audit(5) audit(5)
NAME
audit - include file for audit event mechanism definitions
SYNOPSIS
#include <sys/audit.h>
DESCRIPTION
This header file includes information necessary to use the
audit feature. It contains macros useful for manipulating the
auditable event bit mask (emask), and the event mask bit
permissions. This information is necessary to properly set
and interpret the event bit mask used with the auditevt(2)
system call.
/* return >1 if event e is to be audited in emask E, 0 otherwise. */
#define EVENTCHK(e,E) (((unsigned int)0x80000000 >> ((e)&0x1F)) & (E)[(e)>>5])
/* set the event in the event vector to 1 (= to be audited) */
#define EVENTADD(e,E) (E)[(e)>>5] |= ((unsigned int)0x80000000 >> ((e)&0x1F))
/* set the event in the event vector to 0 (= NOT to be audited) */
#define EVENTDEL(e,E) (E)[(e)>>5] &= ~((unsigned int)0x80000000 >> ((e)&0x1F))
/* Audit event mask bit positions */
/* SVR4.1 ES */
#define ADT_NULL 0
#define ADT_ACCESS 1 /* access(2) */
#define ADT_ACCT_OFF 2 /* sysacct(2) */
#define ADT_ACCT_ON 3 /* sysacct(2) */
#define ADT_ACCT_SW 4 /* sysacct(2) */
#define ADT_ADD_GRP 5 /* groupadd(1M) */
#define ADT_ADD_USR 6 /* useradd(1M) */
#define ADT_ADD_USR_GRP 7 /* addgrpmem(1M) */
#define ADT_ASSIGN_LID 8 /* lvlname(1M) */
#define ADT_ASSIGN_NM 9 /* lvlname(1M) */
#define ADT_AUDIT_BUF 10 /* auditbuf(2) */
#define ADT_AUDIT_CTL 11 /* auditctl(2) */
#define ADT_AUDIT_DMP 12 /* auditdmp(2) */
#define ADT_AUDIT_EVT 13 /* auditevt(2) */
#define ADT_AUDIT_LOG 14 /* auditlog(2) */
#define ADT_AUDIT_MAP 15 /* auditmap(1M) */
#define ADT_BAD_AUTH 16 /* bad passwd */
#define ADT_BAD_LVL 17 /* bad login lvl */
#define ADT_CANCEL_JOB 18 /* lp */
#define ADT_CHG_DIR 19 /* chg_dir */
#define ADT_CHG_NM 20 /* rename(2) */
#define ADT_CHG_ROOT 21 /* chroot(2) */
#define ADT_CHG_TIMES 22 /* utime(2) */
#define ADT_COV_CHAN_1 23 /* covert channel */
Copyright 1994 Novell, Inc. Page 1
audit(5) audit(5)
#define ADT_COV_CHAN_2 24 /* covert channel */
#define ADT_COV_CHAN_3 25 /* covert channel */
#define ADT_COV_CHAN_4 26 /* covert channel */
#define ADT_COV_CHAN_5 27 /* covert channel */
#define ADT_COV_CHAN_6 28 /* covert channel */
#define ADT_COV_CHAN_7 29 /* covert channel */
#define ADT_COV_CHAN_8 30 /* covert channel */
#define ADT_CREATE 31 /* creat(2) */
#define ADT_CRON 32 /* cron(1M) */
#define ADT_DAC_MODE 33 /* chmod(2) */
#define ADT_DAC_OWN_GRP 34 /* chown(2) */
#define ADT_DATE 35 /* stime(2) adj_time(2) */
#define ADT_DEACTIVATE_LID 36 /* lvldelete(1M) */
#define ADT_DEF_LVL 37 /* login level */
#define ADT_DEL_NM 38 /* lvldelete(1M) */
#define ADT_DISP_ATTR 39 /* devstat(2) fdevstat(2) */
#define ADT_EXEC 40 /* exec(2) */
#define ADT_EXIT 41 /* exit(2) */
#define ADT_FCNTL 42 /* fcntl(2) */
#define ADT_FILE_ACL 43 /* acl(2) */
#define ADT_FILE_LVL 44 /* lvl_file(2) */
#define ADT_FILE_PRIV 45 /* filepriv(2) */
#define ADT_FORK 46 /* fork(2) */
#define ADT_INIT 47 /* init(1M) */
#define ADT_IOCNTL 48 /* ioctl(2) */
