source: branches/samhain_3_1/include/sh_cat.h@ 584

Last change on this file since 584 was 294, checked in by katerina, 14 years ago

Tikets #213 and #214 (Use auditd to determine who changed a file, Windows registry check).

File size: 5.8 KB
Line 
1
2#ifndef SH_CAT_H
3#define SH_CAT_H
4
5typedef struct foo_cat_entry {
6 unsigned long id;
7 unsigned long priority;
8 unsigned long class;
9 const char * format;
10} cat_entry;
11
12extern cat_entry msg_cat[];
13
14extern const char * class_cat[];
15
16#define AUD 0
17#define PANIC 1
18#define RUN 2
19#define FIL 3
20#define TCP 4
21#define ERR 5
22#define STAMP 6
23#define ENET 7
24#define EINPUT 8
25#define EVENT 9
26#define START 10
27#define LOGKEY 11
28#define OTHER_CLA ((1 << RUN)|(1 << FIL)|(1 << TCP))
29#define RUN_NEW ((1 << RUN)|(1 << EVENT)|(1 << START)|(1 << LOGKEY))
30#define FIL_NEW ((1 << FIL)|(1 << EVENT))
31#define ERROR_CLA ((1 << ERR)|(1 << PANIC)|(1 << ENET)|(1 << EINPUT))
32
33#define SH_CLA_RAW_MAX 12
34#define SH_CLA_MAX 16
35
36
37#if 0
38enum {
39 SH_CLA_AUD = (1 << 0),
40 SH_CLA_PANIC = (1 << 1),
41 SH_CLA_RUN = (1 << 2),
42 SH_CLA_FIL = (1 << 3),
43 SH_CLA_TCP = (1 << 4),
44 SH_CLA_ERR = (1 << 5),
45 SH_CLA_STAMP = (1 << 6),
46 SH_CLA_ENET = (1 << 7),
47 SH_CLA_EINPUT = (1 << 8)
48};
49#endif
50
51enum {
52 MSG_EXIT_ABORTS,
53 MSG_START_SRV,
54
55 MSG_EXIT_ABORT1,
56 MSG_EXIT_NORMAL,
57 MSG_START_KEY_MAIL,
58 MSG_START_KEY,
59 MSG_START_0H,
60 MSG_START_1H,
61 MSG_START_2H,
62 MSG_START_GH,
63 MSG_START_GH2,
64 MSG_SUSPEND,
65
66 MSG_MLOCK,
67 MSG_W_SIG,
68 MSG_W_CHDIR,
69
70 MSG_MOD_FAIL,
71 MSG_MOD_OK,
72 MSG_MOD_EXEC,
73
74 MSG_RECONF,
75 MSG_CHECK_0,
76 MSG_CHECK_1,
77 MSG_STAMP,
78
79 MSG_D_START,
80 MSG_D_DSTART,
81 MSG_D_FAIL,
82
83
84#ifndef HAVE_URANDOM
85 MSG_ENSTART,
86 MSG_ENEXEC,
87 MSG_ENFAIL,
88 MSG_ENTOUT,
89 MSG_ENCLOS,
90 MSG_ENCLOS1,
91 MSG_ENREAD,
92#endif
93
94#ifdef SH_USE_SUIDCHK
95 MSG_SUID_POLICY,
96 MSG_SUID_FOUND,
97 MSG_SUID_SUMMARY,
98 MSG_SUID_QREPORT,
99 MSG_SUID_ERROR,
100#endif
101
102#ifdef SH_USE_KERN
103 /* FreeBSD */
104 MSG_KERN_POLICY,
105 MSG_KERN_POL_CO,
106
107 /* Linux */
108 MSG_KERN_SYSCALL,
