1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 */
25
26 #ifndef _BSM_AUDIT_KEVENTS_H
27 #define _BSM_AUDIT_KEVENTS_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 /*
34 * Audit event numbers.
35 *
36 * 0 Reserved as an invalid event number.
37 * 1 - 511 Allocated for Solaris kernel
38 * 512 - 2047 (reserved but not allocated)
39 * 2048 - 32767 Reserved for the Solaris TCB application.
40 * 32768 - 65535 Available for third party applications.
41 *
42 * NOTE: libbsm/audit_event.txt must be updated elsewhere when changes
43 * are made to kernel events.
44 */
45
46 #define AUE_NULL 0 /* =no indir system call */
47 #define AUE_EXIT 1 /* =ps exit(2) */
48 #define AUE_FORKALL 2 /* =ps forkall(2) */
49 #define AUE_OPEN 3 /* =no open(2): place holder */
50 #define AUE_CREAT 4 /* =no obsolete */
51 #define AUE_LINK 5 /* =fc link(2) */
52 #define AUE_UNLINK 6 /* =fd unlink(2) */
53 #define AUE_EXEC 7 /* =no obsolete */
54 #define AUE_CHDIR 8 /* =pm chdir(2) */
55 #define AUE_MKNOD 9 /* =fc mknod(2) */
56 #define AUE_CHMOD 10 /* =fm chmod(2) */
57 #define AUE_CHOWN 11 /* =fm chown(2) */
58 #define AUE_UMOUNT 12 /* =as umount(2): old version */
59 #define AUE_JUNK 13 /* =no non existant event */
60 #define AUE_ACCESS 14 /* =fa access(2) */
61 #define AUE_KILL 15 /* =pm kill(2) */
62 #define AUE_STAT 16 /* =fa stat(2) */
63 #define AUE_LSTAT 17 /* =fa lstat(2) */
64 #define AUE_ACCT 18 /* =as acct(2) */
65 #define AUE_MCTL 19 /* =no mctl(2) */
66 #define AUE_REBOOT 20 /* =no reboot(2) */
67 #define AUE_SYMLINK 21 /* =fc symlink(2) */
68 #define AUE_READLINK 22 /* =fr readlink(2) */
69 #define AUE_EXECVE 23 /* =ps,ex execve(2) */
70 #define AUE_CHROOT 24 /* =pm chroot(2) */
71 #define AUE_VFORK 25 /* =ps vfork(2) */
72 #define AUE_SETGROUPS 26 /* =pm setgroups(2) */
73 #define AUE_SETPGRP 27 /* =pm setpgrp(2) */
74 #define AUE_SWAPON 28 /* =no swapon(2) */
75 #define AUE_SETHOSTNAME 29 /* =no sethostname(2) */
76 #define AUE_FCNTL 30 /* =fm fcntl(2) */
77 #define AUE_SETPRIORITY 31 /* =no setpriority(2) */
78 #define AUE_CONNECT 32 /* =nt connect(2) */
79 #define AUE_ACCEPT 33 /* =nt accept(2) */
80 #define AUE_BIND 34 /* =nt bind(2) */
81 #define AUE_SETSOCKOPT 35 /* =nt setsockopt(2) */
82 #define AUE_VTRACE 36 /* =no vtrace(2) */
83 #define AUE_SETTIMEOFDAY 37 /* =no settimeofday(2) */
84 #define AUE_FCHOWN 38 /* =fm fchown(2) */
85 #define AUE_FCHMOD 39 /* =fm fchmod(2) */
86 #define AUE_SETREUID 40 /* =pm setreuid(2) */
87 #define AUE_SETREGID 41 /* =pm setregid(2) */
88 #define AUE_RENAME 42 /* =fc,fd rename(2) */
