diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2006-10-06 09:09:36 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2006-10-06 09:09:36 +0000 |
| commit | 91d477e93afb76169e83aaa40adef5eb9fb35710 (patch) | |
| tree | 891d4a413fd4ecc11f74a5b27087ca22adb67c73 /en_US.ISO8859-1/books/handbook/audit/chapter.sgml | |
| parent | 89abbe6ee8512f2f9c9ac7f88adfcde89af52907 (diff) | |
| download | doc-91d477e93afb76169e83aaa40adef5eb9fb35710.tar.gz doc-91d477e93afb76169e83aaa40adef5eb9fb35710.zip | |
Move "Delegating Audit Review Rights" section to after the review and
reduction sections. This is the section that introduces the notion of
the audit group. That way it appears before the section on audit
pipes, which references the audit group.
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=28774
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/audit/chapter.sgml')
| -rw-r--r-- | en_US.ISO8859-1/books/handbook/audit/chapter.sgml | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml index 352487dcd3..34670e78ee 100644 --- a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml @@ -599,6 +599,19 @@ trailer,133</programlisting> </sect2> <sect2> + <title>Delegating Audit Review Rights</title> + + <para>Members of the <literal>audit</literal> group are given + permission to read audit trails in <filename>/var/audit</filename>; + by default, this group is empty, so only the root user may read + audit trails. Users may be added to the <literal>audit</literal> + group in order to delegate audit review rights to the user. As + the ability to track audit log contents provides significant insight + into the behavior of users and processes, it is recommended that the + delegation of audit review rights be performed with caution.</para> + </sect2> + + <sect2> <title>Live Monitoring Using Audit Pipes</title> <para>Audit pipes are cloning pseudo-devices in the device file system @@ -696,18 +709,5 @@ fi</programlisting> audit trail files are cleanly terminated, so will not be run on trails left unterminated following an improper shutdown.</para> </sect2> - - <sect2> - <title>Delegating Audit Review Rights</title> - - <para>Members of the <literal>audit</literal> group are given - permission to read audit trails in <filename>/var/audit</filename>; - by default, this group is empty, so only the root user may read - audit trails. Users may be added to the <literal>audit</literal> - group in order to delegate audit review rights to the user. As - the ability to track audit log contents provides significant insight - into the behavior of users and processes, it is recommended that the - delegation of audit review rights be performed with caution.</para> - </sect2> </sect1> </chapter> |