231 lines
10 KiB
Plaintext
231 lines
10 KiB
Plaintext
// Copyright (c) 2007-2010, Intel Corporation. All rights reserved.
|
|
[Version ( "6.0.0" ),
|
|
Description ( "Represents an Audit Log" )]
|
|
class AMT_AuditLog : CIM_Log {
|
|
|
|
[Required, Description (
|
|
"Indicates the percentage of free space in the storage "
|
|
"dedicated to the audit log." ),
|
|
MinValue ( 0 ),
|
|
MaxValue ( 100 )]
|
|
uint32 PercentageFree;
|
|
|
|
[Key, Override ( "Name" )]
|
|
string Name;
|
|
|
|
[Description (
|
|
"Time stamp of the most recent entry in the log if such "
|
|
"an entry exists." )]
|
|
datetime TimeOfLastRecord;
|
|
|
|
[Required, Description (
|
|
"State of log. A bitwise combination of one or more of: "
|
|
"0x00 (Enabled), 0x01 (Disabled), 0x02 (Locked), 0x04 "
|
|
"(Almost Full - The storage area dedicated for the audit "
|
|
"log reached 85% full, and non-critical events will not "
|
|
"be logged.), 0x08 (Full - The storage area dedicated for "
|
|
"the audit log is completely full; no events will be "
|
|
"logged and critical events in policy will not be "
|
|
"executed.), 0x10 (No Key - No key and certificate were "
|
|
"set for the signing of the audit log. Feature cannot be "
|
|
"enabled)." )]
|
|
uint32 AuditState;
|
|
|
|
[Required, Description ( "Maximum number of auditors allowed" )]
|
|
uint16 MaxAllowedAuditors;
|
|
|
|
[Description (
|
|
"AuditLog storage policy. The available policies are: "
|
|
"\"NO_ROLL_OVER\" - No roll-over in storage. Old events "
|
|
"will not be overwritten. \"ROLL_OVER\" - Full rollover. "
|
|
"Any old record will be overwritten. "
|
|
"\"RESTRICTED_ROLL_OVER\" - Parital (restricted) "
|
|
"rollover. Only old events (under certain threshold, "
|
|
"which can be set using SetStoragePolicy) will be "
|
|
"overwritten. If not specified default is \"ROLL_OVER\" "
|
|
"unless FW was upgraded from AMT 5.0 and then "
|
|
"\"NO_ROLL_OVER\" will be used as default." ),
|
|
ValueMap { "0", "1", "2" },
|
|
Values { "NO_ROLL_OVER", "ROLL_OVER", "RESTRICTED_ROLL_OVER" }]
|
|
uint8 StoragePolicy;
|
|
|
|
[Description (
|
|
"Minimum number of days to keep records in the AuditLog. "
|
|
"Relevant only if \"storagePolicy\" is set to "
|
|
"\"RESTRICTED_ROLL_OVER\"." )]
|
|
uint8 MinDaysToKeep;
|
|
|
|
|
|
[Description (
|
|
"Returns a list of consecutive audit log records in "
|
|
"chronological order: The first record in the returned "
|
|
"array is the oldest record stored in the log . The "
|
|
"record entries are returned as an array of base64Binary "
|
|
"elements. Each record holds the following information: "
|
|
"uint16 AuditAppID -A unique ID for each auditable "
|
|
"application. uint16 EventID -ID of an event of the "
|
|
"application. uint8 InitiatorType -0 (HTTP Digest "
|
|
"username), 1 (Kerberos SID), 2 (Local). See below "
|
|
"InitiatorData -See below. uint32 TimeStamp -Time when "
|
|
"the event occurred in seconds since 1.1.1970. uint8 "
|
|
"MCLocationType -0 (IPv4 Address), 1 (IPv6 Address), 2 "
|
|
"(None). uint8 NetAddressLength -Length of the NetAddress "
|
|
"field. Array of uint8 NetAddress\t -ASCII representation "
|
|
"of the network address of management console or Local "
|
|
"Host IP (e.g. 127.0.0.1). Note: In Intel AMT Release 4.0 "
|
|
"IP address representation includes null-terminator and "
