| blob | 88632647f529a1ffd9384d50853311b8e3f63892 |
1 <?xml version="1.0"?>
2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3 <!--
4 Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
6 CDDL HEADER START
8 The contents of this file are subject to the terms of the
9 Common Development and Distribution License (the "License").
10 You may not use this file except in compliance with the License.
12 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
13 or http://www.opensolaris.org/os/licensing.
14 See the License for the specific language governing permissions
15 and limitations under the License.
17 When distributing Covered Code, include this CDDL HEADER in each
18 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
19 If applicable, add the following below this CDDL HEADER, with the
20 fields enclosed by brackets "[]" replaced with your own identifying
21 information: Portions Copyright [yyyy] [name of copyright owner]
23 CDDL HEADER END
25 NOTE: This service manifest is not editable; its contents will
26 be overwritten by package or patch operations, including
27 operating system upgrade. Make customizations in a different
28 file.
29 -->
31 <service_bundle type='manifest' name='SUNWcsr:auditd'>
33 <service
34 name='system/auditd'
35 type='service'
36 version='1'>
38 <single_instance />
40 <dependency
41 name='usr'
42 type='service'
43 grouping='require_all'
44 restart_on='none'>
45 <service_fmri value='svc:/system/filesystem/local' />
46 </dependency>
48 <dependency
49 name='ns'
50 type='service'
51 grouping='require_all'
52 restart_on='none'>
53 <service_fmri value='svc:/milestone/name-services' />
54 </dependency>
56 <dependency
57 name='syslog'
58 type='service'
59 grouping='optional_all'
60 restart_on='none'>
61 <service_fmri value='svc:/system/system-log' />
62 </dependency>
65 <dependent
66 name='multi-user'
67 grouping='optional_all'
68 restart_on='none'>
69 <service_fmri value='svc:/milestone/multi-user'/>
70 </dependent>
72 <dependent
73 name='console-login'
74 grouping='optional_all'
75 restart_on='none'>
76 <service_fmri value='svc:/system/console-login'/>
77 </dependent>
79 <exec_method
80 type='method'
81 name='start'
82 exec='/lib/svc/method/svc-auditd'
83 timeout_seconds='60'>
84 <method_context>
85 <method_credential user='root' group='root' />
86 </method_context>
87 </exec_method>
89 <exec_method
90 type='method'
91 name='refresh'
92 exec='/lib/svc/method/svc-auditd'
93 timeout_seconds='30'>
94 <method_context>
95 <method_credential user='root' group='root' />
96 </method_context>
97 </exec_method>
99 <!--
100 auditd waits for c2audit to quiet down after catching a -TERM
101 before exiting; auditd's timeout is 20 seconds
102 -->
104 <exec_method
105 type='method'
106 name='stop'
107 exec=':kill -TERM'
108 timeout_seconds='30'>
109 <method_context>
110 <method_credential user='root' group='root' />
111 </method_context>
112 </exec_method>
114 <!-- SIGs HUP, TERM, and USR1 are all expected by auditd -->
115 <property_group name='startd' type='framework'>
116 <propval name='ignore_error' type='astring'
117 value='core,signal' />
118 </property_group>
120 <property_group name='general' type='framework'>
121 <!-- to start/stop auditd -->
122 <propval name='action_authorization' type='astring'
123 value='solaris.smf.manage.audit' />
124 <propval name='value_authorization' type='astring'
125 value='solaris.smf.manage.audit' />
126 </property_group>
128 <instance name='default' enabled='false'>
130 <!--
131 System-wide audit preselection flags - see auditconfig(1M)
132 and audit_flags(5).
134 The 'flags' property is the system-wide default set of
135 audit classes that is combined with the per-user audit
136 flags to configure the process audit at login and role
137 assumption time.
139 The 'naflags' property is the set of audit classes for
140 audit event selection when an event cannot be attributed
141 to an authenticated user.
142 -->
143 <property_group name='preselection' type='application'>
144 <propval name='flags' type='astring'
145 value='lo' />
146 <propval name='naflags' type='astring'
147 value='lo' />
148 <propval name='read_authorization' type='astring'
149 value='solaris.smf.value.audit' />
150 <propval name='value_authorization' type='astring'
151 value='solaris.smf.value.audit' />
152 </property_group>
154 <!--
155 Audit Queue Control Properties - see auditconfig(1M)
157 Note, that the default value for all the queue control
158 configuration parameters is 0, which makes auditd(1M) to
159 use current active system parameters.
160 -->
161 <property_group name='queuectrl' type='application' >
162 <propval name='qbufsz' type='count'
163 value='0' />
164 <propval name='qdelay' type='count'
165 value='0' />
166 <propval name='qhiwater' type='count'
167 value='0' />
168 <propval name='qlowater' type='count'
169 value='0' />
170 <propval name='read_authorization' type='astring'
171 value='solaris.smf.value.audit' />
172 <propval name='value_authorization' type='astring'
173 value='solaris.smf.value.audit' />
174 </property_group>
176 <!--
177 Audit Policies - see auditconfig(1M)
179 Note, that "all" and "none" policies available as a
180 auditconfig(1M) policy flags actually means a full/empty set
181 of other policy flags. Thus they are not configurable in the
182 auditd service manifest, but set all the policies to true
183 (all) or false (none).
