PERFORCE change 77739 for review
Tom Rhodes
trhodes at FreeBSD.org
Mon May 30 20:53:39 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=77739
Change 77739 by trhodes at trhodes_local on 2005/05/30 20:52:53
Fix various mark up nits, adding some additional mark up
and killing hard sentence breaks.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/man/audit.log.5#5 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_class.5#2 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_control.5#2 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_event.5#2 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_user.5#2 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_warn.5#2 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/man/audit.log.5#5 (text+ko) ====
@@ -60,8 +60,7 @@
however, some variation may occur depending on the operating system in use,
what system options, such as mandatory access control, are present.
.Pp
-.Pp
-This man page documents the common token types and their binary format, and
+This manual page documents the common token types and their binary format, and
is intended for reference purposes only.
It is recommended that application programmers use the
.Xr libbsm 3
@@ -539,7 +538,7 @@
The
.Dv seq
token contains a unique and monotonically increasing audit event sequence ID.
-Due to the limited range (32 bits), serial number arithmetic (and caution)
+Due to the limited range of 32 bits, serial number arithmetic and caution
should be used when comparing sequence numbers.
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
==== //depot/projects/trustedbsd/openbsm/man/audit_class.5#2 (text+ko) ====
@@ -29,14 +29,16 @@
.Os "Mac OS X"
.Sh NAME
.Nm audit_class
-.Nd contains audit event class descriptions
+.Nd "contains audit event class descriptions"
.Sh DESCRIPTION
The
.Nm
-file contains descriptions of the auditable event classes on the system. Each
-auditable event is a member of an event class. Each line maps an audit event
-mask (bitmap) to a class and a description. Entries are of the form
-classmask:eventclass:description.
+file contains descriptions of the auditable event classes on the system.
+Each auditable event is a member of an event class.
+Each line maps an audit event
+mask (bitmap) to a class and a description.
+Entries are of the form
+.Dl classmask:eventclass:description.
.Pp
Example entries in this file are:
.Bd -literal -offset indent
==== //depot/projects/trustedbsd/openbsm/man/audit_control.5#2 (text+ko) ====
@@ -29,37 +29,44 @@
.Os "Mac OS X"
.Sh NAME
.Nm audit_control
-.Nd contains audit system parameters
+.Nd "contains audit system parameters"
.Sh DESCRIPTION
The
.Nm
-file contains several audit system parameters. Each line of this file is of
-the form parameter:value. The parameters are:
+file contains several audit system parameters.
+Each line of this file is of the form:
+.Dl parameter:value.
+The parameters are:
.Bl -tag -width Ds
-.It Nm dir
-The directory where audit log files are stored. There may be more than one of
-these entries. Changes to this entry can only be enacted by restarting the
-audit system. See
+.It Pa dir
+The directory where audit log files are stored.
+There may be more than one of these entries.
+Changes to this entry can only be enacted by restarting the
+audit system.
+See
.Xr audit 1
for a description of how to restart the audit system.
-.It Nm flags
+.It Va flags
Specifies which audit event classes are audited for all users.
.Xr audit_user 5
-describes how to audit events for individual users. See the
-information below for the format of the audit flags.
-.It Nm naflags
+describes how to audit events for individual users.
+See the information below for the format of the audit flags.
+.It Va naflags
Contains the audit flags that define what classes of events are audited when
an action cannot be attributed to a specific user.
-.It Nm minfree
-The minimum free space required on the file system audit logs are being written to. When the free space falls below this limit a warning will be issued. Not
-currently used as the value of 20 percent is chosen by the kernel.
+.It Va minfree
+The minimum free space required on the file system audit logs are being written to.
+When the free space falls below this limit a warning will be issued.
+Not currently used as the value of 20 percent is chosen by the kernel.
.El
.Sh AUDIT FLAGS
Audit flags are a comma delimited list of audit classes as defined in the
-audit_class file. (See
+audit_class file.
+See
.Xr audit_class 5
-for details.) Event classes may be preceded by a prefix which changes their
-interpretation. The following prefixes may be used for each class:
+for details.
