1 <?xml version="1.0" encoding="UTF-8" ?> 2 3 <!-- 4 Copyright 2010 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 --> 26 27 28 <!--Entity Definitions--> 29 30 <!-- timeattr or iso8601 31 32 timeattr: 33 the time/date to the second in strftime(3C) default format, 34 followed by milliseconds offset. 35 36 Example: time="Mon May 06 12:10:18 2002" msec="750" 37 38 iso8601: 39 ISO 8601 standard format date time and timezone; 40 YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with 41 milliseconds + or - offset from Universal Time (UTC, aka GMT) 42 43 Example: iso8601="2003-09-17 16:47:41.831 -07:00" 44 45 --> 46 <!ENTITY % timeattr "time CDATA #IMPLIED 47 msec CDATA #IMPLIED"> 48 49 <!ENTITY % iso8601 "iso8601 CDATA #IMPLIED"> 50 51 <!-- xinfo Generic info for X related tokens. --> 52 <!ENTITY % xinfo "xid CDATA #REQUIRED 53 xcreator-uid CDATA #REQUIRED"> 54 55 <!-- reserved_toks 56 57 This represents the set of "reserved" tokens whose placement is 58 fixed. 59 60 --> 61 <!ENTITY % reserved_toks "( 62 file | 63 record | 64 host | 65 sequence 66 ) 67 "> 68 69 <!-- normaltoks 70 71 This represents the set of all tokens other than the "reserved" 72 tokens. 73 74 --> 75 <!ENTITY % normaltoks "( 76 acl | 77 arbitrary | 78 argument | 79 attribute | 80 cmd | 81 exit | 82 exec_args | 83 exec_env | 84 fmri | 85 group | 86 ip | 87 ip_address | 88 IPC | 89 IPC_perm | 90 ip_port | 91 liaison | 92 opaque | 93 path | 94 path_attr | 95 privilege | 96 process | 97 return | 98 sensitivity_label | 99 old_socket | 100 socket | 101 subject | 102 text | 103 user | 104 use_of_authorization | 105 use_of_privilege | 106 X_atom | 107 X_client | 108 X_color_map | 109 X_cursor | 110 X_font | 111 X_graphic_context | 112 X_pixmap | 113 X_property | 114 X_selection | 115 X_window | 116 zone 117 ) 118 "> 119 120 <!--Element Definitions--> 121 122 <!-- 123 124 The main element, "audit", consists of a sequence of file & record tokens. 125 126 --> 127 <!ELEMENT audit (file | record)*> 128 129 <!-- file token --> 130 <!ELEMENT file (#PCDATA)> 131 <!ATTLIST file %iso8601;> 132 133 134 <!-- record token 135 136 Audit records will have this general layout of tokens after the 137 first token (which is the record token): 138 (tokens),subject,group,(tokens),return,sequence,host 139 140 (all tokens after the record token are optional; the host token is unused.) 141 142 --> 143 <!ELEMENT record ( 144 (%normaltoks;)*, 145 sequence?, 146 host? 147 ) 148 > 149 <!ATTLIST record 150 version CDATA #REQUIRED 151 event CDATA #REQUIRED 152 modifier CDATA #IMPLIED 153 host CDATA #IMPLIED 154 %iso8601; 155 > 156 157 <!-- text token --> 158 <!ELEMENT text (#PCDATA)> 159 160 <!-- user token --> 161 <!ELEMENT user EMPTY> 162 <!ATTLIST user 163 uid CDATA #REQUIRED 164 username CDATA #REQUIRED 165 > 166 167 <!-- path token --> 168 <!ELEMENT path (#PCDATA)> 169 170 <!-- path_attr token --> 171 <!ELEMENT path_attr (xattr*)> 172 <!ELEMENT xattr (#PCDATA)> 173 174 <!