From owner-svn-doc-projects@FreeBSD.ORG  Fri May 10 11:55:41 2013
Return-Path: <owner-svn-doc-projects@FreeBSD.ORG>
Delivered-To: svn-doc-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 56132F6D;
 Fri, 10 May 2013 11:55:41 +0000 (UTC) (envelope-from dru@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 47926341;
 Fri, 10 May 2013 11:55:41 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4ABtfZG053743;
 Fri, 10 May 2013 11:55:41 GMT (envelope-from dru@svn.freebsd.org)
Received: (from dru@localhost)
 by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4ABtfO6053742;
 Fri, 10 May 2013 11:55:41 GMT (envelope-from dru@svn.freebsd.org)
Message-Id: <201305101155.r4ABtfO6053742@svn.freebsd.org>
From: Dru Lavigne <dru@FreeBSD.org>
Date: Fri, 10 May 2013 11:55:41 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org
Subject: svn commit: r41589 -
 projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit
X-SVN-Group: doc-projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-projects@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for doc projects trees
 <svn-doc-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-projects>, 
 <mailto:svn-doc-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-projects>
List-Post: <mailto:svn-doc-projects@freebsd.org>
List-Help: <mailto:svn-doc-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-projects>, 
 <mailto:svn-doc-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2013 11:55:41 -0000

Author: dru
Date: Fri May 10 11:55:40 2013
New Revision: 41589
URL: http://svnweb.freebsd.org/changeset/doc/41589

Log:
  White space fix only. Translators can ignore.
  
  Approved by:  bcr (mentor)

Modified:
  projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml

Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml
==============================================================================
--- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Fri May 10 11:40:22 2013	(r41588)
+++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Fri May 10 11:55:40 2013	(r41589)
@@ -60,8 +60,8 @@ requirements. -->
       </listitem>
 
       <listitem>
-	<para>How to configure Event Auditing on &os; for users
-	  and processes.</para>
+	<para>How to configure Event Auditing on &os; for users and
+	  processes.</para>
       </listitem>
 
       <listitem>
@@ -85,8 +85,8 @@ requirements. -->
       </listitem>
 
       <listitem>
-	<para>Have some familiarity with security and how it
-	  pertains to &os; (<xref linkend="security"/>).</para>
+	<para>Have some familiarity with security and how it pertains
+	  to &os; (<xref linkend="security"/>).</para>
       </listitem>
     </itemizedlist>
 
@@ -104,9 +104,9 @@ requirements. -->
 	Administrators should take into account disk space
 	requirements associated with high volume audit configurations.
 	For example, it may be desirable to dedicate a file system to
-	the <filename class="directory">/var/audit</filename> tree so that other file
-	systems are not affected if the audit file system becomes
-	full.</para>
+	the <filename class="directory">/var/audit</filename> tree
+	so that other file systems are not affected if the audit file
+	system becomes full.</para>
     </warning>
   </sect1>
 
@@ -133,9 +133,9 @@ requirements. -->
       <listitem>
 	<para><emphasis>class</emphasis>: Event classes are named sets
 	  of related events, and are used in selection expressions.
-	  Commonly used classes of events include
-	  <quote>file creation</quote> (fc), <quote>exec</quote> (ex)
-	  and <quote>login_logout</quote> (lo).</para>
+	  Commonly used classes of events include <quote>file
+	    creation</quote> (fc), <quote>exec</quote> (ex) and
+	  <quote>login_logout</quote> (lo).</para>
       </listitem>
 
       <listitem>
@@ -199,8 +199,8 @@ requirements. -->
     <programlisting>options	AUDIT</programlisting>
 
     <para>Rebuild and reinstall
-      the kernel via the normal process explained in
-      <xref linkend="kernelconfig"/>.</para>
+      the kernel via the normal process explained in <xref
+	linkend="kernelconfig"/>.</para>
 
     <para>Once an audit-enabled kernel is built, installed, and the
       system has been rebooted, enable the audit daemon by adding the
@@ -249,10 +249,10 @@ requirements. -->
 
