os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Further adjustments to handbook audit chapter:

Browse source 
- Further clarify nature of composition of audit_control flags and
  audit_user.

- Add missing </para> before auditpipe configuration example.

- Mark up usernames as <literal>.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2006-09-25 22:36:03 +00:00
parent 6555841abf
commit 48459b7047
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=28722
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
en_US.ISO8859-1/books/handbook/audit/chapter.sgml
View file

@ -263,9 +263,7 @@ requirements. -->
or ignored, and optionally to indicate if the entry is intended or ignored, and optionally to indicate if the entry is intended
to match successful or failed operations. Selection expressions to match successful or failed operations. Selection expressions
are evaluated from left to right, and two expressions are are evaluated from left to right, and two expressions are
combined by appending on onto the other. For example, per-user combined by appending one onto the other.</para>
expressions are appended to global expressions to generate the
effective preselection mask for a user at login.</para>
<para>The following list contains the default audit event classes <para>The following list contains the default audit event classes
present in <filename>audit_class</filename>:</para> present in <filename>audit_class</filename>:</para>
@ -480,18 +478,21 @@ naflags:lo</programlisting>
<para>The <filename>audit_user</filename> file permits the <para>The <filename>audit_user</filename> file permits the
administrator to specify further audit requirements for specific administrator to specify further audit requirements for specific
users. users.
There is one line per user, along with a selection expression Each line configures auditing for a user via two fields: the
which will be combined with the global <option>flags</option>. first is the <literal>alwaysaudit</literal> field, which specifies
</para> a set of events that should always be audited for the user, and
the second is the <literal>neveraudit</literal> field, which
specifies a set of events that should never be audited for the
user.</para>
<para>The following example <filename>audit_user</filename> file <para>The following example <filename>audit_user</filename> file
audits login/logout events and successful command execution for audits login/logout events and successful command execution for
the root user, and audits file creation and successful command the root user, and audits file creation and successful command
execution for the www user. execution for the www user.
If used with the example <filename>audit_control</filename> file If used with the example <filename>audit_control</filename> file
above, the <literal>lo</literal> entry for root is redundant, above, the <literal>lo</literal> entry for <literal>root</literal>
and login/logout events will also be audited for the www user. is redundant, and login/logout events will also be audited for the
</para> <literal>www</literal> user.</para>
<programlisting>root:lo,+ex:no <programlisting>root:lo,+ex:no
www:fc,+ex:no</programlisting> www:fc,+ex:no</programlisting>
@ -589,7 +590,7 @@ trailer,133</programlisting>
<para>By default, audit pipe device nodes are accessible only to the <para>By default, audit pipe device nodes are accessible only to the
root user. To make them accessible to the members of the root user. To make them accessible to the members of the
<literal>audit</literal> group, add a <literal>devfs</literal> rule <literal>audit</literal> group, add a <literal>devfs</literal> rule
to <filename>devfs.rules</filename>: to <filename>devfs.rules</filename>:</para>
<programlisting>add path 'auditpipe*' mode 0440 group audit</programlisting> <programlisting>add path 'auditpipe*' mode 0440 group audit</programlisting>