89 #define AUE_TRUNCATE 43 /* =no truncate(2) */
90 #define AUE_FTRUNCATE 44 /* =no ftruncate(2) */
91 #define AUE_FLOCK 45 /* =no flock(2) */
92 #define AUE_SHUTDOWN 46 /* =nt shutdown(2) */
93 #define AUE_MKDIR 47 /* =fc mkdir(2) */
94 #define AUE_RMDIR 48 /* =fd rmdir(2) */
95 #define AUE_UTIMES 49 /* =fm futimens(2), utimensat(2) */
96 #define AUE_ADJTIME 50 /* =as adjtime(2) */
97 #define AUE_SETRLIMIT 51 /* =ua setrlimit(2) */
98 #define AUE_KILLPG 52 /* =no killpg(2) */
99 #define AUE_NFS_SVC 53 /* =no nfs_svc(2) */
100 #define AUE_STATFS 54 /* =fa statfs(2) */
101 #define AUE_FSTATFS 55 /* =fa fstatfs(2) */
102 #define AUE_UNMOUNT 56 /* =no unmount(2) */
103 #define AUE_ASYNC_DAEMON 57 /* =no async_daemon(2) */
104 #define AUE_NFS_GETFH 58 /* =no nfs_getfh(2) */
105 #define AUE_SETDOMAINNAME 59 /* =no setdomainname(2) */
106 #define AUE_QUOTACTL 60 /* =no quotactl(2) */
107 #define AUE_EXPORTFS 61 /* =no exportfs(2) */
108 #define AUE_MOUNT 62 /* =as mount(2) */
109 #define AUE_SEMSYS 63 /* =no semsys(2): place holder */
110 #define AUE_MSGSYS 64 /* =no msgsys(2): place holder */
111 #define AUE_SHMSYS 65 /* =no shmsys(2): place holder */
112 #define AUE_BSMSYS 66 /* =no bsmsys(2): place holder */
113 #define AUE_RFSSYS 67 /* =no rfssys(2): place holder */
114 #define AUE_FCHDIR 68 /* =pm fchdir(2) */
115 #define AUE_FCHROOT 69 /* =pm fchroot(2) */
116 #define AUE_VPIXSYS 70 /* =no obsolete */
117 #define AUE_PATHCONF 71 /* =fa pathconf(2) */
118 #define AUE_OPEN_R 72 /* =fr open(2): read */
119 #define AUE_OPEN_RC 73 /* =fc,fr open(2): read,creat */
120 #define AUE_OPEN_RT 74 /* =fd,fr open(2): read,trunc */
121 #define AUE_OPEN_RTC 75 /* =fc,fd,fr open(2): rd,cr,tr */
122 #define AUE_OPEN_W 76 /* =fw open(2): write */
123 #define AUE_OPEN_WC 77 /* =fc,fw open(2): write,creat */
124 #define AUE_OPEN_WT 78 /* =fd,fw open(2): write,trunc */
125 #define AUE_OPEN_WTC 79 /* =fc,fd,fw open(2): wr,cr,tr */
126 #define AUE_OPEN_RW 80 /* =fr,fw open(2): read,write */
127 #define AUE_OPEN_RWC 81 /* =fc,fw,fr open(2): rd,wr,cr */
128 #define AUE_OPEN_RWT 82 /* =fd,fr,fw open(2): rd,wr,tr */
129 #define AUE_OPEN_RWTC 83 /* =fc,fd,fw,fr open(2): rd,wr,cr,tr */
130 #define AUE_MSGCTL 84 /* =ip msgctl(2): illegal command */
131 #define AUE_MSGCTL_RMID 85 /* =ip msgctl(2): IPC_RMID command */
132 #define AUE_MSGCTL_SET 86 /* =ip msgctl(2): IPC_SET command */
133 #define AUE_MSGCTL_STAT 87 /* =ip msgctl(2): IPC_STAT command */
134 #define AUE_MSGGET 88 /* =ip msgget(2) */
135 #define AUE_MSGRCV 89 /* =ip msgrcv(2) */
136 #define AUE_MSGSND 90 /* =ip msgsnd(2) */
