aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/etc/audit_event
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/etc/audit_event')
-rw-r--r--contrib/openbsm/etc/audit_event289
1 files changed, 175 insertions, 114 deletions
diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event
index ae5021a84b21..ebab4ed21abf 100644
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#11 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $
#
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
@@ -234,129 +234,190 @@
267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
268:AUE_CLOCK_SETTIME:clock_settime(2):ad
269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
-301:AUE_GETFSSTAT:getfsstat(2):fa
-302:AUE_PTRACE:ptrace(2):pc
-303:AUE_CHFLAGS:chflags(2):fm
-304:AUE_FCHFLAGS:fchflags(2):fm
-305:AUE_PROFILE:profil(2):pc
-306:AUE_KTRACE:ktrace(2):pc
-307:AUE_SETLOGIN:setlogin(2):pc
+#
+# What follows are deprecated Darwin event numbers that may someday conflict
+# with Solaris events.
+#
+301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa
+302:AUE_DARWIN_PTRACE:ptrace(2):pc
+303:AUE_DARWIN_CHFLAGS:chflags(2):fm
+304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm
+305:AUE_DARWIN_PROFILE:profil(2):pc
+306:AUE_DARWIN_KTRACE:ktrace(2):pc
+307:AUE_DARWIN_SETLOGIN:setlogin(2):pc
308:AUE_DARWIN_REBOOT:reboot(2):ad
-309:AUE_REVOKE:revoke(2):cl
-310:AUE_UMASK:umask(2):pc
-311:AUE_MPROTECT:mprotect(2):fm
+309:AUE_DARWIN_REVOKE:revoke(2):cl
+310:AUE_DARWIN_UMASK:umask(2):pc
+311:AUE_DARWIN_MPROTECT:mprotect(2):fm
312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot
313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad
314:AUE_DARWIN_FLOCK:flock(2):fm
-315:AUE_MKFIFO:mkfifo(2):fc
-316:AUE_POLL:poll(2):no
+315:AUE_DARWIN_MKFIFO:mkfifo(2):fc
+316:AUE_DARWIN_POLL:poll(2):no
317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt
-318:AUE_FUTIMES:futimes(2):fm
-319:AUE_SETSID:setsid(2):pc
-320:AUE_SETPRIVEXEC:setprivexec(2):pc
+318:AUE_DARWIN_FUTIMES:futimes(2):fm
+319:AUE_DARWIN_SETSID:setsid(2):pc
+320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc
321:AUE_DARWIN_NFSSVC:nfssvc(2):ad
322:AUE_DARWIN_GETFH:getfh(2):fa
323:AUE_DARWIN_QUOTACTL:quotactl(2):ad
-324:AUE_ADDPROFILE:system call:pc
-325:AUE_KDEBUGTRACE:system call:pc
-326:AUE_FSTAT:fstat(2):fa
-327:AUE_FPATHCONF:fpathconf(2):fa
-328:AUE_GETDIRENTRIES:getdirentries(2):fr
+324:AUE_DARWIN_ADDPROFILE:system call:pc
+325:AUE_DARWIN_KDEBUGTRACE:system call:pc
+326:AUE_DARWIN_FSTAT:fstat(2):fa
+327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
+328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
329:AUE_DARWIN_TRUNCATE:truncate(2):fw
330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
-331:AUE_SYSCTL:sysctl(3):ad
-332:AUE_MLOCK:mlock(2):pc
-333:AUE_MUNLOCK:munlock(2):pc
-334:AUE_UNDELETE:undelete(2):fm
-335:AUE_GETATTRLIST:getattrlist():fa
-336:AUE_SETATTRLIST:setattrlist():fm
-337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
-338:AUE_EXCHANGEDATA:exchangedata():fw
-339:AUE_SEARCHFS:searchfs():fa
-340:AUE_MINHERIT:minherit(2):pc
-341:AUE_SEMCONFIG:semconfig():ip
-342:AUE_SEMOPEN:sem_open(2):ip
-343:AUE_SEMCLOSE:sem_close(2):ip
-344:AUE_SEMUNLINK:sem_unlink(2):ip
-345:AUE_SHMOPEN:shm_open(2):ip
-346:AUE_SHMUNLINK:shm_unlink(2):ip
-347:AUE_LOADSHFILE:load_shared_file():fr
-348:AUE_RESETSHFILE:reset_shared_file():ot
-349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
-350:AUE_PTHREADKILL:pthread_kill(2):pc
-351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
-352:AUE_AUDITCTL:auditctl(2):ad
-353:AUE_RFORK:rfork(2):pc
-354:AUE_LCHMOD:lchmod(2):fm
-355:AUE_SWAPOFF:swapoff():ad
-356:AUE_INITPROCESS:init_process():pc
-357:AUE_MAPFD:map_fd():fa
-358:AUE_TASKFORPID:task_for_pid():pc
-359:AUE_PIDFORTASK:pid_for_task():pc
-360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
-361:AUE_COPYFILE:copyfile():fr,fw
-362:AUE_LUTIMES:lutimes(2):fm
-363:AUE_LCHFLAGS:lchflags(2):fm
-364:AUE_SENDFILE:sendfile(2):nt
-365:AUE_USELIB:uselib(2):fa
