1 <?xml version="1.0" encoding="UTF-8" ?> 2 3 <!-- 4 Copyright 2010 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 --> 26 27 28 <!--Entity Definitions--> 29 30 <!-- timeattr or iso8601 31 32 timeattr: 33 the time/date to the second in strftime(3C) default format, 34 followed by milliseconds offset. 35 36 Example: time="Mon May 06 12:10:18 2002" msec="750" 37 38 iso8601: 39 ISO 8601 standard format date time and timezone; 40 YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with 41 milliseconds + or - offset from Universal Time (UTC, aka GMT) 42 43 Example: iso8601="2003-09-17 16:47:41.831 -07:00" 44 45 --> 46 <!ENTITY % timeattr "time CDATA #IMPLIED 47 msec CDATA #IMPLIED"> 48 49 <!ENTITY % iso8601 "iso8601 CDATA #IMPLIED"> 50 51 <!-- xinfo Generic info for X related tokens. --> 52 <!ENTITY % xinfo "xid CDATA #REQUIRED 53 xcreator-uid CDATA #REQUIRED"> 54 55 <!-- reserved_toks 56 57 This represents the set of "reserved" tokens whose placement is 58 fixed. 59 60 --> 61 <!ENTITY % reserved_toks "( 62 file | 63 record | 64 host | 65 sequence 66 ) 67 "> 68 69 <!-- normaltoks 70 71 This represents the set of all tokens other than the "reserved" 72 tokens. 73 74 --> 75 <!ENTITY % normaltoks "( 76 acl | 77 arbitrary | 78 argument | 79 attribute | 80 cmd | 81 exit | 82 exec_args | 83 exec_env | 84 fmri | 85 group | 86 ip | 87 ip_address | 88 IPC | 89 IPC_perm | 90 ip_port | 91 liaison | 92 opaque | 93 path | 94 path_attr | 95 privilege | 96 process | 97 return | 98 sensitivity_label | 99 old_socket | 100 socket | 101 subject | 102 text | 103 user | 104 use_of_authorization | 105 use_of_privilege | 106 X_atom | 107 X_client | 108 X_color_map | 109 X_cursor | 110 X_font | 111 X_graphic_context | 112 X_pixmap | 113 X_property | 114 X_selection | 115 X_window | 116 zone 117 ) 118 "> 119 120 <!--Element Definitions--> 121 122 <!-- 123 124 The main element, "audit", consists of a sequence of file & record tokens. 125 126 --> 127 <!ELEMENT audit (file | record)*> 128 129 <!-- file token --> 130 <!ELEMENT file (#PCDATA)> 131 <!ATTLIST file %iso8601;> 132 133 134 <!-- record token 135 136 Audit records will have this general layout of tokens after the 137 first token (which is the record token): 138 (tokens),subject,group,(tokens),return,sequence,host 139 140 (all tokens after the record token are optional; the host token is unused.) 141 142 --> 143 <!ELEMENT record ( 144 (%normaltoks;)*, 145 sequence?, 146 host? 147 ) 148 > 149 <!ATTLIST record 150 version CDATA #REQUIRED 151 event CDATA #REQUIRED 152 modifier CDATA #IMPLIED 153 host CDATA #IMPLIED 154 %iso8601; 155 > 156 157 <!-- text token --> 158 <!ELEMENT text (#PCDATA)> 159 160 <!-- user token --> 161 <!ELEMENT user EMPTY> 162 <!ATTLIST user 163 uid CDATA #REQUIRED 164 username CDATA #REQUIRED 165 > 166 167 <!-- path token --> 168 <!ELEMENT path (#PCDATA)> 169 170 <!-- path_attr token --> 171 <!ELEMENT path_attr (xattr*)> 172 <!ELEMENT xattr (#PCDATA)> 173 174 <!