       <listitem>
 	<para><filename>audit_warn</filename> - A customizable shell
-	  script used by &man.auditd.8; to generate
-	  warning messages in exceptional situations, such as when
-	  space for audit records is running low or when the audit
-	  trail file has been rotated.</para>
+	  script used by &man.auditd.8; to generate warning messages
+	  in exceptional situations, such as when space for audit
+	  records is running low or when the audit trail file has
+	  been rotated.</para>
       </listitem>
     </itemizedlist>
 
@@ -400,8 +400,8 @@ requirements. -->
       </itemizedlist>
 
       <para>These audit event classes may be customized by modifying
-	the <filename>audit_class</filename> and
-	<filename>audit_event</filename> configuration files.</para>
+	the <filename>audit_class</filename> and <filename>audit_
+	  event</filename> configuration files.</para>
 
       <para>Each audit class in the list is combined with a prefix
 	indicating whether successful/failed operations are matched,
@@ -451,11 +451,10 @@ requirements. -->
       <title>Configuration Files</title>
 
       <para>In most cases, administrators will need to modify only two
-	files when configuring the audit system:
-	<filename>audit_control</filename> and
-	<filename>audit_user</filename>.  The first controls
-	system-wide audit properties and policies; the second may be
-	used to fine-tune auditing by user.</para>
+	files when configuring the audit system: <filename>audit_
+	  control</filename> and <filename>audit_user</filename>.
+	The first controls system-wide audit properties and policies;
+	the second may be used to fine-tune auditing by user.</para>
 
       <sect3 id="audit-auditcontrol">
 	<title>The <filename>audit_control</filename> File</title>
@@ -489,9 +488,9 @@ filesz:0</programlisting>
 	  will be generated.  The above example sets the minimum free
 	  space to twenty percent.</para>
 
-	<para>The <option>naflags</option> specifies audit
-	  classes to be audited for non-attributed events, such as the
-	  login process and system daemons.</para>
+	<para>The <option>naflags</option> specifies audit classes
+	  to be audited for non-attributed events, such as the login
+	  process and system daemons.</para>
 
 	<para>The <option>policy</option> entry specifies a
 	  comma-separated list of policy flags controlling various
@@ -517,13 +516,12 @@ filesz:0</programlisting>
 
 	<para>The administrator can specify further audit requirements
 	  for specific users in <filename>audit_user</filename>.
-	  Each line configures auditing for a user
-	  via two fields: the first is the
-	  <literal>alwaysaudit</literal> field, which specifies a set
-	  of events that should always be audited for the user, and
-	  the second is the <literal>neveraudit</literal> field, which
-	  specifies a set of events that should never be audited for
-	  the user.</para>
+	  Each line configures auditing for a user via two fields:
+	  the first is the <literal>alwaysaudit</literal> field,
+	  which specifies a set of events that should always be
+	  audited for the user, and the second is the
+	  <literal>neveraudit</literal> field, which specifies a set
+	  of events that should never be audited for the user.</para>
 
 	<para>The following example <filename>audit_user</filename>
 	  audits login/logout events and successful command
@@ -552,15 +550,13 @@ www:fc,+ex:no</programlisting>
 	&man.praudit.1; command converts trail files to a simple text
 	format; the &man.auditreduce.1; command may be used to reduce
 	the audit trail file for analysis, archiving, or printing
-	purposes.  A variety of selection
-	parameters are supported by &man.auditreduce.1;,
-	including event type, event class,
+	purposes.  A variety of selection parameters are supported by
+	&man.auditreduce.1;, including event type, event class,
 	user, date or time of the event, and the file path or object
 	acted on.</para>
 
-      <para>For example, &man.praudit.1; will
-	dump the entire contents of a specified audit log in plain
-	text:</para>
+      <para>For example, &man.praudit.1; will dump the entire
+	contents of a specified audit log in plain text:</para>
 
       <screen>&prompt.root; <userinput>praudit /var/audit/AUDITFILE</userinput></screen>
 
@@ -569,11 +565,11 @@ www:fc,+ex:no</programlisting>
 	the audit log to dump.</para>
 