+Event classes may be preceded by a prefix which changes their interpretation.
+The following prefixes may be used for each class:
.Bl -tag -width Ds -compact -offset indent
.It +
Record successful events
@@ -84,7 +91,7 @@
.Ed
.Pp
The
-.Nm flags
+.Va flags
parameter above specifies the system-wide mask corresponding to login/logout
events, administrative events, and all failures except for failures in creating
or closing files.
==== //depot/projects/trustedbsd/openbsm/man/audit_event.5#2 (text+ko) ====
@@ -29,14 +29,18 @@
.Os "Mac OS X"
.Sh NAME
.Nm audit_event
-.Nd contains audit event descriptions
+.Nd "contains audit event descriptions"
.Sh DESCRIPTION
The
.Nm
-file contains descriptions of the auditable events on the system. Each line
-maps an audit event number to a name, a description, and a class. Entries
-are of the form eventnum:eventname:description:eventclass. Each eventclass
-should have a corresponding entry in the audit_class file. See
+file contains descriptions of the auditable events on the system.
+Each line maps an audit event number to a name, a description, and a class.
+Entries are of the form
+.Dl eventnum:eventname:description:eventclass .
+Each
+.Vt eventclass
+should have a corresponding entry in the audit_class file.
+See
.Xr audit_class 5
for details.
.Pp
==== //depot/projects/trustedbsd/openbsm/man/audit_user.5#2 (text+ko) ====
@@ -29,21 +29,29 @@
.Os "Mac OS X"
.Sh NAME
.Nm audit_user
-.Nd specifies events to be audited for the given users
+.Nd "specifies events to be audited for the given users"
.Sh DESCRIPTION
The
.Nm
file specifies which audit event classes are to be audited for the given users.
If specified, these flags are combined with the system-wide audit flags in the
-audit_control file to determine which classes of events to audit for that user.
+.Pa audit_control
+file to determine which classes of events to audit for that user.
These settings take effect when the user logs in.
.Pp
-Each line maps a user name to a list of classes that should be audited and a list of classes that should not be audited.
-Entries are of the form username:alwaysaudit:neveraudit, where alwaysaudit
-is a set of event classes that are always audited, and neveraudit
-is a set of event classes that should not be audited. These sets can indicate
+Each line maps a user name to a list of classes that should be audited and a
+list of classes that should not be audited.
+Entries are of the form of
+.Dl username:alwaysaudit:neveraudit ,
+where
+.Vt alwaysaudit
+is a set of event classes that are always audited, and
+.Vt neveraudit
+is a set of event classes that should not be audited.
+These sets can indicate
the inclusion or exclusion of multiple classes, and whether to audit successful
-or failed events. See
+or failed events.
+See
.Xr audit_control 5
for more information about audit flags.
.Pp
@@ -54,8 +62,11 @@
.Ed
.Pp
These settings would cause login and administrative events that succeed on
-behalf of user root to be audited. No failure events are audited. For the
-user jdoe, failed file creation events are audited, administrative events are
+behalf of user root to be audited.
+No failure events are audited.
+For the user
+.Em jdoe ,
+failed file creation events are audited, administrative events are
audited, and successful file write events are never audited.
.Sh FILES
.Bl -tag -width "/etc/security/audit_user" -compact
==== //depot/projects/trustedbsd/openbsm/man/audit_warn.5#2 (text+ko) ====
@@ -29,7 +29,7 @@
.Os "Mac OS X"
.Sh NAME
.Nm audit_warn
-.Nd alert when audit daemon issues warnings
+.Nd "alert when audit daemon issues warnings"
.Sh DESCRIPTION
.Nm
runs when
@@ -42,8 +42,9 @@
appends its arguments to
.Pa /etc/security/audit_messages .
Administrators may replace this script: a more comprehensive one would take
-different actions based on the type of warning. For example, a low-space
-warning could result in an email message being sent to the administrator.
+different actions based on the type of warning.
+For example, a low-space warning
+could result in an email message being sent to the administrator.
.Sh FILES
.Bl -tag -width "/etc/security/audit_warn" -compact
.It Pa /etc/security/audit_warn
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list