diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:37:14 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:37:14 +1100 |
commit | b15931ae5b24c00888e1db6c4d456b1bb4e434da (patch) | |
tree | af37557e34b71efd1d9bea5688ad8ac16d12e77c /audit.h | |
parent | 269a1ea1c80a855d1eb74fccba6dd5c75947c5d2 (diff) | |
download | openssh-git-b15931ae5b24c00888e1db6c4d456b1bb4e434da.tar.gz |
- (dtucker) [added audit.c audit.h] Bug #125: (first stage) Add audit
instrumentation to sshd, currently disabled by default. with suggestions
from and djm@
Diffstat (limited to 'audit.h')
-rw-r--r-- | audit.h | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/audit.h b/audit.h new file mode 100644 index 00000000..2c143739 --- /dev/null +++ b/audit.h @@ -0,0 +1,56 @@ +/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "auth.h" + +#ifndef _SSH_AUDIT_H +# define _SSH_AUDIT_H +enum ssh_audit_event_type { + LOGIN_EXCEED_MAXTRIES, + LOGIN_ROOT_DENIED, + AUTH_SUCCESS, + AUTH_FAIL_NONE, + AUTH_FAIL_PASSWD, + AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ + AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ + AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ + AUTH_FAIL_GSSAPI, + INVALID_USER, + NOLOGIN, /* denied by /etc/nologin, not implemented */ + CONNECTION_CLOSE, /* closed after attempting auth or session */ + CONNECTION_ABANDON, /* closed without completing auth */ + AUDIT_UNKNOWN +}; +typedef enum ssh_audit_event_type ssh_audit_event_t; + +void audit_connection_from(const char *, int); +void audit_event(ssh_audit_event_t); +void audit_session_open(const char *); +void audit_session_close(const char *); +void audit_run_command(const char *); +ssh_audit_event_t audit_classify_auth(const char *); + +#endif /* _SSH_AUDIT_H */ |