Various re-wordings and some minor additions:

- Don't say "by default" regarding paths in /etc/security: they are not
  configurable.

- Note that the 'ip' event class covers more than just System V IPC.

- Clarify the differences between the audit_control and audit_user files
  in the configuration files introduction.

- Slightly reword audit log rotiation introduction.

- Add a section on the 'audit' group, and how this can be used to delegate
  audit review rights.

Obtained from:	TrustedBSD Project

1 files changed, 24 insertions, 12 deletions

diff --git a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml
index 0e43e5a744..e2455e6a3a 100644
--- a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml
@@ -191,10 +191,9 @@ requirements. -->
   <sect1 id="audit-config">
     <title>Audit Configuration</title>
 
-    <para>By default, all configuration is done within the realm of
-      <filename role="directory">/etc/security</filename> and the
-      files contained within.  The following files must be present
-      before the audit daemon is started:</para>
+    <para>All configuration files for security audit are found in
+      <filename role="directory">/etc/security</filename>.  The following
+      files must be present before the audit daemon is started:</para>
 
     <itemizedlist>
       <listitem>
@@ -314,7 +313,8 @@ requirements. -->
 
 	<listitem>
 	  <para><option>ip</option> - <literal>ipc</literal> - Audit
-	    System V <acronym>IPC</acronym> operations.</para>
+	    various forms of Inter-Process Communication, including POSIX
+	    pipes and System V <acronym>IPC</acronym> operations.</para>
 	</listitem>
 
 	<listitem>
@@ -400,12 +400,12 @@ requirements. -->
     <sect2>
       <title>Configuration Files</title>
 
-      <para>Configuration is set in only two files, the first being
-        <filename>audit_control</filename> and
-	<filename>audit_user</filename> being the second.  The first
-	is system-wide, controlling every aspect of event auditing
-	in the system.  The latter may be used for fine grained user
-	auditing.</para>
+      <para>In most cases, administrators will need to modify only two files
+	when configuring the audit system: <filename>audit_control</filename>
+	and <filename>audit_user</filename>.  The first controls system-wide
+	audit paramaters and defaults for both attributable and
+	non-attributable events.  The second may be used to tune the level
+	and nature of auditing for individual users.</para>
 
       <sect3 id="audit-auditcontrol">
         <title>The <filename>audit_control</filename> File</title>
@@ -525,7 +525,7 @@ audit:fc:no</programlisting>
     <sect2>
       <title>Rotating Audit Log Files</title>
 
-      <para>Because of log reliability requirements, audit trails
+      <para>Due to log reliability requirements, audit trails
 	are written to only by the kernel, and managed only by
 	<command>auditd</command>.  Administrators should not
 	attempt to use &man.newsyslog.conf.5; or other tools to
@@ -554,5 +554,17 @@ audit:fc:no</programlisting>
       <para>The change will take effect once you have saved the
 	new <filename>/etc/crontab</filename>.</para>
     </sect2>
+
+    <sect2>
+      <title>Delegating Audit Review Rights</title>
+
+      <para>By default, only the root user has the right to read system audit
+	logs.  However, that right may be delegated to members of the
+	<literal>audit</literal> group, as the audit directory and audit
+	trail files are assigned to that group, and made group-readable.  As
+	the ability to track audit log contents provides significant insight
+	into the behavior of users and processes, it is recommended that the
+	delegation of audit review rights be performed with caution.</para>
+    </sect2>
   </sect1>
 </chapter>