-- host token --> 175 <!ELEMENT host (#PCDATA)> 176 177 <!-- subject token --> 178 <!ELEMENT subject EMPTY> 179 <!ATTLIST subject 180 audit-uid CDATA #REQUIRED 181 uid CDATA #REQUIRED 182 gid CDATA #REQUIRED 183 ruid CDATA #REQUIRED 184 rgid CDATA #REQUIRED 185 pid CDATA #REQUIRED 186 sid CDATA #REQUIRED 187 tid CDATA #REQUIRED 188 > 189 190 <!-- process token --> 191 <!ELEMENT process EMPTY> 192 <!ATTLIST process 193 audit-uid CDATA #REQUIRED 194 uid CDATA #REQUIRED 195 gid CDATA #REQUIRED 196 ruid CDATA #REQUIRED 197 rgid CDATA #REQUIRED 198 pid CDATA #REQUIRED 199 sid CDATA #REQUIRED 200 tid CDATA #REQUIRED 201 > 202 203 <!-- return token --> 204 <!ELEMENT return EMPTY> 205 <!ATTLIST return 206 errval CDATA #REQUIRED 207 retval CDATA #REQUIRED 208 > 209 210 <!-- exit token --> 211 <!ELEMENT exit EMPTY> 212 <!ATTLIST exit 213 errval CDATA #REQUIRED 214 retval CDATA #REQUIRED 215 > 216 217 <!-- sequence token --> 218 <!ELEMENT sequence EMPTY> 219 <!ATTLIST sequence 220 seq-num CDATA #REQUIRED 221 > 222 223 <!-- fmri token --> 224 <!ELEMENT fmri (#PCDATA)> 225 226 <!-- group token --> 227 <!ELEMENT group (gid)*> 228 <!ELEMENT gid (#PCDATA)> 229 230 <!-- opaque token --> 231 <!ELEMENT opaque (#PCDATA)> 232 233 <!-- liaison token --> 234 <!-- (NOTE: liaison is obsolete and is no longer generated --> 235 <!ELEMENT liaison (#PCDATA)> 236 237 <!-- argument token --> 238 <!ELEMENT argument EMPTY> 239 <!ATTLIST argument 240 arg-num CDATA #REQUIRED 241 value CDATA #REQUIRED 242 desc CDATA #REQUIRED 243 > 244 245 <!-- attribute token --> 246 <!ELEMENT attribute EMPTY> 247 <!ATTLIST attribute 248 mode CDATA #REQUIRED 249 uid CDATA #REQUIRED 250 gid CDATA #REQUIRED 251 fsid CDATA #REQUIRED 252 nodeid CDATA #REQUIRED 253 device CDATA #REQUIRED 254 > 255 256 <!-- cmd token --> 257 <!ELEMENT cmd (argv*, arge*)> 258 <!ELEMENT argv (#PCDATA)> 259 <!ELEMENT arge (#PCDATA)> 260 261 <!-- exec_args token --> 262 <!ELEMENT exec_args (arg*)> 263 <!ELEMENT arg (#PCDATA)> 264 265 <!-- exec_env token --> 266 <!ELEMENT exec_env (env*)> 267 <!ELEMENT env (#PCDATA)> 268 269 <!-- arbitrary token --> 270 <!ELEMENT arbitrary (#PCDATA)> 271 <!ATTLIST arbitrary 272 print CDATA #REQUIRED 273 type CDATA #REQUIRED 274 count CDATA #REQUIRED 275 > 276 277 <!-- privilege token --> 278 <!ELEMENT privilege (#PCDATA)> 279 <!ATTLIST privilege 280 set-type CDATA #REQUIRED 281 > 282 283 <!-- secflags token --> 284 <!ELEMENT secflags (#PCDATA)> 285 <!ATTLIST secflags 286 set-type CDATA #REQUIRED 287 > 288 289 290 <!-- use_of_privilege token --> 291 <!ELEMENT use_of_privilege (#PCDATA)> 292 <!ATTLIST use_of_privilege 293 result CDATA #REQUIRED 294 > 295 296 <!-- sensitivity_label token --> 297 <!ELEMENT sensitivity_label (#PCDATA)> 298 299 <!-- use_of_authorization token --> 300 <!ELEMENT use_of_authorization (#PCDATA)> 301 302 <!-- IPC token --> 303 <!ELEMENT IPC EMPTY> 304 <!ATTLIST IPC 305 ipc-type CDATA #REQUIRED 306 ipc-id CDATA #REQUIRED 307 > 308 309 <!