| Current Path : /usr/src/contrib/openbsm/bin/auditd/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //usr/src/contrib/openbsm/bin/auditd/auditd.h |
/*-
* Copyright (c) 2005-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $
*/
#ifndef _AUDITD_H_
#define _AUDITD_H_
#include <sys/types.h>
#include <sys/queue.h>
#include <syslog.h>
#define MAX_DIR_SIZE 255
#define AUDITD_NAME "auditd"
/*
* If defined, then the audit daemon will attempt to chown newly created logs
* to this group. Otherwise, they will be the default for the user running
* auditd, likely the audit group.
*/
#define AUDIT_REVIEW_GROUP "audit"
#define HARDLIM_ALL_WARN "allhard"
#define SOFTLIM_ALL_WARN "allsoft"
#define AUDITOFF_WARN "auditoff"
#define CLOSEFILE_WARN "closefile"
#define EBUSY_WARN "ebusy"
#define GETACDIR_WARN "getacdir"
#define HARDLIM_WARN "hard"
#define NOSTART_WARN "nostart"
#define POSTSIGTERM_WARN "postsigterm"
#define SOFTLIM_WARN "soft"
#define TMPFILE_WARN "tmpfile"
#define EXPIRED_WARN "expired"
#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
#define AUDITD_PIDFILE "/var/run/auditd.pid"
#define AUD_STATE_INIT -1
#define AUD_STATE_DISABLED 0
#define AUD_STATE_ENABLED 1
int audit_warn_allhard(void);
int audit_warn_allsoft(void);
int audit_warn_auditoff(void);
int audit_warn_closefile(char *filename);
int audit_warn_ebusy(void);
int audit_warn_getacdir(char *filename);
int audit_warn_hard(char *filename);
int audit_warn_nostart(void);
int audit_warn_postsigterm(void);
int audit_warn_soft(char *filename);
int audit_warn_tmpfile(void);
int audit_warn_expired(char *filename);
void auditd_openlog(int debug, gid_t gid);
void auditd_log_err(const char *fmt, ...);
void auditd_log_debug(const char *fmt, ...);
void auditd_log_info(const char *fmt, ...);
void auditd_log_notice(const char *fmt, ...);
void auditd_set_state(int state);
int auditd_get_state(void);
int auditd_open_trigger(int launchd_flag);
int auditd_close_trigger(void);
void auditd_handle_trigger(int trigger);
void auditd_wait_for_events(void);
void auditd_relay_signal(int signal);
void auditd_terminate(void);
int auditd_config_controls(void);
void auditd_reap_children(void);
#endif /* !_AUDITD_H_ */