aboutsummaryrefslogtreecommitdiff
path: root/system/audit/README
diff options
context:
space:
mode:
authorAndy Bailey <bailey@akamai.com>2010-06-13 02:11:41 -0500
committerRobby Workman <rworkman@slackbuilds.org>2010-06-13 14:52:37 -0500
commit51963c9cc9659cad5ac792f27974415d0f88a450 (patch)
treee4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README
parentfeb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff)
system/audit: Added (Auditing System Daemon)
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'system/audit/README')
-rw-r--r--system/audit/README16
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README b/system/audit/README
new file mode 100644
index 0000000000000..59dba1679735f
--- /dev/null
+++ b/system/audit/README
@@ -0,0 +1,16 @@
+Audit for Slackware
+
+The Linux Auditing System is a kernel subsystem the allows the kernel to
+record events of interest to intrusion detection systems, such as file
+access attempts, specific system calls, or custom events generated by
+trusted system binaries like login or sshd. The audit package provides the
+tools to configure the audit system, and to collect and process its output.
+
+To collect audit events, your kernel must have the audit system enabled,
+which is present in the stock Slackware kernels.
+
+The audit package has no other dependencies. However, certain audit events
+of interest, such as failed login attempts from /bin/login, password changes,
+etcetera are generated by their respective binaries using libaudit. If your
+site policy requires auditing those events, some reconfiguration and/or
+patching may be required.