1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _BSM_AUDIT_KEVENTS_H 28 #define _BSM_AUDIT_KEVENTS_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 /* 37 * Audit event numbers. 38 * 39 * 0 Reserved as an invalid event number. 40 * 1 - 511 Allocated for Solaris kernel 41 * 512 - 1023 Allocated for Trusted Solaris kernel 42 * 1024 - 2047 (reserved but not allocated) 43 * 2048 - 32767 Reserved for the Solaris TCB application. 44 * 32768 - 65535 Available for other Trusted applications. 45 * 46 * NOTE: libbsm/audit_event.txt must be updated elsewhere when changes 47 * are made to kernel events. 48 */ 49 50 #define AUE_NULL 0 /* =no indir system call */ 51 #define AUE_EXIT 1 /* =ps exit(2) */ 52 #define AUE_FORKALL 2 /* =ps forkall(2) */ 53 #define AUE_FORK AUE_FORKALL /* historical */ 54 #define AUE_OPEN 3 /* =no open(2): place holder */ 55 #define AUE_CREAT 4 /* =fc create(2) */ 56 #define AUE_LINK 5 /* =fc link(2) */ 57 #define AUE_UNLINK 6 /* =fd unlink(2) */ 58 #define AUE_EXEC 7 /* =ps,ex exec(2) */ 59 #define AUE_CHDIR 8 /* =pm chdir(2) */ 60 #define AUE_MKNOD 9 /* =fc mknod(2) */ 61 #define AUE_CHMOD 10 /* =fm chmod(2) */ 62 #define AUE_CHOWN 11 /* =fm chown(2) */ 63 #define AUE_UMOUNT 12 /* =as umount(2): old version */ 64 #define AUE_JUNK 13 /* =no non existant event */ 65 #define AUE_ACCESS 14 /* =fa access(2) */ 66 #define AUE_KILL 15 /* =pm kill(2) */ 67 #define AUE_STAT 16 /* =fa stat(2) */ 68 #define AUE_LSTAT 17 /* =fa lstat(2) */ 69 #define AUE_ACCT 18 /* =as acct(2) */ 70 #define AUE_MCTL 19 /* =no mctl(2) */ 71 #define AUE_REBOOT 20 /* =no reboot(2) */ 72 #define AUE_SYMLINK 21 /* =fc symlink(2) */ 73 #define AUE_READLINK 22 /* =fr readlink(2) */ 74 #define AUE_EXECVE 23 /* =ps,ex execve(2) */ 75 #define AUE_CHROOT 24 /* =pm chroot(2) */ 76 #define AUE_VFORK 25 /* =ps vfork(2) */ 77 #define AUE_SETGROUPS 26 /* =pm setgroups(2) */ 78 #define AUE_SETPGRP 27 /* =pm setpgrp(2) */ 79 #define AUE_SWAPON 28 /* =no swapon(2) */ 80 #define AUE_SETHOSTNAME 29 /* =no sethostname(2) */ 81 #define AUE_FCNTL 30 /* =fm fcntl(2) */ 82 #define AUE_SETPRIORITY 31 /* =no setpriority(2) */ 83 #define AUE_CONNECT 32 /* =nt connect(2) */ 84 #define AUE_ACCEPT 33 /* =nt accept(2) */ 85 #define AUE_BIND 34 /* =nt bind(2) */ 86 #define AUE_SETSOCKOPT 35 /* =nt setsockopt(2) */ 87 #define AUE_VTRACE 36 /* =pm vtrace(2) */ 88 #define AUE_SETTIMEOFDAY 37 /* =no settimeofday(2) */ 89 #define AUE_FCHOWN 38 /* =fm fchown(2) */ 90 #define AUE_FCHMOD 39 /* =fm fchmod(2) */ 91 #define AUE_SETREUID 40 /* =pm setreuid(2) */ 92 #define AUE_SETREGID 41 /* =pm setregid(2) */ 93 #define