Small corrections to audit chapter.

Submitted by: Taras Korenko
Sponsored by:	iXsystems

en_US.ISO8859-1/books/handbook/audit/chapter.xml

@@ -196,8 +196,10 @@ requirements. -->
     <title>Audit Configuration</title>
 
     <para>User space support for event auditing is installed as part
-      of the base &os; operating system.  Kernel support can be
+      of the base &os; operating system.  Kernel support is available
-      enabled by adding the following line to
+      in the <filename>GENERIC</filename> kernel by default,
+      and &man.auditd.8; can be enabled
+      by adding the following line to
       <filename>/etc/rc.conf</filename>:</para>
 
     <programlisting>auditd_enable="YES"</programlisting>
@@ -217,10 +219,7 @@ requirements. -->
       <para>Selection expressions are used in a number of places in
 	the audit configuration to determine which events should be
 	audited.  Expressions contain a list of event classes to
-	match, each with a prefix indicating whether matching records
+	match.  Selection expressions are evaluated from left to
-	should be accepted or ignored, and optionally to indicate if
-	the entry is intended to match successful or failed
-	operations.  Selection expressions are evaluated from left to
 	right, and two expressions are combined by appending one onto
 	the other.</para>
 
@@ -383,10 +382,10 @@ requirements. -->
       </table>
 
       <para>These audit event classes may be customized by modifying
-	the <filename>audit_class</filename> and <filename>audit_
+	the <filename>audit_class</filename> and
-	  event</filename> configuration files.</para>
+	<filename>audit_event</filename> configuration files.</para>
 
-      <para>Each audit event class is combined with a prefix
+      <para>Each audit event class may be combined with a prefix
 	indicating whether successful/failed operations are matched,
 	and whether the entry is adding or removing matching for the
 	class and type.  <xref linkend="event-prefixes"/> summarizes
@@ -650,8 +649,8 @@ trailer,133</programlisting>
     <para>Since audit logs may be very large, a subset of records can
       be selected using <command>auditreduce</command>.  This example
       selects all audit records produced for the user
-      <replaceable>trhodes</replaceable> stored in
+      <systemitem class="username">trhodes</systemitem> stored in
-      <replaceable>AUDITFILE</replaceable>:</para>
+      <filename>AUDITFILE</filename>:</para>
 
     <screen>&prompt.root; <userinput>auditreduce -u <replaceable>trhodes</replaceable> /var/audit/<replaceable>AUDITFILE</replaceable> | praudit</userinput></screen>
 
@@ -739,8 +738,8 @@ trailer,133</programlisting>
 
       <para>Automatic rotation of the audit trail file based on file
 	size is possible using <option>filesz</option> in
-	<filename>audit.control</filename> as described in <xref
+	<filename>audit_control</filename> as described in <xref
-	  linkend="audit-config"/>.</para>
+	  linkend="audit-auditcontrol"/>.</para>
 
       <para>As audit trail files can become very large, it is often
 	desirable to compress or otherwise archive trails once they