Print this page 
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>


   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.


  24  */
  25 
  26 /*
  27  * Solaris Audit Token Table.
  28  */
  29 
  30 #include <locale.h>
  31 
  32 #include <stdio.h>
  33 #include <stdlib.h>
  34 #include <string.h>
  35 #include <bsm/audit.h>
  36 #include <bsm/audit_record.h>
  37 #include <bsm/libbsm.h>
  38 
  39 #include "praudit.h"
  40 #include "toktable.h"
  41 
  42 token_desc_t tokentable[MAXTAG + 1];
  43 


 180             header64_token, T_EXTENDED);
 181         table_init(AUT_SUBJECT64, "subject", subject64_token, T_ENCLOSED);
 182         table_init(AUT_PROCESS64, "process", process64_token, T_ENCLOSED);
 183         table_init(AUT_OTHER_FILE64, "file", file64_token, T_EXTENDED);
 184 
 185         /*
 186          * Extended network address token types
 187          */
 188 
 189         table_initx(AUT_HEADER64_EX, "header", "record",
 190             header64_ex_token, T_EXTENDED);
 191         table_init(AUT_SUBJECT32_EX, "subject", subject32_ex_token, T_ENCLOSED);
 192         table_init(AUT_PROCESS32_EX, "process", process32_ex_token, T_ENCLOSED);
 193         table_init(AUT_SUBJECT64_EX, "subject", subject64_ex_token, T_ENCLOSED);
 194         table_init(AUT_PROCESS64_EX, "process", process64_ex_token, T_ENCLOSED);
 195         table_initx(AUT_IN_ADDR_EX, "ip address", "ip_address",
 196             ip_addr_ex_token, T_ELEMENT);
 197         table_init(AUT_SOCKET_EX, "socket", socket_ex_token, T_ENCLOSED);
 198         table_init(AUT_TID, "tid", tid_token, T_EXTENDED);
 199 




 200 #ifdef _PRAUDIT
 201         /*
 202          * Done with tokens above here. Now do remaining tags.
 203          */
 204         table_init(TAG_AUID, "audit-uid", pa_pw_uid, T_ATTRIBUTE);
 205         table_init(TAG_UID, "uid", pa_pw_uid, T_ATTRIBUTE);
 206         table_init(TAG_GID, "gid", pa_gr_uid, T_ATTRIBUTE);
 207         table_init(TAG_RUID, "ruid", pa_pw_uid, T_ATTRIBUTE);
 208         table_init(TAG_RGID, "rgid", pa_gr_uid, T_ATTRIBUTE);
 209 
 210         table_init(TAG_PID, "pid", pa_adr_u_int32, T_ATTRIBUTE);
 211         table_init(TAG_SID, "sid", pa_adr_u_int32, T_ATTRIBUTE);
 212 
 213         table_init(TAG_TID32, "tid", pa_tid32, T_ATTRIBUTE);
 214         table_init(TAG_TID64, "tid", pa_tid64, T_ATTRIBUTE);
 215         table_init(TAG_TID32_EX, "tid", pa_tid32_ex, T_ATTRIBUTE);
 216         table_init(TAG_TID64_EX, "tid", pa_tid64_ex, T_ATTRIBUTE);
 217         table_init(TAG_TID_TYPE, "type", NOFUNC, T_ATTRIBUTE);
 218         table_init(TAG_IP, "ipadr", NOFUNC, T_ENCLOSED);
 219         table_init(TAG_IP_LOCAL, "local-port", pa_adr_u_short, T_ATTRIBUTE);


 289         table_init(TAG_SOCKTYPE, "type", pa_adr_shorthex, T_ATTRIBUTE);
 290         table_init(TAG_SOCKPORT, "port", pa_adr_shorthex, T_ATTRIBUTE);
 291         table_init(TAG_SOCKADDR, "addr", NOFUNC, T_ATTRIBUTE);
 292 
 293         table_init(TAG_SOCKEXDOM, "sock_domain", pa_adr_shorthex, T_ATTRIBUTE);
 294         table_init(TAG_SOCKEXTYPE, "sock_type", pa_adr_shorthex, T_ATTRIBUTE);
 295         table_init(TAG_SOCKEXLPORT, "lport", NOFUNC, T_ATTRIBUTE);
 296         table_init(TAG_SOCKEXLADDR, "laddr", NOFUNC, T_ATTRIBUTE);
 297         table_init(TAG_SOCKEXFPORT, "fport", NOFUNC, T_ATTRIBUTE);
 298         table_init(TAG_SOCKEXFADDR, "faddr", NOFUNC, T_ATTRIBUTE);
 299 
 300         table_init(TAG_IPCTYPE, "ipc-type", NOFUNC, T_ATTRIBUTE);
 301         table_init(TAG_IPCID, "ipc-id", pa_adr_int32, T_ATTRIBUTE);
 302 
 303         table_init(TAG_ARBPRINT, "print", NOFUNC, T_ATTRIBUTE);
 304         table_init(TAG_ARBTYPE, "type", NOFUNC, T_ATTRIBUTE);
 305         table_init(TAG_ARBCOUNT, "count", NOFUNC, T_ATTRIBUTE);
 306 
 307         table_init(TAG_HOSTID, "host", NOFUNC, T_ATTRIBUTE);
 308         table_init(TAG_USERNAME, "username", pa_adr_string, T_ATTRIBUTE);