-366:AUE_GETRESUID:getresuid(2):pc
-367:AUE_SETRESUID:setresuid(2):pc
-368:AUE_GETRESGID:getresgid(2):pc
-369:AUE_SETRESGID:setresgid(2):pc
-370:AUE_WAIT4:wait4(2):pc
-371:AUE_LGETFH:lgetfh(2):fa
-372:AUE_FHSTATFS:fhstatfs(2):fa
-373:AUE_FHOPEN:fhopen(2):fa
-374:AUE_FHSTAT:fhstat(2):fa
-375:AUE_JAIL:jail(2):pc
-376:AUE_EACCESS:eaccess(2):fa
-377:AUE_KQUEUE:kqueue(2):no
-378:AUE_KEVENT:kevent(2):no
-379:AUE_FSYNC:fsync(2):fm
-380:AUE_NMOUNT:nmount(2):ad
-381:AUE_BDFLUSH:bdflush(2):ad
-382:AUE_SETFSUID:setfsuid(2):ot
-383:AUE_SETFSGID:setfsgid(2):ot
-384:AUE_PERSONALITY:personality(2):pc
-385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
-386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
-387:AUE_PRCTL:prctl(2):pc
-388:AUE_GETCWD:getcwd(2):pc
-389:AUE_CAPGET:capget(2):pc
-390:AUE_CAPSET:capset(2):pc
-391:AUE_PIVOT_ROOT:pivot_root(2):pc
-392:AUE_RTPRIO::rtprio(2):pc
-393:AUE_SCHED_GETPARAM:sched_getparam(2):ad
-394:AUE_SCHED_SETPARAM:sched_setparam(2):ad
-395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
-396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
-397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
-398:AUE_ACL_GET_FILE:acl_get_file(2):fa
-399:AUE_ACL_SET_FILE:acl_set_file(2):fm
-400:AUE_ACL_GET_FD:acl_get_fd(2):fa
-401:AUE_ACL_SET_FD:acl_set_fd(2):fm
-402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
-403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
-404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
-405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
-406:AUE_ACL_GET_LINK:acl_get_link(2):fa
-407:AUE_ACL_SET_LINK:acl_set_link(2):fm
-408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
-409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
-410:AUE_SYSARCH:sysarch(2):na
-411:AUE_EXTATTRCTL:extattrctl(2):fm
-412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
-413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
-414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
-415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
-416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
-417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
-418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
-419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
-420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
-421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
-422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
-423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
+331:AUE_DARWIN_SYSCTL:sysctl(3):ad
+332:AUE_DARWIN_MLOCK:mlock(2):pc
+333:AUE_DARWIN_MUNLOCK:munlock(2):pc
+334:AUE_DARWIN_UNDELETE:undelete(2):fm
+335:AUE_DARWIN_GETATTRLIST:getattrlist():fa
+336:AUE_DARWIN_SETATTRLIST:setattrlist():fm
+337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa
+338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw
+339:AUE_DARWIN_SEARCHFS:searchfs():fa
+340:AUE_DARWIN_MINHERIT:minherit(2):pc
+341:AUE_DARWIN_SEMCONFIG:semconfig():ip
+342:AUE_DARWIN_SEMOPEN:sem_open(2):ip
+343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip
+344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip
+345:AUE_DARWIN_SHMOPEN:shm_open(2):ip
+346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip
+347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr
+348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot
+349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot
+350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc
+351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc
+352:AUE_DARWIN_AUDITCTL:auditctl(2):ad
+353:AUE_DARWIN_RFORK:rfork(2):pc
+354:AUE_DARWIN_LCHMOD:lchmod(2):fm
+355:AUE_DARWIN_SWAPOFF:swapoff():ad
+356:AUE_DARWIN_INITPROCESS:init_process():pc
+357:AUE_DARWIN_MAPFD:map_fd():fa
+358:AUE_DARWIN_TASKFORPID:task_for_pid():pc
+359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc
+360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot
+361:AUE_DARWIN_COPYFILE:copyfile():fr,fw
+#
+# OpenBSM-specific kernel events.
