1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24 
  25 #ifndef _BSM_AUDIT_KEVENTS_H
  26 #define _BSM_AUDIT_KEVENTS_H
  27 
  28 #ifdef  __cplusplus
  29 extern "C" {
  30 #endif
  31 
  32 /*
  33  * Audit event numbers.
  34  *
  35  *      0               Reserved as an invalid event number.
  36  *      1 -   511       Allocated for Solaris kernel
  37  *      512 -  2047     (reserved but not allocated)
  38  *      2048 - 32767    Reserved for the Solaris TCB application.
  39  *      32768 - 65535   Available for third party applications.
  40  *
  41  *      NOTE:   libbsm/audit_event.txt must be updated elsewhere when changes
  42  *              are made to kernel events.
  43  */
  44 
  45 #define AUE_NULL                0       /* =no indir system call */
  46 #define AUE_EXIT                1       /* =ps exit(2) */
  47 #define AUE_FORKALL             2       /* =ps forkall(2) */
  48 #define AUE_OPEN                3       /* =no open(2): place holder */
  49 #define AUE_CREAT               4       /* =no obsolete */
  50 #define AUE_LINK                5       /* =fc link(2) */
  51 #define AUE_UNLINK              6       /* =fd unlink(2) */
  52 #define AUE_EXEC                7       /* =no obsolete */
  53 #define AUE_CHDIR               8       /* =pm chdir(2) */
  54 #define AUE_MKNOD               9       /* =fc mknod(2) */
  55 #define AUE_CHMOD               10      /* =fm chmod(2) */
  56 #define AUE_CHOWN               11      /* =fm chown(2) */
  57 #define AUE_UMOUNT              12      /* =as umount(2): old version */
  58 #define AUE_JUNK                13      /* =no non existant event */
  59 #define AUE_ACCESS              14      /* =fa access(2) */
  60 #define AUE_KILL                15      /* =pm kill(2) */
  61 #define AUE_STAT                16      /* =fa stat(2) */
  62 #define AUE_LSTAT               17      /* =fa lstat(2) */
  63 #define AUE_ACCT                18      /* =as acct(2) */
  64 #define AUE_MCTL                19      /* =no mctl(2) */
  65 #define AUE_REBOOT              20      /* =no reboot(2) */
  66 #define AUE_SYMLINK             21      /* =fc symlink(2) */
  67 #define AUE_READLINK            22      /* =fr readlink(2) */
  68 #define AUE_EXECVE              23      /* =ps,ex execve(2) */
  69 #define AUE_CHROOT              24      /* =pm chroot(2) */
  70 #define AUE_VFORK               25      /* =ps vfork(2) */
  71 #define AUE_SETGROUPS           26      /* =pm setgroups(2) */
  72 #define AUE_SETPGRP             27      /* =pm setpgrp(2) */
  73 #define AUE_SWAPON              28      /* =no swapon(2) */
  74 #define AUE_SETHOSTNAME         29      /* =no sethostname(2) */
  75 #define AUE_FCNTL               30      /* =fm fcntl(2) */
  76 #define AUE_SETPRIORITY         31      /* =no setpriority(2) */
  77 #define AUE_CONNECT             32      /* =nt connect(2) */
  78 #define AUE_ACCEPT              33      /* =nt accept(2) */
  79 #define AUE_BIND                34      /* =nt bind(2) */
  80 #define AUE_SETSOCKOPT          35      /* =nt setsockopt(2) */
  81 #define AUE_VTRACE              36      /* =no vtrace(2) */
  82 #define AUE_SETTIMEOFDAY        37      /* =no settimeofday(2) */
  83 #define AUE_FCHOWN              38      /* =fm fchown(2) */
  84 #define AUE_FCHMOD              39      /* =fm fchmod(2) */
  85 #define AUE_SETREUID            40      /* =pm setreuid(2) */
  86 #define AUE_SETREGID            41      /* =pm setregid(2) */
