audit.h File Reference

#include <linux/types.h>
#include <linux/elf-em.h>
#include <linux/ptrace.h>

Go to the source code of this file.

Data Structures
struct	audit_status
struct	audit_tty_status
struct	audit_rule_data
struct	audit_rule

Macros
#define	AUDIT_GET   1000 /* Get status */
#define	AUDIT_SET   1001 /* Set status (enable/disable/auditd) */
#define	AUDIT_LIST   1002 /* List syscall rules -- deprecated */
#define	AUDIT_ADD   1003 /* Add syscall rule -- deprecated */
#define	AUDIT_DEL   1004 /* Delete syscall rule -- deprecated */
#define	AUDIT_USER   1005 /* Message from userspace -- deprecated */
#define	AUDIT_LOGIN   1006 /* Define the login id and information */
#define	AUDIT_WATCH_INS   1007 /* Insert file/dir watch entry */
#define	AUDIT_WATCH_REM   1008 /* Remove file/dir watch entry */
#define	AUDIT_WATCH_LIST   1009 /* List all file/dir watches */
#define	AUDIT_SIGNAL_INFO   1010 /* Get info about sender of signal to auditd */
#define	AUDIT_ADD_RULE   1011 /* Add syscall filtering rule */
#define	AUDIT_DEL_RULE   1012 /* Delete syscall filtering rule */
#define	AUDIT_LIST_RULES   1013 /* List syscall filtering rules */
#define	AUDIT_TRIM   1014 /* Trim junk from watched tree */
#define	AUDIT_MAKE_EQUIV   1015 /* Append to watched tree */
#define	AUDIT_TTY_GET   1016 /* Get TTY auditing status */
#define	AUDIT_TTY_SET   1017 /* Set TTY auditing status */
#define	AUDIT_FIRST_USER_MSG   1100 /* Userspace messages mostly uninteresting to kernel */
#define	AUDIT_USER_AVC   1107 /* We filter this differently */
#define	AUDIT_USER_TTY   1124 /* Non-ICANON TTY input meaning */
#define	AUDIT_LAST_USER_MSG   1199
#define	AUDIT_FIRST_USER_MSG2   2100 /* More user space messages */
#define	AUDIT_LAST_USER_MSG2   2999
#define	AUDIT_DAEMON_START   1200 /* Daemon startup record */
#define	AUDIT_DAEMON_END   1201 /* Daemon normal stop record */
#define	AUDIT_DAEMON_ABORT   1202 /* Daemon error stop record */
#define	AUDIT_DAEMON_CONFIG   1203 /* Daemon config change */
#define	AUDIT_SYSCALL   1300 /* Syscall event */
#define	AUDIT_PATH   1302 /* Filename path information */
#define	AUDIT_IPC   1303 /* IPC record */
#define	AUDIT_SOCKETCALL   1304 /* sys_socketcall arguments */
#define	AUDIT_CONFIG_CHANGE   1305 /* Audit system configuration change */
#define	AUDIT_SOCKADDR   1306 /* sockaddr copied as syscall arg */
#define	AUDIT_CWD   1307 /* Current working directory */
#define	AUDIT_EXECVE   1309 /* execve arguments */
#define	AUDIT_IPC_SET_PERM   1311 /* IPC new permissions record type */
#define	AUDIT_MQ_OPEN   1312 /* POSIX MQ open record type */
#define	AUDIT_MQ_SENDRECV   1313 /* POSIX MQ send/receive record type */
#define	AUDIT_MQ_NOTIFY   1314 /* POSIX MQ notify record type */
#define	AUDIT_MQ_GETSETATTR   1315 /* POSIX MQ get/set attribute record type */
#define	AUDIT_KERNEL_OTHER   1316 /* For use by 3rd party modules */
#define	AUDIT_FD_PAIR   1317 /* audit record for pipe/socketpair */
#define	AUDIT_OBJ_PID   1318 /* ptrace target */
#define	AUDIT_TTY   1319 /* Input on an administrative TTY */
#define	AUDIT_EOE   1320 /* End of multi-record event */
#define	AUDIT_BPRM_FCAPS   1321 /* Information about fcaps increasing perms */
#define	AUDIT_CAPSET   1322 /* Record showing argument to sys_capset */
#define	AUDIT_MMAP   1323 /* Record showing descriptor and flags in mmap */
#define	AUDIT_NETFILTER_PKT   1324 /* Packets traversing netfilter chains */
#define	AUDIT_NETFILTER_CFG   1325 /* Netfilter chain modifications */
#define	AUDIT_AVC   1400 /* SE Linux avc denial or grant */
#define	AUDIT_SELINUX_ERR   1401 /* Internal SE Linux Errors */
#define	AUDIT_AVC_PATH   1402 /* dentry, vfsmount pair from avc */
#define	AUDIT_MAC_POLICY_LOAD   1403 /* Policy file load */
#define	AUDIT_MAC_STATUS   1404 /* Changed enforcing,permissive,off */
#define	AUDIT_MAC_CONFIG_CHANGE   1405 /* Changes to booleans */