AUE_RENAME 42 /* =fc,fd rename(2) */ 94 #define AUE_TRUNCATE 43 /* =no truncate(2) */ 95 #define AUE_FTRUNCATE 44 /* =no ftruncate(2) */ 96 #define AUE_FLOCK 45 /* =no flock(2) */ 97 #define AUE_SHUTDOWN 46 /* =nt shutdown(2) */ 98 #define AUE_MKDIR 47 /* =fc mkdir(2) */ 99 #define AUE_RMDIR 48 /* =fd rmdir(2) */ 100 #define AUE_UTIMES 49 /* =fm utimes(2) */ 101 #define AUE_ADJTIME 50 /* =as adjtime(2) */ 102 #define AUE_SETRLIMIT 51 /* =ua setrlimit(2) */ 103 #define AUE_KILLPG 52 /* =no killpg(2) */ 104 #define AUE_NFS_SVC 53 /* =no nfs_svc(2) */ 105 #define AUE_STATFS 54 /* =fa statfs(2) */ 106 #define AUE_FSTATFS 55 /* =fa fstatfs(2) */ 107 #define AUE_UNMOUNT 56 /* =no unmount(2) */ 108 #define AUE_ASYNC_DAEMON 57 /* =no async_daemon(2) */ 109 #define AUE_NFS_GETFH 58 /* =no nfs_getfh(2) */ 110 #define AUE_SETDOMAINNAME 59 /* =no setdomainname(2) */ 111 #define AUE_QUOTACTL 60 /* =no quotactl(2) */ 112 #define AUE_EXPORTFS 61 /* =no exportfs(2) */ 113 #define AUE_MOUNT 62 /* =as mount(2) */ 114 #define AUE_SEMSYS 63 /* =no semsys(2): place holder */ 115 #define AUE_MSGSYS 64 /* =no msgsys(2): place holder */ 116 #define AUE_SHMSYS 65 /* =no shmsys(2): place holder */ 117 #define AUE_BSMSYS 66 /* =no bsmsys(2): place holder */ 118 #define AUE_RFSSYS 67 /* =no rfssys(2): place holder */ 119 #define AUE_FCHDIR 68 /* =pm fchdir(2) */ 120 #define AUE_FCHROOT 69 /* =pm fchroot(2) */ 121 #define AUE_VPIXSYS 70 /* =no vpixsys(2): obsolete */ 122 #define AUE_PATHCONF 71 /* =fa pathconf(2) */ 123 #define AUE_OPEN_R 72 /* =fr open(2): read */ 124 #define AUE_OPEN_RC 73 /* =fc,fr open(2): read,creat */ 125 #define AUE_OPEN_RT 74 /* =fd,fr open(2): read,trunc */ 126 #define AUE_OPEN_RTC 75 /* =fc,fd,fr open(2): rd,cr,tr */ 127 #define AUE_OPEN_W 76 /* =fw open(2): write */ 128 #define AUE_OPEN_WC 77 /* =fc,fw open(2): write,creat */ 129 #define AUE_OPEN_WT 78 /* =fd,fw open(2): write,trunc */ 130 #define AUE_OPEN_WTC 79 /* =fc,fd,fw open(2): wr,cr,tr */ 131 #define AUE_OPEN_RW 80 /* =fr,fw open(2): read,write */ 132 #define AUE_OPEN_RWC 81 /* =fc,fw,fr open(2): rd,wr,cr */ 133 #define AUE_OPEN_RWT 82 /* =fd,fr,fw open(2): rd,wr,tr */ 134 #define AUE_OPEN_RWTC 83 /* =fc,fd,fw,fr open(2): rd,wr,cr,tr */ 135 #define AUE_MSGCTL 84 /* =ip msgctl(2): illegal command */ 136 #define AUE_MSGCTL_RMID 85 /* =ip msgctl(2): IPC_RMID command */ 137 #define AUE_MSGCTL_SET 86 /* =ip msgctl(2): IPC_SET command */ 138 #define AUE_MSGCTL_STAT 87 /* =ip msgctl(2): IPC_STAT command */ 139 #define AUE_MSGGET 88 /* =ip msgget(2) */ 140 #define AUE_MSGRCV 89 /* =ip msgrcv(2) */ 141 #define AUE_MSGSND 90 /* =ip msgsnd(2) */ 142 #define AUE_SHMCTL 91 /* =ip shmctl(2): Illegal command */ 143 #define AUE_SHMCTL_RMID 92 /* =ip shmctl(2): IPC_RMID command */ 144 #define AUE_SHMCTL_SET 93 /* =ip shmctl(2): IPC_SET command */ 145 #define AUE_SHMCTL_STAT 94 /* =ip shmctl(2): IPC_STAT command */ 146 #define AUE_SHMGET 95 /* =ip shmget(2) */ 147 #define AUE_SHMAT 96 /* =ip shmat(2) */ 148 #define AUE_SHMDT 97 /* =ip shmdt(2) */ 149 #define AUE_SEMCTL 98 /* =ip semctl(2): illegal command */ 150 #define AUE_SEMCTL_RMID 99 /* =ip semctl(2): IPC_RMID command */ 151 #define AUE_SEMCTL_SET 100 /* =ip semctl(2): IPC_SET command */ 152 #define AUE_SEMCTL_STAT 101 /* =ip semctl(2): IPC_STAT command */ 153 #define AUE_SEMCTL_GETNCNT 102 /* =ip semctl(2): GETNCNT command */ 154 #define AUE_SEMCTL_GETPID 103 /* =ip semctl(2): GETPID command */ 155 #define AUE_SEMCTL_GETVAL 104 /* =ip semctl(2): GETVAL command */ 156 #define AUE_SEMCTL_GETALL 105 /* =ip semctl(2): GETALL command */ 157 #define AUE_SEMCTL_GETZCNT 106 /* =ip semctl(2): GETZCNT command */ 158 #define AUE_SEMCTL_SETVAL 107 /* =ip semctl(2): SETVAL command */ 159 #define AUE_SEMCTL_SETALL 108 /* =ip semctl(2): SETALL command */ 160 #define AUE_SEMGET 109 /* =ip semget(2) */ 161 #define AUE_SEMOP 110 /* =ip semop(2) */ 162 #define AUE_CORE 111 /* =fc process dumped core */ 163 #define AUE_CLOSE 112 /* =cl close(2) */ 164 #define AUE_SYSTEMBOOT 113 /* =na system booted */ 165 #define AUE_ASYNC_DAEMON_EXIT 114 /* =no async_daemon(2) exited */ 166 #define AUE_NFSSVC_EXIT 115 /* =no nfssvc(2) exited */ 167 /* 168 * 116 - 127 are available for future growth (old SunOS_CMW events 169 * that had no libbsm or praudit support or references) 170 */ 171 #define AUE_WRITEL 128 /* =no writel(2) */ 172 #define AUE_WRITEVL 129 /* =no writevl(2) */ 173 #define AUE_GETAUID 130 /* =aa getauid(2) */ 174 #define AUE_SETAUID 131 /* =aa setauid(2) */ 175 #define AUE_GETAUDIT 132 /* =aa getaudit(2) */ 176 #define AUE_SETAUDIT 133 /* =aa setaudit(2) */ 177 #define AUE_GETUSERAUDIT 134 /* =no getuseraudit(2) */ 178 #define AUE_SETUSERAUDIT 135 /* =no setuseraudit(2) */ 179 #define AUE_AUDITSVC 136 /* =as auditsvc(2) */ 180 #define AUE_AUDITUSER 137 /* =no audituser(2) */ 181 #define AUE_AUDITON 138 /* =no auditon(2) */ 182 #define AUE_AUDITON_GTERMID 139 /* =no auditctl(2): GETTERMID */ 183 #define AUE_AUDITON_STERMID 140 /* =no auditctl(2): SETTERMID */ 184 #define AUE_AUDITON_GPOLICY 141 /* =aa auditctl(2): GETPOLICY */ 185 #define AUE_AUDITON_SPOLICY 142 /* =as auditctl(2): SETPOLICY */ 186 #define AUE_AUDITON_GESTATE 143 /* =no auditctl(2): GETESTATE */ 187 #define AUE_AUDITON_SESTATE 144 /* =no auditctl(2): SETESTATE */ 188 #define AUE_AUDITON_GQCTRL 145 /* =as auditctl(2): GETQCTRL */ 189 #define AUE_AUDITON_SQCTRL 146 /* =as auditctl(2): SETQCTRL */ 190 #define AUE_GETKERNSTATE 147 /* =no getkernstate(2) */ 191 #define AUE_SETKERNSTATE 148 /* =no setkernstate(2) */ 192 #define AUE_GETPORTAUDIT 149 /* =no getportaudit(2) */ 193 #define AUE_AUDITSTAT 150 /* =no auditstat(2) */ 194 #define AUE_REVOKE 151 /* =no revoke(2) */ 195 #define AUE_MAC 152 /* =no MAC use */ 196 #define AUE_ENTERPROM 153 /* =na enter prom */ 197 #define AUE_EXITPROM 154 /* =na exit prom */ 198 #define AUE_IFLOAT 155 /* =no inode IL float */ 199 #define AUE_PFLOAT 156 /* =no process IL float */ 200 #define AUE_UPRIV 157 /* =no privilege use */ 201 #define AUE_IOCTL 158 /* =io ioctl(2) */ 202 #define AUE_FIND_RH 159 /* =no ipintr: pkt from unknown host */ 203 #define AUE_BADSATTR 160 /* =no ipintr: unknown security attr */ 204 #define AUE_TN_GEN 161 /* =no ipintr: out-of-sync generat */ 205 #define AUE_TFRWRD 162 /* =no ipintr: bad forward route */ 206 #define AUE_TN_BYPASS 163 /* =no ipintr: bypassed security */ 207 #define AUE_TN_ISPRIV 164 /* =no ipintr: insufficient privilege */ 208 #define AUE_TN_CKRT 165 /* =no ipintr: route security reject */ 209 #define AUE_TN_CKIPOUT 166 /* =no ipintr: ip outpt securty rjct */ 210 #define AUE_KTNETD 167 /* =no tnetd turned off */ 211 #define AUE_STNETD 168 /* =no tnetd started */ 212 #define AUE_HLTSR 169 /* =no session record halted */ 213 #define AUE_STRTSR 170 /* =no session record started */ 214 #define AUE_FREESR 171 /* =no session record freed */ 215 #define AUE_TN_ACCRED 172 /* =no import accred failed */ 216 #define AUE_ONESIDE 173 /* =no one-sided session record */ 217 #define AUE_MSGGETL 174 /* =no msggetl(2) */ 218 #define AUE_MSGRCVL 175 /* =no msgrcvl(2) */ 219 #define AUE_MSGSNDL 176 /* =no msgsndl(2) */ 220 #define AUE_SEMGETL 177 /* =no semgetl(2) */ 221 #define AUE_SHMGETL 178 /* =no shmgetl(2) */ 222 #define AUE_GETMLDADORN 179 /* =no getmldadorn(2) */ 223 #define AUE_GETSLDNAME 180 /* =no getsldname(2) */ 224 #define AUE_MLDLSTAT 181 /* =no mldlstat(2) */ 225 #define AUE_MLDSTAT 182 /* =no mldstat(2) */ 226 #define AUE_SOCKET 183 /* =nt socket(2) */ 227 #define AUE_SENDTO 184 /* =nt sendto(2) */ 228 #define AUE_PIPE 185 /* =no pipe(2) */ 229 #define AUE_SOCKETPAIR 186 /* =no socketpair(2) */ 230 #define AUE_SEND 187 /* =no send(2) */ 231 #define AUE_SENDMSG 188 /* =nt sendmsg(2) */ 232 #define AUE_RECV 189 /* =no recv(2) */ 233 #define AUE_RECVMSG 190 /* =nt recvmsg(2) */ 234 #define AUE_RECVFROM 