  87 #define AUE_RENAME              42      /* =fc,fd rename(2) */
  88 #define AUE_TRUNCATE            43      /* =no truncate(2) */
  89 #define AUE_FTRUNCATE           44      /* =no ftruncate(2) */
  90 #define AUE_FLOCK               45      /* =no flock(2) */
  91 #define AUE_SHUTDOWN            46      /* =nt shutdown(2) */
  92 #define AUE_MKDIR               47      /* =fc mkdir(2) */
  93 #define AUE_RMDIR               48      /* =fd rmdir(2) */
  94 #define AUE_UTIMES              49      /* =fm futimens(2), utimensat(2) */
  95 #define AUE_ADJTIME             50      /* =as adjtime(2) */
  96 #define AUE_SETRLIMIT           51      /* =ua setrlimit(2) */
  97 #define AUE_KILLPG              52      /* =no killpg(2) */
  98 #define AUE_NFS_SVC             53      /* =no nfs_svc(2) */
  99 #define AUE_STATFS              54      /* =fa statfs(2) */
 100 #define AUE_FSTATFS             55      /* =fa fstatfs(2) */
 101 #define AUE_UNMOUNT             56      /* =no unmount(2) */
 102 #define AUE_ASYNC_DAEMON        57      /* =no async_daemon(2) */
 103 #define AUE_NFS_GETFH           58      /* =no nfs_getfh(2) */
 104 #define AUE_SETDOMAINNAME       59      /* =no setdomainname(2) */
 105 #define AUE_QUOTACTL            60      /* =no quotactl(2) */
 106 #define AUE_EXPORTFS            61      /* =no exportfs(2) */
 107 #define AUE_MOUNT               62      /* =as mount(2) */
 108 #define AUE_SEMSYS              63      /* =no semsys(2): place holder */
 109 #define AUE_MSGSYS              64      /* =no msgsys(2): place holder */
 110 #define AUE_SHMSYS              65      /* =no shmsys(2): place holder */
 111 #define AUE_BSMSYS              66      /* =no bsmsys(2): place holder */
 112 #define AUE_RFSSYS              67      /* =no rfssys(2): place holder */
 113 #define AUE_FCHDIR              68      /* =pm fchdir(2) */
 114 #define AUE_FCHROOT             69      /* =pm fchroot(2) */
 115 #define AUE_VPIXSYS             70      /* =no obsolete */
 116 #define AUE_PATHCONF            71      /* =fa pathconf(2) */
 117 #define AUE_OPEN_R              72      /* =fr open(2): read */
 118 #define AUE_OPEN_RC             73      /* =fc,fr open(2): read,creat */
 119 #define AUE_OPEN_RT             74      /* =fd,fr open(2): read,trunc */
 120 #define AUE_OPEN_RTC            75      /* =fc,fd,fr open(2): rd,cr,tr */
 121 #define AUE_OPEN_W              76      /* =fw open(2): write */
 122 #define AUE_OPEN_WC             77      /* =fc,fw open(2): write,creat */
 123 #define AUE_OPEN_WT             78      /* =fd,fw open(2): write,trunc */
 124 #define AUE_OPEN_WTC            79      /* =fc,fd,fw open(2): wr,cr,tr */
 125 #define AUE_OPEN_RW             80      /* =fr,fw open(2): read,write */
 126 #define AUE_OPEN_RWC            81      /* =fc,fw,fr open(2): rd,wr,cr */
 127 #define AUE_OPEN_RWT            82      /* =fd,fr,fw open(2): rd,wr,tr */
 128 #define AUE_OPEN_RWTC           83      /* =fc,fd,fw,fr open(2): rd,wr,cr,tr */
 129 #define AUE_MSGCTL              84      /* =ip msgctl(2): illegal command */
 130 #define AUE_MSGCTL_RMID         85      /* =ip msgctl(2): IPC_RMID command */
 131 #define AUE_MSGCTL_SET          86      /* =ip msgctl(2): IPC_SET command */
 132 #define AUE_MSGCTL_STAT         87      /* =ip msgctl(2): IPC_STAT command */
 133 #define AUE_MSGGET              88      /* =ip msgget(2) */
 134 #define AUE_MSGRCV              89      /* =ip msgrcv(2) */
 135 #define AUE_MSGSND              90      /* =ip msgsnd(2) */
