1 <?xml version=
"1.0" encoding=
"UTF-8" ?>
4 Copyright 2007 Sun Microsystems, Inc. All rights reserved.
5 Use is subject to license terms.
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
26 ident "%Z%%M% %I% %E% SMI"
30 <!--Entity Definitions-->
32 <!-- timeattr or iso8601
35 the time/date to the second in strftime(3C) default format,
36 followed by milliseconds offset.
38 Example: time="Mon May 06 12:10:18 2002" msec="750"
41 ISO 8601 standard format date time and timezone;
42 YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
43 milliseconds + or - offset from Universal Time (UTC, aka GMT)
45 Example: iso8601="2003-09-17 16:47:41.831 -07:00"
48 <!ENTITY % timeattr
"time CDATA #IMPLIED
51 <!ENTITY % iso8601
"iso8601 CDATA #IMPLIED">
53 <!-- xinfo Generic info for X related tokens. -->
54 <!ENTITY % xinfo
"xid CDATA #REQUIRED
55 xcreator-uid CDATA #REQUIRED">
59 This represents the set of "reserved" tokens whose placement is
63 <!ENTITY % reserved_toks
"(
73 This represents the set of all tokens other than the "reserved"
77 <!ENTITY % normaltoks
"(
105 use_of_authorization |
121 <!--Element Definitions-->
125 The main element, "audit", consists of a sequence of file & record tokens.
128 <!ELEMENT audit (file | record)*
>
131 <!ELEMENT file (#PCDATA)
>
132 <!ATTLIST file %iso8601;
>
137 Audit records will have this general layout of tokens after the
138 first token (which is the record token):
139 (tokens),subject,group,(tokens),return,sequence,host
141 (all tokens after the record token are optional; the host token is unused.)
151 version CDATA #REQUIRED
152 event CDATA #REQUIRED
153 modifier CDATA #IMPLIED
159 <!ELEMENT text (#PCDATA)
>
162 <!ELEMENT path (#PCDATA)
>
164 <!-- path_attr token -->
165 <!ELEMENT path_attr (xattr*)
>
166 <!ELEMENT xattr (#PCDATA)
>
169 <!ELEMENT host (#PCDATA)
>
171 <!-- subject token -->
172 <!ELEMENT subject EMPTY
>
174 audit-uid CDATA #REQUIRED
184 <!-- process token -->
185 <!ELEMENT process EMPTY
>
187 audit-uid CDATA #REQUIRED
197 <!-- return token -->
198 <!ELEMENT return EMPTY
>
200 errval CDATA #REQUIRED
201 retval CDATA #REQUIRED
205 <!ELEMENT exit EMPTY
>
207 errval CDATA #REQUIRED
208 retval CDATA #REQUIRED
211 <!-- sequence token -->
212 <!ELEMENT sequence EMPTY
>
214 seq-num CDATA #REQUIRED
218 <!ELEMENT fmri (#PCDATA)
>
221 <!ELEMENT group (gid)*
>
222 <!ELEMENT gid (#PCDATA)
>
224 <!-- opaque token -->
225 <!ELEMENT opaque (#PCDATA)
>
227 <!-- liaison token -->
228 <!-- (NOTE: liaison is obsolete and is no longer generated -->
229 <!ELEMENT liaison (#PCDATA)
>
231 <!-- argument token -->
232 <!ELEMENT argument EMPTY
>
234 arg-num CDATA #REQUIRED
235 value CDATA #REQUIRED
239 <!-- attribute token -->
240 <!ELEMENT attribute EMPTY
>
246 nodeid CDATA #REQUIRED
247 device CDATA #REQUIRED
251 <!ELEMENT cmd (argv*, arge*)
>
252 <!ELEMENT argv (#PCDATA)
>
253 <!ELEMENT arge (#PCDATA)
>
255 <!-- exec_args token -->
