svn commit: r41585 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit

Dru Lavigne dru at FreeBSD.org
Thu May 9 20:59:53 UTC 2013 

Author: dru
Date: Thu May  9 20:59:52 2013
New Revision: 41585
URL: http://svnweb.freebsd.org/changeset/doc/41585

Log:
  This patch addresses the following:
  
  - fixes command/application tags with entities
  
  - fixes redundancy
  
  A subsequent patch will fix outstanding white space
  issues.
  
  Approved by:  bcr (mentor)

Modified:
  projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml

Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml
==============================================================================
--- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Thu May  9 20:56:48 2013	(r41584)
+++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Thu May  9 20:59:52 2013	(r41585)
@@ -249,7 +249,7 @@ requirements. -->
 
       <listitem>
 	<para><filename>audit_warn</filename> - A customizable shell
-	  script used by <application>auditd</application> to generate
+	  script used by &man.auditd.8; to generate
 	  warning messages in exceptional situations, such as when
 	  space for audit records is running low or when the audit
 	  trail file has been rotated.</para>
@@ -460,9 +460,8 @@ requirements. -->
       <sect3 id="audit-auditcontrol">
 	<title>The <filename>audit_control</filename> File</title>
 
-	<para>The <filename>audit_control</filename> file specifies a
-	  number of defaults for the audit subsystem.  Viewing the
-	  contents of this file, we see the following:</para>
+	<para>A number of defaults for the audit subsystem are
+	  specified in <filename>audit_control</filename>:</para>
 
 	<programlisting>dir:/var/audit
 flags:lo
@@ -471,7 +470,7 @@ naflags:lo
 policy:cnt
 filesz:0</programlisting>
 
-	<para>The <option>dir</option> option is used to set one or
+	<para>The <option>dir</option> entry is used to set one or
 	  more directories where audit logs will be stored.  If more
 	  than one directory entry appears, they will be used in order
 	  as they fill.  It is common to configure audit so that audit
@@ -484,17 +483,17 @@ filesz:0</programlisting>
 	  example above, successful and failed login and logout events
 	  are audited for all users.</para>
 
-	<para>The <option>minfree</option> option defines the minimum
+	<para>The <option>minfree</option> entry defines the minimum
 	  percentage of free space for the file system where the audit
 	  trail is stored.  When this threshold is exceeded, a warning
 	  will be generated.  The above example sets the minimum free
 	  space to twenty percent.</para>
 
-	<para>The <option>naflags</option> option specifies audit
+	<para>The <option>naflags</option> specifies audit
 	  classes to be audited for non-attributed events, such as the
 	  login process and system daemons.</para>
 
-	<para>The <option>policy</option> option specifies a
+	<para>The <option>policy</option> entry specifies a
 	  comma-separated list of policy flags controlling various
 	  aspects of audit behavior.  The default
 	  <literal>cnt</literal> flag indicates that the system should
@@ -504,7 +503,7 @@ filesz:0</programlisting>
 	  to the &man.execve.2; system call to be audited as part of
 	  command execution.</para>
 
-	<para>The <option>filesz</option> option specifies the maximum
+	<para>The <option>filesz</option> entry specifies the maximum
 	  size in bytes to allow an audit trail file to grow to before
 	  automatically terminating and rotating the trail file.  The
 	  default, 0, disables automatic log rotation.  If the
@@ -516,9 +515,9 @@ filesz:0</programlisting>
       <sect3 id="audit-audituser">
 	<title>The <filename>audit_user</filename> File</title>
 
-	<para>The <filename>audit_user</filename> file permits the
-	  administrator to specify further audit requirements for
-	  specific users.  Each line configures auditing for a user
+	<para>The administrator can specify further audit requirements
+	  for specific users in <filename>audit_user</filename>.
+	  Each line configures auditing for a user
 	  via two fields: the first is the
 	  <literal>alwaysaudit</literal> field, which specifies a set
 	  of events that should always be audited for the user, and
@@ -527,14 +526,14 @@ filesz:0</programlisting>
 	  the user.</para>
 
 	<para>The following example <filename>audit_user</filename>
-	  file audits login/logout events and successful command
-	  execution for the <username>root</username> user, and audits
-	  file creation and successful command execution for the
-	  <username>www</username> user.  If used with the example
-	  <filename>audit_control</filename> file above, the
+	  audits login/logout events and successful command
+	  execution for <username>root</username>, and audits
+	  file creation and successful command execution for
+	  <username>www</username>.  If used with the above example
+	  <filename>audit_control</filename>, the
 	  <literal>lo</literal> entry for <username>root</username> is
 	  redundant, and login/logout events will also be audited for
-	  the <username>www</username> user.</para>
+	  <username>www</username>.</para>
 