       <para>Audit trails consist of a series of audit records made up
-	of tokens, which &man.praudit.1; prints
-	sequentially one per line.  Each token is of a specific type,
-	such as <literal>header</literal> holding an audit record
-	header, or <literal>path</literal> holding a file path from a
-	name lookup.  The following is an example of an
+	of tokens, which &man.praudit.1; prints sequentially one per
+	line.  Each token is of a specific type, such as
+	<literal>header</literal> holding an audit record header, or
+	<literal>path</literal> holding a file path from a name
+	lookup.  The following is an example of an
 	<literal>execve</literal> event:</para>
 
       <programlisting>header,133,10,execve(2),0,Mon Sep 25 15:58:03 2006, + 384 msec
@@ -606,8 +602,7 @@ trailer,133</programlisting>
 	concludes the record.</para>
 
       <para><acronym>XML</acronym> output format is also supported by
-	&man.praudit.1;,
-	and can be selected using
+	&man.praudit.1;, and can be selected using
 	<option>-x</option>.</para>
     </sect2>
 
@@ -629,10 +624,10 @@ trailer,133</programlisting>
       <title>Delegating Audit Review Rights</title>
 
       <para>Members of the <groupname>audit</groupname> group are
-	given permission to read audit trails in
-	<filename class="directory">/var/audit</filename>; by default, this group is
-	empty, so only the <username>root</username> user may read
-	audit trails.  Users may be added to the
+	given permission to read audit trails in <filename
+	  class="directory">/var/audit</filename>; by default, this
+	group is empty, so only the <username>root</username> user
+	may read audit trails.  Users may be added to the
 	<groupname>audit</groupname> group in order to delegate audit
 	review rights to the user.  As the ability to track audit log
 	contents provides significant insight into the behavior of
@@ -674,9 +669,9 @@ trailer,133</programlisting>
 	  SSH session, then a continuous stream of audit events will
 	  be generated at a high rate, as each event being printed
 	  will generate another event.  It is advisable to run
-	  &man.praudit.1; on an audit pipe device from
-	  sessions without fine-grained I/O auditing in order to avoid
-	  this happening.</para>
+	  &man.praudit.1; on an audit pipe device from sessions
+	  without fine-grained I/O auditing in order to avoid this
+	  happening.</para>
       </warning>
     </sect2>
 
@@ -684,24 +679,23 @@ trailer,133</programlisting>
       <title>Rotating Audit Trail Files</title>
 
       <para>Audit trails are written to only by the kernel, and
-	managed only by the audit daemon,
-	&man.auditd.8;.  Administrators should not
-	attempt to use &man.newsyslog.conf.5; or other tools to
-	directly rotate audit logs.  Instead, the
-	&man.audit.8; management tool may be used to shut
-	down auditing, reconfigure the audit system, and perform log
-	rotation.  The following command causes the audit daemon to
-	create a new audit log and signal the kernel to switch to
-	using the new log.  The old log will be terminated and
-	renamed, at which point it may then be manipulated by the
-	administrator.</para>
+	managed only by the audit daemon, &man.auditd.8;.
+	Administrators should not attempt to use
+	&man.newsyslog.conf.5; or other tools to directly rotate
+	audit logs.  Instead, the &man.audit.8; management tool may
+	be used to shut down auditing, reconfigure the audit system,
+	and perform log rotation.  The following command causes the
+	audit daemon to create a new audit log and signal the kernel
+	to switch to using the new log.  The old log will be
+	terminated and renamed, at which point it may then be
+	manipulated by the administrator.</para>
 
       <screen>&prompt.root; <userinput>audit -n</userinput></screen>
 
       <warning>
-	<para>If &man.auditd.8; is not
-	  currently running, this command will fail and an error
-	  message will be produced.</para>
+	<para>If &man.auditd.8; is not currently running, this
+	  command will fail and an error message will be
+	  produced.</para>
       </warning>
 
       <para>Adding the following line to
@@ -710,8 +704,8 @@ trailer,133</programlisting>
 
       <programlisting>0     */12       *       *       *       root    /usr/sbin/audit -n</programlisting>
 
-      <para>The change will take effect once you have saved the
-	new <filename>/etc/crontab</filename>.</para>
+      <para>The change will take effect once you have saved the new
+	<filename>/etc/crontab</filename>.</para>
 
       <para>Automatic rotation of the audit trail file based on file
 	size is possible using <option>filesz</option> in