#define	AUDIT_MAC_UNLBL_ALLOW   1406 /* NetLabel: allow unlabeled traffic */
#define	AUDIT_MAC_CIPSOV4_ADD   1407 /* NetLabel: add CIPSOv4 DOI entry */
#define	AUDIT_MAC_CIPSOV4_DEL   1408 /* NetLabel: del CIPSOv4 DOI entry */
#define	AUDIT_MAC_MAP_ADD   1409 /* NetLabel: add LSM domain mapping */
#define	AUDIT_MAC_MAP_DEL   1410 /* NetLabel: del LSM domain mapping */
#define	AUDIT_MAC_IPSEC_ADDSA   1411 /* Not used */
#define	AUDIT_MAC_IPSEC_DELSA   1412 /* Not used */
#define	AUDIT_MAC_IPSEC_ADDSPD   1413 /* Not used */
#define	AUDIT_MAC_IPSEC_DELSPD   1414 /* Not used */
#define	AUDIT_MAC_IPSEC_EVENT   1415 /* Audit an IPSec event */
#define	AUDIT_MAC_UNLBL_STCADD   1416 /* NetLabel: add a static label */
#define	AUDIT_MAC_UNLBL_STCDEL   1417 /* NetLabel: del a static label */
#define	AUDIT_FIRST_KERN_ANOM_MSG   1700
#define	AUDIT_LAST_KERN_ANOM_MSG   1799
#define	AUDIT_ANOM_PROMISCUOUS   1700 /* Device changed promiscuous mode */
#define	AUDIT_ANOM_ABEND   1701 /* Process ended abnormally */
#define	AUDIT_ANOM_LINK   1702 /* Suspicious use of file links */
#define	AUDIT_INTEGRITY_DATA   1800 /* Data integrity verification */
#define	AUDIT_INTEGRITY_METADATA   1801 /* Metadata integrity verification */
#define	AUDIT_INTEGRITY_STATUS   1802 /* Integrity enable status */
#define	AUDIT_INTEGRITY_HASH   1803 /* Integrity HASH type */
#define	AUDIT_INTEGRITY_PCR   1804 /* PCR invalidation msgs */
#define	AUDIT_INTEGRITY_RULE   1805 /* policy rule */
#define	AUDIT_KERNEL   2000 /* Asynchronous audit record. NOT A REQUEST. */
#define	AUDIT_FILTER_USER   0x00 /* Apply rule to user-generated messages */
#define	AUDIT_FILTER_TASK   0x01 /* Apply rule at task creation (not syscall) */
#define	AUDIT_FILTER_ENTRY   0x02 /* Apply rule at syscall entry */
#define	AUDIT_FILTER_WATCH   0x03 /* Apply rule to file system watches */
#define	AUDIT_FILTER_EXIT   0x04 /* Apply rule at syscall exit */
#define	AUDIT_FILTER_TYPE   0x05 /* Apply rule at audit_log_start */
#define	AUDIT_NR_FILTERS   6
#define	AUDIT_FILTER_PREPEND   0x10 /* Prepend to front of list */
#define	AUDIT_NEVER   0 /* Do not build context if rule matches */
#define	AUDIT_POSSIBLE   1 /* Build context if rule matches */
#define	AUDIT_ALWAYS   2 /* Generate audit record if rule matches */
#define	AUDIT_MAX_FIELDS   64
#define	AUDIT_MAX_KEY_LEN   256
#define	AUDIT_BITMASK_SIZE   64
#define	AUDIT_WORD(nr)   ((__u32)((nr)/32))
#define	AUDIT_BIT(nr)   (1 << ((nr) - AUDIT_WORD(nr)*32))
#define	AUDIT_SYSCALL_CLASSES   16
#define	AUDIT_CLASS_DIR_WRITE   0
#define	AUDIT_CLASS_DIR_WRITE_32   1
#define	AUDIT_CLASS_CHATTR   2
#define	AUDIT_CLASS_CHATTR_32   3
#define	AUDIT_CLASS_READ   4
#define	AUDIT_CLASS_READ_32   5
#define	AUDIT_CLASS_WRITE   6
#define	AUDIT_CLASS_WRITE_32   7
#define	AUDIT_CLASS_SIGNAL   8
#define	AUDIT_CLASS_SIGNAL_32   9
#define	AUDIT_UNUSED_BITS   0x07FFFC00
#define	AUDIT_COMPARE_UID_TO_OBJ_UID   1
#define	AUDIT_COMPARE_GID_TO_OBJ_GID   2
#define	AUDIT_COMPARE_EUID_TO_OBJ_UID   3
#define	AUDIT_COMPARE_EGID_TO_OBJ_GID   4
#define	AUDIT_COMPARE_AUID_TO_OBJ_UID   5
#define	AUDIT_COMPARE_SUID_TO_OBJ_UID   6
#define	AUDIT_COMPARE_SGID_TO_OBJ_GID   7
#define	AUDIT_COMPARE_FSUID_TO_OBJ_UID   8
#define	AUDIT_COMPARE_FSGID_TO_OBJ_GID   9
#define	AUDIT_COMPARE_UID_TO_AUID   10
#define	AUDIT_COMPARE_UID_TO_EUID   11
#define	AUDIT_COMPARE_UID_TO_FSUID   12
#define	AUDIT_COMPARE_UID_TO_SUID   13
#define	AUDIT_COMPARE_AUID_TO_FSUID   14
#define	AUDIT_COMPARE_AUID_TO_SUID   15
#define	AUDIT_COMPARE_AUID_TO_EUID   16
#define	AUDIT_COMPARE_EUID_TO_SUID   17
#define	AUDIT_COMPARE_EUID_TO_FSUID   18
#define	AUDIT_COMPARE_SUID_TO_FSUID   19
#define	AUDIT_COMPARE_GID_TO_EGID   20
#define	AUDIT_COMPARE_GID_TO_FSGID   21
#define	AUDIT_COMPARE_GID_TO_SGID   22
#define	AUDIT_COMPARE_EGID_TO_FSGID   23
#define	AUDIT_COMPARE_EGID_TO_SGID   24