 	<programlisting>root:lo,+ex:no
 www:fc,+ex:no</programlisting>
@@ -553,12 +552,13 @@ www:fc,+ex:no</programlisting>
 	&man.praudit.1; command converts trail files to a simple text
 	format; the &man.auditreduce.1; command may be used to reduce
 	the audit trail file for analysis, archiving, or printing
-	purposes.  <command>auditreduce</command> supports a variety
-	of selection parameters, including event type, event class,
+	purposes.  A variety of selection
+	parameters are supported by &man.auditreduce.1;,
+	including event type, event class,
 	user, date or time of the event, and the file path or object
 	acted on.</para>
 
-      <para>For example, the <command>praudit</command> utility will
+      <para>For example, &man.praudit.1; will
 	dump the entire contents of a specified audit log in plain
 	text:</para>
 
@@ -569,7 +569,7 @@ www:fc,+ex:no</programlisting>
 	the audit log to dump.</para>
 
       <para>Audit trails consist of a series of audit records made up
-	of tokens, which <command>praudit</command> prints
+	of tokens, which &man.praudit.1; prints
 	sequentially one per line.  Each token is of a specific type,
 	such as <literal>header</literal> holding an audit record
 	header, or <literal>path</literal> holding a file path from a
@@ -605,9 +605,10 @@ trailer,133</programlisting>
 	successful execution, and the <literal>trailer</literal>
 	concludes the record.</para>
 
-      <para><command>praudit</command> also supports
-	an XML output format, which can be selected using the
-	<option>-x</option> argument.</para>
+      <para><acronym>XML</acronym> output format is also supported by
+	&man.praudit.1;,
+	and can be selected using
+	<option>-x</option>.</para>
     </sect2>
 
     <sect2>
@@ -619,10 +620,9 @@ trailer,133</programlisting>
 
       <screen>&prompt.root; <userinput>auditreduce -u trhodes /var/audit/AUDITFILE | praudit</userinput></screen>
 
-      <para>This will select all audit records produced for the user
-	<username>trhodes</username> stored in the
-	<filename><replaceable>AUDITFILE</replaceable></filename>
-	file.</para>
+      <para>This will select all audit records produced for
+	<username>trhodes</username> stored in
+	<filename><replaceable>AUDITFILE</replaceable></filename>.</para>
     </sect2>
 
     <sect2>
@@ -674,7 +674,7 @@ trailer,133</programlisting>
 	  SSH session, then a continuous stream of audit events will
 	  be generated at a high rate, as each event being printed
 	  will generate another event.  It is advisable to run
-	  <command>praudit</command> on an audit pipe device from
+	  &man.praudit.1; on an audit pipe device from
 	  sessions without fine-grained I/O auditing in order to avoid
 	  this happening.</para>
       </warning>
@@ -685,10 +685,10 @@ trailer,133</programlisting>
 
       <para>Audit trails are written to only by the kernel, and
 	managed only by the audit daemon,
-	<application>auditd</application>.  Administrators should not
+	&man.auditd.8;.  Administrators should not
 	attempt to use &man.newsyslog.conf.5; or other tools to
 	directly rotate audit logs.  Instead, the
-	<command>audit</command> management tool may be used to shut
+	&man.audit.8; management tool may be used to shut
 	down auditing, reconfigure the audit system, and perform log
 	rotation.  The following command causes the audit daemon to
 	create a new audit log and signal the kernel to switch to
@@ -699,7 +699,7 @@ trailer,133</programlisting>
       <screen>&prompt.root; <userinput>audit -n</userinput></screen>
 
       <warning>
-	<para>If the <application>auditd</application> daemon is not
+	<para>If &man.auditd.8; is not
 	  currently running, this command will fail and an error
 	  message will be produced.</para>
       </warning>
@@ -714,7 +714,7 @@ trailer,133</programlisting>
 	new <filename>/etc/crontab</filename>.</para>
 
       <para>Automatic rotation of the audit trail file based on file
-	size is possible via the <option>filesz</option> option in
+	size is possible using <option>filesz</option> in
 	&man.audit.control.5;, and is described in the configuration
 	files section of this chapter.</para>
     </sect2>

More information about the svn-doc-projects mailing list