184 -->
185 <property_group name='policy' type='application' >
186 <propval name='ahlt' type='boolean'
187 value='false' />
188 <propval name='arge' type='boolean'
189 value='false' />
190 <propval name='argv' type='boolean'
191 value='false' />
192 <propval name='cnt' type='boolean'
193 value='true' />
194 <propval name='group' type='boolean'
195 value='false' />
196 <propval name='path' type='boolean'
197 value='false' />
198 <propval name='perzone' type='boolean'
199 value='false' />
200 <propval name='public' type='boolean'
201 value='false' />
202 <propval name='seq' type='boolean'
203 value='false' />
204 <propval name='trail' type='boolean'
205 value='false' />
206 <propval name='windata_down' type='boolean'
207 value='false' />
208 <propval name='windata_up' type='boolean'
209 value='false' />
210 <propval name='zonename' type='boolean'
211 value='false' />
212 <propval name='read_authorization' type='astring'
213 value='solaris.smf.value.audit' />
214 <propval name='value_authorization' type='astring'
215 value='solaris.smf.value.audit' />
216 </property_group>
218 <!--
219 Plugins to configure where to send the audit trail - see
220 auditconfig(1M), audit_binfile(5), audit_remote(5),
221 audit_syslog(5)
223 Each plugin type property group has properties:
225 'active' is a boolean which defines whether or not
226 to load the plugin.
228 'path' is a string which defines name of the
229 plugin's shared object in the file system.
230 Relative paths assume a prefix of
231 "/usr/lib/security/$ISA"
233 'qsize' is an integer which defines a plugin specific
234 maximum number of records that auditd will queue
235 for it. A zero (0) value indicates not defined.
236 This overrides the system's active queue control
237 hiwater mark.
239 and various attributes as defined on the plugin's man page
240 -->
241 <property_group name='audit_binfile' type='plugin' >
242 <propval name='active' type='boolean'
243 value='true' />
244 <propval name='path' type='astring'
245 value='audit_binfile.so' />
246 <propval name='qsize' type='count'
247 value='0' />
248 <propval name='p_dir' type='astring'
249 value='/var/audit' />
250 <propval name='p_minfree' type='count'
251 value='0' />
252 <propval name='p_fsize' type='count'
253 value='0' />
254 <property name='read_authorization' type='astring'>
255 <astring_list>
256 <value_node value='solaris.smf.manage.audit' />
257 <value_node value='solaris.smf.value.audit' />
258 </astring_list>
259 </property>
260 <propval name='value_authorization' type='astring'
261 value='solaris.smf.value.audit' />
262 </property_group>
264 <property_group name='audit_syslog' type='plugin' >
265 <propval name='active' type='boolean'
266 value='false' />
267 <propval name='path' type='astring'
268 value='audit_syslog.so' />
269 <propval name='qsize' type='count'
270 value='0' />
271 <propval name='p_flags' type='astring'
272 value='' />
273 <property name='read_authorization' type='astring'>
274 <astring_list>
275 <value_node value='solaris.smf.manage.audit' />
276 <value_node value='solaris.smf.value.audit' />
277 </astring_list>
278 </property>
279 <propval name='value_authorization' type='astring'
280 value='solaris.smf.value.audit' />
281 </property_group>
283 <property_group name='audit_remote' type='plugin' >
284 <propval name='active' type='boolean'
285 value='false' />
286 <propval name='path' type='astring'
287 value='audit_remote.so' />
288 <propval name='qsize' type='count'
289 value='0' />
290 <propval name='p_hosts' type='astring'
291 value='' />
292 <propval name='p_retries' type='count'
293 value='3' />
294 <propval name='p_timeout' type='count'
295 value='5' />
296 <property name='read_authorization' type='astring'>
297 <astring_list>
298 <value_node value='solaris.smf.manage.audit' />
299 <value_node value='solaris.smf.value.audit' />
300 </astring_list>
301 </property>
302 <propval name='value_authorization' type='astring'
303 value='solaris.smf.value.audit' />
304 </property_group>
306 </instance>
308 <stability value='Evolving' />
310 <template>
311 <common_name>
312 <loctext xml:lang='C'>
313 Solaris audit daemon
314 </loctext>
315 </common_name>
316 <documentation>
317 <manpage title='auditd'
318 section='1M'
319 manpath='/usr/share/man'/>
320 <manpage title='audit'
321 section='1M'
322 manpath='/usr/share/man'/>
323 <manpage title='auditconfig'
324 section='1M'
325 manpath='/usr/share/man'/>
326 <manpage title='audit_flags'
327 section='5'
328 manpath='/usr/share/man'/>
329 <manpage title='audit_binfile'
330 section='5'
331 manpath='/usr/share/man'/>
332 <manpage title='audit_syslog'
333 section='5'
334 manpath='/usr/share/man'/>
335 <manpage title='audit_remote'
336 section='5'
337 manpath='/usr/share/man'/>
338 </documentation>
339 </template>
341 </service>
343 </service_bundle>