- Use of trademark entities;

- Tag an inline command-line;
- Use of user/group/filename tags where needed;
- Use of application tags for a deamon as done in the rest of the
  book.

en_US.ISO8859-1/books/handbook/audit/chapter.sgml

@@ -42,9 +42,9 @@ requirements. -->
       security-relevant system events, including logins, configuration
       changes, and file and network access.  These log records can be
       invaluable for live system monitoring, intrusion detection, and
-      postmortem analysis.  &os; implements Sun's published
+      postmortem analysis.  &os; implements &sun;'s published
       <acronym>BSM</acronym> API and file format, and is interoperable with
-      both Sun's Solaris and Apple's Mac OS X audit implementations.</para>
+      both &sun;'s &solaris; and &apple;'s &macos; X audit implementations.</para>
 
     <para>This chapter focuses on the installation and configuration of
       Event Auditing.  It explains audit policies, and provides an example
@@ -566,7 +566,7 @@ return,success,0
 trailer,133</programlisting>
 
       <para>This audit represents a successful <literal>execve</literal>
-	call, in which the command "finger doug" has been run.  The
+	call, in which the command <literal>finger doug</literal> has been run.  The
 	arguments token contains both the processed command line presented
 	by the shell to the kernel.  The path token holds the path to the
 	executable as looked up by the kernel.  The attribute token
@@ -595,16 +595,16 @@ trailer,133</programlisting>
 
       <para>This will select all audit records produced for the user
 	<username>trhodes</username> stored in the
-	<replaceable>AUDITFILE</replaceable> file.</para>
+	<filename><replaceable>AUDITFILE</replaceable></filename> file.</para>
     </sect2>
 
     <sect2>
       <title>Delegating Audit Review Rights</title>
 
-      <para>Members of the <literal>audit</literal> group are given
+      <para>Members of the <groupname>audit</groupname> group are given
 	permission to read audit trails in <filename>/var/audit</filename>;
-	by default, this group is empty, so only the root user may read
-	audit trails.  Users may be added to the <literal>audit</literal>
+	by default, this group is empty, so only the <username>root</username> user may read
+	audit trails.  Users may be added to the <groupname>audit</groupname>
 	group in order to delegate audit review rights to the user.  As
 	the ability to track audit log contents provides significant insight
 	into the behavior of users and processes, it is recommended that the
@@ -626,8 +626,8 @@ trailer,133</programlisting>
       <screen>&prompt.root; <userinput>praudit /dev/auditpipe</userinput></screen>
 
       <para>By default, audit pipe device nodes are accessible only to the
-	root user.  To make them accessible to the members of the
-	<literal>audit</literal> group, add a <literal>devfs</literal> rule
+	<username>root</username> user.  To make them accessible to the members of the
+	<groupname>audit</groupname> group, add a <literal>devfs</literal> rule
 	to <filename>devfs.rules</filename>:</para>
 
       <programlisting>add path 'auditpipe*' mode 0440 group audit</programlisting>
@@ -651,7 +651,7 @@ trailer,133</programlisting>
       <title>Rotating Audit Trail Files</title>
 
       <para>Audit trails are written to only by the kernel, and managed only
-	by the audit daemon, <command>auditd</command>.  Administrators
+	by the audit daemon, <application>auditd</application>.  Administrators
 	should not attempt to use &man.newsyslog.conf.5; or other tools to
 	directly rotate audit logs.  Instead, the <command>audit</command>
 	management tool may be used to shut down auditing, reconfigure the
@@ -664,7 +664,7 @@ trailer,133</programlisting>
       <screen>&prompt.root; <userinput>audit -n</userinput></screen>
 
       <warning>
-	<para>If the <command>auditd</command> daemon is not currently
+	<para>If the <application>auditd</application> daemon is not currently
 	  running, this command will fail and an error message will be
 	  produced.</para>
       </warning>