-- IPC_perm token --> 310 <!ELEMENT IPC_perm EMPTY> 311 <!ATTLIST IPC_perm 312 uid CDATA #REQUIRED 313 gid CDATA #REQUIRED 314 creator-uid CDATA #REQUIRED 315 creator-gid CDATA #REQUIRED 316 mode CDATA #REQUIRED 317 seq CDATA #REQUIRED 318 key CDATA #REQUIRED 319 > 320 321 <!-- ip_address token --> 322 <!ELEMENT ip_address (#PCDATA)> 323 324 <!-- ip_port token --> 325 <!-- (NOTE: ip_port is obsolete and is no longer generated --> 326 <!ELEMENT ip_port (#PCDATA)> 327 328 <!-- ip token --> 329 <!-- (NOTE: ip is obsolete and is no longer generated --> 330 <!ELEMENT ip EMPTY> 331 <!ATTLIST ip 332 version CDATA #REQUIRED 333 service_type CDATA #REQUIRED 334 len CDATA #REQUIRED 335 id CDATA #REQUIRED 336 offset CDATA #REQUIRED 337 time_to_live CDATA #REQUIRED 338 protocol CDATA #REQUIRED 339 cksum CDATA #REQUIRED 340 src_addr CDATA #REQUIRED 341 dest_addr CDATA #REQUIRED 342 > 343 344 <!-- old_socket token --> 345 <!ELEMENT old_socket EMPTY> 346 <!ATTLIST old_socket 347 type CDATA #REQUIRED 348 port CDATA #REQUIRED 349 addr CDATA #REQUIRED 350 > 351 352 <!-- socket token --> 353 <!ELEMENT socket EMPTY> 354 <!ATTLIST socket 355 sock_domain CDATA #REQUIRED 356 sock_type CDATA #REQUIRED 357 lport CDATA #REQUIRED 358 laddr CDATA #REQUIRED 359 fport CDATA #REQUIRED 360 faddr CDATA #REQUIRED 361 > 362 363 <!-- acl token --> 364 <!ELEMENT acl EMPTY> 365 <!ATTLIST acl 366 type CDATA #IMPLIED 367 value CDATA #IMPLIED 368 mode CDATA #IMPLIED 369 flags CDATA #IMPLIED 370 id CDATA #IMPLIED 371 access_mask CDATA #IMPLIED 372 > 373 374 <!-- tid token --> 375 <!-- future intent: contain one of ipadr | MTUadr | device --> 376 <!ELEMENT tid (ipadr*)> 377 <!ATTLIST tid 378 type CDATA #REQUIRED 379 > 380 381 <!-- ipadr content of tid token --> 382 <!ELEMENT ipadr EMPTY> 383 <!ATTLIST ipadr 384 local-port CDATA #REQUIRED 385 remote-port CDATA #REQUIRED 386 host CDATA #REQUIRED 387 > 388 389 <!-- X_atom token --> 390 <!ELEMENT X_atom (#PCDATA)> 391 392 <!-- X_color_map token --> 393 <!ELEMENT X_color_map EMPTY> 394 <!ATTLIST X_color_map %xinfo;> 395 396 <!-- X_cursor token --> 397 <!ELEMENT X_cursor EMPTY> 398 <!ATTLIST X_cursor %xinfo;> 399 400 <!-- X_font token --> 401 <!ELEMENT X_font EMPTY> 402 <!ATTLIST X_font %xinfo;> 403 404 <!-- X_graphic_context token --> 405 <!ELEMENT X_graphic_context EMPTY> 406 <!ATTLIST X_graphic_context %xinfo;> 407 408 <!-- X_pixmap token --> 409 <!ELEMENT X_pixmap EMPTY> 410 <!ATTLIST X_pixmap %xinfo;> 411 412 <!-- X_window token --> 413 <!ELEMENT X_window EMPTY> 414 <!ATTLIST X_window %xinfo;> 415 416 <!-- X_property token --> 417 <!ELEMENT X_property (#PCDATA)> 418 <!ATTLIST X_property %xinfo;> 419 420 <!-- X_client token --> 421 <!ELEMENT X_client (#PCDATA)> 422 423 <!-- X_selection token --> 424 <!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)> 425 <!ELEMENT x_sel_text (#PCDATA)> 426 <!ELEMENT x_sel_type (#PCDATA)> 427 <!ELEMENT x_sel_data (#PCDATA)> 428 429 <!-- zonename token --> 430 <!ELEMENT zone EMPTY> 431 <!ATTLIST zone 432 name CDATA #REQUIRED 433 >