From 51963c9cc9659cad5ac792f27974415d0f88a450 Mon Sep 17 00:00:00 2001
From: Andy Bailey <bailey@akamai.com>
Date: Sun, 13 Jun 2010 02:11:41 -0500
Subject: system/audit: Added (Auditing System Daemon)

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
---
 system/audit/README.SLACKWARE | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 system/audit/README.SLACKWARE

(limited to 'system/audit/README.SLACKWARE')

diff --git a/system/audit/README.SLACKWARE b/system/audit/README.SLACKWARE
new file mode 100644
index 0000000000000..36ae25c925714
--- /dev/null
+++ b/system/audit/README.SLACKWARE
@@ -0,0 +1,16 @@
+# NOTES:
+# This slackbuild won't do much unless you rebuild your kernel with audit enabled.
+# Optionally you can enable syscall-level audit.
+#
+# RULES: 
+# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib
+# stig.rules is an example ruleset for systems that are subject to the US Department of Defense
+# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that
+# they hadn't been updating it religiously.
+#
+# ROTATION:
+# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd. 
+# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a 
+# common event rapidly to exhaust log space, then do something nefarious that would go unaudited.
+# This package uses the default rotation size of 8MB.
+
-- 
cgit v1.2.3