256 <!ELEMENT exec_args (arg*)
>
257 <!ELEMENT arg (#PCDATA)
>
259 <!-- exec_env token -->
260 <!ELEMENT exec_env (env*)
>
261 <!ELEMENT env (#PCDATA)
>
263 <!-- arbitrary token -->
264 <!ELEMENT arbitrary (#PCDATA)
>
266 print CDATA #REQUIRED
268 count CDATA #REQUIRED
271 <!-- privilege token -->
272 <!ELEMENT privilege (#PCDATA)
>
274 set-type CDATA #REQUIRED
277 <!-- use_of_privilege token -->
278 <!ELEMENT use_of_privilege (#PCDATA)
>
279 <!ATTLIST use_of_privilege
280 result CDATA #REQUIRED
283 <!-- sensitivity_label token -->
284 <!ELEMENT sensitivity_label (#PCDATA)
>
286 <!-- use_of_authorization token -->
287 <!ELEMENT use_of_authorization (#PCDATA)
>
292 ipc-type CDATA #REQUIRED
293 ipc-id CDATA #REQUIRED
296 <!-- IPC_perm token -->
297 <!ELEMENT IPC_perm EMPTY
>
301 creator-uid CDATA #REQUIRED
302 creator-gid CDATA #REQUIRED
308 <!-- ip_address token -->
309 <!ELEMENT ip_address (#PCDATA)
>
311 <!-- ip_port token -->
312 <!-- (NOTE: ip_port is obsolete and is no longer generated -->
313 <!ELEMENT ip_port (#PCDATA)
>
316 <!-- (NOTE: ip is obsolete and is no longer generated -->
319 version CDATA #REQUIRED
320 service_type CDATA #REQUIRED
323 offset CDATA #REQUIRED
324 time_to_live CDATA #REQUIRED
325 protocol CDATA #REQUIRED
326 cksum CDATA #REQUIRED
327 src_addr CDATA #REQUIRED
328 dest_addr CDATA #REQUIRED
331 <!-- old_socket token -->
332 <!ELEMENT old_socket EMPTY
>
339 <!-- socket token -->
340 <!ELEMENT socket EMPTY
>
342 sock_domain CDATA #REQUIRED
343 sock_type CDATA #REQUIRED
344 lport CDATA #REQUIRED
345 laddr CDATA #REQUIRED
346 fport CDATA #REQUIRED
347 faddr CDATA #REQUIRED
358 access_mask CDATA #IMPLIED
362 <!-- future intent: contain one of ipadr | MTUadr | device -->
363 <!ELEMENT tid (ipadr*)
>
368 <!-- ipadr content of tid token -->
369 <!ELEMENT ipadr EMPTY
>
371 local-port CDATA #REQUIRED
372 remote-port CDATA #REQUIRED
376 <!-- X_atom token -->
377 <!ELEMENT X_atom (#PCDATA)
>
379 <!-- X_color_map token -->
380 <!ELEMENT X_color_map EMPTY
>
381 <!ATTLIST X_color_map %xinfo;
>
383 <!-- X_cursor token -->
384 <!ELEMENT X_cursor EMPTY
>
385 <!ATTLIST X_cursor %xinfo;
>
387 <!-- X_font token -->
388 <!ELEMENT X_font EMPTY
>
389 <!ATTLIST X_font %xinfo;
>
391 <!-- X_graphic_context token -->
392 <!ELEMENT X_graphic_context EMPTY
>
393 <!ATTLIST X_graphic_context %xinfo;
>
395 <!-- X_pixmap token -->
396 <!ELEMENT X_pixmap EMPTY
>
397 <!ATTLIST X_pixmap %xinfo;
>
399 <!-- X_window token -->
400 <!ELEMENT X_window EMPTY
>
401 <!ATTLIST X_window %xinfo;
>
403 <!-- X_property token -->
404 <!ELEMENT X_property (#PCDATA)
>
405 <!ATTLIST X_property %xinfo;
>
407 <!-- X_client token -->
408 <!ELEMENT X_client (#PCDATA)
>
410 <!-- X_selection token -->
411 <!ELEMENT X_selection (xsel_text, xsel_type, xsel_data)
>
412 <!ELEMENT x_sel_text (#PCDATA)
>
413 <!ELEMENT x_sel_type (#PCDATA)
>
414 <!ELEMENT x_sel_data (#PCDATA)
>
416 <!-- zonename token -->
417 <!ELEMENT zone EMPTY
>