1 ()                                                                          ()
   2 
   3 
   4 
   5 <?xml version="1.0" encoding="UTF-8" ?>
   6 
   7 <!--
   8  Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
   9  Use is subject to license terms.
  10 
  11  CDDL HEADER START
  12 
  13  The contents of this file are subject to the terms of the
  14  Common Development and Distribution License (the "License").
  15  You may not use this file except in compliance with the License.
  16 
  17  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  18  or http://www.opensolaris.org/os/licensing.
  19  See the License for the specific language governing permissions
  20  and limitations under the License.
  21 
  22  When distributing Covered Code, include this CDDL HEADER in each
  23  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  24  If applicable, add the following below this CDDL HEADER, with the
  25  fields enclosed by brackets "[]" replaced with your own identifying
  26  information: Portions Copyright [yyyy] [name of copyright owner]
  27 
  28  CDDL HEADER END -->
  29 
  30 
  31 <!--Entity Definitions-->
  32 
  33 <!-- timeattr or iso8601
  34 
  35 timeattr:      the time/date to the second in strftime(3C) default format,
  36      followed by milliseconds offset.
  37 
  38      Example:  time="Mon May 06 12:10:18 2002" msec="750"
  39 
  40 iso8601:  ISO 8601 standard format date time and timezone;  YYYY-MM-DD
  41 HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with   milliseconds + or
  42 - offset from Universal Time (UTC, aka GMT)       Example:
  43 iso8601="2003-09-17 16:47:41.831 -07:00"
  44 
  45 --> <!ENTITY % timeattr    "time          CDATA #IMPLIED                msec
  46           CDATA #IMPLIED">
  47 
  48 <!ENTITY % iso8601  "iso8601  CDATA #IMPLIED">
  49 
  50 <!-- xinfo     Generic info for      X related tokens.  --> <!ENTITY   % xinfo
  51      "xid      CDATA #REQUIRED               xcreator-uid   CDATA #REQUIRED">
  52 
  53 <!-- reserved_toks
  54 
  55 This represents the set of "reserved" tokens whose placement is fixed.
  56 
  57 --> <!ENTITY % reserved_toks  "(       file           |
  58                record              |              host           |              sequence
  59                ) ">
  60 
  61 <!-- normaltoks
  62 
  63 This represents the set of all tokens other than the "reserved" tokens.
  64 
  65 --> <!ENTITY % normaltoks     "(       acl            |
  66                arbitrary      |              argument       |              attribute      |
  67                cmd            |              exit           |              exec_args      |
  68                exec_env       |              fmri           |              group
  69                |              ip             |              ip_address          |
  70                IPC            |              IPC_perm       |              ip_port
  71                |              liaison             |              opaque              |
  72                path           |              path_attr      |              privilege      |
  73                process             |              return              |
  74                sensitivity_label   |              old_socket          |              socket
  75                |              subject             |              text           |
  76                user           |              use_of_authorization     |
  77                use_of_privilege    |              X_atom              |              X_client
  78           |              X_color_map         |              X_cursor       |
  79                X_font              |              X_graphic_context   |              X_pixmap
  80           |              X_property          |              X_selection         |
  81                X_window       |              zone                ) ">
  82 
  83 <!--Element Definitions-->
  84 
  85 <!--
  86 
  87 The main element, "audit", consists of a sequence of file & record tokens.
  88 
  89 --> <!ELEMENT audit (file | record)*>
  90 
  91 <!-- file token      --> <!ELEMENT file        (#PCDATA)> <!ATTLIST file
  92           %iso8601;>
  93 
  94 
  95 <!-- record token
  96 
  97 Audit records will have this general layout of tokens after the first token
  98 (which is the record token):
  99      (tokens),subject,group,(tokens),return,sequence,host
 100 
 101 (all tokens after the record token are optional; the host token is unused.)
