diff options
author | Andy Bailey <bailey@akamai.com> | 2010-06-13 02:11:41 -0500 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2010-06-13 14:52:37 -0500 |
commit | 51963c9cc9659cad5ac792f27974415d0f88a450 (patch) | |
tree | e4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README.SLACKWARE | |
parent | feb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff) |
system/audit: Added (Auditing System Daemon)
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'system/audit/README.SLACKWARE')
-rw-r--r-- | system/audit/README.SLACKWARE | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README.SLACKWARE b/system/audit/README.SLACKWARE new file mode 100644 index 0000000000000..36ae25c925714 --- /dev/null +++ b/system/audit/README.SLACKWARE @@ -0,0 +1,16 @@ +# NOTES: +# This slackbuild won't do much unless you rebuild your kernel with audit enabled. +# Optionally you can enable syscall-level audit. +# +# RULES: +# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib +# stig.rules is an example ruleset for systems that are subject to the US Department of Defense +# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that +# they hadn't been updating it religiously. +# +# ROTATION: +# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd. +# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a +# common event rapidly to exhaust log space, then do something nefarious that would go unaudited. +# This package uses the default rotation size of 8MB. + |