svn commit: r44395 - head/en_US.ISO8859-1/books/handbook/audit
Dru Lavigne
dru at FreeBSD.org
Mon Mar 31 14:14:58 UTC 2014
Author: dru
Date: Mon Mar 31 14:14:58 2014
New Revision: 44395
URL: http://svnweb.freebsd.org/changeset/doc/44395
Log:
Small corrections to audit chapter.
Submitted by: Taras Korenko
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/audit/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/audit/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/audit/chapter.xml Mon Mar 31 13:57:12 2014 (r44394)
+++ head/en_US.ISO8859-1/books/handbook/audit/chapter.xml Mon Mar 31 14:14:58 2014 (r44395)
@@ -196,8 +196,10 @@ requirements. -->
<title>Audit Configuration</title>
<para>User space support for event auditing is installed as part
- of the base &os; operating system. Kernel support can be
- enabled by adding the following line to
+ of the base &os; operating system. Kernel support is available
+ in the <filename>GENERIC</filename> kernel by default,
+ and &man.auditd.8; can be enabled
+ by adding the following line to
<filename>/etc/rc.conf</filename>:</para>
<programlisting>auditd_enable="YES"</programlisting>
@@ -217,10 +219,7 @@ requirements. -->
<para>Selection expressions are used in a number of places in
the audit configuration to determine which events should be
audited. Expressions contain a list of event classes to
- match, each with a prefix indicating whether matching records
- should be accepted or ignored, and optionally to indicate if
- the entry is intended to match successful or failed
- operations. Selection expressions are evaluated from left to
+ match. Selection expressions are evaluated from left to
right, and two expressions are combined by appending one onto
the other.</para>
@@ -383,10 +382,10 @@ requirements. -->
</table>
<para>These audit event classes may be customized by modifying
- the <filename>audit_class</filename> and <filename>audit_
- event</filename> configuration files.</para>
+ the <filename>audit_class</filename> and
+ <filename>audit_event</filename> configuration files.</para>
- <para>Each audit event class is combined with a prefix
+ <para>Each audit event class may be combined with a prefix
indicating whether successful/failed operations are matched,
and whether the entry is adding or removing matching for the
class and type. <xref linkend="event-prefixes"/> summarizes
@@ -650,8 +649,8 @@ trailer,133</programlisting>
<para>Since audit logs may be very large, a subset of records can
be selected using <command>auditreduce</command>. This example
selects all audit records produced for the user
- <replaceable>trhodes</replaceable> stored in
- <replaceable>AUDITFILE</replaceable>:</para>
+ <systemitem class="username">trhodes</systemitem> stored in
+ <filename>AUDITFILE</filename>:</para>
<screen>&prompt.root; <userinput>auditreduce -u <replaceable>trhodes</replaceable> /var/audit/<replaceable>AUDITFILE</replaceable> | praudit</userinput></screen>
@@ -739,8 +738,8 @@ trailer,133</programlisting>
<para>Automatic rotation of the audit trail file based on file
size is possible using <option>filesz</option> in
- <filename>audit.control</filename> as described in <xref
- linkend="audit-config"/>.</para>
+ <filename>audit_control</filename> as described in <xref
+ linkend="audit-auditcontrol"/>.</para>
<para>As audit trail files can become very large, it is often
desirable to compress or otherwise archive trails once they
More information about the svn-doc-all
mailing list