118de8d7fSPeter Avalos /* 218de8d7fSPeter Avalos * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 318de8d7fSPeter Avalos * 418de8d7fSPeter Avalos * Redistribution and use in source and binary forms, with or without 518de8d7fSPeter Avalos * modification, are permitted provided that the following conditions 618de8d7fSPeter Avalos * are met: 718de8d7fSPeter Avalos * 1. Redistributions of source code must retain the above copyright 818de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer. 918de8d7fSPeter Avalos * 2. Redistributions in binary form must reproduce the above copyright 1018de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer in the 1118de8d7fSPeter Avalos * documentation and/or other materials provided with the distribution. 1218de8d7fSPeter Avalos * 1318de8d7fSPeter Avalos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1418de8d7fSPeter Avalos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1518de8d7fSPeter Avalos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1618de8d7fSPeter Avalos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1718de8d7fSPeter Avalos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1818de8d7fSPeter Avalos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1918de8d7fSPeter Avalos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2018de8d7fSPeter Avalos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2118de8d7fSPeter Avalos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2218de8d7fSPeter Avalos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2318de8d7fSPeter Avalos */ 2418de8d7fSPeter Avalos 2518de8d7fSPeter Avalos #ifndef _SSH_AUDIT_H 2618de8d7fSPeter Avalos # define _SSH_AUDIT_H 279f304aafSPeter Avalos 289f304aafSPeter Avalos #include "loginrec.h" 299f304aafSPeter Avalos 30*664f4763Szrj struct ssh; 31*664f4763Szrj 3218de8d7fSPeter Avalos enum ssh_audit_event_type { 3318de8d7fSPeter Avalos SSH_LOGIN_EXCEED_MAXTRIES, 3418de8d7fSPeter Avalos SSH_LOGIN_ROOT_DENIED, 3518de8d7fSPeter Avalos SSH_AUTH_SUCCESS, 3618de8d7fSPeter Avalos SSH_AUTH_FAIL_NONE, 3718de8d7fSPeter Avalos SSH_AUTH_FAIL_PASSWD, 3818de8d7fSPeter Avalos SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ 3918de8d7fSPeter Avalos SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ 4018de8d7fSPeter Avalos SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ 4118de8d7fSPeter Avalos SSH_AUTH_FAIL_GSSAPI, 4218de8d7fSPeter Avalos SSH_INVALID_USER, 4318de8d7fSPeter Avalos SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ 4418de8d7fSPeter Avalos SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ 4518de8d7fSPeter Avalos SSH_CONNECTION_ABANDON, /* closed without completing auth */ 4618de8d7fSPeter Avalos SSH_AUDIT_UNKNOWN 4718de8d7fSPeter Avalos }; 4818de8d7fSPeter Avalos typedef enum ssh_audit_event_type ssh_audit_event_t; 4918de8d7fSPeter Avalos 5018de8d7fSPeter Avalos void audit_connection_from(const char *, int); 51*664f4763Szrj void audit_event(struct ssh *, ssh_audit_event_t); 529f304aafSPeter Avalos void audit_session_open(struct logininfo *); 539f304aafSPeter Avalos void audit_session_close(struct logininfo *); 5418de8d7fSPeter Avalos void audit_run_command(const char *); 5518de8d7fSPeter Avalos ssh_audit_event_t audit_classify_auth(const char *); 5618de8d7fSPeter Avalos 5718de8d7fSPeter Avalos #endif /* _SSH_AUDIT_H */ 58