 102 
 103 --> <!ELEMENT record (          (%normaltoks;)*,         sequence?,
 104           host?     ) >      <!ATTLIST record       version        CDATA #REQUIRED
 105           event          CDATA #REQUIRED          modifier  CDATA #IMPLIED
 106           host      CDATA #IMPLIED           %iso8601; >
 107 
 108 <!-- text token      --> <!ELEMENT text        (#PCDATA)>
 109 
 110 <!-- user token      --> <!ELEMENT user EMPTY> <!ATTLIST user     uid
 111           CDATA #REQUIRED          username  CDATA #REQUIRED >
 112 
 113 <!-- path token      --> <!ELEMENT path        (#PCDATA)>
 114 
 115 <!-- path_attr token --> <!ELEMENT path_attr     (xattr*)> <!ELEMENT xattr
 116                (#PCDATA)>
 117 
 118 <!-- host token      --> <!ELEMENT host        (#PCDATA)>
 119 
 120 <!-- subject token --> <!ELEMENT subject     EMPTY> <!ATTLIST subject
 121           audit-uid CDATA #REQUIRED          uid       CDATA #REQUIRED          gid
 122           CDATA #REQUIRED          ruid      CDATA #REQUIRED          rgid      CDATA
 123 #REQUIRED           pid       CDATA #REQUIRED          sid       CDATA
 124 #REQUIRED           tid       CDATA #REQUIRED >
 125 
 126 <!-- process token --> <!ELEMENT process     EMPTY> <!ATTLIST process
 127           audit-uid CDATA #REQUIRED          uid       CDATA #REQUIRED          gid
 128           CDATA #REQUIRED          ruid      CDATA #REQUIRED          rgid      CDATA
 129 #REQUIRED           pid       CDATA #REQUIRED          sid       CDATA
 130 #REQUIRED           tid       CDATA #REQUIRED >
 131 
 132 <!-- return token --> <!ELEMENT        return       EMPTY> <!ATTLIST return
 133           errval         CDATA #REQUIRED          retval         CDATA #REQUIRED >
 134 
 135 <!-- exit token      --> <!ELEMENT exit             EMPTY> <!ATTLIST exit
 136           errval         CDATA #REQUIRED          retval         CDATA #REQUIRED >
 137 
 138 <!-- sequence token -->   <!ELEMENT sequence     EMPTY> <!ATTLIST sequence
 139           seq-num        CDATA #REQUIRED >
 140 
 141 <!-- fmri token      --> <!ELEMENT fmri             (#PCDATA)>
 142 
 143 <!-- group token --> <!ELEMENT group             (gid)*> <!ELEMENT gid
 144                (#PCDATA)>
 145 
 146 <!-- opaque token --> <!ELEMENT        opaque       (#PCDATA)>
 147 
 148 <!-- liaison token --> <!-- (NOTE: liaison is obsolete and is no longer
 149 generated --> <!ELEMENT   liaison         (#PCDATA)>
 150 
 151 <!-- argument token -->   <!ELEMENT argument     EMPTY> <!ATTLIST argument
 152           arg-num        CDATA #REQUIRED          value          CDATA #REQUIRED
 153           desc      CDATA #REQUIRED >
 154 
 155 <!-- attribute token --> <!ELEMENT attribute     EMPTY> <!ATTLIST attribute
 156           mode      CDATA #REQUIRED          uid       CDATA #REQUIRED          gid
 157           CDATA #REQUIRED          fsid      CDATA #REQUIRED          nodeid
 158           CDATA #REQUIRED          device         CDATA #REQUIRED >
 159 
 160 <!-- cmd token --> <!ELEMENT cmd            (argv*, arge*)> <!ELEMENT argv
 161                (#PCDATA)> <!ELEMENT arge         (#PCDATA)>
 162 
 163 <!-- exec_args token --> <!ELEMENT exec_args     (arg*)> <!ELEMENT arg
 164                (#PCDATA)>
 165 
 166 <!-- exec_env token -->   <!ELEMENT exec_env     (env*)> <!ELEMENT env
 167                (#PCDATA)>
 168 
 169 <!-- arbitrary token --> <!ELEMENT arbitrary     (#PCDATA)> <!ATTLIST
 170 arbitrary           print          CDATA #REQUIRED          type      CDATA
 171 #REQUIRED           count          CDATA #REQUIRED >
 172 
 173 <!-- privilege token --> <!ELEMENT privilege     (#PCDATA)> <!ATTLIST
 174 privilege           set-type  CDATA #REQUIRED >
 175 
 176 <!-- secflags token -->   <!ELEMENT secflags     (#PCDATA)> <!ATTLIST
 177 secflags       set-type  CDATA #REQUIRED >
 178 
 179 
 180 <!-- use_of_privilege token -->   <!ELEMENT use_of_privilege  (#PCDATA)>
 181 <!ATTLIST use_of_privilege      result         CDATA #REQUIRED >
 182 
 183 <!-- sensitivity_label token --> <!ELEMENT sensitivity_label    (#PCDATA)>
 184 
