1<?xml version="1.0" encoding="UTF-8" ?> 2 3<!-- 4 Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 ident "%Z%%M% %I% %E% SMI" 27--> 28 29 30<!--Entity Definitions--> 31 32<!-- timeattr or iso8601 33 34timeattr: 35 the time/date to the second in strftime(3C) default format, 36 followed by milliseconds offset. 37 38 Example: time="Mon May 06 12:10:18 2002" msec="750" 39 40iso8601: 41 ISO 8601 standard format date time and timezone; 42 YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with 43 milliseconds + or - offset from Universal Time (UTC, aka GMT) 44 45 Example: iso8601="2003-09-17 16:47:41.831 -07:00" 46 47--> 48<!ENTITY % timeattr "time CDATA #IMPLIED 49 msec CDATA #IMPLIED"> 50 51<!ENTITY % iso8601 "iso8601 CDATA #IMPLIED"> 52 53<!-- xinfo Generic info for X related tokens. --> 54<!ENTITY % xinfo "xid CDATA #REQUIRED 55 xcreator-uid CDATA #REQUIRED"> 56 57<!-- reserved_toks 58 59This represents the set of "reserved" tokens whose placement is 60fixed. 61 62--> 63<!ENTITY % reserved_toks "( 64 file | 65 record | 66 host | 67 sequence 68 ) 69"> 70 71<!-- normaltoks 72 73This represents the set of all tokens other than the "reserved" 74tokens. 75 76--> 77<!ENTITY % normaltoks "( 78 acl | 79 arbitrary | 80 argument | 81 attribute | 82 cmd | 83 exit | 84 exec_args | 85 exec_env | 86 fmri | 87 group | 88 ip | 89 ip_address | 90 IPC | 91 IPC_perm | 92 ip_port | 93 liaison | 94 opaque | 95 path | 96 path_attr | 97 privilege | 98 process | 99 return | 100 sensitivity_label | 101 old_socket | 102 socket | 103 subject | 104 text | 105 use_of_authorization | 106 use_of_privilege | 107 X_atom | 108 X_client | 109 X_color_map | 110 X_cursor | 111 X_font | 112 X_graphic_context | 113 X_pixmap | 114 X_property | 115 X_selection | 116 X_window | 117 zone 118 ) 119"> 120 121<!--Element Definitions--> 122 123<!-- 124 125The main element, "audit", consists of a sequence of file & record tokens. 126 127--> 128<!ELEMENT audit (file | record)*> 129 130<!-- file token --> 131<!ELEMENT file (#PCDATA)> 132<!ATTLIST file %iso8601;> 133 134 135<!-- record token 136 137Audit records will have this general layout of tokens after the 138first token (which is the record token): 139 (tokens),subject,group,(tokens),return,sequence,host 140 141(all tokens after the record token are optional; the host token is unused.) 142 143--> 144<!ELEMENT record ( 145 (%normaltoks;)*, 146 sequence?, 147 host? 148 ) 149> 150<!ATTLIST record 151 version CDATA #REQUIRED 152 event CDATA #REQUIRED 153 modifier CDATA #IMPLIED 154 host CDATA #IMPLIED 155 %iso8601; 156> 157 158<!-- text token --> 159<!ELEMENT text (#PCDATA)> 160 161<!-- path token --> 162<!ELEMENT path (#PCDATA)> 163 164<!-- path_attr token --> 165<!ELEMENT path_attr (xattr*)> 166<!ELEMENT xattr (#PCDATA)> 167 168<!-- host token --> 169<!ELEMENT host (#PCDATA)> 170 171<!