en/handbook/audit: proposed corrections

Taras Korenko ds at ukrhub.net
Mon Mar 31 14:12:02 UTC 2014 

On Mon, Mar 31, 2014 at 06:28:41AM -0700, Dru Lavigne wrote:
> _______________________________
> 
> > From: Taras Korenko <ds at ukrhub.net>
> >To: freebsd-doc at freebsd.org 
> >Sent: Saturday, March 29, 2014 12:19 PM
> >Subject: en/handbook/audit: proposed corrections
> >
> > ...       However, those are just notes, which might require more polishing
> >or wordsmithing.  So, can anyone review and/or comment the following *.diff?
> 
> ... 
> A slightly modified patch is attached. If it is acceptable to you, I can commit it.
> ...

  No objections; please, commit it.

> Cheers,
> 
> Dru

> Index: chapter.xml
> ===================================================================
> --- chapter.xml	(revision 44393)
> +++ chapter.xml	(working copy)
> @@ -196,8 +196,10 @@
>      <title>Audit Configuration</title>
>  
>      <para>User space support for event auditing is installed as part
> -      of the base &os; operating system.  Kernel support can be
> -      enabled by adding the following line to
> +      of the base &os; operating system.  Kernel support is available
> +      in the <filename>GENERIC</filename> kernel by default,
> +      and &man.auditd.8; can be enabled
> +      by adding the following line to
>        <filename>/etc/rc.conf</filename>:</para>
>  
>      <programlisting>auditd_enable="YES"</programlisting>
> @@ -217,10 +219,7 @@
>        <para>Selection expressions are used in a number of places in
>  	the audit configuration to determine which events should be
>  	audited.  Expressions contain a list of event classes to
> -	match, each with a prefix indicating whether matching records
> -	should be accepted or ignored, and optionally to indicate if
> -	the entry is intended to match successful or failed
> -	operations.  Selection expressions are evaluated from left to
> +	match.  Selection expressions are evaluated from left to
>  	right, and two expressions are combined by appending one onto
>  	the other.</para>
>  
> @@ -383,10 +382,10 @@
>        </table>
>  
>        <para>These audit event classes may be customized by modifying
> -	the <filename>audit_class</filename> and <filename>audit_
> -	  event</filename> configuration files.</para>
> +	the <filename>audit_class</filename> and
> +	<filename>audit_event</filename> configuration files.</para>
>  
> -      <para>Each audit event class is combined with a prefix
> +      <para>Each audit event class may be combined with a prefix
>  	indicating whether successful/failed operations are matched,
>  	and whether the entry is adding or removing matching for the
>  	class and type.  <xref linkend="event-prefixes"/> summarizes
> @@ -650,8 +649,8 @@
>      <para>Since audit logs may be very large, a subset of records can
>        be selected using <command>auditreduce</command>.  This example
>        selects all audit records produced for the user
> -      <replaceable>trhodes</replaceable> stored in
> -      <replaceable>AUDITFILE</replaceable>:</para>
> +      <systemitem class="username">trhodes</systemitem> stored in
> +      <filename>AUDITFILE</filename>:</para>
>  
>      <screen>&prompt.root; <userinput>auditreduce -u <replaceable>trhodes</replaceable> /var/audit/<replaceable>AUDITFILE</replaceable> | praudit</userinput></screen>
>  
> @@ -739,8 +738,8 @@
>  
>        <para>Automatic rotation of the audit trail file based on file
>  	size is possible using <option>filesz</option> in
> -	<filename>audit.control</filename> as described in <xref
> -	  linkend="audit-config"/>.</para>
> +	<filename>audit_control</filename> as described in <xref
> +	  linkend="audit-auditcontrol"/>.</para>
>  
>        <para>As audit trail files can become very large, it is often
>  	desirable to compress or otherwise archive trails once they

P.S.: thanks for your huge work on the Handbook.

-- 
  WBR, Taras Korenko

More information about the freebsd-doc mailing list