 185 <!-- use_of_authorization token      --> <!ELEMENT use_of_authorization
 186      (#PCDATA)>
 187 
 188 <!-- IPC token --> <!ELEMENT IPC            EMPTY> <!ATTLIST IPC
 189           ipc-type  CDATA #REQUIRED          ipc-id         CDATA #REQUIRED >
 190 
 191 <!-- IPC_perm token -->   <!ELEMENT IPC_perm     EMPTY> <!ATTLIST IPC_perm
 192           uid       CDATA #REQUIRED          gid       CDATA #REQUIRED          creator-
 193 uid  CDATA #REQUIRED          creator-gid    CDATA #REQUIRED          mode
 194           CDATA #REQUIRED          seq       CDATA #REQUIRED          key       CDATA
 195 #REQUIRED >
 196 
 197 <!-- ip_address      token --> <!ELEMENT ip_address           (#PCDATA)>
 198 
 199 <!-- ip_port token --> <!-- (NOTE: ip_port is obsolete and is no longer
 200 generated --> <!ELEMENT   ip_port         (#PCDATA)>
 201 
 202 <!-- ip      token --> <!-- (NOTE: ip is obsolete and is no longer generated   -->
 203 <!ELEMENT ip          EMPTY>      <!ATTLIST ip        version        CDATA
 204 #REQUIRED           service_type   CDATA #REQUIRED          len       CDATA
 205 #REQUIRED           id        CDATA #REQUIRED          offset         CDATA
 206 #REQUIRED           time_to_live   CDATA #REQUIRED          protocol  CDATA
 207 #REQUIRED           cksum          CDATA #REQUIRED          src_addr  CDATA
 208 #REQUIRED           dest_addr CDATA #REQUIRED >
 209 
 210 <!-- old_socket      token --> <!ELEMENT old_socket           EMPTY> <!ATTLIST
 211 old_socket          type      CDATA #REQUIRED          port      CDATA
 212 #REQUIRED           addr      CDATA #REQUIRED >
 213 
 214 <!-- socket token --> <!ELEMENT        socket       EMPTY> <!ATTLIST socket
 215           sock_domain    CDATA #REQUIRED          sock_type CDATA #REQUIRED
 216           lport          CDATA #REQUIRED          laddr          CDATA #REQUIRED
 217           fport          CDATA #REQUIRED          faddr          CDATA #REQUIRED >
 218 
 219 <!-- acl token --> <!ELEMENT acl            EMPTY> <!ATTLIST acl
 220           type      CDATA #IMPLIED           value          CDATA #IMPLIED
 221           mode      CDATA #IMPLIED           flags          CDATA #IMPLIED           id
 222           CDATA #IMPLIED           access_mask    CDATA #IMPLIED >
 223 
 224 <!-- tid token --> <!--        future intent: contain one of ipadr | MTUadr | device
 225 --> <!ELEMENT tid       (ipadr*)>      <!ATTLIST tid            type      CDATA
 226 #REQUIRED >
 227 
 228 <!-- ipadr content of tid token      --> <!ELEMENT ipadr                EMPTY>
 229 <!ATTLIST ipadr               local-port     CDATA #REQUIRED          remote-port
 230      CDATA #REQUIRED          host      CDATA #REQUIRED >
 231 
 232 <!-- X_atom token --> <!ELEMENT        X_atom       (#PCDATA)>
 233 
 234 <!-- X_color_map token --> <!ELEMENT X_color_map       EMPTY> <!ATTLIST
 235 X_color_map         %xinfo;>
 236 
 237 <!-- X_cursor token -->   <!ELEMENT X_cursor     EMPTY> <!ATTLIST X_cursor
 238           %xinfo;>
 239 
 240 <!-- X_font token --> <!ELEMENT        X_font       EMPTY> <!ATTLIST X_font
 241           %xinfo;>
 242 
 243 <!-- X_graphic_context token --> <!ELEMENT X_graphic_context    EMPTY>
 244 <!ATTLIST X_graphic_context   %xinfo;>
 245 
 246 <!-- X_pixmap token -->   <!ELEMENT X_pixmap     EMPTY> <!ATTLIST X_pixmap
 247           %xinfo;>
 248 
 249 <!-- X_window token -->   <!ELEMENT X_window     EMPTY> <!ATTLIST X_window
 250           %xinfo;>
 251 
 252 <!-- X_property      token --> <!ELEMENT X_property           (#PCDATA)> <!ATTLIST
 253 X_property          %xinfo;>
 254 
 255 <!-- X_client token -->   <!ELEMENT X_client     (#PCDATA)>
 256 
 257 <!-- X_selection token --> <!ELEMENT X_selection       (xsel_text, xsel_type,
 258 xsel_data)> <!ELEMENT x_sel_text  (#PCDATA)> <!ELEMENT x_sel_type
 259           (#PCDATA)> <!ELEMENT x_sel_data   (#PCDATA)>
 260 
 261 <!-- zonename token -->   <!ELEMENT zone                 EMPTY> <!ATTLIST zone
 262           name      CDATA #REQUIRED >
 263 
 264 
 265 
 266                                  June 2, 2016                               ()