Update handbook Audit chapter to reflect status in 6.3 and later, and to
mention that an XML output mode is now available for praudit(8).
This commit is contained in:
Robert Watson
parent
f8c2899bf6
commit
0bd49d9eaf
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=31063
1 changed files with 12 additions and 7 deletions
|
|
@ -36,7 +36,7 @@ requirements. -->
|
|||
<see>MAC</see>
|
||||
</indexterm>
|
||||
|
||||
<para>FreeBSD 6.2-RELEASE and later include support for fine-grained
|
||||
<para>&os; 6.2 and later include support for fine-grained
|
||||
security event auditing. Event auditing allows the reliable,
|
||||
fine-grained, and configurable logging of a variety of
|
||||
security-relevant system events, including logins, configuration
|
||||
|
|
@ -191,9 +191,10 @@ requirements. -->
|
|||
<title>Installing Audit Support</title>
|
||||
|
||||
<para>User space support for Event Auditing is installed as part of the
|
||||
base &os; operating system as of 6.2-RELEASE. However, Event Auditing
|
||||
support must be explicitly compiled into the kernel by adding the
|
||||
following lines to the kernel configuration file:</para>
|
||||
base &os; operating system. In &os; 6.3 and later, kernel support for
|
||||
Event Auditing is compiled in by default. In &os; 6.2, support must be
|
||||
explicitly compiled into the kernel by adding the following lines to
|
||||
the kernel configuration file:</para>
|
||||
|
||||
<programlisting>options AUDIT</programlisting>
|
||||
|
||||
|
|
@ -201,9 +202,9 @@ requirements. -->
|
|||
the kernel via the normal process explained in
|
||||
<xref linkend="kernelconfig">.</para>
|
||||
|
||||
<para>Once the kernel is built, installed, and the system has been
|
||||
rebooted, enable the audit daemon by adding the following line to
|
||||
&man.rc.conf.5;:</para>
|
||||
<para>Once an audit-enabled kernel is built, installed, and the system
|
||||
has been rebooted, enable the audit daemon by adding the following line
|
||||
to &man.rc.conf.5;:</para>
|
||||
|
||||
<programlisting>auditd_enable="YES"</programlisting>
|
||||
|
||||
|
|
@ -584,6 +585,10 @@ trailer,133</programlisting>
|
|||
<literal>return</literal> token indicates the successful execution, and the <literal>trailer</literal>
|
||||
concludes the record.</para>
|
||||
|
||||
<para>In &os; 6.3 and later, <command>praudit</command> also supports
|
||||
an XML output format, which can be selected using the
|
||||
<option>-x</option> argument.</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
|
|
|
|||
Loading…
Reference in a new issue