137 #define AUE_SHMCTL 91 /* =ip shmctl(2): Illegal command */
138 #define AUE_SHMCTL_RMID 92 /* =ip shmctl(2): IPC_RMID command */
139 #define AUE_SHMCTL_SET 93 /* =ip shmctl(2): IPC_SET command */
140 #define AUE_SHMCTL_STAT 94 /* =ip shmctl(2): IPC_STAT command */
141 #define AUE_SHMGET 95 /* =ip shmget(2) */
142 #define AUE_SHMAT 96 /* =ip shmat(2) */
143 #define AUE_SHMDT 97 /* =ip shmdt(2) */
144 #define AUE_SEMCTL 98 /* =ip semctl(2): illegal command */
145 #define AUE_SEMCTL_RMID 99 /* =ip semctl(2): IPC_RMID command */
146 #define AUE_SEMCTL_SET 100 /* =ip semctl(2): IPC_SET command */
147 #define AUE_SEMCTL_STAT 101 /* =ip semctl(2): IPC_STAT command */
148 #define AUE_SEMCTL_GETNCNT 102 /* =ip semctl(2): GETNCNT command */
149 #define AUE_SEMCTL_GETPID 103 /* =ip semctl(2): GETPID command */
150 #define AUE_SEMCTL_GETVAL 104 /* =ip semctl(2): GETVAL command */
151 #define AUE_SEMCTL_GETALL 105 /* =ip semctl(2): GETALL command */
152 #define AUE_SEMCTL_GETZCNT 106 /* =ip semctl(2): GETZCNT command */
153 #define AUE_SEMCTL_SETVAL 107 /* =ip semctl(2): SETVAL command */
154 #define AUE_SEMCTL_SETALL 108 /* =ip semctl(2): SETALL command */
155 #define AUE_SEMGET 109 /* =ip semget(2) */
156 #define AUE_SEMOP 110 /* =ip semop(2) */
157 #define AUE_CORE 111 /* =fc process dumped core */
158 #define AUE_CLOSE 112 /* =cl close(2) */
159 #define AUE_SYSTEMBOOT 113 /* =na system booted */
160 #define AUE_ASYNC_DAEMON_EXIT 114 /* =no async_daemon(2) exited */
161 #define AUE_NFSSVC_EXIT 115 /* =no nfssvc(2) exited */
162 #define AUE_PFEXEC 116 /* =ps,ex,ua,as execve(2) w/ pfexec */
163 #define AUE_OPEN_S 117 /* =fr open(2): search */
164 #define AUE_OPEN_E 118 /* =fr open(2): exec */
165 /*
166 * 119 - 129 are available for future growth (old SunOS_CMW events
167 * that had no libbsm or praudit support or references)
168 */
169 #define AUE_GETAUID 130 /* =aa getauid(2) */
170 #define AUE_SETAUID 131 /* =aa setauid(2) */
171 #define AUE_GETAUDIT 132 /* =aa getaudit(2) */
172 #define AUE_SETAUDIT 133 /* =aa setaudit(2) */
173 /* 134 OBSOLETE */
174 /* 135 OBSOLETE */
175 #define AUE_AUDITSVC 136 /* =no obsolete */
176 /* 137 OBSOLETE */
177 #define AUE_AUDITON 138 /* =no auditon(2) */
178 #define AUE_AUDITON_GTERMID 139 /* =no auditctl(2): GETTERMID */
179 #define AUE_AUDITON_STERMID 140 /* =no auditctl(2): SETTERMID */
180 #define AUE_AUDITON_GPOLICY 141 /* =aa auditctl(2): GETPOLICY */
181 #define AUE_AUDITON_SPOLICY 142 /* =as auditctl(2): SETPOLICY */
182 #define AUE_AUDITON_GESTATE 143 /* =no auditctl(2): GETESTATE */
183 #define AUE_AUDITON_SESTATE 144 /* =no auditctl(2): SETESTATE */