 136 #define AUE_SHMCTL              91      /* =ip shmctl(2): Illegal command */
 137 #define AUE_SHMCTL_RMID         92      /* =ip shmctl(2): IPC_RMID command */
 138 #define AUE_SHMCTL_SET          93      /* =ip shmctl(2): IPC_SET command */
 139 #define AUE_SHMCTL_STAT         94      /* =ip shmctl(2): IPC_STAT command */
 140 #define AUE_SHMGET              95      /* =ip shmget(2) */
 141 #define AUE_SHMAT               96      /* =ip shmat(2) */
 142 #define AUE_SHMDT               97      /* =ip shmdt(2) */
 143 #define AUE_SEMCTL              98      /* =ip semctl(2): illegal command */
 144 #define AUE_SEMCTL_RMID         99      /* =ip semctl(2): IPC_RMID command */
 145 #define AUE_SEMCTL_SET          100     /* =ip semctl(2): IPC_SET command */
 146 #define AUE_SEMCTL_STAT         101     /* =ip semctl(2): IPC_STAT command */
 147 #define AUE_SEMCTL_GETNCNT      102     /* =ip semctl(2): GETNCNT command */
 148 #define AUE_SEMCTL_GETPID       103     /* =ip semctl(2): GETPID command */
 149 #define AUE_SEMCTL_GETVAL       104     /* =ip semctl(2): GETVAL command */
 150 #define AUE_SEMCTL_GETALL       105     /* =ip semctl(2): GETALL command */
 151 #define AUE_SEMCTL_GETZCNT      106     /* =ip semctl(2): GETZCNT command */
 152 #define AUE_SEMCTL_SETVAL       107     /* =ip semctl(2): SETVAL command */
 153 #define AUE_SEMCTL_SETALL       108     /* =ip semctl(2): SETALL command */
 154 #define AUE_SEMGET              109     /* =ip semget(2) */
 155 #define AUE_SEMOP               110     /* =ip semop(2) */
 156 #define AUE_CORE                111     /* =fc process dumped core */
 157 #define AUE_CLOSE               112     /* =cl close(2) */
 158 #define AUE_SYSTEMBOOT          113     /* =na system booted */
 159 #define AUE_ASYNC_DAEMON_EXIT   114     /* =no async_daemon(2) exited */
 160 #define AUE_NFSSVC_EXIT         115     /* =no nfssvc(2) exited */
 161 #define AUE_PFEXEC              116     /* =ps,ex,ua,as execve(2) w/ pfexec */
 162 #define AUE_OPEN_S              117     /* =fr open(2): search */
 163 #define AUE_OPEN_E              118     /* =fr open(2): exec */
 164 /*
 165  * 119 - 129 are available for future growth (old SunOS_CMW events
 166  * that had no libbsm or praudit support or references)
 167  */
 168 #define AUE_GETAUID             130     /* =aa getauid(2) */
 169 #define AUE_SETAUID             131     /* =aa setauid(2) */
 170 #define AUE_GETAUDIT            132     /* =aa getaudit(2) */
 171 #define AUE_SETAUDIT            133     /* =aa setaudit(2) */
 172 /*                              134         OBSOLETE */
 173 /*                              135         OBSOLETE */
 174 #define AUE_AUDITSVC            136     /* =no obsolete */
 175 /*                              137         OBSOLETE */
 176 #define AUE_AUDITON             138     /* =no auditon(2) */
 177 #define AUE_AUDITON_GTERMID     139     /* =no auditctl(2): GETTERMID */
 178 #define AUE_AUDITON_STERMID     140     /* =no auditctl(2): SETTERMID */
 179 #define AUE_AUDITON_GPOLICY     141     /* =aa auditctl(2): GETPOLICY */
 180 #define AUE_AUDITON_SPOLICY     142     /* =as auditctl(2): SETPOLICY */
 181 #define AUE_AUDITON_GESTATE     143     /* =no auditctl(2): GETESTATE */
 182 #define AUE_AUDITON_SESTATE     144     /* =no auditctl(2): SETESTATE */
 183 #define AUE_AUDITON_GQCTRL      145     /* =as auditctl(2): GETQCTRL */
 184 #define AUE_AUDITON_SQCTRL      146     /* =as auditctl(2): SETQCTRL */
 185 /*                              147         OBSOLETE */