#define	AUDIT_COMPARE_SGID_TO_FSGID   25
#define	AUDIT_MAX_FIELD_COMPARE   AUDIT_COMPARE_SGID_TO_FSGID
#define	AUDIT_PID   0
#define	AUDIT_UID   1
#define	AUDIT_EUID   2
#define	AUDIT_SUID   3
#define	AUDIT_FSUID   4
#define	AUDIT_GID   5
#define	AUDIT_EGID   6
#define	AUDIT_SGID   7
#define	AUDIT_FSGID   8
#define	AUDIT_LOGINUID   9
#define	AUDIT_PERS   10
#define	AUDIT_ARCH   11
#define	AUDIT_MSGTYPE   12
#define	AUDIT_SUBJ_USER   13 /* security label user */
#define	AUDIT_SUBJ_ROLE   14 /* security label role */
#define	AUDIT_SUBJ_TYPE   15 /* security label type */
#define	AUDIT_SUBJ_SEN   16 /* security label sensitivity label */
#define	AUDIT_SUBJ_CLR   17 /* security label clearance label */
#define	AUDIT_PPID   18
#define	AUDIT_OBJ_USER   19
#define	AUDIT_OBJ_ROLE   20
#define	AUDIT_OBJ_TYPE   21
#define	AUDIT_OBJ_LEV_LOW   22
#define	AUDIT_OBJ_LEV_HIGH   23
#define	AUDIT_DEVMAJOR   100
#define	AUDIT_DEVMINOR   101
#define	AUDIT_INODE   102
#define	AUDIT_EXIT   103
#define	AUDIT_SUCCESS   104 /* exit >= 0; value ignored */
#define	AUDIT_WATCH   105
#define	AUDIT_PERM   106
#define	AUDIT_DIR   107
#define	AUDIT_FILETYPE   108
#define	AUDIT_OBJ_UID   109
#define	AUDIT_OBJ_GID   110
#define	AUDIT_FIELD_COMPARE   111
#define	AUDIT_ARG0   200
#define	AUDIT_ARG1   (AUDIT_ARG0+1)
#define	AUDIT_ARG2   (AUDIT_ARG0+2)
#define	AUDIT_ARG3   (AUDIT_ARG0+3)
#define	AUDIT_FILTERKEY   210
#define	AUDIT_NEGATE   0x80000000
#define	AUDIT_BIT_MASK   0x08000000
#define	AUDIT_LESS_THAN   0x10000000
#define	AUDIT_GREATER_THAN   0x20000000
#define	AUDIT_NOT_EQUAL   0x30000000
#define	AUDIT_EQUAL   0x40000000
#define	AUDIT_BIT_TEST   (AUDIT_BIT_MASK|AUDIT_EQUAL)
#define	AUDIT_LESS_THAN_OR_EQUAL   (AUDIT_LESS_THAN|AUDIT_EQUAL)
#define	AUDIT_GREATER_THAN_OR_EQUAL   (AUDIT_GREATER_THAN|AUDIT_EQUAL)
#define	AUDIT_OPERATORS   (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK)
#define	AUDIT_STATUS_ENABLED   0x0001
#define	AUDIT_STATUS_FAILURE   0x0002
#define	AUDIT_STATUS_PID   0x0004
#define	AUDIT_STATUS_RATE_LIMIT   0x0008
#define	AUDIT_STATUS_BACKLOG_LIMIT   0x0010
#define	AUDIT_FAIL_SILENT   0
#define	AUDIT_FAIL_PRINTK   1
#define	AUDIT_FAIL_PANIC   2
#define	__AUDIT_ARCH_64BIT   0x80000000
#define	__AUDIT_ARCH_LE   0x40000000
#define	AUDIT_ARCH_ALPHA   (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_ARM   (EM_ARM|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_ARMEB   (EM_ARM)
#define	AUDIT_ARCH_CRIS   (EM_CRIS|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_FRV   (EM_FRV)
#define	AUDIT_ARCH_H8300   (EM_H8_300)
#define	AUDIT_ARCH_I386   (EM_386|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_IA64   (EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_M32R   (EM_M32R)
#define	AUDIT_ARCH_M68K   (EM_68K)
#define	AUDIT_ARCH_MIPS   (EM_MIPS)
#define	AUDIT_ARCH_MIPSEL   (EM_MIPS|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_MIPS64   (EM_MIPS|__AUDIT_ARCH_64BIT)
#define	AUDIT_ARCH_MIPSEL64   (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_OPENRISC   (EM_OPENRISC)
#define	AUDIT_ARCH_PARISC   (EM_PARISC)
#define	AUDIT_ARCH_PARISC64   (EM_PARISC|__AUDIT_ARCH_64BIT)
#define	AUDIT_ARCH_PPC   (EM_PPC)
#define	AUDIT_ARCH_PPC64   (EM_PPC64|__AUDIT_ARCH_64BIT)
#define	AUDIT_ARCH_S390   (EM_S390)
#define	AUDIT_ARCH_S390X   (EM_S390|__AUDIT_ARCH_64BIT)
#define	AUDIT_ARCH_SH   (EM_SH)
#define	AUDIT_ARCH_SHEL   (EM_SH|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_SH64   (EM_SH|__AUDIT_ARCH_64BIT)
#define	AUDIT_ARCH_SHEL64   (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define	AUDIT_ARCH_SPARC   (EM_SPARC)
#define	AUDIT_ARCH_SPARC64   (EM_SPARCV9|__AUDIT_ARCH_64BIT)
#define	AUDIT_ARCH_X86_64   (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define	AUDIT_PERM_EXEC   1
#define	AUDIT_PERM_WRITE   2
#define	AUDIT_PERM_READ   4
#define	AUDIT_PERM_ATTR   8