 309 #endif  /* _PRAUDIT */
 310 }



   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  *
  25  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  26  */
  27 
  28 /*
  29  * Solaris Audit Token Table.
  30  */
  31 
  32 #include <locale.h>
  33 
  34 #include <stdio.h>
  35 #include <stdlib.h>
  36 #include <string.h>
  37 #include <bsm/audit.h>
  38 #include <bsm/audit_record.h>
  39 #include <bsm/libbsm.h>
  40 
  41 #include "praudit.h"
  42 #include "toktable.h"
  43 
  44 token_desc_t tokentable[MAXTAG + 1];
  45 


 182             header64_token, T_EXTENDED);
 183         table_init(AUT_SUBJECT64, "subject", subject64_token, T_ENCLOSED);
 184         table_init(AUT_PROCESS64, "process", process64_token, T_ENCLOSED);
 185         table_init(AUT_OTHER_FILE64, "file", file64_token, T_EXTENDED);
 186 
 187         /*
 188          * Extended network address token types
 189          */
 190 
 191         table_initx(AUT_HEADER64_EX, "header", "record",
 192             header64_ex_token, T_EXTENDED);
 193         table_init(AUT_SUBJECT32_EX, "subject", subject32_ex_token, T_ENCLOSED);
 194         table_init(AUT_PROCESS32_EX, "process", process32_ex_token, T_ENCLOSED);
 195         table_init(AUT_SUBJECT64_EX, "subject", subject64_ex_token, T_ENCLOSED);
 196         table_init(AUT_PROCESS64_EX, "process", process64_ex_token, T_ENCLOSED);
 197         table_initx(AUT_IN_ADDR_EX, "ip address", "ip_address",
 198             ip_addr_ex_token, T_ELEMENT);
 199         table_init(AUT_SOCKET_EX, "socket", socket_ex_token, T_ENCLOSED);
 200         table_init(AUT_TID, "tid", tid_token, T_EXTENDED);
 201 
 202         table_init(AUT_ACCESS_MASK, "access mask", access_mask_token,
 203             T_ELEMENT);
 204         table_init(AUT_WSID, "Windows SID", wsid_token, T_ELEMENT);
 205 
 206 #ifdef _PRAUDIT
 207         /*
 208          * Done with tokens above here. Now do remaining tags.
 209          */
 210         table_init(TAG_AUID, "audit-uid", pa_pw_uid, T_ATTRIBUTE);
 211         table_init(TAG_UID, "uid", pa_pw_uid, T_ATTRIBUTE);
 212         table_init(TAG_GID, "gid", pa_gr_uid, T_ATTRIBUTE);
 213         table_init(TAG_RUID, "ruid", pa_pw_uid, T_ATTRIBUTE);
 214         table_init(TAG_RGID, "rgid", pa_gr_uid, T_ATTRIBUTE);
 215 
 216         table_init(TAG_PID, "pid", pa_adr_u_int32, T_ATTRIBUTE);
 217         table_init(TAG_SID, "sid", pa_adr_u_int32, T_ATTRIBUTE);
 218 
 219         table_init(TAG_TID32, "tid", pa_tid32, T_ATTRIBUTE);
 220         table_init(TAG_TID64, "tid", pa_tid64, T_ATTRIBUTE);
 221         table_init(TAG_TID32_EX, "tid", pa_tid32_ex, T_ATTRIBUTE);
 222         table_init(TAG_TID64_EX, "tid", pa_tid64_ex, T_ATTRIBUTE);
 223         table_init(TAG_TID_TYPE, "type", NOFUNC, T_ATTRIBUTE);
 224         table_init(TAG_IP, "ipadr", NOFUNC, T_ENCLOSED);
 225         table_init(TAG_IP_LOCAL, "local-port", pa_adr_u_short, T_ATTRIBUTE);


 295         table_init(TAG_SOCKTYPE, "type", pa_adr_shorthex, T_ATTRIBUTE);
 296         table_init(TAG_SOCKPORT, "port", pa_adr_shorthex, T_ATTRIBUTE);
 297         table_init(TAG_SOCKADDR, "addr", NOFUNC, T_ATTRIBUTE);
 298 
 299         table_init(TAG_SOCKEXDOM, "sock_domain", pa_adr_shorthex, T_ATTRIBUTE);
 300         table_init(TAG_SOCKEXTYPE, "sock_type", pa_adr_shorthex, T_ATTRIBUTE);
 301         table_init(TAG_SOCKEXLPORT, "lport", NOFUNC, T_ATTRIBUTE);
 302         table_init(TAG_SOCKEXLADDR, "laddr", NOFUNC, T_ATTRIBUTE);
 303         table_init(TAG_SOCKEXFPORT, "fport", NOFUNC, T_ATTRIBUTE);
 304         table_init(TAG_SOCKEXFADDR, "faddr", NOFUNC, T_ATTRIBUTE);
 305 
 306         table_init(TAG_IPCTYPE, "ipc-type", NOFUNC, T_ATTRIBUTE);
 307         table_init(TAG_IPCID, "ipc-id", pa_adr_int32, T_ATTRIBUTE);
 308 
 309         table_init(TAG_ARBPRINT, "print", NOFUNC, T_ATTRIBUTE);
 310         table_init(TAG_ARBTYPE, "type", NOFUNC, T_ATTRIBUTE);
 311         table_init(TAG_ARBCOUNT, "count", NOFUNC, T_ATTRIBUTE);
 312 
 313         table_init(TAG_HOSTID, "host", NOFUNC, T_ATTRIBUTE);
 314         table_init(TAG_USERNAME, "username", pa_adr_string, T_ATTRIBUTE);
 315         table_init(TAG_WSID, "wsid", NOFUNC, T_ATTRIBUTE);
 316 
 317 #endif  /* _PRAUDIT */
 318 }