00001 /* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ 00002 00003 /* 00004 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 1. Redistributions of source code must retain the above copyright 00010 * notice, this list of conditions and the following disclaimer. 00011 * 2. Redistributions in binary form must reproduce the above copyright 00012 * notice, this list of conditions and the following disclaimer in the 00013 * documentation and/or other materials provided with the distribution. 00014 * 00015 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 00016 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 00017 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 00018 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 00019 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 00020 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00021 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00022 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00023 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 00024 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00025 */ 00026 00027 #include "auth.h" 00028 00029 #ifndef _SSH_AUDIT_H 00030 # define _SSH_AUDIT_H 00031 enum ssh_audit_event_type { 00032 SSH_LOGIN_EXCEED_MAXTRIES, 00033 SSH_LOGIN_ROOT_DENIED, 00034 SSH_AUTH_SUCCESS, 00035 SSH_AUTH_FAIL_NONE, 00036 SSH_AUTH_FAIL_PASSWD, 00037 SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ 00038 SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ 00039 SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ 00040 SSH_AUTH_FAIL_GSSAPI, 00041 SSH_INVALID_USER, 00042 SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ 00043 SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ 00044 SSH_CONNECTION_ABANDON, /* closed without completing auth */ 00045 SSH_AUDIT_UNKNOWN 00046 }; 00047 typedef enum ssh_audit_event_type ssh_audit_event_t; 00048 00049 void audit_connection_from(const char *, int); 00050 void audit_event(ssh_audit_event_t); 00051 void audit_session_open(const char *); 00052 void audit_session_close(const char *); 00053 void audit_run_command(const char *); 00054 ssh_audit_event_t audit_classify_auth(const char *); 00055 00056 #endif /* _SSH_AUDIT_H */