 186 /*                              148         OBSOLETE */
 187 /*                              149         OBSOLETE */
 188 /*                              150         OBSOLETE */
 189 /*                              151         OBSOLETE */
 190 /*                              152         OBSOLETE */
 191 #define AUE_ENTERPROM           153     /* =na enter prom */
 192 #define AUE_EXITPROM            154     /* =na exit prom */
 193 /*                              155         OBSOLETE */
 194 /*                              156         OBSOLETE */
 195 /*                              157         OBSOLETE */
 196 #define AUE_IOCTL               158     /* =io ioctl(2) */
 197 /*                              159         OBSOLETE */
 198 /*                              160         OBSOLETE */
 199 /*                              161         OBSOLETE */
 200 /*                              162         OBSOLETE */
 201 /*                              163         OBSOLETE */
 202 /*                              164         OBSOLETE */
 203 /*                              165         OBSOLETE */
 204 /*                              166         OBSOLETE */
 205 /*                              167         OBSOLETE */
 206 /*                              168         OBSOLETE */
 207 /*                              169         OBSOLETE */
 208 /*                              170         OBSOLETE */
 209 /*                              171         OBSOLETE */
 210 /*                              172         OBSOLETE */
 211 #define AUE_ONESIDE             173     /* =no one-sided session record */
 212 #define AUE_MSGGETL             174     /* =no msggetl(2) */
 213 #define AUE_MSGRCVL             175     /* =no msgrcvl(2) */
 214 #define AUE_MSGSNDL             176     /* =no msgsndl(2) */
 215 #define AUE_SEMGETL             177     /* =no semgetl(2) */
 216 #define AUE_SHMGETL             178     /* =no shmgetl(2) */
 217 /*                              179         OBSOLETE */
 218 /*                              180         OBSOLETE */
 219 /*                              181         OBSOLETE */
 220 /*                              182         OBSOLETE */
 221 #define AUE_SOCKET              183     /* =nt socket(2) */
 222 #define AUE_SENDTO              184     /* =nt sendto(2) */
 223 #define AUE_PIPE                185     /* =no pipe(2) */
 224 #define AUE_SOCKETPAIR          186     /* =no socketpair(2) */
 225 #define AUE_SEND                187     /* =no send(2) */
 226 #define AUE_SENDMSG             188     /* =nt sendmsg(2) */
 227 #define AUE_RECV                189     /* =no recv(2) */
 228 #define AUE_RECVMSG             190     /* =nt recvmsg(2) */
 229 #define AUE_RECVFROM            191     /* =nt recvfrom(2) */
 230 #define AUE_READ                192     /* =no read(2) */
 231 #define AUE_GETDENTS            193     /* =no getdents(2) */
 232 #define AUE_LSEEK               194     /* =no lseek(2) */
 233 #define AUE_WRITE               195     /* =no write(2) */
 234 #define AUE_WRITEV              196     /* =no writev(2) */
 235 #define AUE_NFS                 197     /* =no NFS server */
 236 #define AUE_READV               198     /* =no readv(2) */
 237 #define AUE_OSTAT               199     /* =no obsolete */
 238 #define AUE_SETUID              200     /* =pm old setuid(2) */
 239 #define AUE_STIME               201     /* =as old stime(2) */
 240 #define AUE_UTIME               202     /* =no obsolete */
