cvs commit: doc/en_US.ISO8859-1/books/handbook/audit chapter.sgml
rwatson at FreeBSD.org
Sun Sep 24 04:51:08 PDT 2006
rwatson 2006-09-24 11:50:57 UTC
FreeBSD doc repository
Update the audit handbook chapter in a number of ways to reflect recent
changes and improvements:
- Rephrase synposis now that we've merged audit support to 6.x. Resort to
push all warnings to the end so that it reads more clearly. Add
reviewing and reducing the audit trail to list of things learned, since it
- Simplify class definition, as some of this content can appear in new
definitions for selection expression, preselection, and reduction. The
selection expression definition replaces the existing prefix definition,
and "selection expression" is now used consistently throughout the
document to refer to the previously unnamed matching strings.
- Since audit support is part of the base system, remove comments about
checking for configuration files, they will be present. Add note about
starting auditd with the rc.d script once the new kernel is loaded.
- When describing audit_event file, mention that that is where the class
- Since audit_warn will shortly learn to notify of rotation events, mention
- Rename "Audit File Syntax" section to "Event Selection Expressions",
since that's what the section talks about, and these expressions are used
in more than one file. Correct an error in the prefix list, which was
also present in the man page (and will be fixed in the next OpenBSM
import). Include an example in this section.
- Don't go into selection expression details in the audit_control section,
as that's now earlier int he document.
- Talk in more detail about audit_user fields. I had to check the source to
make sure I understood this first!
- Don't mention a special audit user, it's not a configuration we currently
want to encourage. The audit group now fills this role.
- Create a new sect2 section on viewing and reducing trails from the
existing sect1 introduction for administering the audit subsystem, as it's
a sufficiently detailed and independent set of text that it makes sense.
Clarify some points regarding what you might use auditreduce for. Use
-u instead of -e to match the user in the example.
- Consistently say "audit trail file" instead of "audit log file", except
when introducing the trail concept in the glossary.
- Clarify notion of the audit group some more.
- A number of rephrasings and simplifications.
- Add myself as an author.
Some new features from OpenBSM 1.0a12 are not yet described here, such as
the filesz and policy entries in audit_control, and once that is merged, I
will further update the document, which should clean up the trail rotation
Obtained from: TrustedBSD Project
Revision Changes Path
1.15 +236 -226 doc/en_US.ISO8859-1/books/handbook/audit/chapter.sgml
More information about the cvs-all