191 /* =nt recvfrom(2) */ 235 #define AUE_READ 192 /* =no read(2) */ 236 #define AUE_GETDENTS 193 /* =no getdents(2) */ 237 #define AUE_LSEEK 194 /* =no lseek(2) */ 238 #define AUE_WRITE 195 /* =no write(2) */ 239 #define AUE_WRITEV 196 /* =no writev(2) */ 240 #define AUE_NFS 197 /* =no NFS server */ 241 #define AUE_READV 198 /* =no readv(2) */ 242 #define AUE_OSTAT 199 /* =no old stat(2) */ 243 #define AUE_SETUID 200 /* =pm old setuid(2) */ 244 #define AUE_STIME 201 /* =as old stime(2) */ 245 #define AUE_UTIME 202 /* =fm old utime(2) */ 246 #define AUE_NICE 203 /* =pm old nice(2) */ 247 #define AUE_OSETPGRP 204 /* =no old setpgrp(2) */ 248 #define AUE_SETGID 205 /* =pm old setgid(2) */ 249 #define AUE_READL 206 /* =no readl(2) */ 250 #define AUE_READVL 207 /* =no readvl(2) */ 251 #define AUE_FSTAT 208 /* =no fstat(2) */ 252 #define AUE_DUP2 209 /* =no dup2(2) u-o-p */ 253 #define AUE_MMAP 210 /* =no mmap(2) u-o-p */ 254 #define AUE_AUDIT 211 /* =no audit(2) u-o-p */ 255 #define AUE_PRIOCNTLSYS 212 /* =pm priocntlsys */ 256 #define AUE_MUNMAP 213 /* =cl munmap(2) u-o-p */ 257 #define AUE_SETEGID 214 /* =pm setegid(2) */ 258 #define AUE_SETEUID 215 /* =pm seteuid(2) */ 259 #define AUE_PUTMSG 216 /* =nt */ 260 #define AUE_GETMSG 217 /* =nt */ 261 #define AUE_PUTPMSG 218 /* =nt */ 262 #define AUE_GETPMSG 219 /* =nt */ 263 #define AUE_AUDITSYS 220 /* =no place holder */ 264 #define AUE_AUDITON_GETKMASK 221 /* =aa */ 265 #define AUE_AUDITON_SETKMASK 222 /* =as */ 266 #define AUE_AUDITON_GETCWD 223 /* =as */ 267 #define AUE_AUDITON_GETCAR 224 /* =as */ 268 #define AUE_AUDITON_GETSTAT 225 /* =as */ 269 #define AUE_AUDITON_SETSTAT 226 /* =as */ 270 #define AUE_AUDITON_SETUMASK 227 /* =as */ 271 #define AUE_AUDITON_SETSMASK 228 /* =as */ 272 #define AUE_AUDITON_GETCOND 229 /* =aa */ 273 #define AUE_AUDITON_SETCOND 230 /* =as */ 274 #define AUE_AUDITON_GETCLASS 231 /* =as */ 275 #define AUE_AUDITON_SETCLASS 232 /* =as */ 276 #define AUE_FUSERS 233 /* =fa */ 277 #define AUE_STATVFS 234 /* =fa */ 278 #define AUE_XSTAT 235 /* =no */ 279 #define AUE_LXSTAT 236 /* =no */ 280 #define AUE_LCHOWN 237 /* =fm */ 281 #define AUE_MEMCNTL 238 /* =ot */ 282 #define AUE_SYSINFO 239 /* =as */ 283 #define AUE_XMKNOD 240 /* =no */ 284 #define AUE_FORK1 241 /* =ps */ 285 #define AUE_MODCTL 242 /* =no */ 286 #define AUE_MODLOAD 243 /* =as */ 287 #define AUE_MODUNLOAD 244 /* =as */ 288 #define AUE_MODCONFIG 245 /* =no obsolete */ 289 #define AUE_MODADDMAJ 246 /* =as */ 290 #define AUE_SOCKACCEPT 247 /* =nt */ 291 #define AUE_SOCKCONNECT 248 /* =nt */ 292 #define AUE_SOCKSEND 249 /* =nt */ 293 #define