 241 #define AUE_NICE                203     /* =pm old nice(2) */
 242 #define AUE_OSETPGRP            204     /* =no old setpgrp(2) */
 243 #define AUE_SETGID              205     /* =pm old setgid(2) */
 244 #define AUE_READL               206     /* =no readl(2) */
 245 #define AUE_READVL              207     /* =no readvl(2) */
 246 #define AUE_FSTAT               208     /* =no fstat(2) */
 247 #define AUE_DUP2                209     /* =no obsolete */
 248 #define AUE_MMAP                210     /* =no mmap(2) u-o-p */
 249 #define AUE_AUDIT               211     /* =no audit(2) u-o-p */
 250 #define AUE_PRIOCNTLSYS         212     /* =pm priocntlsys */
 251 #define AUE_MUNMAP              213     /* =cl munmap(2) u-o-p */
 252 #define AUE_SETEGID             214     /* =pm setegid(2) */
 253 #define AUE_SETEUID             215     /* =pm seteuid(2) */
 254 #define AUE_PUTMSG              216     /* =nt */
 255 #define AUE_GETMSG              217     /* =nt */
 256 #define AUE_PUTPMSG             218     /* =nt */
 257 #define AUE_GETPMSG             219     /* =nt */
 258 #define AUE_AUDITSYS            220     /* =no place holder */
 259 #define AUE_AUDITON_GETKMASK    221     /* =aa */
 260 #define AUE_AUDITON_SETKMASK    222     /* =as */
 261 #define AUE_AUDITON_GETCWD      223     /* =aa,as */
 262 #define AUE_AUDITON_GETCAR      224     /* =aa,as */
 263 #define AUE_AUDITON_GETSTAT     225     /* =as */
 264 #define AUE_AUDITON_SETSTAT     226     /* =as */
 265 #define AUE_AUDITON_SETUMASK    227     /* =as */
 266 #define AUE_AUDITON_SETSMASK    228     /* =as */
 267 #define AUE_AUDITON_GETCOND     229     /* =aa */
 268 #define AUE_AUDITON_SETCOND     230     /* =as */
 269 #define AUE_AUDITON_GETCLASS    231     /* =aa,as */
 270 #define AUE_AUDITON_SETCLASS    232     /* =as */
 271 #define AUE_FUSERS              233     /* =fa */
 272 #define AUE_STATVFS             234     /* =fa */
 273 #define AUE_XSTAT               235     /* =no obsolete */
 274 #define AUE_LXSTAT              236     /* =no obsolete */
 275 #define AUE_LCHOWN              237     /* =fm */
 276 #define AUE_MEMCNTL             238     /* =ot */
 277 #define AUE_SYSINFO             239     /* =as */
 278 #define AUE_XMKNOD              240     /* =no obsolete */
 279 #define AUE_FORK1               241     /* =ps */
 280 #define AUE_MODCTL              242     /* =no */
 281 #define AUE_MODLOAD             243     /* =as */
 282 #define AUE_MODUNLOAD           244     /* =as */
 283 #define AUE_MODCONFIG           245     /* =no obsolete */
 284 #define AUE_MODADDMAJ           246     /* =as */
 285 #define AUE_SOCKACCEPT          247     /* =nt */
 286 #define AUE_SOCKCONNECT         248     /* =nt */
 287 #define AUE_SOCKSEND            249     /* =nt */
 288 #define AUE_SOCKRECEIVE         250     /* =nt */
 289 #define AUE_ACLSET              251     /* =fm */
 290 #define AUE_FACLSET             252     /* =fm */
 291 #define AUE_DOORFS              253     /* =no */
 292 #define AUE_DOORFS_DOOR_CALL    254     /* =ip */
 293 #define AUE_DOORFS_DOOR_RETURN  255     /* =ip */
 294 #define AUE_DOORFS_DOOR_CREATE  256     /* =ip */
 295 #define AUE_DOORFS_DOOR_REVOKE  257     /* =ip */
 296 #define AUE_DOORFS_DOOR_INFO    258     /* =ip */
 297 #define AUE_DOORFS_DOOR_CRED    259     /* =ip */
 298 #define AUE_DOORFS_DOOR_BIND    260     /* =ip */
 299 #define AUE_DOORFS_DOOR_UNBIND  261     /* =ip */
 300 #define AUE_P_ONLINE            262     /* =as */