184 #define AUE_AUDITON_GQCTRL 145 /* =as auditctl(2): GETQCTRL */
185 #define AUE_AUDITON_SQCTRL 146 /* =as auditctl(2): SETQCTRL */
186 /* 147 OBSOLETE */
187 /* 148 OBSOLETE */
188 /* 149 OBSOLETE */
189 /* 150 OBSOLETE */
190 /* 151 OBSOLETE */
191 /* 152 OBSOLETE */
192 #define AUE_ENTERPROM 153 /* =na enter prom */
193 #define AUE_EXITPROM 154 /* =na exit prom */
194 /* 155 OBSOLETE */
195 /* 156 OBSOLETE */
196 /* 157 OBSOLETE */
197 #define AUE_IOCTL 158 /* =io ioctl(2) */
198 /* 159 OBSOLETE */
199 /* 160 OBSOLETE */
200 /* 161 OBSOLETE */
201 /* 162 OBSOLETE */
202 /* 163 OBSOLETE */
203 /* 164 OBSOLETE */
204 /* 165 OBSOLETE */
205 /* 166 OBSOLETE */
206 /* 167 OBSOLETE */
207 /* 168 OBSOLETE */
208 /* 169 OBSOLETE */
209 /* 170 OBSOLETE */
210 /* 171 OBSOLETE */
211 /* 172 OBSOLETE */
212 #define AUE_ONESIDE 173 /* =no one-sided session record */
213 #define AUE_MSGGETL 174 /* =no msggetl(2) */
214 #define AUE_MSGRCVL 175 /* =no msgrcvl(2) */
215 #define AUE_MSGSNDL 176 /* =no msgsndl(2) */
216 #define AUE_SEMGETL 177 /* =no semgetl(2) */
217 #define AUE_SHMGETL 178 /* =no shmgetl(2) */
218 /* 179 OBSOLETE */
219 /* 180 OBSOLETE */
220 /* 181 OBSOLETE */
221 /* 182 OBSOLETE */
222 #define AUE_SOCKET 183 /* =nt socket(2) */
223 #define AUE_SENDTO 184 /* =nt sendto(2) */
224 #define AUE_PIPE 185 /* =no pipe(2) */
225 #define AUE_SOCKETPAIR 186 /* =no socketpair(2) */
226 #define AUE_SEND 187 /* =no send(2) */
227 #define AUE_SENDMSG 188 /* =nt sendmsg(2) */
228 #define AUE_RECV 189 /* =no recv(2) */
229 #define AUE_RECVMSG 190 /* =nt recvmsg(2) */
230 #define AUE_RECVFROM 191 /* =nt recvfrom(2) */
231 #define AUE_READ 192 /* =no read(2) */
232 #define AUE_GETDENTS 193 /* =no getdents(2) */
233 #define AUE_LSEEK 194 /* =no lseek(2) */
234 #define AUE_WRITE 195 /* =no write(2) */
235 #define AUE_WRITEV 196 /* =no writev(2) */
236 #define AUE_NFS 197 /* =no NFS server */
237 #define AUE_READV 198 /* =no readv(2) */
238 #define AUE_OSTAT 199 /* =no obsolete */
239 #define AUE_SETUID 200 /* =pm old setuid(2) */
240 #define AUE_STIME 201 /* =as old stime(2) */
241 #define AUE_UTIME 202 /* =no obsolete */
242 #define AUE_NICE 203 /* =pm old nice(2) */
243 #define AUE_OSETPGRP 204 /* =no old setpgrp(2) */
244 #define AUE_SETGID 205 /* =pm old setgid(2) */
245 #define AUE_READL 206 /* =no readl(2) */
246 #define AUE_READVL 207 /* =no readvl(2) */
247 #define AUE_FSTAT 208 /* =no fstat(2) */
248 #define AUE_DUP2 209 /* =no obsolete */
249 #define AUE_MMAP 210 /* =no mmap(2) u-o-p */
250 #define AUE_AUDIT 211 /* =no audit(2) u-o-p */