Enumerations
enum	{   Audit_equal, Audit_not_equal, Audit_bitmask, Audit_bittest,   Audit_lt, Audit_gt, Audit_le, Audit_ge,   Audit_bad }

Macro Definition Documentation

#define __AUDIT_ARCH_64BIT   0x80000000

Definition at line 324 of file audit.h.

#define __AUDIT_ARCH_LE   0x40000000

Definition at line 325 of file audit.h.

#define AUDIT_ADD   1003 /* Add syscall rule -- deprecated */

Definition at line 57 of file audit.h.

#define AUDIT_ADD_RULE   1011 /* Add syscall filtering rule */

Definition at line 65 of file audit.h.

#define AUDIT_ALWAYS   2 /* Generate audit record if rule matches */

Definition at line 158 of file audit.h.

#define AUDIT_ANOM_ABEND   1701 /* Process ended abnormally */

Definition at line 132 of file audit.h.

#define AUDIT_ANOM_LINK   1702 /* Suspicious use of file links */

Definition at line 133 of file audit.h.

#define AUDIT_ANOM_PROMISCUOUS   1700 /* Device changed promiscuous mode */

Definition at line 131 of file audit.h.

#define AUDIT_ARCH   11

Definition at line 236 of file audit.h.

#define AUDIT_ARCH_ALPHA   (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)

Definition at line 326 of file audit.h.

#define AUDIT_ARCH_ARM   (EM_ARM|__AUDIT_ARCH_LE)

Definition at line 327 of file audit.h.

#define AUDIT_ARCH_ARMEB   (EM_ARM)

Definition at line 328 of file audit.h.

#define AUDIT_ARCH_CRIS   (EM_CRIS|__AUDIT_ARCH_LE)

Definition at line 329 of file audit.h.

#define AUDIT_ARCH_FRV   (EM_FRV)

Definition at line 330 of file audit.h.

#define AUDIT_ARCH_H8300   (EM_H8_300)

Definition at line 331 of file audit.h.

#define AUDIT_ARCH_I386   (EM_386|__AUDIT_ARCH_LE)

Definition at line 332 of file audit.h.

#define AUDIT_ARCH_IA64   (EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)

Definition at line 333 of file audit.h.

#define AUDIT_ARCH_M32R   (EM_M32R)

Definition at line 334 of file audit.h.

#define AUDIT_ARCH_M68K   (EM_68K)

Definition at line 335 of file audit.h.

#define AUDIT_ARCH_MIPS   (EM_MIPS)

Definition at line 336 of file audit.h.

#define AUDIT_ARCH_MIPS64   (EM_MIPS|__AUDIT_ARCH_64BIT)

Definition at line 338 of file audit.h.

#define AUDIT_ARCH_MIPSEL   (EM_MIPS|__AUDIT_ARCH_LE)

Definition at line 337 of file audit.h.

#define AUDIT_ARCH_MIPSEL64   (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)

Definition at line 339 of file audit.h.

#define AUDIT_ARCH_OPENRISC   (EM_OPENRISC)

Definition at line 340 of file audit.h.

#define AUDIT_ARCH_PARISC   (EM_PARISC)

Definition at line 341 of file audit.h.

#define AUDIT_ARCH_PARISC64   (EM_PARISC|__AUDIT_ARCH_64BIT)

Definition at line 342 of file audit.h.

#define AUDIT_ARCH_PPC   (EM_PPC)

Definition at line 343 of file audit.h.

#define AUDIT_ARCH_PPC64   (EM_PPC64|__AUDIT_ARCH_64BIT)

Definition at line 344 of file audit.h.

#define AUDIT_ARCH_S390   (EM_S390)

Definition at line 345 of file audit.h.

#define AUDIT_ARCH_S390X   (EM_S390|__AUDIT_ARCH_64BIT)

Definition at line 346 of file audit.h.

#define AUDIT_ARCH_SH   (EM_SH)

Definition at line 347 of file audit.h.

#define AUDIT_ARCH_SH64   (EM_SH|__AUDIT_ARCH_64BIT)

Definition at line 349 of file audit.h.

#define AUDIT_ARCH_SHEL   (EM_SH|__AUDIT_ARCH_LE)

Definition at line 348 of file audit.h.

#define AUDIT_ARCH_SHEL64   (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)

Definition at line 350 of file audit.h.

#define AUDIT_ARCH_SPARC   (EM_SPARC)

Definition at line 351 of file audit.h.

#define AUDIT_ARCH_SPARC64   (EM_SPARCV9|__AUDIT_ARCH_64BIT)

Definition at line 352 of file audit.h.

#define AUDIT_ARCH_X86_64   (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)

Definition at line 353 of file audit.h.