109 MSG_KERN_PROC,
110 MSG_KERN_IDT,
111 MSG_KERN_GATE,
112#endif
113
114#ifdef SH_USE_UTMP
115 MSG_UT_CHECK,
116
117 MSG_UT_LG1X,
118 MSG_UT_LG2X,
119 MSG_UT_LG3X,
120
121 MSG_UT_LG1A,
122 MSG_UT_LG1B,
123
124 MSG_UT_LG2A,
125 MSG_UT_LG2B,
126
127 MSG_UT_LG3A,
128 MSG_UT_LG3B,
129 MSG_UT_LG3C,
130 MSG_UT_ROT,
131
132 MSG_UT_BAD,
133 MSG_UT_FIRST,
134 MSG_UT_OUTLIER,
135#endif
136
137#ifdef SH_USE_PROCESSCHECK
138 MSG_PCK_CHECK,
139 MSG_PCK_OK,
140 MSG_PCK_P_HIDDEN,
141 MSG_PCK_HIDDEN,
142 MSG_PCK_FAKE,
143 MSG_PCK_MISS,
144#endif
145
146#ifdef SH_USE_PORTCHECK
147 MSG_PORT_MISS,
148 MSG_PORT_NEW,
149 MSG_PORT_RESTART,
150 MSG_PORT_NEWPORT,
151#endif
152
153#ifdef SH_USE_MOUNTS
154 MSG_MNT_CHECK,
155 MSG_MNT_MEMLIST,
156 MSG_MNT_MNTMISS,
157 MSG_MNT_OPTMISS,
158#endif
159
160#ifdef SH_USE_USERFILES
161 MSG_USERFILES_SUMMARY,
162#endif
163
164#ifdef USE_LOGFILE_MONITOR
165 MSG_LOGMON_CHKS,
166 MSG_LOGMON_CHKE,
167 MSG_LOGMON_MISS,
168 MSG_LOGMON_EOPEN,
169 MSG_LOGMON_EREAD,
170 MSG_LOGMON_REP,
171 MSG_LOGMON_SUM,
172 MSG_LOGMON_COR,
173 MSG_LOGMON_MARK,
174 MSG_LOGMON_BURST,
175#endif
176
177#ifdef USE_REGISTRY_CHECK
178 MSG_REG_MISS,
179 MSG_REG_NEW,
180 MSG_REG_CHANGE,
181#endif
182
183#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)
184
185 MSG_FI_TOOLATE,
186 MSG_FI_CSUM,
187 MSG_FI_DSUM,
188 MSG_FI_CHK,
189 MSG_FI_NULL,
190 MSG_FI_FAIL,
191 MSG_FI_GLOB,
192 MSG_FI_COLL,
193 MSG_FI_DOUBLE,
194 MSG_FI_2LONG,
195 MSG_FI_2LONG2,
196 MSG_FI_NOPATH,
197 MSG_FI_DLNK,
198 MSG_FI_RDLNK,
199 MSG_FI_NOGRP,
200 MSG_FI_NOUSR,
201 MSG_FI_STAT,
202 MSG_FI_OBSC,
203 MSG_FI_OBSC2,
204 MSG_FI_LIST,
205 MSG_FI_LLNK,
206 MSG_FI_MISS,
207 /* #ifdef SH_USE_XML */
208 MSG_FI_MISS2,
209 MSG_FI_ADD2,
210 /* #endif */
211 MSG_FI_ADD,
212 MSG_FI_CHAN,
213 MSG_FI_NODIR,
214 MSG_FI_DBEX,
215#endif
216
217 MSG_TCP_NETRP,
218
219#ifndef SH_STANDALONE
220#ifdef INET_SYSLOG
221 MSG_INET_SYSLOG,
222 MSG_ERR_SYSLOG,
223#endif
224
225 MSG_TCP_MISMATCH,
226 MSG_TCP_MISENC,
227 MSG_TCP_NONAME,
228 MSG_TCP_UNEXP,
229 MSG_TCP_EFIL,
230 MSG_TCP_NOCONF,
231 MSG_TCP_NOAUTH,
232 MSG_TCP_CONF,
233 MSG_TCP_AUTH,
234 MSG_TCP_FOK,
235 MSG_TCP_FBAD,