-- host token --> 175 <!ELEMENT host (#PCDATA)> 176 177 <!-- subject token --> 178 <!ELEMENT subject EMPTY> 179 <!ATTLIST subject 180 audit-uid CDATA #REQUIRED 181 uid CDATA #REQUIRED 182 gid CDATA #REQUIRED 183 ruid CDATA #REQUIRED 184 rgid CDATA #REQUIRED 185 pid CDATA #REQUIRED 186 sid CDATA #REQUIRED 187 tid CDATA #REQUIRED 188 > 189 190 <!-- process token --> 191 <!ELEMENT process EMPTY> 192 <!ATTLIST process 193 audit-uid CDATA #REQUIRED 194 uid CDATA #REQUIRED 195 gid CDATA #REQUIRED 196 ruid CDATA #REQUIRED 197 rgid CDATA #REQUIRED 198 pid CDATA #REQUIRED 199 sid CDATA #REQUIRED 200 tid CDATA #REQUIRED 201 > 202 203 <!-- return token --> 204 <!ELEMENT return EMPTY> 205 <!ATTLIST return 206 errval CDATA #REQUIRED 207 retval CDATA #REQUIRED 208 > 209 210 <!-- exit token --> 211 <!ELEMENT exit EMPTY> 212 <!ATTLIST exit 213 errval CDATA #REQUIRED 214 retval CDATA #REQUIRED 215 > 216 217 <!-- sequence token --> 218 <!ELEMENT sequence EMPTY> 219 <!ATTLIST sequence 220 seq-num CDATA #REQUIRED 221 > 222 223 <!-- fmri token --> 224 <!ELEMENT fmri (#PCDATA)> 225 226 <!-- group token --> 227 <!ELEMENT group (gid)*> 228 <!ELEMENT gid (#PCDATA)> 229 230 <!-- opaque token --> 231 <!ELEMENT opaque (#PCDATA)> 232 233 <!-- liaison token --> 234 <!-- (NOTE: liaison is obsolete and is no longer generated --> 235 <!ELEMENT liaison (#PCDATA)> 236 237 <!-- argument token --> 238 <!ELEMENT argument EMPTY> 239 <!ATTLIST argument 240 arg-num CDATA #REQUIRED 241 value CDATA #REQUIRED 242 desc CDATA #REQUIRED 243 > 244 245 <!-- attribute token --> 246 <!ELEMENT attribute EMPTY> 247 <!ATTLIST attribute 248 mode CDATA #REQUIRED 249 uid CDATA #REQUIRED 250 gid CDATA #REQUIRED 251 fsid CDATA #REQUIRED 252 nodeid CDATA #REQUIRED 253 device CDATA #REQUIRED 254 > 255 256 <!-- cmd token --> 257 <!ELEMENT cmd (argv*, arge*)> 258 <!ELEMENT argv (#PCDATA)> 259 <!ELEMENT arge (#PCDATA)> 260 261 <!-- exec_args token --> 262 <!ELEMENT exec_args (arg*)> 263 <!ELEMENT arg (#PCDATA)> 264 265 <!-- exec_env token --> 266 <!ELEMENT exec_env (env*)> 267 <!ELEMENT env (#PCDATA)> 268 269 <!-- arbitrary token --> 270 <!ELEMENT arbitrary (#PCDATA)> 271 <!ATTLIST arbitrary 272 print CDATA #REQUIRED 273 type CDATA #REQUIRED 274 count CDATA #REQUIRED 275 > 276 277 <!-- privilege token --> 278 <!ELEMENT privilege (#PCDATA)> 279 <!ATTLIST privilege 280 set-type CDATA #REQUIRED 281 > 282 283 <!-- use_of_privilege token --> 284 <!ELEMENT use_of_privilege (#PCDATA)> 285 <!ATTLIST use_of_privilege 286 result CDATA #REQUIRED 287 > 288 289 <!-- sensitivity_label token --> 290 <!ELEMENT sensitivity_label (#PCDATA)> 291 292 <!-- use_of_authorization token --> 293 <!ELEMENT use_of_authorization (#PCDATA)> 294 295 <!-- IPC token --> 296 <!ELEMENT IPC EMPTY> 297 <!ATTLIST IPC 298 ipc-type CDATA #REQUIRED 299 ipc-id CDATA #REQUIRED 300 > 301 302 <!