svn commit: r43688 - head/en_US.ISO8859-1/books/handbook/audit

Warren Block wblock at FreeBSD.org
Thu Jan 30 05:46:43 UTC 2014 

Author: wblock
Date: Thu Jan 30 05:46:42 2014
New Revision: 43688
URL: http://svnweb.freebsd.org/changeset/doc/43688

Log:
  Whitespace-only fixes, translators please ignore.

Modified:
  head/en_US.ISO8859-1/books/handbook/audit/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/audit/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Thu Jan 30 05:38:06 2014	(r43687)
+++ head/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Thu Jan 30 05:46:42 2014	(r43688)
@@ -9,16 +9,32 @@ And the /dev/audit special file if we ch
 some coverage of integrating MAC with Event auditing and perhaps discussion
 on how some companies or organizations handle auditing and auditing
 requirements. -->
-<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="audit">
-  <info><title>Security Event Auditing</title>
+
+<chapter xmlns="http://docbook.org/ns/docbook"
+  xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+  xml:id="audit">
+
+  <info>
+    <title>Security Event Auditing</title>
+
     <authorgroup>
-      <author><personname><firstname>Tom</firstname><surname>Rhodes</surname></personname><contrib>Written by </contrib></author>
-      <author><personname><firstname>Robert</firstname><surname>Watson</surname></personname></author>
+      <author>
+	<personname>
+	  <firstname>Tom</firstname>
+	  <surname>Rhodes</surname>
+	</personname>
+	<contrib>Written by </contrib>
+      </author>
+
+      <author>
+	<personname>
+	  <firstname>Robert</firstname>
+	  <surname>Watson</surname>
+	</personname>
+      </author>
     </authorgroup>
   </info>
 
-  
-
   <sect1 xml:id="audit-synopsis">
     <title>Synopsis</title>
 
@@ -189,8 +205,8 @@ requirements. -->
 
     <programlisting>options	AUDIT</programlisting>
 
-    <para>Rebuild and reinstall
-      the kernel via the normal process explained in <xref linkend="kernelconfig"/>.</para>
+    <para>Rebuild and reinstall the kernel via the normal process
+      explained in <xref linkend="kernelconfig"/>.</para>
 
     <para>Once an audit-enabled kernel is built, installed, and the
       system has been rebooted, enable the audit daemon by adding the
@@ -208,9 +224,8 @@ requirements. -->
     <title>Audit Configuration</title>
 
     <para>All configuration files for security audit are found in
-      <filename>/etc/security</filename>.  The
-      following files must be present before the audit daemon is
-      started:</para>
+      <filename>/etc/security</filename>.  The following files must be
+      present before the audit daemon is started:</para>
 
     <itemizedlist>
       <listitem>
@@ -257,13 +272,13 @@ requirements. -->
 
       <para>Selection expressions are used in a number of places in
 	the audit configuration to determine which events should be
-	audited. Expressions contain a list of event classes to match,
-	each with a prefix indicating whether matching records should
-	be accepted or ignored, and optionally to indicate if the
-	entry is intended to match successful or failed operations.
-	Selection expressions are evaluated from left to right, and
-	two expressions are combined by appending one onto the
-	other.</para>
+	audited.  Expressions contain a list of event classes to
+	match, each with a prefix indicating whether matching records
+	should be accepted or ignored, and optionally to indicate if
+	the entry is intended to match successful or failed
+	operations.  Selection expressions are evaluated from left to
+	right, and two expressions are combined by appending one onto
+	the other.</para>
 
       <para>The following list contains the default audit event
 	classes present in <filename>audit_class</filename>:</para>
@@ -478,9 +493,9 @@ filesz:0</programlisting>
 	  will be generated.  The above example sets the minimum free
 	  space to twenty percent.</para>
 
-	<para>The <option>naflags</option> entry specifies audit classes
-	  to be audited for non-attributed events, such as the login
-	  process and system daemons.</para>
+	<para>The <option>naflags</option> entry specifies audit
+	  classes to be audited for non-attributed events, such as the
+	  login process and system daemons.</para>
 
 	<para>The <option>policy</option> entry specifies a
 	  comma-separated list of policy flags controlling various
@@ -514,13 +529,14 @@ filesz:0</programlisting>
 	  of events that should never be audited for the user.</para>
 
