Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-11-14 21:56:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackbuilds_ponce/system/audit/README.SLACKWARE
Andy Bailey 51963c9cc9 system/audit: Added (Auditing System Daemon) 
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
2010-06-13 14:52:37 -05:00

16 lines
812 B
Text
Raw Blame History

# NOTES:
# This slackbuild won't do much unless you rebuild your kernel with audit enabled.
# Optionally you can enable syscall-level audit.
#
# RULES:
# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib
# stig.rules is an example ruleset for systems that are subject to the US Department of Defense
# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that
# they hadn't been updating it religiously.
#
# ROTATION:
# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd.
# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a
# common event rapidly to exhaust log space, then do something nefarious that would go unaudited.
# This package uses the default rotation size of 8MB.
Reference in a new issue View git blame Copy permalink