cvs commit: doc/en_US.ISO8859-1/books/handbook/audit chapter.sgml
Robert Watson
rwatson at FreeBSD.org
Sat Feb 4 12:54:08 PST 2006
rwatson 2006-02-04 20:54:08 UTC
FreeBSD doc repository
Modified files:
en_US.ISO8859-1/books/handbook/audit chapter.sgml
Log:
Some edits of the audit handbook chapter:
Rename section "Security Event Auditing" from "Kernel Event Auditing" --
while most of our events are currently generated by the kernel, the intent
is that it will be whole system auditing.
More carefully distinguish our implementation being based on Sun's
published API and file format, and not their implementation.
Clarify a few more things audit can be used for, including post-mortem
analysis and intrusion detection.
Mention Mac OS X compatibility in addition to Darwin.
Sort glossary slightly differently -- events before classes, since classes
are defined in terms of events. Tweak definition and examples. Mention
non-attributable vs attributable here.
Mention that classes allow administrators to specify auditing requirements
at a high level.
Describe contents of a record.
Define 'trail'.
Since audit is now part of the base system, remove directions for
installing files, etc, since complete installs should have them, and if
they don't, the user should seek support.
Mention that audit trails are happiest on a file system of their own.
Update example flags option in audit_control -- add information on the
new default, but keep the current example because the new default doesn't
reflect the scope of possible expressions, whereas the earlier example
did.
Rephrase paragraph on avoiding directly manipulating logs in order to
explain that this is because the kernel/daemon own the log until it is
terminated.
Correct example: auditreduce just reduces, not prints, so |praudit is
needed or the user will experience the power of raw BSM's effects on
his or her terminal.
Much suggested by: brueffer
Reviewed by: brueffer
Revision Changes Path
1.8 +78 -46 doc/en_US.ISO8859-1/books/handbook/audit/chapter.sgml
More information about the cvs-doc
mailing list