Date: Mon, 31 Mar 2014 17:00:42 +0300 From: Taras Korenko <ds@ukrhub.net> To: Dru Lavigne <dru@freebsd.org> Cc: "freebsd-doc@freebsd.org" <freebsd-doc@freebsd.org> Subject: Re: en/handbook/audit: proposed corrections Message-ID: <20140331140042.GC2139@gamma.ukrhub.net> In-Reply-To: <1396272521.45856.YahooMailNeo@web184906.mail.gq1.yahoo.com> References: <20140329161905.GB92398@gamma.ukrhub.net> <1396272521.45856.YahooMailNeo@web184906.mail.gq1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 31, 2014 at 06:28:41AM -0700, Dru Lavigne wrote: > _______________________________ > > > From: Taras Korenko <ds@ukrhub.net> > >To: freebsd-doc@freebsd.org > >Sent: Saturday, March 29, 2014 12:19 PM > >Subject: en/handbook/audit: proposed corrections > > > > ... However, those are just notes, which might require more polishing > >or wordsmithing. So, can anyone review and/or comment the following *.diff? > > ... > A slightly modified patch is attached. If it is acceptable to you, I can commit it. > ... No objections; please, commit it. > Cheers, > > Dru > Index: chapter.xml > =================================================================== > --- chapter.xml (revision 44393) > +++ chapter.xml (working copy) > @@ -196,8 +196,10 @@ > <title>Audit Configuration</title> > > <para>User space support for event auditing is installed as part > - of the base &os; operating system. Kernel support can be > - enabled by adding the following line to > + of the base &os; operating system. Kernel support is available > + in the <filename>GENERIC</filename> kernel by default, > + and &man.auditd.8; can be enabled > + by adding the following line to > <filename>/etc/rc.conf</filename>:</para> > > <programlisting>auditd_enable="YES"</programlisting> > @@ -217,10 +219,7 @@ > <para>Selection expressions are used in a number of places in > the audit configuration to determine which events should be > audited. Expressions contain a list of event classes to > - match, each with a prefix indicating whether matching records > - should be accepted or ignored, and optionally to indicate if > - the entry is intended to match successful or failed > - operations. Selection expressions are evaluated from left to > + match. Selection expressions are evaluated from left to > right, and two expressions are combined by appending one onto > the other.</para> > > @@ -383,10 +382,10 @@ > </table> > > <para>These audit event classes may be customized by modifying > - the <filename>audit_class</filename> and <filename>audit_ > - event</filename> configuration files.</para> > + the <filename>audit_class</filename> and > + <filename>audit_event</filename> configuration files.</para> > > - <para>Each audit event class is combined with a prefix > + <para>Each audit event class may be combined with a prefix > indicating whether successful/failed operations are matched, > and whether the entry is adding or removing matching for the > class and type. <xref linkend="event-prefixes"/> summarizes > @@ -650,8 +649,8 @@ > <para>Since audit logs may be very large, a subset of records can > be selected using <command>auditreduce</command>. This example > selects all audit records produced for the user > - <replaceable>trhodes</replaceable> stored in > - <replaceable>AUDITFILE</replaceable>:</para> > + <systemitem class="username">trhodes</systemitem> stored in > + <filename>AUDITFILE</filename>:</para> > > <screen>&prompt.root; <userinput>auditreduce -u <replaceable>trhodes</replaceable> /var/audit/<replaceable>AUDITFILE</replaceable> | praudit</userinput></screen> > > @@ -739,8 +738,8 @@ > > <para>Automatic rotation of the audit trail file based on file > size is possible using <option>filesz</option> in > - <filename>audit.control</filename> as described in <xref > - linkend="audit-config"/>.</para> > + <filename>audit_control</filename> as described in <xref > + linkend="audit-auditcontrol"/>.</para> > > <para>As audit trail files can become very large, it is often > desirable to compress or otherwise archive trails once they P.S.: thanks for your huge work on the Handbook. -- WBR, Taras Korenko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140331140042.GC2139>