236 MSG_TCP_ECONN,
237 MSG_TCP_EZERO,
238 MSG_TCP_EBGN,
239
240 MSG_TCP_CREG,
241 MSG_TCP_FAUTH,
242 MSG_TCP_TIMOUT,
243
244 MSG_TCP_RESCLT,
245 MSG_TCP_RESPEER,
246 MSG_TCP_LOOKERS,
247 MSG_TCP_LOOKUP,
248
249 MSG_TCP_TIMEXC,
250 MSG_TCP_NOCLT,
251 MSG_TCP_BADCONN,
252 MSG_TCP_FFILE ,
253 MSG_TCP_NFILE ,
254 MSG_TCP_FINV ,
255 MSG_TCP_OKFILE,
256 MSG_TCP_OKMSG,
257 MSG_TCP_MSG,
258 MSG_TCP_NEW,
259 MSG_TCP_ILL,
260 MSG_TCP_SYNC,
261 MSG_TCP_RESET,
262 MSG_TCP_CNEW,
263 MSG_E_HTML,
264#endif
265
266
267 MSG_E_AUTH,
268 MSG_ACCESS,
269 MSG_TRUST,
270 MSG_NOACCESS,
271 MSG_P_NODATA,
272
273
274#ifndef MEM_DEBUG
275 MSG_E_MNULL,
276 MSG_E_MMEM,
277#else
278 MSG_MSTAMP,
279 MSG_MSTAMP2,
280 MSG_E_MNULL,
281 MSG_E_MMEM,
282 MSG_E_MREC,
283 MSG_E_MOVER,
284 MSG_E_MUNDER,
285 MSG_E_NOTFREE,
286#endif
287
288 MSG_E_TRUST,
289 MSG_E_HASH,
290 MSG_E_ACCESS,
291 MSG_E_READ,
292 MSG_E_NOTREG,
293 MSG_E_TIMEOUT,
294 MSG_NODEV,
295 MSG_LOCKED,
296 MSG_PIDFILE,
297 MSG_NOEXEC,
298 MSG_ES_ENT,
299 MSG_ES_KEY1,
300 MSG_ES_KEY2,
301 MSG_E_GPG,
302 MSG_E_GPG_FP,
303 MSG_E_GPG_CHK,
304 MSG_E_SUBGEN,
305 MSG_E_SUBGPATH,
306 MSG_E_UNLNK,
307 MSG_E_REGEX,
308 MSG_E_OPENDIR,
309 MSG_E_TRUST1,
310 MSG_E_TRUST2,
311 MSG_E_PWNULL,
312 MSG_E_PWLONG,
313 MSG_E_GRNULL,
314
315 MSG_E_NET,
316 MSG_E_NETST,
317 MSG_E_NETST1,
318 MSG_E_NLOST,
319 MSG_E_NEST,
320
321 MSG_EINVALHEAD,
322 MSG_EINVALCONF,
323 MSG_EINVALS,
324 MSG_EINVALL,
325 MSG_EINVALD,
326 MSG_EINVALDD,
327
328 MSG_SRV_FAIL,
329 MSG_QUEUE_FULL,
330
331 MSG_AUD_OPEN,
332 MSG_AUD_DUP,
333 MSG_AUD_PIPE,
334 MSG_AUD_FORK,
335 MSG_AUD_EXIT,
336 MSG_AUD_SETUID,
337 MSG_AUD_SETGID,
338 MSG_AUD_UTIME,
339 MSG_AUD_EXEC,
340 MSG_AUD_CHDIR,
341 MSG_AUD_UNLINK,
342 MSG_AUD_KILL,
343
344 MSG_ERR_OPEN,
345 MSG_ERR_DUP,
346 MSG_ERR_PIPE,
347 MSG_ERR_FORK,
348 MSG_ERR_SETUID,
349 MSG_ERR_SETGID,
350 MSG_ERR_UTIME,
351 MSG_ERR_EXEC,
352 MSG_ERR_CHDIR,
353 MSG_ERR_UNLINK,
354 MSG_ERR_KILL,
355
356 MSG_ERR_SIGACT,
357 MSG_ERR_CONNECT,
358 MSG_ERR_ACCEPT,
359 MSG_ERR_LSTAT,
360 MSG_ERR_FSTAT,
361 MSG_ERR_STAT,
362 MSG_ERR_FCNTL
363};
364
365#endif
Note: See TracBrowser for help on using the repository browser.