#define AUDIT_ARG0   200

Definition at line 265 of file audit.h.

#define AUDIT_ARG1   (AUDIT_ARG0+1)

Definition at line 266 of file audit.h.

#define AUDIT_ARG2   (AUDIT_ARG0+2)

Definition at line 267 of file audit.h.

#define AUDIT_ARG3   (AUDIT_ARG0+3)

Definition at line 268 of file audit.h.

#define AUDIT_AVC   1400 /* SE Linux avc denial or grant */

Definition at line 110 of file audit.h.

#define AUDIT_AVC_PATH   1402 /* dentry, vfsmount pair from avc */

Definition at line 112 of file audit.h.

#define AUDIT_BIT

(

nr

)

(1 << ((nr) - AUDIT_WORD(nr)*32))

Definition at line 166 of file audit.h.

#define AUDIT_BIT_MASK   0x08000000

Definition at line 289 of file audit.h.

#define AUDIT_BIT_TEST   (AUDIT_BIT_MASK|AUDIT_EQUAL)

Definition at line 294 of file audit.h.

#define AUDIT_BITMASK_SIZE   64

Definition at line 164 of file audit.h.

#define AUDIT_BPRM_FCAPS   1321 /* Information about fcaps increasing perms */

Definition at line 104 of file audit.h.

#define AUDIT_CAPSET   1322 /* Record showing argument to sys_capset */

Definition at line 105 of file audit.h.

#define AUDIT_CLASS_CHATTR   2

Definition at line 171 of file audit.h.

#define AUDIT_CLASS_CHATTR_32   3

Definition at line 172 of file audit.h.

#define AUDIT_CLASS_DIR_WRITE   0

Definition at line 169 of file audit.h.

#define AUDIT_CLASS_DIR_WRITE_32   1

Definition at line 170 of file audit.h.

#define AUDIT_CLASS_READ   4

Definition at line 173 of file audit.h.

#define AUDIT_CLASS_READ_32   5

Definition at line 174 of file audit.h.

#define AUDIT_CLASS_SIGNAL   8

Definition at line 177 of file audit.h.

#define AUDIT_CLASS_SIGNAL_32   9

Definition at line 178 of file audit.h.

#define AUDIT_CLASS_WRITE   6

Definition at line 175 of file audit.h.

#define AUDIT_CLASS_WRITE_32   7

Definition at line 176 of file audit.h.

#define AUDIT_COMPARE_AUID_TO_EUID   16

Definition at line 204 of file audit.h.

#define AUDIT_COMPARE_AUID_TO_FSUID   14

Definition at line 202 of file audit.h.

#define AUDIT_COMPARE_AUID_TO_OBJ_UID   5

Definition at line 191 of file audit.h.

#define AUDIT_COMPARE_AUID_TO_SUID   15

Definition at line 203 of file audit.h.

#define AUDIT_COMPARE_EGID_TO_FSGID   23

Definition at line 215 of file audit.h.

#define AUDIT_COMPARE_EGID_TO_OBJ_GID   4

Definition at line 190 of file audit.h.

#define AUDIT_COMPARE_EGID_TO_SGID   24

Definition at line 216 of file audit.h.

#define AUDIT_COMPARE_EUID_TO_FSUID   18

Definition at line 207 of file audit.h.

#define AUDIT_COMPARE_EUID_TO_OBJ_UID   3

Definition at line 189 of file audit.h.

#define AUDIT_COMPARE_EUID_TO_SUID   17

Definition at line 206 of file audit.h.

#define AUDIT_COMPARE_FSGID_TO_OBJ_GID   9

Definition at line 195 of file audit.h.

#define AUDIT_COMPARE_FSUID_TO_OBJ_UID   8

Definition at line 194 of file audit.h.

#define AUDIT_COMPARE_GID_TO_EGID   20

Definition at line 211 of file audit.h.

#define AUDIT_COMPARE_GID_TO_FSGID   21

Definition at line 212 of file audit.h.

#define AUDIT_COMPARE_GID_TO_OBJ_GID   2

Definition at line 188 of file audit.h.

#define AUDIT_COMPARE_GID_TO_SGID   22

Definition at line 213 of file audit.h.

#define AUDIT_COMPARE_SGID_TO_FSGID   25

Definition at line 217 of file audit.h.

#define AUDIT_COMPARE_SGID_TO_OBJ_GID   7

Definition at line 193 of file audit.h.

#define AUDIT_COMPARE_SUID_TO_FSUID   19

Definition at line 209 of file audit.h.

#define AUDIT_COMPARE_SUID_TO_OBJ_UID   6

Definition at line 192 of file audit.h.

#define AUDIT_COMPARE_UID_TO_AUID   10

Definition at line 197 of file audit.h.

#define AUDIT_COMPARE_UID_TO_EUID   11

Definition at line 198 of file audit.h.

#define AUDIT_COMPARE_UID_TO_FSUID   12

Definition at line 199 of file audit.h.

#define AUDIT_COMPARE_UID_TO_OBJ_UID   1

Definition at line 187 of file audit.h.

#define AUDIT_COMPARE_UID_TO_SUID   13

Definition at line 200 of file audit.h.

#define AUDIT_CONFIG_CHANGE   1305 /* Audit system configuration change */

Definition at line 90 of file audit.h.

#define AUDIT_CWD   1307 /* Current working directory */

Definition at line 92 of file audit.h.