251 #define AUE_PRIOCNTLSYS 212 /* =pm priocntlsys */
252 #define AUE_MUNMAP 213 /* =cl munmap(2) u-o-p */
253 #define AUE_SETEGID 214 /* =pm setegid(2) */
254 #define AUE_SETEUID 215 /* =pm seteuid(2) */
255 #define AUE_PUTMSG 216 /* =nt */
256 #define AUE_GETMSG 217 /* =nt */
257 #define AUE_PUTPMSG 218 /* =nt */
258 #define AUE_GETPMSG 219 /* =nt */
259 #define AUE_AUDITSYS 220 /* =no place holder */
260 #define AUE_AUDITON_GETKMASK 221 /* =aa */
261 #define AUE_AUDITON_SETKMASK 222 /* =as */
262 #define AUE_AUDITON_GETCWD 223 /* =aa,as */
263 #define AUE_AUDITON_GETCAR 224 /* =aa,as */
264 #define AUE_AUDITON_GETSTAT 225 /* =as */
265 #define AUE_AUDITON_SETSTAT 226 /* =as */
266 #define AUE_AUDITON_SETUMASK 227 /* =as */
267 #define AUE_AUDITON_SETSMASK 228 /* =as */
268 #define AUE_AUDITON_GETCOND 229 /* =aa */
269 #define AUE_AUDITON_SETCOND 230 /* =as */
270 #define AUE_AUDITON_GETCLASS 231 /* =aa,as */
271 #define AUE_AUDITON_SETCLASS 232 /* =as */
272 #define AUE_FUSERS 233 /* =fa */
273 #define AUE_STATVFS 234 /* =fa */
274 #define AUE_XSTAT 235 /* =no obsolete */
275 #define AUE_LXSTAT 236 /* =no obsolete */
276 #define AUE_LCHOWN 237 /* =fm */
277 #define AUE_MEMCNTL 238 /* =ot */
278 #define AUE_SYSINFO 239 /* =as */
279 #define AUE_XMKNOD 240 /* =no obsolete */
280 #define AUE_FORK1 241 /* =ps */
281 #define AUE_MODCTL 242 /* =no */
282 #define AUE_MODLOAD 243 /* =as */
283 #define AUE_MODUNLOAD 244 /* =as */
284 #define AUE_MODCONFIG 245 /* =no obsolete */
285 #define AUE_MODADDMAJ 246 /* =as */
286 #define AUE_SOCKACCEPT 247 /* =nt */
287 #define AUE_SOCKCONNECT 248 /* =nt */
288 #define AUE_SOCKSEND 249 /* =nt */
289 #define AUE_SOCKRECEIVE 250 /* =nt */
290 #define AUE_ACLSET 251 /* =fm */
291 #define AUE_FACLSET 252 /* =fm */
292 #define AUE_DOORFS 253 /* =no */
293 #define AUE_DOORFS_DOOR_CALL 254 /* =ip */
294 #define AUE_DOORFS_DOOR_RETURN 255 /* =ip */
295 #define AUE_DOORFS_DOOR_CREATE 256 /* =ip */
296 #define AUE_DOORFS_DOOR_REVOKE 257 /* =ip */
297 #define AUE_DOORFS_DOOR_INFO 258 /* =ip */
298 #define AUE_DOORFS_DOOR_CRED 259 /* =ip */
299 #define AUE_DOORFS_DOOR_BIND 260 /* =ip */
300 #define AUE_DOORFS_DOOR_UNBIND 261 /* =ip */
301 #define AUE_P_ONLINE 262 /* =as */
302 #define AUE_PROCESSOR_BIND 263 /* =as */
303 #define AUE_INST_SYNC 264 /* =as */
304 #define AUE_SOCKCONFIG 265 /* =nt */
305 #define AUE_SETAUDIT_ADDR 266 /* =aa setaudit_addr(2) */
306 #define AUE_GETAUDIT_ADDR 267 /* =aa getaudit_addr(2) */
307 #define AUE_UMOUNT2 268 /* =as umount2(2) */
308 #define AUE_FSAT 269 /* =no obsolete */