#define ADT_IPC_ACL 49 /* aclipc(2) */
#define ADT_KILL 50 /* kill(2) */
#define ADT_LINK 51 /* link(2) */
#define ADT_LOGIN 52 /* success login */
#define ADT_LP_ADMIN 53 /* lp */
#define ADT_LP_MISC 54 /* lp misc */
#define ADT_MISC 55 /* miscellaneous */
#define ADT_MK_DIR 56 /* mkdir(2) */
#define ADT_MK_MLD 57 /* mkmld(2) */
#define ADT_MK_NODE 58 /* mknod(2) */
#define ADT_MOD_GRP 59 /* groupmod(1M) */
#define ADT_MOD_USR 60 /* usermod(1M) */
#define ADT_MOUNT 61 /* mount(2) umount(2) */
#define ADT_MSG_CTL 62 /* IPC message controls */
#define ADT_MSG_GET 63 /* IPC message gets */
#define ADT_MSG_OP 64 /* IPC message operations */
#define ADT_OPEN_RD 65 /* open(2) RD_ONLY */
#define ADT_OPEN_WR 66 /* open(2) WR_ONLY or RDWR*/
#define ADT_PAGE_LVL 67 /* printer page level */
#define ADT_PASSWD 68 /* passwd(1) */
#define ADT_PIPE 69 /* pipe(2) */
Copyright 1994 Novell, Inc. Page 2
audit(5) audit(5)
#define ADT_PM_DENIED 70 /* adt_priv() */
#define ADT_PROC_LVL 71 /* lvlproc(2) */
#define ADT_PRT_JOB 72 /* printer job */
#define ADT_PRT_LVL 73 /* printer level*/
#define ADT_RECVFD 74 /* receive FD */
#define ADT_RM_DIR 75 /* rmdir(2) */
#define ADT_SCHED_LK 76 /* priocntl(2) */
#define ADT_SCHED_RT 77 /* priocntl(2) */
#define ADT_SCHED_TS 78 /* priocntl(2) */
#define ADT_SEM_CTL 79 /* IPC semaphore controls */
#define ADT_SEM_GET 80 /* IPC semaphore gets */
#define ADT_SEM_OP 81 /* IPC semaphore operations */
#define ADT_SET_ATTR 82 /* devstat(2) fdevstat(2) */
#define ADT_SET_GID 83 /* setgid(2) */
#define ADT_SET_GRPS 84 /* setgroups(2) */
#define ADT_SET_LVL_RNG 85 /* lvlvfs(2) */
#define ADT_SET_PGRPS 86 /* setpgrp(2),setpgid(2) */
#define ADT_SET_SID 87 /* setsid(2) */
#define ADT_SET_UID 88 /* setuid(2) */
#define ADT_SETRLIMIT 89 /* setrlimit(2) */
#define ADT_SHM_CTL 90 /* IPC shared-memory controls */
#define ADT_SHM_GET 91 /* IPC shared-memory gets */
#define ADT_SHM_OP 92 /* IPC shared-memory operations */
#define ADT_STATUS 93 /* stat(2) */
#define ADT_SYM_CREATE 94 /* symlink(2) */
#define ADT_SYM_STATUS 95 /* symlink(2) */
#define ADT_TFADMIN 96 /* tfadmin(1M) */
#define ADT_TRUNC_LVL 97 /* lp */
#define ADT_ULIMIT 98 /* ulimit(2) */
#define ADT_UMOUNT 99 /* umount(2) */
#define ADT_UNLINK 100 /* unlink(2) */
/* SVR4.2 */
#define ADT_MODPATH 101 /* modpath(2) */
#define ADT_MODADM 102 /* modadm(2) */
#define ADT_MODLOAD 103 /* adt_modload()*/
#define ADT_MODULOAD 104 /* adt_moduload()*/
/* SVR4.2MP */
#define ADT_LWP_CREATE 105 /* _lwp_create(2) */
#define ADT_LWP_BIND 106 /* processor_bind(2) */
#define ADT_LWP_UNBIND 107 /* processor_bind(1) */
#define ADT_ONLINE 108 /* online(2) */
#define ADT_LOGOFF 109 /* ttymon(1) */
#define ADT_SCHED_FC 110 /* priocntl(2) */
#define ADT_LWP_EXIT 111 /* _lwp_exit(2) */
#define ADT_LWP_KILL 112 /* _lwp_kill(2) */
#define ADT_KEYCTL 113 /* keyctl(2) */
Copyright 1994 Novell, Inc. Page 3
audit(5) audit(5)
#define ADT_SCHED_FP ADT_SCHED_RT
REFERENCES
auditevt(2)
Copyright 1994 Novell, Inc. Page 4