1/* $Id: audit.h,v 1.4 2011/01/17 10:15:30 dtucker Exp $ */ 2 3/* 4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#ifndef _SSH_AUDIT_H 28# define _SSH_AUDIT_H 29 30#include "loginrec.h" 31 32enum ssh_audit_event_type { 33 SSH_LOGIN_EXCEED_MAXTRIES, 34 SSH_LOGIN_ROOT_DENIED, 35 SSH_AUTH_SUCCESS, 36 SSH_AUTH_FAIL_NONE, 37 SSH_AUTH_FAIL_PASSWD, 38 SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ 39 SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ 40 SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ 41 SSH_AUTH_FAIL_GSSAPI, 42 SSH_INVALID_USER, 43 SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ 44 SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ 45 SSH_CONNECTION_ABANDON, /* closed without completing auth */ 46 SSH_AUDIT_UNKNOWN 47}; 48typedef enum ssh_audit_event_type ssh_audit_event_t; 49 50void audit_connection_from(const char *, int); 51void audit_event(ssh_audit_event_t); 52void audit_session_open(struct logininfo *); 53void audit_session_close(struct logininfo *); 54void audit_run_command(const char *); 55ssh_audit_event_t audit_classify_auth(const char *); 56 57#endif /* _SSH_AUDIT_H */ 58