309 #define AUE_OPENAT_R 270 /* =no obsolete */
310 #define AUE_OPENAT_RC 271 /* =no obsolete */
311 #define AUE_OPENAT_RT 272 /* =no obsolete */
312 #define AUE_OPENAT_RTC 273 /* =no obsolete */
313 #define AUE_OPENAT_W 274 /* =no obsolete */
314 #define AUE_OPENAT_WC 275 /* =no obsolete */
315 #define AUE_OPENAT_WT 276 /* =no obsolete */
316 #define AUE_OPENAT_WTC 277 /* =no obsolete */
317 #define AUE_OPENAT_RW 278 /* =no obsolete */
318 #define AUE_OPENAT_RWC 279 /* =no obsolete */
319 #define AUE_OPENAT_RWT 280 /* =no obsolete */
320 #define AUE_OPENAT_RWTC 281 /* =no obsolete */
321 #define AUE_RENAMEAT 282 /* =no obsolete */
322 #define AUE_FSTATAT 283 /* =no obsolete */
323 #define AUE_FCHOWNAT 284 /* =no obsolete */
324 #define AUE_FUTIMESAT 285 /* =no obsolete */
325 #define AUE_UNLINKAT 286 /* =no obsolete */
326 #define AUE_CLOCK_SETTIME 287 /* =as clock_settime(3RT) */
327 #define AUE_NTP_ADJTIME 288 /* =as ntp_adjtime(2) */
328 #define AUE_SETPPRIV 289 /* =pm setppriv(2) */
329 #define AUE_MODDEVPLCY 290 /* =as modctl(2) */
330 #define AUE_MODADDPRIV 291 /* =as modctl(2) */
331 #define AUE_CRYPTOADM 292 /* =as kernel cryptographic framework */
332 #define AUE_CONFIGKSSL 293 /* =as kernel SSL */
333 #define AUE_BRANDSYS 294 /* =ot */
334 #define AUE_PF_POLICY_ADDRULE 295 /* =as Add IPsec policy rule */
335 #define AUE_PF_POLICY_DELRULE 296 /* =as Delete IPsec policy rule */
336 #define AUE_PF_POLICY_CLONE 297 /* =as Clone IPsec policy */
337 #define AUE_PF_POLICY_FLIP 298 /* =as Flip IPsec policy */
338 #define AUE_PF_POLICY_FLUSH 299 /* =as Flush IPsec policy rules */
339 #define AUE_PF_POLICY_ALGS 300 /* =as Update IPsec algorithms */
340 #define AUE_PORTFS 301 /* =no portfs(2) - place holder */
341 #define AUE_LABELSYS_TNRH 302 /* =as tnrh(2) */
342 #define AUE_LABELSYS_TNRHTP 303 /* =as tnrhtp(2) */
343 #define AUE_LABELSYS_TNMLP 304 /* =as tnmlp(2) */
344 #define AUE_PORTFS_ASSOCIATE 305 /* =fa portfs(2) - port associate */
345 #define AUE_PORTFS_DISSOCIATE 306 /* =fa portfs(2) - port disassociate */
346 #define AUE_SETSID 307 /* =pm setsid(2) */
347 #define AUE_SETPGID 308 /* =pm setpgid(2) */
348 #define AUE_FACCESSAT 309 /* =no obsolete */
349 #define AUE_AUDITON_GETAMASK 310 /* =aa */
350 #define AUE_AUDITON_SETAMASK 311 /* =as */
351 #define AUE_PSECFLAGS 312 /* =pm psecflags */
352 #define AUE_SACL 313 /* =sa SACL auditing (reserved) */
353
354 /* NOTE: update MAX_KEVENTS below if events are added. */
355 #define MAX_KEVENTS 313
356
357 #ifdef __cplusplus
358 }
359 #endif
360
361 #endif /* _BSM_AUDIT_KEVENTS_H */