-- subject token --> 172<!ELEMENT subject EMPTY> 173<!ATTLIST subject 174 audit-uid CDATA #REQUIRED 175 uid CDATA #REQUIRED 176 gid CDATA #REQUIRED 177 ruid CDATA #REQUIRED 178 rgid CDATA #REQUIRED 179 pid CDATA #REQUIRED 180 sid CDATA #REQUIRED 181 tid CDATA #REQUIRED 182> 183 184<!-- process token --> 185<!ELEMENT process EMPTY> 186<!ATTLIST process 187 audit-uid CDATA #REQUIRED 188 uid CDATA #REQUIRED 189 gid CDATA #REQUIRED 190 ruid CDATA #REQUIRED 191 rgid CDATA #REQUIRED 192 pid CDATA #REQUIRED 193 sid CDATA #REQUIRED 194 tid CDATA #REQUIRED 195> 196 197<!-- return token --> 198<!ELEMENT return EMPTY> 199<!ATTLIST return 200 errval CDATA #REQUIRED 201 retval CDATA #REQUIRED 202> 203 204<!-- exit token --> 205<!ELEMENT exit EMPTY> 206<!ATTLIST exit 207 errval CDATA #REQUIRED 208 retval CDATA #REQUIRED 209> 210 211<!-- sequence token --> 212<!ELEMENT sequence EMPTY> 213<!ATTLIST sequence 214 seq-num CDATA #REQUIRED 215> 216 217<!-- fmri token --> 218<!ELEMENT fmri (#PCDATA)> 219 220<!-- group token --> 221<!ELEMENT group (gid)*> 222<!ELEMENT gid (#PCDATA)> 223 224<!-- opaque token --> 225<!ELEMENT opaque (#PCDATA)> 226 227<!-- liaison token --> 228<!-- (NOTE: liaison is obsolete and is no longer generated --> 229<!ELEMENT liaison (#PCDATA)> 230 231<!-- argument token --> 232<!ELEMENT argument EMPTY> 233<!ATTLIST argument 234 arg-num CDATA #REQUIRED 235 value CDATA #REQUIRED 236 desc CDATA #REQUIRED 237> 238 239<!-- attribute token --> 240<!ELEMENT attribute EMPTY> 241<!ATTLIST attribute 242 mode CDATA #REQUIRED 243 uid CDATA #REQUIRED 244 gid CDATA #REQUIRED 245 fsid CDATA #REQUIRED 246 nodeid CDATA #REQUIRED 247 device CDATA #REQUIRED 248> 249 250<!-- cmd token --> 251<!ELEMENT cmd (argv*, arge*)> 252<!ELEMENT argv (#PCDATA)> 253<!ELEMENT arge (#PCDATA)> 254 255<!-- exec_args token --> 256<!ELEMENT exec_args (arg*)> 257<!ELEMENT arg (#PCDATA)> 258 259<!-- exec_env token --> 260<!ELEMENT exec_env (env*)> 261<!ELEMENT env (#PCDATA)> 262 263<!-- arbitrary token --> 264<!ELEMENT arbitrary (#PCDATA)> 265<!ATTLIST arbitrary 266 print CDATA #REQUIRED 267 type CDATA #REQUIRED 268 count CDATA #REQUIRED 269> 270 271<!-- privilege token --> 272<!ELEMENT privilege (#PCDATA)> 273<!ATTLIST privilege 274 set-type CDATA #REQUIRED 275> 276 277<!-- use_of_privilege token --> 278<!ELEMENT use_of_privilege (#PCDATA)> 279<!ATTLIST use_of_privilege 280 result CDATA #REQUIRED 281> 282 283<!-- sensitivity_label token --> 284<!ELEMENT sensitivity_label (#PCDATA)> 285 286<!-- use_of_authorization token --> 287<!ELEMENT use_of_authorization (#PCDATA)> 288 289<!-- IPC token --> 290<!ELEMENT IPC EMPTY> 291<!ATTLIST IPC 292 ipc-type CDATA #REQUIRED 293 ipc-id CDATA #REQUIRED 294> 295 296<!