#define AUDIT_DAEMON_ABORT   1202 /* Daemon error stop record */

Definition at line 82 of file audit.h.

#define AUDIT_DAEMON_CONFIG   1203 /* Daemon config change */

Definition at line 83 of file audit.h.

#define AUDIT_DAEMON_END   1201 /* Daemon normal stop record */

Definition at line 81 of file audit.h.

#define AUDIT_DAEMON_START   1200 /* Daemon startup record */

Definition at line 80 of file audit.h.

#define AUDIT_DEL   1004 /* Delete syscall rule -- deprecated */

Definition at line 58 of file audit.h.

#define AUDIT_DEL_RULE   1012 /* Delete syscall filtering rule */

Definition at line 66 of file audit.h.

#define AUDIT_DEVMAJOR   100

Definition at line 252 of file audit.h.

#define AUDIT_DEVMINOR   101

Definition at line 253 of file audit.h.

#define AUDIT_DIR   107

Definition at line 259 of file audit.h.

#define AUDIT_EGID   6

Definition at line 231 of file audit.h.

#define AUDIT_EOE   1320 /* End of multi-record event */

Definition at line 103 of file audit.h.

#define AUDIT_EQUAL   0x40000000

Definition at line 293 of file audit.h.

#define AUDIT_EUID   2

Definition at line 227 of file audit.h.

#define AUDIT_EXECVE   1309 /* execve arguments */

Definition at line 93 of file audit.h.

#define AUDIT_EXIT   103

Definition at line 255 of file audit.h.

#define AUDIT_FAIL_PANIC   2

Definition at line 321 of file audit.h.

#define AUDIT_FAIL_PRINTK   1

Definition at line 320 of file audit.h.

#define AUDIT_FAIL_SILENT   0

Definition at line 319 of file audit.h.

#define AUDIT_FD_PAIR   1317 /* audit record for pipe/socketpair */

Definition at line 100 of file audit.h.

#define AUDIT_FIELD_COMPARE   111

Definition at line 263 of file audit.h.

#define AUDIT_FILETYPE   108

Definition at line 260 of file audit.h.

#define AUDIT_FILTER_ENTRY   0x02 /* Apply rule at syscall entry */

Definition at line 146 of file audit.h.

#define AUDIT_FILTER_EXIT   0x04 /* Apply rule at syscall exit */

Definition at line 148 of file audit.h.

#define AUDIT_FILTER_PREPEND   0x10 /* Prepend to front of list */

Definition at line 153 of file audit.h.

#define AUDIT_FILTER_TASK   0x01 /* Apply rule at task creation (not syscall) */

Definition at line 145 of file audit.h.

#define AUDIT_FILTER_TYPE   0x05 /* Apply rule at audit_log_start */

Definition at line 149 of file audit.h.

#define AUDIT_FILTER_USER   0x00 /* Apply rule to user-generated messages */

Definition at line 144 of file audit.h.

#define AUDIT_FILTER_WATCH   0x03 /* Apply rule to file system watches */

Definition at line 147 of file audit.h.

#define AUDIT_FILTERKEY   210

Definition at line 270 of file audit.h.

#define AUDIT_FIRST_KERN_ANOM_MSG   1700

Definition at line 129 of file audit.h.

#define AUDIT_FIRST_USER_MSG   1100 /* Userspace messages mostly uninteresting to kernel */

Definition at line 73 of file audit.h.

#define AUDIT_FIRST_USER_MSG2   2100 /* More user space messages */

Definition at line 77 of file audit.h.

#define AUDIT_FSGID   8

Definition at line 233 of file audit.h.

#define AUDIT_FSUID   4

Definition at line 229 of file audit.h.

#define AUDIT_GET   1000 /* Get status */

Definition at line 54 of file audit.h.

#define AUDIT_GID   5

Definition at line 230 of file audit.h.

#define AUDIT_GREATER_THAN   0x20000000

Definition at line 291 of file audit.h.

#define AUDIT_GREATER_THAN_OR_EQUAL   (AUDIT_GREATER_THAN|AUDIT_EQUAL)

Definition at line 296 of file audit.h.

#define AUDIT_INODE   102

Definition at line 254 of file audit.h.

#define AUDIT_INTEGRITY_DATA   1800 /* Data integrity verification */

Definition at line 134 of file audit.h.

#define AUDIT_INTEGRITY_HASH   1803 /* Integrity HASH type */

Definition at line 137 of file audit.h.

#define AUDIT_INTEGRITY_METADATA   1801 /* Metadata integrity verification */

Definition at line 135 of file audit.h.

#define AUDIT_INTEGRITY_PCR   1804 /* PCR invalidation msgs */

Definition at line 138 of file audit.h.

#define AUDIT_INTEGRITY_RULE   1805 /* policy rule */

Definition at line 139 of file audit.h.

#define AUDIT_INTEGRITY_STATUS   1802 /* Integrity enable status */

Definition at line 136 of file audit.h.

#define AUDIT_IPC   1303 /* IPC record */

Definition at line 88 of file audit.h.

#define AUDIT_IPC_SET_PERM   1311 /* IPC new permissions record type */

Definition at line 94 of file audit.h.

#define AUDIT_KERNEL   2000 /* Asynchronous audit record. NOT A REQUEST. */

Definition at line 141 of file audit.h.

#define AUDIT_KERNEL_OTHER   1316 /* For use by 3rd party modules */

Definition at line 99 of file audit.h.

