2 * Copyright (c) 2005-2009 Apple Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $
35 #include <sys/types.h>
36 #include <sys/queue.h>
39 #define MAX_DIR_SIZE 255
40 #define AUDITD_NAME "auditd"
43 * If defined, then the audit daemon will attempt to chown newly created logs
44 * to this group. Otherwise, they will be the default for the user running
45 * auditd, likely the audit group.
47 #define AUDIT_REVIEW_GROUP "audit"
49 #define HARDLIM_ALL_WARN "allhard"
50 #define SOFTLIM_ALL_WARN "allsoft"
51 #define AUDITOFF_WARN "auditoff"
52 #define CLOSEFILE_WARN "closefile"
53 #define EBUSY_WARN "ebusy"
54 #define GETACDIR_WARN "getacdir"
55 #define HARDLIM_WARN "hard"
56 #define NOSTART_WARN "nostart"
57 #define POSTSIGTERM_WARN "postsigterm"
58 #define SOFTLIM_WARN "soft"
59 #define TMPFILE_WARN "tmpfile"
60 #define EXPIRED_WARN "expired"
62 #define AUDITWARN_SCRIPT "/etc/security/audit_warn"
63 #define AUDITD_PIDFILE "/var/run/auditd.pid"
65 #define AUD_STATE_INIT -1
66 #define AUD_STATE_DISABLED 0
67 #define AUD_STATE_ENABLED 1
69 int audit_warn_allhard(void);
70 int audit_warn_allsoft(void);
71 int audit_warn_auditoff(void);
72 int audit_warn_closefile(char *filename);
73 int audit_warn_ebusy(void);
74 int audit_warn_getacdir(char *filename);
75 int audit_warn_hard(char *filename);
76 int audit_warn_nostart(void);
77 int audit_warn_postsigterm(void);
78 int audit_warn_soft(char *filename);
79 int audit_warn_tmpfile(void);
80 int audit_warn_expired(char *filename);
82 void auditd_openlog(int debug, gid_t gid);
83 void auditd_log_err(const char *fmt, ...);
84 void auditd_log_debug(const char *fmt, ...);
85 void auditd_log_info(const char *fmt, ...);
86 void auditd_log_notice(const char *fmt, ...);
88 void auditd_set_state(int state);
89 int auditd_get_state(void);
91 int auditd_open_trigger(int launchd_flag);
92 int auditd_close_trigger(void);
93 void auditd_handle_trigger(int trigger);
95 void auditd_wait_for_events(void);
96 void auditd_relay_signal(int signal);
97 void auditd_terminate(void);
98 int auditd_config_controls(void);
99 void auditd_reap_children(void);
102 #endif /* !_AUDITD_H_ */