-- IPC_perm token --> 297<!ELEMENT IPC_perm EMPTY> 298<!ATTLIST IPC_perm 299 uid CDATA #REQUIRED 300 gid CDATA #REQUIRED 301 creator-uid CDATA #REQUIRED 302 creator-gid CDATA #REQUIRED 303 mode CDATA #REQUIRED 304 seq CDATA #REQUIRED 305 key CDATA #REQUIRED 306> 307 308<!-- ip_address token --> 309<!ELEMENT ip_address (#PCDATA)> 310 311<!-- ip_port token --> 312<!-- (NOTE: ip_port is obsolete and is no longer generated --> 313<!ELEMENT ip_port (#PCDATA)> 314 315<!-- ip token --> 316<!-- (NOTE: ip is obsolete and is no longer generated --> 317<!ELEMENT ip EMPTY> 318<!ATTLIST ip 319 version CDATA #REQUIRED 320 service_type CDATA #REQUIRED 321 len CDATA #REQUIRED 322 id CDATA #REQUIRED 323 offset CDATA #REQUIRED 324 time_to_live CDATA #REQUIRED 325 protocol CDATA #REQUIRED 326 cksum CDATA #REQUIRED 327 src_addr CDATA #REQUIRED 328 dest_addr CDATA #REQUIRED 329> 330 331<!-- old_socket token --> 332<!ELEMENT old_socket EMPTY> 333<!ATTLIST old_socket 334 type CDATA #REQUIRED 335 port CDATA #REQUIRED 336 addr CDATA #REQUIRED 337> 338 339<!-- socket token --> 340<!ELEMENT socket EMPTY> 341<!ATTLIST socket 342 sock_domain CDATA #REQUIRED 343 sock_type CDATA #REQUIRED 344 lport CDATA #REQUIRED 345 laddr CDATA #REQUIRED 346 fport CDATA #REQUIRED 347 faddr CDATA #REQUIRED 348> 349 350<!-- acl token --> 351<!ELEMENT acl EMPTY> 352<!ATTLIST acl 353 type CDATA #IMPLIED 354 value CDATA #IMPLIED 355 mode CDATA #IMPLIED 356 flags CDATA #IMPLIED 357 id CDATA #IMPLIED 358 access_mask CDATA #IMPLIED 359> 360 361<!-- tid token --> 362<!-- future intent: contain one of ipadr | MTUadr | device --> 363<!ELEMENT tid (ipadr*)> 364<!ATTLIST tid 365 type CDATA #REQUIRED 366> 367 368<!-- ipadr content of tid token --> 369<!ELEMENT ipadr EMPTY> 370<!ATTLIST ipadr 371 local-port CDATA #REQUIRED 372 remote-port CDATA #REQUIRED 373 host CDATA #REQUIRED 374> 375 376<!-- X_atom token --> 377<!ELEMENT X_atom (#PCDATA)> 378 379<!-- X_color_map token --> 380<!ELEMENT X_color_map EMPTY> 381<!ATTLIST X_color_map %xinfo;> 382 383<!-- X_cursor token --> 384<!ELEMENT X_cursor EMPTY> 385<!ATTLIST X_cursor %xinfo;> 386 387<!-- X_font token --> 388<!ELEMENT X_font EMPTY> 389<!ATTLIST X_font %xinfo;> 390 391<!-- X_graphic_context token --> 392<!ELEMENT X_graphic_context EMPTY> 393<!ATTLIST X_graphic_context %xinfo;> 394 395<!-- X_pixmap token --> 396<!ELEMENT X_pixmap EMPTY> 397<!ATTLIST X_pixmap %xinfo;> 398 399<!-- X_window token --> 400<!ELEMENT X_window EMPTY> 401<!ATTLIST X_window %xinfo;> 402 403<!-- X_property token --> 404<!ELEMENT X_property (#PCDATA)> 405<!ATTLIST X_property %xinfo;> 406 407<!-- X_client token --> 408<!ELEMENT X_client (#PCDATA)> 409 410<!-- X_selection token --> 411<!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)> 412<!ELEMENT x_sel_text (#PCDATA)> 413<!ELEMENT x_sel_type (#PCDATA)> 414<!ELEMENT x_sel_data (#PCDATA)> 415 416<!-- zonename token --> 417<!ELEMENT zone EMPTY> 418<!ATTLIST zone 419 name CDATA #REQUIRED 420> 421