#define AUDIT_LAST_KERN_ANOM_MSG   1799

Definition at line 130 of file audit.h.

#define AUDIT_LAST_USER_MSG   1199

Definition at line 76 of file audit.h.

#define AUDIT_LAST_USER_MSG2   2999

Definition at line 78 of file audit.h.

#define AUDIT_LESS_THAN   0x10000000

Definition at line 290 of file audit.h.

#define AUDIT_LESS_THAN_OR_EQUAL   (AUDIT_LESS_THAN|AUDIT_EQUAL)

Definition at line 295 of file audit.h.

#define AUDIT_LIST   1002 /* List syscall rules -- deprecated */

Definition at line 56 of file audit.h.

#define AUDIT_LIST_RULES   1013 /* List syscall filtering rules */

Definition at line 67 of file audit.h.

#define AUDIT_LOGIN   1006 /* Define the login id and information */

Definition at line 60 of file audit.h.

#define AUDIT_LOGINUID   9

Definition at line 234 of file audit.h.

#define AUDIT_MAC_CIPSOV4_ADD   1407 /* NetLabel: add CIPSOv4 DOI entry */

Definition at line 117 of file audit.h.

#define AUDIT_MAC_CIPSOV4_DEL   1408 /* NetLabel: del CIPSOv4 DOI entry */

Definition at line 118 of file audit.h.

#define AUDIT_MAC_CONFIG_CHANGE   1405 /* Changes to booleans */

Definition at line 115 of file audit.h.

#define AUDIT_MAC_IPSEC_ADDSA   1411 /* Not used */

Definition at line 121 of file audit.h.

#define AUDIT_MAC_IPSEC_ADDSPD   1413 /* Not used */

Definition at line 123 of file audit.h.

#define AUDIT_MAC_IPSEC_DELSA   1412 /* Not used */

Definition at line 122 of file audit.h.

#define AUDIT_MAC_IPSEC_DELSPD   1414 /* Not used */

Definition at line 124 of file audit.h.

#define AUDIT_MAC_IPSEC_EVENT   1415 /* Audit an IPSec event */

Definition at line 125 of file audit.h.

#define AUDIT_MAC_MAP_ADD   1409 /* NetLabel: add LSM domain mapping */

Definition at line 119 of file audit.h.

#define AUDIT_MAC_MAP_DEL   1410 /* NetLabel: del LSM domain mapping */

Definition at line 120 of file audit.h.

#define AUDIT_MAC_POLICY_LOAD   1403 /* Policy file load */

Definition at line 113 of file audit.h.

#define AUDIT_MAC_STATUS   1404 /* Changed enforcing,permissive,off */

Definition at line 114 of file audit.h.

#define AUDIT_MAC_UNLBL_ALLOW   1406 /* NetLabel: allow unlabeled traffic */

Definition at line 116 of file audit.h.

#define AUDIT_MAC_UNLBL_STCADD   1416 /* NetLabel: add a static label */

Definition at line 126 of file audit.h.

#define AUDIT_MAC_UNLBL_STCDEL   1417 /* NetLabel: del a static label */

Definition at line 127 of file audit.h.

#define AUDIT_MAKE_EQUIV   1015 /* Append to watched tree */

Definition at line 69 of file audit.h.

#define AUDIT_MAX_FIELD_COMPARE   AUDIT_COMPARE_SGID_TO_FSGID

Definition at line 219 of file audit.h.

#define AUDIT_MAX_FIELDS   64

Definition at line 162 of file audit.h.

#define AUDIT_MAX_KEY_LEN   256

Definition at line 163 of file audit.h.

#define AUDIT_MMAP   1323 /* Record showing descriptor and flags in mmap */

Definition at line 106 of file audit.h.

#define AUDIT_MQ_GETSETATTR   1315 /* POSIX MQ get/set attribute record type */

Definition at line 98 of file audit.h.

#define AUDIT_MQ_NOTIFY   1314 /* POSIX MQ notify record type */

Definition at line 97 of file audit.h.

#define AUDIT_MQ_OPEN   1312 /* POSIX MQ open record type */

Definition at line 95 of file audit.h.

#define AUDIT_MQ_SENDRECV   1313 /* POSIX MQ send/receive record type */

Definition at line 96 of file audit.h.

#define AUDIT_MSGTYPE   12

Definition at line 237 of file audit.h.

#define AUDIT_NEGATE   0x80000000

Definition at line 272 of file audit.h.

#define AUDIT_NETFILTER_CFG   1325 /* Netfilter chain modifications */

Definition at line 108 of file audit.h.

#define AUDIT_NETFILTER_PKT   1324 /* Packets traversing netfilter chains */

Definition at line 107 of file audit.h.

#define AUDIT_NEVER   0 /* Do not build context if rule matches */

Definition at line 156 of file audit.h.

#define AUDIT_NOT_EQUAL   0x30000000

Definition at line 292 of file audit.h.

#define AUDIT_NR_FILTERS   6

Definition at line 151 of file audit.h.

#define AUDIT_OBJ_GID   110

Definition at line 262 of file audit.h.

#define AUDIT_OBJ_LEV_HIGH   23

Definition at line 248 of file audit.h.

#define AUDIT_OBJ_LEV_LOW   22

Definition at line 247 of file audit.h.

#define AUDIT_OBJ_PID   1318 /* ptrace target */

Definition at line 101 of file audit.h.

