1<?xml version="1.0"?> 2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3<!-- 4 Copyright 2009 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 NOTE: This service manifest is not editable; its contents will 27 be overwritten by package or patch operations, including 28 operating system upgrade. Make customizations in a different 29 file. 30--> 31 32<service_bundle type='manifest' name='SUNWcsr:auditd'> 33 34<service 35 name='system/auditd' 36 type='service' 37 version='1'> 38 39 <single_instance /> 40 41 <dependency 42 name='usr' 43 type='service' 44 grouping='require_all' 45 restart_on='none'> 46 <service_fmri value='svc:/system/filesystem/local' /> 47 </dependency> 48 49 <dependency 50 name='ns' 51 type='service' 52 grouping='require_all' 53 restart_on='none'> 54 <service_fmri value='svc:/milestone/name-services' /> 55 </dependency> 56 57 <dependency 58 name='syslog' 59 type='service' 60 grouping='optional_all' 61 restart_on='none'> 62 <service_fmri value='svc:/system/system-log' /> 63 </dependency> 64 65 66 <dependent 67 name='multi-user' 68 grouping='optional_all' 69 restart_on='none'> 70 <service_fmri value='svc:/milestone/multi-user'/> 71 </dependent> 72 73 <dependent 74 name='console-login' 75 grouping='optional_all' 76 restart_on='none'> 77 <service_fmri value='svc:/system/console-login'/> 78 </dependent> 79 80 81 <exec_method 82 type='method' 83 name='start' 84 exec='/lib/svc/method/svc-auditd' 85 timeout_seconds='15'> 86 <method_context> 87 <method_credential user='root' group='root' /> 88 </method_context> 89 </exec_method> 90 91 <exec_method 92 type='method' 93 name='refresh' 94 exec='/lib/svc/method/svc-auditd' 95 timeout_seconds='30'> 96 <method_context> 97 <method_credential user='root' group='root' /> 98 </method_context> 99 </exec_method> 100 101 <!-- 102 auditd waits for c2audit to quiet down after catching a -TERM 103 before exiting; auditd's timeout is 20 seconds 104 --> 105 106 <exec_method 107 type='method' 108 name='stop' 109 exec=':kill -TERM' 110 timeout_seconds='30'> 111 <method_context> 112 <method_credential user='root' group='root' /> 113 </method_context> 114 </exec_method> 115 116 <!-- SIGs HUP, TERM, and USR1 are all expected by auditd --> 117 <property_group name='startd' type='framework'> 118 <propval name='ignore_error' type='astring' 119 value='core,signal' /> 120 </property_group> 121 122 <property_group name='general' type='framework'> 123 <!-- to start/stop auditd --> 124 <propval name='action_authorization' type='astring' 125 value='solaris.audit.config' /> 126 <propval name='value_authorization' type='astring' 127 value='solaris.audit.config' /> 128 </property_group> 129 130 131 <instance name='default' enabled='false'> 132 133 <!-- 134 Audit Queue Control Properties - see auditconfig(1M) 135 136 Note, that the default value for all the queue control 137 configuration parameters is 0, which makes auditd(1M) to 138 use current active system parameters. 139 --> 140 <property_group name='queuectrl' type='application' > 141 <propval name='qbufsz' type='count' 142 value='0' /> 143 <propval name='qdelay' type='count' 144 value='0' /> 145 <propval name='qhiwater' type='count' 146 value='0' /> 147 <propval name='qlowater' type='count' 148 value='0' /> 149 <propval name='read_authorization' type='astring' 150 value='solaris.audit.config' /> 151 </property_group> 152 153 <!-- 154 Audit Policies - see auditconfig(1M) 155 156 Note, that "all" and "none" policies available as a 157 auditconfig(1M) policy flags actually means a full/empty set 158 of other policy flags. Thus they are not configurable in the 159 auditd service manifest, but set all the policies to true 160 (all) or false (none). 161 --> 162 <property_group name='policy' type='application' > 163 <propval name='ahlt' type='boolean' 164 value='false' /> 165 <propval name='arge' type='boolean' 166 value='false' /> 167 <propval name='argv' type='boolean' 168 value='false' /> 169 <propval name='cnt' type='boolean' 170 value='true' /> 171 <propval name='group' type='boolean' 172 value='false' /> 173 <propval name='path' type='boolean' 174 value='false' /> 175 <propval name='perzone' type='boolean' 176 value='false' /> 177 <propval name='public' type='boolean' 178 value='false' /> 179 <propval name='seq' type='boolean' 180 value='false' /> 181 <propval name='trail' type='boolean' 182 value='false' /> 183 <propval name='windata_down' type='boolean' 184 value='false' /> 185 <propval name='windata_up' type='boolean' 186 value='false' /> 187 <propval name='zonename' type='boolean' 188 value='false' /> 189 <propval name='read_authorization' type='astring' 190 value='solaris.audit.config' /> 191 </property_group> 192 193 </instance> 194 195 <stability value='Evolving' /> 196 197 198 <template> 199 <common_name> 200 <loctext xml:lang='C'> 201 Solaris audit daemon 202 </loctext> 203 </common_name> 204 <documentation> 205 <manpage title='auditd' 206 section='1M' 207 manpath='/usr/share/man'/> 208 <manpage title='audit' 209 section='1M' 210 manpath='/usr/share/man'/> 211 <manpage title='auditconfig' 212 section='1M' 213 manpath='/usr/share/man'/> 214 </documentation> 215 </template> 216 217</service> 218 219</service_bundle> 220