* =aa */
273 #define	AUE_AUDITON_SETCOND	230	/* =as */
274 #define	AUE_AUDITON_GETCLASS	231	/* =as */
275 #define	AUE_AUDITON_SETCLASS	232	/* =as */
276 #define	AUE_FUSERS		233	/* =fa */
277 #define	AUE_STATVFS		234	/* =fa */
278 #define	AUE_XSTAT		235	/* =no */
279 #define	AUE_LXSTAT		236	/* =no */
280 #define	AUE_LCHOWN		237	/* =fm */
281 #define	AUE_MEMCNTL		238	/* =ot */
282 #define	AUE_SYSINFO		239	/* =as */
283 #define	AUE_XMKNOD		240	/* =no */
284 #define	AUE_FORK1		241	/* =ps */
285 #define	AUE_MODCTL		242	/* =no */
286 #define	AUE_MODLOAD		243	/* =as */
287 #define	AUE_MODUNLOAD		244	/* =as */
288 #define	AUE_MODCONFIG		245	/* =no obsolete */
289 #define	AUE_MODADDMAJ		246	/* =as */
290 #define	AUE_SOCKACCEPT		247	/* =nt */
291 #define	AUE_SOCKCONNECT		248	/* =nt */
292 #define	AUE_SOCKSEND		249	/* =nt */
293 #define	AUE_SOCKRECEIVE		250	/* =nt */
294 #define	AUE_ACLSET		251	/* =fm */
295 #define	AUE_FACLSET		252	/* =fm */
296 #define	AUE_DOORFS		253	/* =no */
297 #define	AUE_DOORFS_DOOR_CALL	254	/* =ip */
298 #define	AUE_DOORFS_DOOR_RETURN	255	/* =ip */
299 #define	AUE_DOORFS_DOOR_CREATE	256	/* =ip */
300 #define	AUE_DOORFS_DOOR_REVOKE	257	/* =ip */
301 #define	AUE_DOORFS_DOOR_INFO	258	/* =ip */
302 #define	AUE_DOORFS_DOOR_CRED	259	/* =ip */
303 #define	AUE_DOORFS_DOOR_BIND	260	/* =ip */
304 #define	AUE_DOORFS_DOOR_UNBIND	261	/* =ip */
305 #define	AUE_P_ONLINE		262	/* =as */
306 #define	AUE_PROCESSOR_BIND	263	/* =as */
307 #define	AUE_INST_SYNC		264	/* =as */
308 #define	AUE_SOCKCONFIG		265	/* =nt */
309 #define	AUE_SETAUDIT_ADDR	266	/* =aa setaudit_addr(2) */
310 #define	AUE_GETAUDIT_ADDR	267	/* =aa getaudit_addr(2) */
311 #define	AUE_UMOUNT2		268	/* =as umount(2) */
312 #define	AUE_FSAT		269	/* =no openat(2): place holder */
313 #define	AUE_OPENAT_R		270	/* =fr openat(2): read */
314 #define	AUE_OPENAT_RC		271	/* =fc,fr openat(2): read,creat */
315 #define	AUE_OPENAT_RT		272	/* =fd,fr openat(2): read,trunc */
316 #define	AUE_OPENAT_RTC		273	/* =fc,fd,fr openat(2): rd,cr,tr */
317 #define	AUE_OPENAT_W		274	/* =fw openat(2): write */
318 #define	AUE_OPENAT_WC		275	/* =fc,fw openat(2): write,creat */
319 #define	AUE_OPENAT_WT		276	/* =fd,fw openat(2): write,trunc */
320 #define	AUE_OPENAT_WTC		277	/* =fc,fd,fw openat(2): wr,cr,tr */
321 #define	AUE_OPENAT_RW		278	/* =fr,fw openat(2): read,write */
322 #define	AUE_OPENAT_RWC		279	/* =fc,fw,fr openat(2): rd,wr,cr */
323 #define	AUE_OPENAT_RWT		280	/* =fd,fr,fw openat(2): rd,wr,tr */
324 #define	AUE_OPENAT_RWTC		281 /* =fc,fd,fw,fr openat(2): rd,wr,cr,tr */
325 #define	AUE_RENAMEAT		282	/* =fc,fd renameat(2) */
326 #define	AUE_FSTATAT		283	/* =no fstatat(2) */
327 #define	AUE_FCHOWNAT		284	/* =fm fchownat(2) */
328 #define	AUE_FUTIMESAT		285	/* =fm futimesat(2) */
329 #define	AUE_UNLINKAT		286	/* =fd unlinkat(2) */
330 #define	AUE_CLOCK_SETTIME	287	/* =as clock_settime(3RT) */
331 #define	AUE_NTP_ADJTIME		288	/* =as ntp_adjtime(2) */
332 #define	AUE_SETPPRIV		289	/* =pc setppriv(2) */
333 #define	AUE_MODDEVPLCY		290	/* =ad modctl(2) */
334 #define	AUE_MODADDPRIV		291	/* =ad modctl(2) */
335 #define	AUE_CRYPTOADM		292	/* =as kernel cryptographic framework */
336 #define	AUE_CONFIGKSSL		293	/* =as kernel SSL */
337 
338 /*
339  * Maximum number of kernel events in the event to class table
340  * leave a couple extra ones just incase somebody wants to load a new
341  * driver with build in auditing
342  */
343 
344 #define	MAX_KEVENTS		512
345 
346 #ifdef __cplusplus
347 }
348 #endif
349 
350 #endif /* _BSM_AUDIT_KEVENTS_H */
351