|
|
"NetAddressLength includes the null terminator. uint8 "
|
|
"ExtendedDataLength -Length of event specific data. Array "
|
|
"of uint8 ExtendedData -Event specific data. \n"
|
|
"\n"
|
|
"The InitiatorData field may hold different data types "
|
|
"according to the InitiatorType field: HTTP digest "
|
|
"initiator: In Intel AMT Release 4.0 data for username "
|
|
"includes null terminator and UsernameLength includes the "
|
|
"null terminator. uint8 UsernameLength Array of uint8 "
|
|
"Username Kerberos SID initiator: uint32 UserInDomain "
|
|
"uint8 DomainLength Array of uint8 Domain Local: Empty." ),
|
|
ValueMap { "0", "1", "2", "35" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_NOT_READY", "PT_STATUS_INVALID_INDEX" }]
|
|
uint32 ReadRecords(
|
|
[Required, IN, Description (
|
|
"Identifies the position of the first record to "
|
|
"retrieve. An index of 1 indicates the first record "
|
|
"in the log." )]
|
|
uint32 StartIndex,
|
|
[OUT, Description (
|
|
"The total number of records in the log." )]
|
|
uint32 TotalRecordCount,
|
|
[OUT, Description (
|
|
"The number of records returned + content of "
|
|
"10 records from the start index. " )]
|
|
uint32 RecordsReturned,
|
|
[OUT, Description (
|
|
"Notice: the values of this array are actually "
|
|
"base64 encoded values. A list of event records." ),
|
|
EOBase64]
|
|
string EventRecords[]);
|
|
|
|
[Description (
|
|
"This method is used by an auditor to stop the system "
|
|
"from logging any records while exporting and clearing "
|
|
"the log. It performs lock, unlock or allows "
|
|
"unprovisioning of the system. When the audit log is "
|
|
"locked, no events are written into the log. Any events "
|
|
"marked in the policy as critical will not be executed. "
|
|
"If the log is locked and another lock is requested with "
|
|
"the same handle, so the timeout will be renewed with the "
|
|
"new LockTimeoutInSeconds." ),
|
|
ValueMap { "0", "1", "2", "16", "36", "2053" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_NOT_READY", "PT_STATUS_NOT_PERMITTED",
|
|
"PT_STATUS_INVALID_PARAMETER", "PT_STATUS_INVALID_HANDLE" }]
|
|
uint32 SetAuditLock(
|
|
[IN, Description (
|
|
"The maximum number of seconds that the audit log "
|
|
"will be locked in case for some reason the auditor "
|
|
"fails to unlock the log. Max value is 5 minutes. "
|
|
"This parameter is required when the flag parameter "
|
|
"has a value of AUDIT_LOG_LOCK, or "
|
|
"UNPROVISIONING_LOCK. This parameter is not "
|
|
"required and is ignored when AUDIT_LOG_UNLOCK flag "
|
|
"is used." )]
|
|
uint32 LockTimeoutInSeconds,
|
|
[Required, IN, Description (
|
|
"Defines the locking action." ),
|
|
valueMap { "0", "1", "2" },
|
|
values { "AUDIT_LOG_LOCK", "UNPROVISIONING_LOCK",
|
|
"AUDIT_LOG_UNLOCK" }]
|
|
uint32 Flag,
|
|
[IN, OUT, Description (
|
|
"A handle is received when locking the log. As long "
|
|
"as the log is locked, lock and unlock requests can "
|
|
"be performed only by using the same handle. If the "
|
|
"log is not locked so Handle-IN is not required and "
|
|
"is ignored. Handle-OUT is not supplied when "
|
|
"SetAuditLock failed to lock the audit log or when "
|
|
"unlock is preformed." )]
|
|
uint32 Handle);
|
|
|
|
[Description (
|
|
"Returns the audit log signature and log related information."