+#
+43001:AUE_GETFSSTAT:getfsstat(2):fa
+43002:AUE_PTRACE:ptrace(2):pc
+43003:AUE_CHFLAGS:chflags(2):fm
+43004:AUE_FCHFLAGS:fchflags(2):fm
+43005:AUE_PROFILE:profil(2):pc
+43006:AUE_KTRACE:ktrace(2):pc
+43007:AUE_SETLOGIN:setlogin(2):pc
+43008:AUE_REVOKE:revoke(2):cl
+43009:AUE_UMASK:umask(2):pc
+43010:AUE_MPROTECT:mprotect(2):fm
+43011:AUE_MKFIFO:mkfifo(2):fc
+43012:AUE_POLL:poll(2):no
+43013:AUE_FUTIMES:futimes(2):fm
+43014:AUE_SETSID:setsid(2):pc
+43015:AUE_SETPRIVEXEC:setprivexec(2):pc
+43016:AUE_ADDPROFILE:system call:pc
+43017:AUE_KDEBUGTRACE:system call:pc
+43018:AUE_FSTAT:fstat(2):fa
+43019:AUE_FPATHCONF:fpathconf(2):fa
+43020:AUE_GETDIRENTRIES:getdirentries(2):fr
+43021:AUE_SYSCTL:sysctl(3):ad
+43022:AUE_MLOCK:mlock(2):pc
+43023:AUE_MUNLOCK:munlock(2):pc
+43024:AUE_UNDELETE:undelete(2):fm
+43025:AUE_GETATTRLIST:getattrlist():fa
+43026:AUE_SETATTRLIST:setattrlist():fm
+43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
+43028:AUE_EXCHANGEDATA:exchangedata():fw
+43029:AUE_SEARCHFS:searchfs():fa
+43030:AUE_MINHERIT:minherit(2):pc
+43031:AUE_SEMCONFIG:semconfig():ip
+43032:AUE_SEMOPEN:sem_open(2):ip
+43033:AUE_SEMCLOSE:sem_close(2):ip
+43034:AUE_SEMUNLINK:sem_unlink(2):ip
+43035:AUE_SHMOPEN:shm_open(2):ip
+43036:AUE_SHMUNLINK:shm_unlink(2):ip
+43037:AUE_LOADSHFILE:load_shared_file():fr
+43038:AUE_RESETSHFILE:reset_shared_file():ot
+43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
+43040:AUE_PTHREADKILL:pthread_kill(2):pc
+43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
+43042:AUE_AUDITCTL:auditctl(2):ad
+43043:AUE_RFORK:rfork(2):pc
+43044:AUE_LCHMOD:lchmod(2):fm
+43045:AUE_SWAPOFF:swapoff():ad
+43046:AUE_INITPROCESS:init_process():pc
+43047:AUE_MAPFD:map_fd():fa
+43048:AUE_TASKFORPID:task_for_pid():pc
+43049:AUE_PIDFORTASK:pid_for_task():pc
+43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
+43051:AUE_COPYFILE:copyfile():fr,fw
+43052:AUE_LUTIMES:lutimes(2):fm
+43053:AUE_LCHFLAGS:lchflags(2):fm
+43054:AUE_SENDFILE:sendfile(2):nt
+43055:AUE_USELIB:uselib(2):fa
+43056:AUE_GETRESUID:getresuid(2):pc
+43057:AUE_SETRESUID:setresuid(2):pc
+43058:AUE_GETRESGID:getresgid(2):pc
+43059:AUE_SETRESGID:setresgid(2):pc
+43060:AUE_WAIT4:wait4(2):pc
+43061:AUE_LGETFH:lgetfh(2):fa
+43062:AUE_FHSTATFS:fhstatfs(2):fa
+43063:AUE_FHOPEN:fhopen(2):fa
+43064:AUE_FHSTAT:fhstat(2):fa
+43065:AUE_JAIL:jail(2):pc
+43066:AUE_EACCESS:eaccess(2):fa
+43067:AUE_KQUEUE:kqueue(2):no
+43068:AUE_KEVENT:kevent(2):no
+43069:AUE_FSYNC:fsync(2):fm
+43070:AUE_NMOUNT:nmount(2):ad
+43071:AUE_BDFLUSH:bdflush(2):ad
+43072:AUE_SETFSUID:setfsuid(2):ot
+43073:AUE_SETFSGID:setfsgid(2):ot
+43074:AUE_PERSONALITY:personality(2):pc
+43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
+43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
+43077:AUE_PRCTL:prctl(2):pc
+43078:AUE_GETCWD:getcwd(2):pc
+43079:AUE_CAPGET:capget(2):pc
+43080:AUE_CAPSET:capset(2):pc
+43081:AUE_PIVOT_ROOT:pivot_root(2):pc
+43082:AUE_RTPRIO::rtprio(2):pc
+43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad
+43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad
+43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
+43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
+43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
+43088:AUE_ACL_GET_FILE:acl_get_file(2):fa
+43089:AUE_ACL_SET_FILE:acl_set_file(2):fm
+43090:AUE_ACL_GET_FD:acl_get_fd(2):fa
+43091:AUE_ACL_SET_FD:acl_set_fd(2):fm
+43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
+43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
+43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
+43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
+43096:AUE_ACL_GET_LINK:acl_get_link(2):fa
+43097:AUE_ACL_SET_LINK:acl_set_link(2):fm
+43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
+43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
+43100:AUE_SYSARCH:sysarch(2):na
+43101:AUE_EXTATTRCTL:extattrctl(2):fm
+43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
+43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
+43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
+43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
+43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
+43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
+43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
+43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
+43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
+43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
+43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
+43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
+#
+# User space system events.
+#
6152:AUE_login:login - local:lo
6153:AUE_logout:logout - local:lo
6159:AUE_su:su(1):lo