 	<para>The following example <filename>audit_user</filename>
-	  audits login/logout events and successful command
-	  execution for <systemitem class="username">root</systemitem>, and audits
-	  file creation and successful command execution for
-	  <systemitem class="username">www</systemitem>.  If used with the above example
-	  <filename>audit_control</filename>, the
-	  <literal>lo</literal> entry for <systemitem class="username">root</systemitem> is
-	  redundant, and login/logout events will also be audited for
+	  audits login/logout events and successful command execution
+	  for <systemitem class="username">root</systemitem>, and
+	  audits file creation and successful command execution for
+	  <systemitem class="username">www</systemitem>.  If used with
+	  the above example <filename>audit_control</filename>, the
+	  <literal>lo</literal> entry for
+	  <systemitem class="username">root</systemitem> is redundant,
+	  and login/logout events will also be audited for
 	  <systemitem class="username">www</systemitem>.</para>
 
 	<programlisting>root:lo,+ex:no
@@ -541,9 +557,9 @@ www:fc,+ex:no</programlisting>
 	format; the &man.auditreduce.1; command may be used to reduce
 	the audit trail file for analysis, archiving, or printing
 	purposes.  A variety of selection parameters are supported by
-	&man.auditreduce.1;, including event type, event class,
-	user, date or time of the event, and the file path or object
-	acted on.</para>
+	&man.auditreduce.1;, including event type, event class, user,
+	date or time of the event, and the file path or object acted
+	on.</para>
 
       <para>For example, &man.praudit.1; will dump the entire
 	contents of a specified audit log in plain text:</para>
@@ -584,12 +600,13 @@ trailer,133</programlisting>
 	user ID and group ID, real user ID and group ID, process ID,
 	session ID, port ID, and login address.  Notice that the audit
 	user ID and real user ID differ: the user
-	<systemitem class="username">robert</systemitem> has switched to the
-	<systemitem class="username">root</systemitem> account before running this command,
-	but it is audited using the original authenticated user.
-	Finally, the <literal>return</literal> token indicates the
-	successful execution, and the <literal>trailer</literal>
-	concludes the record.</para>
+	<systemitem class="username">robert</systemitem> has switched
+	to the <systemitem class="username">root</systemitem> account
+	before running this command, but it is audited using the
+	original authenticated user.  Finally, the
+	<literal>return</literal> token indicates the successful
+	execution, and the <literal>trailer</literal> concludes the
+	record.</para>
 
       <para><acronym>XML</acronym> output format is also supported by
 	&man.praudit.1;, and can be selected using
@@ -613,15 +630,19 @@ trailer,133</programlisting>
     <sect2>
       <title>Delegating Audit Review Rights</title>
 
-      <para>Members of the <systemitem class="groupname">audit</systemitem> group are
-	given permission to read audit trails in <filename>/var/audit</filename>; by default, this
-	group is empty, so only the <systemitem class="username">root</systemitem> user
-	may read audit trails.  Users may be added to the
-	<systemitem class="groupname">audit</systemitem> group in order to delegate audit
-	review rights to the user.  As the ability to track audit log
-	contents provides significant insight into the behavior of
-	users and processes, it is recommended that the delegation of
-	audit review rights be performed with caution.</para>
+      <para>Members of the
+	<systemitem class="groupname">audit</systemitem> group are
+	given permission to read audit trails in
+	<filename>/var/audit</filename>; by default, this group is
+	empty, so only the
+	<systemitem class="username">root</systemitem> user may read
+	audit trails.  Users may be added to the
+	<systemitem class="groupname">audit</systemitem> group in
+	order to delegate audit review rights to the user.  As the
+	ability to track audit log contents provides significant
+	insight into the behavior of users and processes, it is
+	recommended that the delegation of audit review rights be
+	performed with caution.</para>
     </sect2>
 
     <sect2>
@@ -640,9 +661,10 @@ trailer,133</programlisting>
       <screen>&prompt.root; <userinput>praudit /dev/auditpipe</userinput></screen>
 
       <para>By default, audit pipe device nodes are accessible only to
-	the <systemitem class="username">root</systemitem> user.  To make them accessible
-	to the members of the <systemitem class="groupname">audit</systemitem> group, add
-	a <literal>devfs</literal> rule to
+	the <systemitem class="username">root</systemitem> user.  To
+	make them accessible to the members of the
+	<systemitem class="groupname">audit</systemitem> group, add a
+	<literal>devfs</literal> rule to
 	<filename>devfs.rules</filename>:</para>
 
       <programlisting>add path 'auditpipe*' mode 0440 group audit</programlisting>

More information about the svn-doc-all mailing list