2 Wdiff usr/src/lib/libbsm/audit_class.txt

Print this page

11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>

Split	Close
Expand all
Collapse all

          --- old/usr/src/lib/libbsm/audit_class.txt
          +++ new/usr/src/lib/libbsm/audit_class.txt

   1    1  #
   2    2  # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
   3    3  # Use is subject to license terms.
   4    4  #
   5    5  # Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
   6    6  #
   7    7  # CDDL HEADER START
   8    8  #
   9    9  # The contents of this file are subject to the terms of the
  10   10  # Common Development and Distribution License (the "License").
  11   11  # You may not use this file except in compliance with the License.
  12   12  #
  13   13  # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  14   14  # or http://www.opensolaris.org/os/licensing.
  15   15  # See the License for the specific language governing permissions
  16   16  # and limitations under the License.
  17   17  #

↓ open down ↓

17 lines elided

↑ open up ↑

  18   18  # When distributing Covered Code, include this CDDL HEADER in each
  19   19  # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  20   20  # If applicable, add the following below this CDDL HEADER, with the
  21   21  # fields enclosed by brackets "[]" replaced with your own identifying
  22   22  # information: Portions Copyright [yyyy] [name of copyright owner]
  23   23  #
  24   24  # CDDL HEADER END
  25   25  #
  26   26  # User Level Class Masks
  27   27  #
  28      -# Developers: If you change this file you must also edit audit.h.
  29      -#
  30   28  # "Meta-classes" can be created; these are supersets composed of multiple base
  31   29  # classes, and thus will have more than 1 bit in its mask. See "ad", "all",
  32   30  # "am", and "pc" below for examples.
  33   31  #
  34   32  # The "no" (invalid) class below is commonly (but not exclusively) used in
  35   33  # audit_event for obsolete events.
  36   34  #
  37   35  #
  38   36  # File Format:
  39   37  #

  40   38  #       mask:name:description
  41   39  #
  42   40  0x00000000:no:invalid class
  43   41  0x00000001:fr:file read
  44   42  0x00000002:fw:file write
  45   43  0x00000004:fa:file attribute access
  46   44  0x00000008:fm:file attribute modify
  47   45  0x00000010:fc:file create
  48   46  0x00000020:fd:file delete
  49   47  0x00000040:cl:file close
  50   48  0x00000100:nt:network
  51   49  0x00000200:ip:ipc
  52   50  0x00000400:na:non-attribute
  53   51  0x00001000:lo:login or logout
  54   52  0x00004000:ap:application
  55   53  0x00008000:cy:cryptographic
  56   54  0x00010000:ss:change system state
  57   55  0x00020000:as:system-wide administration
  58   56  0x00040000:ua:user administration
  59   57  0x00070000:am:administrative (meta-class)
  60   58  0x00080000:aa:audit utilization
  61   59  0x000f0000:ad:old administrative (meta-class)
  62   60  0x00100000:ps:process start/stop
  63   61  0x00200000:pm:process modify
  64   62  0x00300000:pc:process (meta-class)
  65   63  0x00400000:xp:X - privileged/administrative operations
  66   64  0x00800000:xc:X - object create/destroy
  67   65  0x01000000:xs:X - operations that always silently fail, if bad
  68   66  0x01c00000:xx:X - all X events (meta-class)
  69   67  0x02000000:sa:SACL-based File Access Auditing
  70   68  0x20000000:io:ioctl
  71   69  0x40000000:ex:exec
  72   70  0x80000000:ot:other
  73   71  0xffffffff:all:all classes (meta-class)

↓ open down ↓

34 lines elided

↑ open up ↑

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX