cvs commit: doc/en_US.ISO8859-1/books/handbook/audit chapter.sgml

Robert Watson rwatson at FreeBSD.org
Sat Feb 4 12:54:08 PST 2006


rwatson     2006-02-04 20:54:08 UTC

  FreeBSD doc repository

  Modified files:
    en_US.ISO8859-1/books/handbook/audit chapter.sgml 
  Log:
  Some edits of the audit handbook chapter:
  
  Rename section "Security Event Auditing" from "Kernel Event Auditing" --
  while most of our events are currently generated by the kernel, the intent
  is that it will be whole system auditing.
  
  More carefully distinguish our implementation being based on Sun's
  published API and file format, and not their implementation.
  
  Clarify a few more things audit can be used for, including post-mortem
  analysis and intrusion detection.
  
  Mention Mac OS X compatibility in addition to Darwin.
  
  Sort glossary slightly differently -- events before classes, since classes
  are defined in terms of events.  Tweak definition and examples.  Mention
  non-attributable vs attributable here.
  
  Mention that classes allow administrators to specify auditing requirements
  at a high level.
  
  Describe contents of a record.
  
  Define 'trail'.
  
  Since audit is now part of the base system, remove directions for
  installing files, etc, since complete installs should have them, and if
  they don't, the user should seek support.
  
  Mention that audit trails are happiest on a file system of their own.
  
  Update example flags option in audit_control -- add information on the
  new default, but keep the current example because the new default doesn't
  reflect the scope of possible expressions, whereas the earlier example
  did.
  
  Rephrase paragraph on avoiding directly manipulating logs in order to
  explain that this is because the kernel/daemon own the log until it is
  terminated.
  
  Correct example: auditreduce just reduces, not prints, so |praudit is
  needed or the user will experience the power of raw BSM's effects on
  his or her terminal.
  
  Much suggested by:      brueffer
  Reviewed by:            brueffer
  
  Revision  Changes    Path
  1.8       +78 -46    doc/en_US.ISO8859-1/books/handbook/audit/chapter.sgml


More information about the cvs-doc mailing list