From b15931ae5b24c00888e1db6c4d456b1bb4e434da Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Feb 2005 00:37:14 +1100 Subject: - (dtucker) [added audit.c audit.h] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@ --- audit.h | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 audit.h (limited to 'audit.h') diff --git a/audit.h b/audit.h new file mode 100644 index 00000000..2c143739 --- /dev/null +++ b/audit.h @@ -0,0 +1,56 @@ +/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "auth.h" + +#ifndef _SSH_AUDIT_H +# define _SSH_AUDIT_H +enum ssh_audit_event_type { + LOGIN_EXCEED_MAXTRIES, + LOGIN_ROOT_DENIED, + AUTH_SUCCESS, + AUTH_FAIL_NONE, + AUTH_FAIL_PASSWD, + AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ + AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ + AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ + AUTH_FAIL_GSSAPI, + INVALID_USER, + NOLOGIN, /* denied by /etc/nologin, not implemented */ + CONNECTION_CLOSE, /* closed after attempting auth or session */ + CONNECTION_ABANDON, /* closed without completing auth */ + AUDIT_UNKNOWN +}; +typedef enum ssh_audit_event_type ssh_audit_event_t; + +void audit_connection_from(const char *, int); +void audit_event(ssh_audit_event_t); +void audit_session_open(const char *); +void audit_session_close(const char *); +void audit_run_command(const char *); +ssh_audit_event_t audit_classify_auth(const char *); + +#endif /* _SSH_AUDIT_H */ -- cgit v1.2.1