|
|
),
|
|
ValueMap { "0", "1", "2", "16" ,"2066"},
|
|
Values { "PT_STATUS_SUCCESS", "PT_INTERNAL_ERROR",
|
|
"PT_STATUS_NOT_READY", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_UNSUPPORTED" }]
|
|
uint32 ExportAuditLogSignature(
|
|
[Required, IN, Description ( "Signing Mechanism" ),
|
|
ValueMap { "0", "1", "2", "3..65535" },
|
|
values { "RSA_SHA1", "RSA_SHA256", "RSA_SHA384",
|
|
"Reserved" }]
|
|
uint32 SigningMechanism,
|
|
[OUT, Description (
|
|
"The total number of event records in the event log." )]
|
|
uint32 TotalRecordCount,
|
|
[OUT, Description ( "Time stamp of the first record." )]
|
|
datetime StartLogTime,
|
|
[OUT, Description ( "Time stamp of the last record." )]
|
|
datetime EndLogTime,
|
|
[OUT, Description (
|
|
"Time stamp indicating when was the signature generated."
|
|
)]
|
|
datetime GenerationTime,
|
|
[OUT, Description (
|
|
"UUID of the current system for identifying it in "
|
|
"the audit repository." ),
|
|
OctetString]
|
|
string UUID[1],
|
|
[OUT, Description ( "FQDN of the system." ),
|
|
MaxLen ( 1024 )]
|
|
string FQDN,
|
|
[OUT, Description ( "Signature mechanism." ),
|
|
ValueMap { "0", "1", "2", "3..65535" },
|
|
values { "RSA_SHA1", "RSA_SHA256", "RSA_SHA384",
|
|
"Reserved" }]
|
|
uint32 SignatureMechanism,
|
|
[OUT, Description (
|
|
"The audit log signature, 1024 bytes long."
|
|
),
|
|
OctetString]
|
|
uint8 Signature[1024],
|
|
[OUT, Description (
|
|
"An array specifying the length of each certificate." )]
|
|
uint16 LengthOfCertificates[],
|
|
[OUT, Description (
|
|
"The certificates, cascaded into one stream." ),
|
|
OctetString]
|
|
uint8 Certificates[4100]);
|
|
|
|
[Description (
|
|
"Sets the key and certificates needed for the signing of "
|
|
"the audit log. This method must be called before "
|
|
"enabling the audit log." ),
|
|
ValueMap { "0", "1", "2", "36", "38", "2062", "2063", "2064",
|
|
"2066" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_NOT_READY", "PT_STATUS_INVALID_PARAMETER",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
|
|
"PT_STATUS_INVALID_KEY", "PT_STATUS_INVALID_CERT",
|
|
"PT_STATUS_CERT_KEY_NOT_MATCH", "PT_STATUS_UNSUPPORTED" }]
|
|
uint32 SetSigningKeyMaterial(
|
|
[Required, IN, Description (
|
|
"Audit data signing mechanism type." ),
|
|
valueMap { "0", "1", "2", "3..65535" },
|
|
values { "RSA_SHA1", "RSA_SHA256", "RSA_SHA384",
|
|
"Reserved" }]
|
|
uint32 SigningMechanismType,
|
|
[Required, IN, Description (
|
|
"Key pair (RSA 2048 bit modulus)." ),
|
|
OctetString]
|
|
uint8 SigningKey[],
|
|
[Required, IN, Description (
|
|
"An array specifying the length of each certificate." )]
|
|
uint16 LengthOfCertificates[],
|
|
[Required, IN, Description (
|
|
"Up to 5 certificates cascaded into one stream (with a total length of 4100 bytes)." ),
|
|
OctetString]
|
|
uint8 Certificates[4100]);
|
|
|
|
};
|