aboutsummaryrefslogtreecommitdiff
path: root/system/audit/README.SLACKWARE
diff options
context:
space:
mode:
authorAndy Bailey <bailey@akamai.com>2010-06-13 02:11:41 -0500
committerRobby Workman <rworkman@slackbuilds.org>2010-06-13 14:52:37 -0500
commit51963c9cc9659cad5ac792f27974415d0f88a450 (patch)
treee4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README.SLACKWARE
parentfeb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff)
system/audit: Added (Auditing System Daemon)
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'system/audit/README.SLACKWARE')
-rw-r--r--system/audit/README.SLACKWARE16
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README.SLACKWARE b/system/audit/README.SLACKWARE
new file mode 100644
index 0000000000000..36ae25c925714
--- /dev/null
+++ b/system/audit/README.SLACKWARE
@@ -0,0 +1,16 @@
+# NOTES:
+# This slackbuild won't do much unless you rebuild your kernel with audit enabled.
+# Optionally you can enable syscall-level audit.
+#
+# RULES:
+# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib
+# stig.rules is an example ruleset for systems that are subject to the US Department of Defense
+# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that
+# they hadn't been updating it religiously.
+#
+# ROTATION:
+# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd.
+# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a
+# common event rapidly to exhaust log space, then do something nefarious that would go unaudited.
+# This package uses the default rotation size of 8MB.
+