# IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # bos720 src/bos/usr/bin/tcbck/risk-manager/tcb.baroc 1.1 # # Licensed Materials - Property of IBM # # COPYRIGHT International Business Machines Corp. 2001 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # # FUNCTION: # Sensor-related classes for Risk Manager. These classes depend on the # file sensor_abstract.baroc. The classes used herein describe events # generated by tcbck in checking the Trusted Computing Base (TCB). # # Because this file depends on sensor_abstract.baroc it should be # loaded after it. The load process used by the event server is # defined in the .load_class file. In this file, the baroc files are # listed in descending order of precedence, one baroc file name per # line. Therefore tcb.baroc should be AFTER sensor_abstract.baroc. # The .load_class file is located in $DBDIR/tec/rb_dir/TEC_CLASSES , # where $DBDIR is the directory were the TME 10 object database is # installed. # # # The following is the format of an event class definition as it is described # in the TME 10 Event Integration Facility User's Guide (EIF User's Guide): # # TEC_CLASS : # new_event_class_name ISA parent_event_class_name # DEFINES # { # ATTRIBUTE_LIST # } ; # END # # Where an ATTRIBUTE_LIST is a semi-colon (;) delimited list of ATTRIBUTEs, # where each ATTRIBUTE has the following form: # atribute_name: attribute_type, FACET_LIST ; # # The FACET_LIST is a comma (,) (possibly empty) delimited list of FACETs # where a FACET is one of the following: # default=default_value | # parse=parse_value | # dup_detect=dup_detect_value # # The possible values are: default_value can be any value of the associated # attribute_type, parse_value is either YES (default) or NO, and # dup_detect_value is either YES (default) or NO. # # The meanings of these values can be found on page 3-4 of the EIF User's # Guide. #----------------------------------------------------------------------# ### BASE TCB EVENT ### TEC_CLASS : TCB_BaseEvent ISA RM_MiscEvent DEFINES { #previously defined attributes that need new defaults: source: default='LOGFILE' , parse='NO'; sub_source: default='tcbck' ; severity: default='MINOR' ; rm_SensorType: default='tcbck' , parse='NO' ; rm_SensorHostname: default='0.0.0.0' ; rm_DestinationIPAddr: default='N/A' ; rm_SourceIPAddr: default='N/A' ; rm_Signature: default='tcbck error' ; #no other uses of rm_Signature known rm_Description: default='TCB no longer in secure state' ; rm_SensorOS: default='AIX' ; rm_SpoofedSourceKnown: default='N/A' , parse='NO' ; rm_Level: default=1.0 ; rm_Category: default='Configuration' ; rm_ObjectType: default='N/A' ; rm_Object: default='N/A' ; rm_Action: default='NONE' ; #use enum actions in sensor_abstract.baroc #new attributes tcb_Error: STRING , default='UNKNOWN' ; tcb_ErrorNumber: STRING , default='UNKNOWN' ; } ; END #----------------------------------------------------------------------# ### Command Line Error ### TEC_CLASS : TCB_Command_Line_Error_Event ISA TCB_BaseEvent DEFINES { severity: default='HARMLESS' ; rm_Signature: default='tcbck failure' ; rm_Description: default='command line error' ; rm_Level: default=0.5 ; rm_Action: default='FAIL' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Needs_A_Value ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Needs_A_Value' ; tcb_ErrorNumber: default='3001-003' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Needs_An_Attribute ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Needs_An_Attribute' ; tcb_ErrorNumber: default='3001-091' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_All_or_Tree ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='All_or_Tree' ; tcb_ErrorNumber: default='3001-004' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_More_Args ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='No_More_Args' ; tcb_ErrorNumber: default='3001-005' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_P_N_or_Y ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='P_N_or_Y' ; tcb_ErrorNumber: default='3001-006' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Duplicate_Stanza ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Duplicate_Stanza' ; tcb_ErrorNumber: default='3001-007' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Duplicate_Name ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Duplicate_Name' ; tcb_ErrorNumber: default='3001-008' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Duplicate_Object ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Duplicate_Object' ; tcb_ErrorNumber: default='3001-009' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Linked_Directory ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Linked_Directory' ; tcb_ErrorNumber: default='3001-010' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Illegal_Attribute ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Illegal_Attribute' ; tcb_ErrorNumber: default='3001-055' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Invalid_Value ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Invalid_Value' ; tcb_ErrorNumber: default='3001-077' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Invalid_Attribute ISA TCB_Command_Line_Error_Event DEFINES { tcb_Error: default='Invalid_Attribute' ; tcb_ErrorNumber: default='3001-083' ; } ; END #----------------------------------------------------------------------# ### Program Execution Error ### TEC_CLASS : TCB_Program_Execution_Error_Event ISA TCB_BaseEvent DEFINES { severity: default='MINOR' ; rm_Signature: default='tcbck failure' ; rm_Description: default='program cannot be executed' ; rm_Level: default=0.5 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Program ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='program cannot be executed' ; tcb_Error: default='No_Program' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Program_Error ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='program failed during execution' ; tcb_Error: default='Program_Error' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Verify_Failed ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='could not verify file' ; tcb_Error: default='Verify_Failed' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Illegal_Entry ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='invalid entry' ; tcb_Error: default='Illegal_Entry' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Illegal_Type ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='invalid entry type' ; tcb_Error: default='Illegal_Type' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Permission ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='permission denied' ; tcb_Error: default='No_Permission' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Update_Failed ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='could not update' ; tcb_Error: default='Update_Failed' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Database_Error ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='error reading database' ; tcb_Error: default='Database_Error' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Input_File_Error ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='error reading input file' ; tcb_Error: default='Input_File_Error' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Last_Stanza ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='last stanza read' ; tcb_Error: default='Last_Stanza' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Last_Stanza ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='no valid stanzas read' ; tcb_Error: default='No_Last_Stanza' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Register_Device ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='device not registered in TCB' ; tcb_Error: default='Register_Device' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Open_Temp_File_Error ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='Error opening temp file' ; tcb_Error: default='Open_Temp_File_Error' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Update_Temp_File_Error ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='error updating temp file' ; tcb_Error: default='Update_Temp_File_Error' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Register_Trusted ISA TCB_Program_Execution_Error_Event DEFINES { rm_Description: default='device not registered in TCB' ; tcb_Error: default='Register_Trusted' ; } ; END #----------------------------------------------------------------------# ### File-related Errors ### TEC_CLASS : TCB_File_Related_Error_Event ISA TCB_BaseEvent DEFINES { severity: default='WARNING' ; #???CRITICAL??? rm_Signature: default='tcbck file error' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_Type ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file of unknown type' ; tcb_Error: default='Unknown_Type' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_SUID_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='unregistered set-UID proram' ; tcb_Error: default='Unknown_SUID_File' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_SGID_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='unregistered set-GID program' ; tcb_Error: default='Unknown_SGID_File' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_Device ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='unregistered device' ; tcb_Error: default='Unknown_Device' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_TCB_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='unregistered TCB file' ; tcb_Error: default='Unknown_TCB_File' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_TP_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='unregistered TP file' ; tcb_Error: default='Unknown_TP_File' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_Priv_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='unregistered priveleged file' ; tcb_Error: default='Unknown_Priv_File' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Such_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file not found' ; tcb_Error: default='No_Such_File' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Donot_Know_How ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='no file and no attribute' ; tcb_Error: default='Donot_Know_How' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Donot_Know_What ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='no file or no attribute' ; tcb_Error: default='Donot_Know_What' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_File_Type ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file is of wrong type' ; tcb_Error: default='Wrong_File_Type' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_File_Modes ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file is of wrong mode' ; tcb_Error: default='Wrong_File_Modes' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_File_Owner ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong owner' ; tcb_Error: default='Wrong_File_Owner' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_File_Group ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong group' ; tcb_Error: default='Wrong_File_Group' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_Link_Count ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong number of links' ; tcb_Error: default='Wrong_Link_Count' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_TCB_Flag ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong TCB attribute value' ; tcb_Error: default='Wrong_TCB_Flag' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_TP_Flag ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong TP attribute value' ; tcb_Error: default='Wrong_TP_Flag' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_Checksum ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has the wrong checksum' ; tcb_Error: default='Wrong_Checksum' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_Size ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file is the wrong size' ; tcb_Error: default='Wrong_Size' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_ACL ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong access control list' ; tcb_Error: default='Wrong_ACL' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Wrong_PCL ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has wrong privilege control list' ; tcb_Error: default='Wrong_PCL' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Such_Link ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='link does not exist' ; tcb_Error: default='No_Such_Link' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Such_Symlink ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='symlink does not exist' ; tcb_Error: default='No_Such_Symlink' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Such_Source ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file has no source file' ; tcb_Error: default='No_Such_Source' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Illegal_Link ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='link should not exist' ; tcb_Error: default='Illegal_Link' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Illegal_Symlink ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='symlink should not exist' ; tcb_Error: default='Illegal_Symlink' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Incorrect_Link ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='link error' ; tcb_Error: default='Incorrect_Link' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Incorrect_SymLink ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='symlink error' ; tcb_Error: default='Incorret_SymLink' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Absolute_File ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file must be an absolute path name' ; tcb_Error: default='Absolute_File' ; rm_Level: default=0.5 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Absolute_Link ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='link must be an absolute path name' ; tcb_Error: default='Absolute_Link' ; rm_Level: default=0.5 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Absolute_Program ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='program must be an absolute path name' ; tcb_Error: default='Absolute_Program' ; rm_Level: default=0.5 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Absolute_Source ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='source attribute must have absolute path name' ; tcb_Error: default='Absolute_Source' ; rm_Level: default=0.5 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Copy_Failed ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file copy failed' ; tcb_Error: default='Copy_Failed' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Create_Failed ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file create failed' ; tcb_Error: default='Create_Failed' ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Chmod_Failed ISA TCB_File_Related_Error_Event DEFINES { rm_Description: default='file chmod failed' ; tcb_Error: default='Chmod_Failed' ; } ; END #----------------------------------------------------------------------# ### Other Error ### TEC_CLASS : TCB_Other_Error_Event ISA TCB_BaseEvent DEFINES { severity: default='WARNING' ; rm_Signature: default='tcbck miscellaneous error' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Not_Trusted_Machine ISA TCB_Other_Error_Event DEFINES { rm_Description: default='TCB must be installed on this machine' ; tcb_Error: default='Not_Trusted_Machine' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Corrupted_Machine ISA TCB_Other_Error_Event DEFINES { rm_Description: default='TCB must be reinstalled on this machine'; tcb_Error: default='Corrupted_Machine' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_User ISA TCB_Other_Error_Event DEFINES { rm_Description: default='not a known user' ; tcb_Error: default='Unknown_User' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_Group ISA TCB_Other_Error_Event DEFINES { rm_Description: default='not a known group' ; tcb_Error: default='Unknown_Group' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Unknown_Mode ISA TCB_Other_Error_Event DEFINES { rm_Description: default='invalid mode or flag' ; tcb_Error: default='Unknown_Mode' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Too_Many_Links ISA TCB_Other_Error_Event DEFINES { rm_Description: default='file has too many links' ; tcb_Error: default='Too_Many_Links' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Out_Of_Memory ISA TCB_Other_Error_Event DEFINES { rm_Description: default='machine out of memory' ; tcb_Error: default='Out_Of_Memory' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Use_Tree_Option ISA TCB_Other_Error_Event DEFINES { rm_Description: default='Use tree option to find extra links' ; tcb_Error: default='Use_Tree_Option' ; rm_Level: default=0.5 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Del_Failed ISA TCB_Other_Error_Event DEFINES { rm_Description: default='error while removing entry' ; tcb_Error: default='Del_Failed' ; rm_Level: default= 1.0; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_File_Matched ISA TCB_Other_Error_Event DEFINES { rm_Description: default='no file matches entry' ; tcb_Error: default='No_File_Matched' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_No_Class_Matched ISA TCB_Other_Error_Event DEFINES { rm_Description: default='no class matches entry' ; tcb_Error: default='No_Class_Matched' ; rm_Level: default=1.0 ; } ; END #----------------------------------------------------------------------# ### Fatal Error ### TEC_CLASS : TCB_Fatal_Error_Event ISA TCB_BaseEvent DEFINES { severity: default='CRITICAL' ; #??WARNING?? rm_Signature: default='tcbck fatal error' ; rm_Level: default=2.0 ; } ; END #----------------------------------------------------------------------# TEC_CLASS : TCB_Open_An_Apar ISA TCB_Fatal_Error_Event DEFINES { rm_Description: default='Contact a service representative' ; tcb_Error: default='Open_An_Apar' ; } ; END