AUE_SOCKRECEIVE 250 /* =nt */ 294 #define AUE_ACLSET 251 /* =fm */ 295 #define AUE_FACLSET 252 /* =fm */ 296 #define AUE_DOORFS 253 /* =no */ 297 #define AUE_DOORFS_DOOR_CALL 254 /* =ip */ 298 #define AUE_DOORFS_DOOR_RETURN 255 /* =ip */ 299 #define AUE_DOORFS_DOOR_CREATE 256 /* =ip */ 300 #define AUE_DOORFS_DOOR_REVOKE 257 /* =ip */ 301 #define AUE_DOORFS_DOOR_INFO 258 /* =ip */ 302 #define AUE_DOORFS_DOOR_CRED 259 /* =ip */ 303 #define AUE_DOORFS_DOOR_BIND 260 /* =ip */ 304 #define AUE_DOORFS_DOOR_UNBIND 261 /* =ip */ 305 #define AUE_P_ONLINE 262 /* =as */ 306 #define AUE_PROCESSOR_BIND 263 /* =as */ 307 #define AUE_INST_SYNC 264 /* =as */ 308 #define AUE_SOCKCONFIG 265 /* =nt */ 309 #define AUE_SETAUDIT_ADDR 266 /* =aa setaudit_addr(2) */ 310 #define AUE_GETAUDIT_ADDR 267 /* =aa getaudit_addr(2) */ 311 #define AUE_UMOUNT2 268 /* =as umount(2) */ 312 #define AUE_FSAT 269 /* =no openat(2): place holder */ 313 #define AUE_OPENAT_R 270 /* =fr openat(2): read */ 314 #define AUE_OPENAT_RC 271 /* =fc,fr openat(2): read,creat */ 315 #define AUE_OPENAT_RT 272 /* =fd,fr openat(2): read,trunc */ 316 #define AUE_OPENAT_RTC 273 /* =fc,fd,fr openat(2): rd,cr,tr */ 317 #define AUE_OPENAT_W 274 /* =fw openat(2): write */ 318 #define AUE_OPENAT_WC 275 /* =fc,fw openat(2): write,creat */ 319 #define AUE_OPENAT_WT 276 /* =fd,fw openat(2): write,trunc */ 320 #define AUE_OPENAT_WTC 277 /* =fc,fd,fw openat(2): wr,cr,tr */ 321 #define AUE_OPENAT_RW 278 /* =fr,fw openat(2): read,write */ 322 #define AUE_OPENAT_RWC 279 /* =fc,fw,fr openat(2): rd,wr,cr */ 323 #define AUE_OPENAT_RWT 280 /* =fd,fr,fw openat(2): rd,wr,tr */ 324 #define AUE_OPENAT_RWTC 281 /* =fc,fd,fw,fr openat(2): rd,wr,cr,tr */ 325 #define AUE_RENAMEAT 282 /* =fc,fd renameat(2) */ 326 #define AUE_FSTATAT 283 /* =no fstatat(2) */ 327 #define AUE_FCHOWNAT 284 /* =fm fchownat(2) */ 328 #define AUE_FUTIMESAT 285 /* =fm futimesat(2) */ 329 #define AUE_UNLINKAT 286 /* =fd unlinkat(2) */ 330 #define AUE_CLOCK_SETTIME 287 /* =as clock_settime(3RT) */ 331 #define AUE_NTP_ADJTIME 288 /* =as ntp_adjtime(2) */ 332 #define AUE_SETPPRIV 289 /* =pc setppriv(2) */ 333 #define AUE_MODDEVPLCY 290 /* =ad modctl(2) */ 334 #define AUE_MODADDPRIV 291 /* =ad modctl(2) */ 335 #define AUE_CRYPTOADM 292 /* =as kernel cryptographic framework */ 336 337 /* 338 * Maximum number of kernel events in the event to class table 339 * leave a couple extra ones just incase somebody wants to load a new 340 * driver with build in auditing 341 */ 342 343 #define MAX_KEVENTS 512 344 345 #ifdef __cplusplus 346 } 347 #endif 348 349 #endif /* _BSM_AUDIT_KEVENTS_H */ 350