diff options
author | Andy Bailey <bailey@akamai.com> | 2010-06-13 02:11:41 -0500 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2010-06-13 14:52:37 -0500 |
commit | 51963c9cc9659cad5ac792f27974415d0f88a450 (patch) | |
tree | e4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README | |
parent | feb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff) |
system/audit: Added (Auditing System Daemon)
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'system/audit/README')
-rw-r--r-- | system/audit/README | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README b/system/audit/README new file mode 100644 index 0000000000000..59dba1679735f --- /dev/null +++ b/system/audit/README @@ -0,0 +1,16 @@ +Audit for Slackware + +The Linux Auditing System is a kernel subsystem the allows the kernel to +record events of interest to intrusion detection systems, such as file +access attempts, specific system calls, or custom events generated by +trusted system binaries like login or sshd. The audit package provides the +tools to configure the audit system, and to collect and process its output. + +To collect audit events, your kernel must have the audit system enabled, +which is present in the stock Slackware kernels. + +The audit package has no other dependencies. However, certain audit events +of interest, such as failed login attempts from /bin/login, password changes, +etcetera are generated by their respective binaries using libaudit. If your +site policy requires auditing those events, some reconfiguration and/or +patching may be required. |