-- IPC_perm token --> 303 <!ELEMENT IPC_perm EMPTY> 304 <!ATTLIST IPC_perm 305 uid CDATA #REQUIRED 306 gid CDATA #REQUIRED 307 creator-uid CDATA #REQUIRED 308 creator-gid CDATA #REQUIRED 309 mode CDATA #REQUIRED 310 seq CDATA #REQUIRED 311 key CDATA #REQUIRED 312 > 313 314 <!-- ip_address token --> 315 <!ELEMENT ip_address (#PCDATA)> 316 317 <!-- ip_port token --> 318 <!-- (NOTE: ip_port is obsolete and is no longer generated --> 319 <!ELEMENT ip_port (#PCDATA)> 320 321 <!-- ip token --> 322 <!-- (NOTE: ip is obsolete and is no longer generated --> 323 <!ELEMENT ip EMPTY> 324 <!ATTLIST ip 325 version CDATA #REQUIRED 326 service_type CDATA #REQUIRED 327 len CDATA #REQUIRED 328 id CDATA #REQUIRED 329 offset CDATA #REQUIRED 330 time_to_live CDATA #REQUIRED 331 protocol CDATA #REQUIRED 332 cksum CDATA #REQUIRED 333 src_addr CDATA #REQUIRED 334 dest_addr CDATA #REQUIRED 335 > 336 337 <!-- old_socket token --> 338 <!ELEMENT old_socket EMPTY> 339 <!ATTLIST old_socket 340 type CDATA #REQUIRED 341 port CDATA #REQUIRED 342 addr CDATA #REQUIRED 343 > 344 345 <!-- socket token --> 346 <!ELEMENT socket EMPTY> 347 <!ATTLIST socket 348 sock_domain CDATA #REQUIRED 349 sock_type CDATA #REQUIRED 350 lport CDATA #REQUIRED 351 laddr CDATA #REQUIRED 352 fport CDATA #REQUIRED 353 faddr CDATA #REQUIRED 354 > 355 356 <!-- acl token --> 357 <!ELEMENT acl EMPTY> 358 <!ATTLIST acl 359 type CDATA #IMPLIED 360 value CDATA #IMPLIED 361 mode CDATA #IMPLIED 362 flags CDATA #IMPLIED 363 id CDATA #IMPLIED 364 access_mask CDATA #IMPLIED 365 > 366 367 <!-- tid token --> 368 <!-- future intent: contain one of ipadr | MTUadr | device --> 369 <!ELEMENT tid (ipadr*)> 370 <!ATTLIST tid 371 type CDATA #REQUIRED 372 > 373 374 <!-- ipadr content of tid token --> 375 <!ELEMENT ipadr EMPTY> 376 <!ATTLIST ipadr 377 local-port CDATA #REQUIRED 378 remote-port CDATA #REQUIRED 379 host CDATA #REQUIRED 380 > 381 382 <!-- X_atom token --> 383 <!ELEMENT X_atom (#PCDATA)> 384 385 <!-- X_color_map token --> 386 <!ELEMENT X_color_map EMPTY> 387 <!ATTLIST X_color_map %xinfo;> 388 389 <!-- X_cursor token --> 390 <!ELEMENT X_cursor EMPTY> 391 <!ATTLIST X_cursor %xinfo;> 392 393 <!-- X_font token --> 394 <!ELEMENT X_font EMPTY> 395 <!ATTLIST X_font %xinfo;> 396 397 <!-- X_graphic_context token --> 398 <!ELEMENT X_graphic_context EMPTY> 399 <!ATTLIST X_graphic_context %xinfo;> 400 401 <!-- X_pixmap token --> 402 <!ELEMENT X_pixmap EMPTY> 403 <!ATTLIST X_pixmap %xinfo;> 404 405 <!-- X_window token --> 406 <!ELEMENT X_window EMPTY> 407 <!ATTLIST X_window %xinfo;> 408 409 <!-- X_property token --> 410 <!ELEMENT X_property (#PCDATA)> 411 <!ATTLIST X_property %xinfo;> 412 413 <!-- X_client token --> 414 <!ELEMENT X_client (#PCDATA)> 415 416 <!-- X_selection token --> 417 <!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)> 418 <!ELEMENT x_sel_text (#PCDATA)> 419 <!ELEMENT x_sel_type (#PCDATA)> 420 <!ELEMENT x_sel_data (#PCDATA)> 421 422 <!-- zonename token --> 423 <!ELEMENT zone EMPTY> 424 <!ATTLIST zone 425 name CDATA #REQUIRED 426 >