big-one Sdiff usr/src/cmd/auditrecord/audit_record

Print this page

NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>

   1 # audit_record_attr.txt
   2 # Two "#" are comments that are copied to audit_record_attr
   3 # other comments are removed.
   4 ##
   5 ## Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.

   6 ##
   7 ## CDDL HEADER START
   8 ##
   9 ## The contents of this file are subject to the terms of the
  10 ## Common Development and Distribution License (the "License").
  11 ## You may not use this file except in compliance with the License.
  12 ##
  13 ## You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  14 ## or http://www.opensolaris.org/os/licensing.
  15 ## See the License for the specific language governing permissions
  16 ## and limitations under the License.
  17 ##
  18 ## When distributing Covered Code, include this CDDL HEADER in each
  19 ## file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  20 ## If applicable, add the following below this CDDL HEADER, with the
  21 ## fields enclosed by brackets "[]" replaced with your own identifying
  22 ## information: Portions Copyright [yyyy] [name of copyright owner]
  23 ##
  24 ## CDDL HEADER END
  25 ##

1467     comment=3, flags, "flags"
1468 
1469 label=AUE_RENAME
1470   format=path1:[attr]1:[path]2
1471   comment=from name:
1472   comment=to name
1473 
1474 label=AUE_RENAMEAT
1475 # obsolete
1476   format=path1:[attr]1:[path]2
1477   comment=from name:
1478   comment=to name
1479 
1480 label=AUE_RFSSYS
1481   skip=Not used.
1482 # apparently replaced
1483 
1484 label=AUE_RMDIR
1485   format=path:[attr]
1486 








1487 label=AUE_SEMCTL
1488   format=arg1:[ipc]:[ipc_perm]
1489     comment=1, semaphore ID, "sem ID"
1490   note=ipc_perm
1491 # ipc, ipc_perm token: semctl -> ipc_lookup -> audit_ipc
1492 
1493 label=AUE_SEMCTL_GETALL
1494   format=arg1:[ipc]:[ipc_perm]
1495     comment=1, semaphore ID, "sem ID"
1496   note=ipc_perm
1497   syscall=semctl: GETALL
1498 # ipc, ipc_perm token: semctl -> ipc_lookup -> audit_ipc
1499 
1500 label=AUE_SEMCTL_GETNCNT
1501   format=arg1:[ipc]:[ipc_perm]
1502     comment=1, semaphore ID, "sem ID"
1503   note=ipc_perm
1504   syscall=semctl: GETNCNT
1505 # ipc, ipc_perm token: semctl -> ipc_lookup -> audit_ipc
1506

   1 # audit_record_attr.txt
   2 # Two "#" are comments that are copied to audit_record_attr
   3 # other comments are removed.
   4 ##
   5 ## Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
   6 ## Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
   7 ##
   8 ## CDDL HEADER START
   9 ##
  10 ## The contents of this file are subject to the terms of the
  11 ## Common Development and Distribution License (the "License").
  12 ## You may not use this file except in compliance with the License.
  13 ##
  14 ## You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  15 ## or http://www.opensolaris.org/os/licensing.
  16 ## See the License for the specific language governing permissions
  17 ## and limitations under the License.
  18 ##
  19 ## When distributing Covered Code, include this CDDL HEADER in each
  20 ## file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  21 ## If applicable, add the following below this CDDL HEADER, with the
  22 ## fields enclosed by brackets "[]" replaced with your own identifying
  23 ## information: Portions Copyright [yyyy] [name of copyright owner]
  24 ##
  25 ## CDDL HEADER END
  26 ##

1468     comment=3, flags, "flags"
1469 
1470 label=AUE_RENAME
1471   format=path1:[attr]1:[path]2
1472   comment=from name:
1473   comment=to name
1474 
1475 label=AUE_RENAMEAT
1476 # obsolete
1477   format=path1:[attr]1:[path]2
1478   comment=from name:
1479   comment=to name
1480 
1481 label=AUE_RFSSYS
1482   skip=Not used.
1483 # apparently replaced
1484 
1485 label=AUE_RMDIR
1486   format=path:[attr]
1487 
1488 label=AUE_SACL
1489   title=File Access Audit
1490   syscall=none
1491   see=none
1492   format=head:path:arg1:[text]2:subj
1493     comment="access_mask":
1494     comment="Windows SID"
1495 
1496 label=AUE_SEMCTL
1497   format=arg1:[ipc]:[ipc_perm]
1498     comment=1, semaphore ID, "sem ID"
1499   note=ipc_perm
1500 # ipc, ipc_perm token: semctl -> ipc_lookup -> audit_ipc
1501 
1502 label=AUE_SEMCTL_GETALL
1503   format=arg1:[ipc]:[ipc_perm]
1504     comment=1, semaphore ID, "sem ID"
1505   note=ipc_perm
1506   syscall=semctl: GETALL
1507 # ipc, ipc_perm token: semctl -> ipc_lookup -> audit_ipc
1508 
1509 label=AUE_SEMCTL_GETNCNT
1510   format=arg1:[ipc]:[ipc_perm]
1511     comment=1, semaphore ID, "sem ID"
1512   note=ipc_perm
1513   syscall=semctl: GETNCNT
1514 # ipc, ipc_perm token: semctl -> ipc_lookup -> audit_ipc
1515