Date: Mon, 31 Mar 2014 14:14:58 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44395 - head/en_US.ISO8859-1/books/handbook/audit Message-ID: <201403311414.s2VEEwm6015970@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Mon Mar 31 14:14:58 2014 New Revision: 44395 URL: http://svnweb.freebsd.org/changeset/doc/44395 Log: Small corrections to audit chapter. Submitted by: Taras Korenko Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/audit/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/audit/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/audit/chapter.xml Mon Mar 31 13:57:12 2014 (r44394) +++ head/en_US.ISO8859-1/books/handbook/audit/chapter.xml Mon Mar 31 14:14:58 2014 (r44395) @@ -196,8 +196,10 @@ requirements. --> <title>Audit Configuration</title> <para>User space support for event auditing is installed as part - of the base &os; operating system. Kernel support can be - enabled by adding the following line to + of the base &os; operating system. Kernel support is available + in the <filename>GENERIC</filename> kernel by default, + and &man.auditd.8; can be enabled + by adding the following line to <filename>/etc/rc.conf</filename>:</para> <programlisting>auditd_enable="YES"</programlisting> @@ -217,10 +219,7 @@ requirements. --> <para>Selection expressions are used in a number of places in the audit configuration to determine which events should be audited. Expressions contain a list of event classes to - match, each with a prefix indicating whether matching records - should be accepted or ignored, and optionally to indicate if - the entry is intended to match successful or failed - operations. Selection expressions are evaluated from left to + match. Selection expressions are evaluated from left to right, and two expressions are combined by appending one onto the other.</para> @@ -383,10 +382,10 @@ requirements. --> </table> <para>These audit event classes may be customized by modifying - the <filename>audit_class</filename> and <filename>audit_ - event</filename> configuration files.</para> + the <filename>audit_class</filename> and + <filename>audit_event</filename> configuration files.</para> - <para>Each audit event class is combined with a prefix + <para>Each audit event class may be combined with a prefix indicating whether successful/failed operations are matched, and whether the entry is adding or removing matching for the class and type. <xref linkend="event-prefixes"/> summarizes @@ -650,8 +649,8 @@ trailer,133</programlisting> <para>Since audit logs may be very large, a subset of records can be selected using <command>auditreduce</command>. This example selects all audit records produced for the user - <replaceable>trhodes</replaceable> stored in - <replaceable>AUDITFILE</replaceable>:</para> + <systemitem class="username">trhodes</systemitem> stored in + <filename>AUDITFILE</filename>:</para> <screen>&prompt.root; <userinput>auditreduce -u <replaceable>trhodes</replaceable> /var/audit/<replaceable>AUDITFILE</replaceable> | praudit</userinput></screen> @@ -739,8 +738,8 @@ trailer,133</programlisting> <para>Automatic rotation of the audit trail file based on file size is possible using <option>filesz</option> in - <filename>audit.control</filename> as described in <xref - linkend="audit-config"/>.</para> + <filename>audit_control</filename> as described in <xref + linkend="audit-auditcontrol"/>.</para> <para>As audit trail files can become very large, it is often desirable to compress or otherwise archive trails once they
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403311414.s2VEEwm6015970>