 301 #define AUE_PROCESSOR_BIND      263     /* =as */
 302 #define AUE_INST_SYNC           264     /* =as */
 303 #define AUE_SOCKCONFIG          265     /* =nt */
 304 #define AUE_SETAUDIT_ADDR       266     /* =aa setaudit_addr(2) */
 305 #define AUE_GETAUDIT_ADDR       267     /* =aa getaudit_addr(2) */
 306 #define AUE_UMOUNT2             268     /* =as umount2(2) */
 307 #define AUE_FSAT                269     /* =no obsolete */
 308 #define AUE_OPENAT_R            270     /* =no obsolete */
 309 #define AUE_OPENAT_RC           271     /* =no obsolete */
 310 #define AUE_OPENAT_RT           272     /* =no obsolete */
 311 #define AUE_OPENAT_RTC          273     /* =no obsolete */
 312 #define AUE_OPENAT_W            274     /* =no obsolete */
 313 #define AUE_OPENAT_WC           275     /* =no obsolete */
 314 #define AUE_OPENAT_WT           276     /* =no obsolete */
 315 #define AUE_OPENAT_WTC          277     /* =no obsolete */
 316 #define AUE_OPENAT_RW           278     /* =no obsolete */
 317 #define AUE_OPENAT_RWC          279     /* =no obsolete */
 318 #define AUE_OPENAT_RWT          280     /* =no obsolete */
 319 #define AUE_OPENAT_RWTC         281     /* =no obsolete */
 320 #define AUE_RENAMEAT            282     /* =no obsolete */
 321 #define AUE_FSTATAT             283     /* =no obsolete */
 322 #define AUE_FCHOWNAT            284     /* =no obsolete */
 323 #define AUE_FUTIMESAT           285     /* =no obsolete */
 324 #define AUE_UNLINKAT            286     /* =no obsolete */
 325 #define AUE_CLOCK_SETTIME       287     /* =as clock_settime(3RT) */
 326 #define AUE_NTP_ADJTIME         288     /* =as ntp_adjtime(2) */
 327 #define AUE_SETPPRIV            289     /* =pm setppriv(2) */
 328 #define AUE_MODDEVPLCY          290     /* =as modctl(2) */
 329 #define AUE_MODADDPRIV          291     /* =as modctl(2) */
 330 #define AUE_CRYPTOADM           292     /* =as kernel cryptographic framework */
 331 #define AUE_CONFIGKSSL          293     /* =as kernel SSL */
 332 #define AUE_BRANDSYS            294     /* =ot */
 333 #define AUE_PF_POLICY_ADDRULE   295     /* =as Add IPsec policy rule */
 334 #define AUE_PF_POLICY_DELRULE   296     /* =as Delete IPsec policy rule */
 335 #define AUE_PF_POLICY_CLONE     297     /* =as Clone IPsec policy */
 336 #define AUE_PF_POLICY_FLIP      298     /* =as Flip IPsec policy */
 337 #define AUE_PF_POLICY_FLUSH     299     /* =as Flush IPsec policy rules */
 338 #define AUE_PF_POLICY_ALGS      300     /* =as Update IPsec algorithms */
 339 #define AUE_PORTFS              301     /* =no portfs(2) - place holder */
 340 #define AUE_LABELSYS_TNRH       302     /* =as tnrh(2) */
 341 #define AUE_LABELSYS_TNRHTP     303     /* =as tnrhtp(2) */
 342 #define AUE_LABELSYS_TNMLP      304     /* =as tnmlp(2) */
 343 #define AUE_PORTFS_ASSOCIATE    305     /* =fa portfs(2) - port associate */
 344 #define AUE_PORTFS_DISSOCIATE   306     /* =fa portfs(2) - port disassociate */
 345 #define AUE_SETSID              307     /* =pm setsid(2) */
 346 #define AUE_SETPGID             308     /* =pm setpgid(2) */
 347 #define AUE_FACCESSAT           309     /* =no obsolete */
 348 #define AUE_AUDITON_GETAMASK    310     /* =aa */
 349 #define AUE_AUDITON_SETAMASK    311     /* =as */
 350 
 351 
 352 
 353 /* NOTE: update MAX_KEVENTS below if events are added. */
 354 
 355 #define MAX_KEVENTS             311
 356 
 357 
 358 #ifdef __cplusplus
 359 }
 360 #endif
 361 
 362 #endif /* _BSM_AUDIT_KEVENTS_H */