mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-16 19:50:19 +01:00
17 lines
837 B
Text
17 lines
837 B
Text
Audit for Slackware
|
|
|
|
The Linux Auditing System is a kernel subsystem the allows the
|
|
kernel to record events of interest to intrusion detection systems,
|
|
such as file access attempts, specific system calls, or custom events
|
|
generated by trusted system binaries like login or sshd. The audit
|
|
package provides the tools to configure the audit system, and to
|
|
collect and process its output.
|
|
|
|
To collect audit events, your kernel must have the audit system
|
|
enabled, which is present in the stock Slackware kernels.
|
|
|
|
The audit package has no other dependencies. However, certain audit
|
|
events of interest, such as failed login attempts from /bin/login,
|
|
password changes, etcetera are generated by their respective binaries
|
|
using libaudit. If your site policy requires auditing those events,
|
|
some reconfiguration and/or patching may be required.
|