From owner-p4-projects@FreeBSD.ORG Sun Feb 5 11:09:56 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 839F316A423; Sun, 5 Feb 2006 11:09:55 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11FA816A420 for ; Sun, 5 Feb 2006 11:09:55 +0000 (GMT) (envelope-from brueffer@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C817043D46 for ; Sun, 5 Feb 2006 11:09:54 +0000 (GMT) (envelope-from brueffer@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k15B9sWe021595 for ; Sun, 5 Feb 2006 11:09:54 GMT (envelope-from brueffer@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k15B9sfT021592 for perforce@freebsd.org; Sun, 5 Feb 2006 11:09:54 GMT (envelope-from brueffer@freebsd.org) Date: Sun, 5 Feb 2006 11:09:54 GMT Message-Id: <200602051109.k15B9sfT021592@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to brueffer@freebsd.org using -f From: Christian Brueffer To: Perforce Change Reviews Cc: Subject: PERFORCE change 91153 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2006 11:09:56 -0000 http://perforce.freebsd.org/chv.cgi?CH=91153 Change 91153 by brueffer@brueffer_serenity on 2006/02/05 11:09:12 Markup changes that result in more visually pleasing output, mainly the addition of empty lines via .Pp. Also an Xref and the meaning of an event class corrected. Affected files ... .. //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 edit .. //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 edit .. //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 edit .. //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 (text+ko) ==== @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 $ .\" .Dd January 24, 2004 .Dt AUDIT_CLASS 5 @@ -40,8 +40,9 @@ Each auditable event is a member of an event class. Each line maps an audit event mask (bitmap) to a class and a description. -Entries are of the form -.Dl classmask:eventclass:description. +Entries are of the form: +.Pp +.Dl classmask:eventclass:description .Pp Example entries in this file are: .Bd -literal -offset indent ==== //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 (text+ko) ==== @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#8 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $ .\" .Dd January 4, 2006 .Dt AUDIT_CONTROL 5 @@ -38,7 +38,9 @@ .Nm file contains several audit system parameters. Each line of this file is of the form: -.Dl parameter:value. +.Pp +.Dl parameter:value +.Pp The parameters are: .Bl -tag -width Ds .It Pa dir @@ -71,6 +73,7 @@ for details. Event classes may be preceded by a prefix which changes their interpretation. The following prefixes may be used for each class: +.Pp .Bl -tag -width Ds -compact -offset indent .It + Record successful events @@ -103,9 +106,9 @@ .It Pa /etc/security/audit_control .El .Sh SEE ALSO -.Xr audit 1 , .Xr audit_class 5 , .Xr audit_user 5 , +.Xr audit 8 , .Xr auditd 8 .Sh AUTHORS This software was created by McAfee Research, the security research division ==== //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 (text+ko) ==== @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 $ .\" .Dd January 24, 2004 .Dt AUDIT_EVENT 5 @@ -38,8 +38,10 @@ .Nm file contains descriptions of the auditable events on the system. Each line maps an audit event number to a name, a description, and a class. -Entries are of the form -.Dl eventnum:eventname:description:eventclass . +Entries are of the form: +.Pp +.Dl eventnum:eventname:description:eventclass +.Pp Each .Vt eventclass should have a corresponding entry in the ==== //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 (text+ko) ==== @@ -25,9 +25,9 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 $ .\" -.Dd January 24, 2004 +.Dd February 5, 2006 .Dt AUDIT_USER 5 .Os .Sh NAME @@ -44,9 +44,11 @@ .Pp Each line maps a user name to a list of classes that should be audited and a list of classes that should not be audited. -Entries are of the form of -.Dl username:alwaysaudit:neveraudit , -where +Entries are of the form: +.Pp +.Dl username:alwaysaudit:neveraudit +.Pp +In the format above, .Vt alwaysaudit is a set of event classes that are always audited, and .Vt neveraudit @@ -64,8 +66,8 @@ jdoe:-fc,ad:+fw .Ed .Pp -These settings would cause login and administrative events that succeed on -behalf of user root to be audited. +These settings would cause login/logout and administrative events that +succeed on behalf of user root to be audited. No failure events are audited. For the user .Em jdoe ,