#define AUDIT_OBJ_ROLE   20

Definition at line 245 of file audit.h.

#define AUDIT_OBJ_TYPE   21

Definition at line 246 of file audit.h.

#define AUDIT_OBJ_UID   109

Definition at line 261 of file audit.h.

#define AUDIT_OBJ_USER   19

Definition at line 244 of file audit.h.

#define AUDIT_OPERATORS   (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK)

Definition at line 297 of file audit.h.

#define AUDIT_PATH   1302 /* Filename path information */

Definition at line 87 of file audit.h.

#define AUDIT_PERM   106

Definition at line 258 of file audit.h.

#define AUDIT_PERM_ATTR   8

Definition at line 358 of file audit.h.

#define AUDIT_PERM_EXEC   1

Definition at line 355 of file audit.h.

#define AUDIT_PERM_READ   4

Definition at line 357 of file audit.h.

#define AUDIT_PERM_WRITE   2

Definition at line 356 of file audit.h.

#define AUDIT_PERS   10

Definition at line 235 of file audit.h.

#define AUDIT_PID   0

Definition at line 225 of file audit.h.

#define AUDIT_POSSIBLE   1 /* Build context if rule matches */

Definition at line 157 of file audit.h.

#define AUDIT_PPID   18

Definition at line 243 of file audit.h.

#define AUDIT_SELINUX_ERR   1401 /* Internal SE Linux Errors */

Definition at line 111 of file audit.h.

#define AUDIT_SET   1001 /* Set status (enable/disable/auditd) */

Definition at line 55 of file audit.h.

#define AUDIT_SGID   7

Definition at line 232 of file audit.h.

#define AUDIT_SIGNAL_INFO   1010 /* Get info about sender of signal to auditd */

Definition at line 64 of file audit.h.

#define AUDIT_SOCKADDR   1306 /* sockaddr copied as syscall arg */

Definition at line 91 of file audit.h.

#define AUDIT_SOCKETCALL   1304 /* sys_socketcall arguments */

Definition at line 89 of file audit.h.

#define AUDIT_STATUS_BACKLOG_LIMIT   0x0010

Definition at line 317 of file audit.h.

#define AUDIT_STATUS_ENABLED   0x0001

Definition at line 313 of file audit.h.

#define AUDIT_STATUS_FAILURE   0x0002

Definition at line 314 of file audit.h.

#define AUDIT_STATUS_PID   0x0004

Definition at line 315 of file audit.h.

#define AUDIT_STATUS_RATE_LIMIT   0x0008

Definition at line 316 of file audit.h.

#define AUDIT_SUBJ_CLR   17 /* security label clearance label */

Definition at line 242 of file audit.h.

#define AUDIT_SUBJ_ROLE   14 /* security label role */

Definition at line 239 of file audit.h.

#define AUDIT_SUBJ_SEN   16 /* security label sensitivity label */

Definition at line 241 of file audit.h.

#define AUDIT_SUBJ_TYPE   15 /* security label type */

Definition at line 240 of file audit.h.

#define AUDIT_SUBJ_USER   13 /* security label user */

Definition at line 238 of file audit.h.

#define AUDIT_SUCCESS   104 /* exit >= 0; value ignored */

Definition at line 256 of file audit.h.

#define AUDIT_SUID   3

Definition at line 228 of file audit.h.

#define AUDIT_SYSCALL   1300 /* Syscall event */

Definition at line 85 of file audit.h.

#define AUDIT_SYSCALL_CLASSES   16

Definition at line 168 of file audit.h.

#define AUDIT_TRIM   1014 /* Trim junk from watched tree */

Definition at line 68 of file audit.h.

#define AUDIT_TTY   1319 /* Input on an administrative TTY */

Definition at line 102 of file audit.h.

#define AUDIT_TTY_GET   1016 /* Get TTY auditing status */

Definition at line 70 of file audit.h.

#define AUDIT_TTY_SET   1017 /* Set TTY auditing status */

Definition at line 71 of file audit.h.

#define AUDIT_UID   1

Definition at line 226 of file audit.h.

#define AUDIT_UNUSED_BITS   0x07FFFC00

Definition at line 184 of file audit.h.

#define AUDIT_USER   1005 /* Message from userspace -- deprecated */

Definition at line 59 of file audit.h.

#define AUDIT_USER_AVC   1107 /* We filter this differently */

Definition at line 74 of file audit.h.

#define AUDIT_USER_TTY   1124 /* Non-ICANON TTY input meaning */

Definition at line 75 of file audit.h.

#define AUDIT_WATCH   105

Definition at line 257 of file audit.h.

#define AUDIT_WATCH_INS   1007 /* Insert file/dir watch entry */

Definition at line 61 of file audit.h.

#define AUDIT_WATCH_LIST   1009 /* List all file/dir watches */

Definition at line 63 of file audit.h.

#define AUDIT_WATCH_REM   1008 /* Remove file/dir watch entry */

Definition at line 62 of file audit.h.

#define AUDIT_WORD

(

nr

)

((__u32)((nr)/32))

Definition at line 165 of file audit.h.

Enumeration Type Documentation

anonymous enum

Enumerator:

Audit_equal
Audit_not_equal
Audit_bitmask
Audit_bittest
Audit_lt
Audit_gt
Audit_le
Audit_ge
Audit_bad

Definition at line 299 of file audit.h.