diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2006-02-12 02:14:39 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2006-02-12 02:14:39 +0000 |
commit | 4ebd6190b536510866e0b6c2d1986bfbd284478a (patch) | |
tree | a47a53636cce8fd76790eb9080b39599b60ade9f /en_US.ISO8859-1/books/handbook/audit/chapter.sgml | |
parent | ca8e901743ce872aa88783bfda0f2755dcc7c8b4 (diff) | |
download | doc-4ebd6190b536510866e0b6c2d1986bfbd284478a.tar.gz doc-4ebd6190b536510866e0b6c2d1986bfbd284478a.zip |
Various re-wordings and some minor additions:
- Don't say "by default" regarding paths in /etc/security: they are not
configurable.
- Note that the 'ip' event class covers more than just System V IPC.
- Clarify the differences between the audit_control and audit_user files
in the configuration files introduction.
- Slightly reword audit log rotiation introduction.
- Add a section on the 'audit' group, and how this can be used to delegate
audit review rights.
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=27093
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/audit/chapter.sgml')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/audit/chapter.sgml | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml index 0e43e5a744..e2455e6a3a 100644 --- a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml @@ -191,10 +191,9 @@ requirements. --> <sect1 id="audit-config"> <title>Audit Configuration</title> - <para>By default, all configuration is done within the realm of - <filename role="directory">/etc/security</filename> and the - files contained within. The following files must be present - before the audit daemon is started:</para> + <para>All configuration files for security audit are found in + <filename role="directory">/etc/security</filename>. The following + files must be present before the audit daemon is started:</para> <itemizedlist> <listitem> @@ -314,7 +313,8 @@ requirements. --> <listitem> <para><option>ip</option> - <literal>ipc</literal> - Audit - System V <acronym>IPC</acronym> operations.</para> + various forms of Inter-Process Communication, including POSIX + pipes and System V <acronym>IPC</acronym> operations.</para> </listitem> <listitem> @@ -400,12 +400,12 @@ requirements. --> <sect2> <title>Configuration Files</title> - <para>Configuration is set in only two files, the first being - <filename>audit_control</filename> and - <filename>audit_user</filename> being the second. The first - is system-wide, controlling every aspect of event auditing - in the system. The latter may be used for fine grained user - auditing.</para> + <para>In most cases, administrators will need to modify only two files + when configuring the audit system: <filename>audit_control</filename> + and <filename>audit_user</filename>. The first controls system-wide + audit paramaters and defaults for both attributable and + non-attributable events. The second may be used to tune the level + and nature of auditing for individual users.</para> <sect3 id="audit-auditcontrol"> <title>The <filename>audit_control</filename> File</title> @@ -525,7 +525,7 @@ audit:fc:no</programlisting> <sect2> <title>Rotating Audit Log Files</title> - <para>Because of log reliability requirements, audit trails + <para>Due to log reliability requirements, audit trails are written to only by the kernel, and managed only by <command>auditd</command>. Administrators should not attempt to use &man.newsyslog.conf.5; or other tools to @@ -554,5 +554,17 @@ audit:fc:no</programlisting> <para>The change will take effect once you have saved the new <filename>/etc/crontab</filename>.</para> </sect2> + + <sect2> + <title>Delegating Audit Review Rights</title> + + <para>By default, only the root user has the right to read system audit + logs. However, that right may be delegated to members of the + <literal>audit</literal> group, as the audit directory and audit + trail files are assigned to that group, and made group-readable. As + the ability to track audit log contents provides significant insight + into the behavior of users and processes, it is recommended that the + delegation of audit review rights be performed with caution.</para> + </sect2> </sect1> </chapter> |