diff options
| -rw-r--r-- | en_US.ISO8859-1/books/handbook/audit/chapter.sgml | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml index 368b7721e7..58d5025e56 100644 --- a/en_US.ISO8859-1/books/handbook/audit/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/audit/chapter.sgml @@ -36,7 +36,7 @@ requirements. --> <see>MAC</see> </indexterm> - <para>&os; 6.2 and later include support for fine-grained + <para>The &os; operating system includes support for fine-grained security event auditing. Event auditing allows the reliable, fine-grained, and configurable logging of a variety of security-relevant system events, including logins, configuration @@ -89,17 +89,12 @@ requirements. --> </itemizedlist> <warning> - <para>The audit facility in &os; 6.<replaceable>X</replaceable> is - experimental, and production - deployment should occur only after careful consideration of the - risks of deploying experimental software. Known limitations include + <para>The audit facility has some known limitations which include that not all security-relevant system events are currently auditable, and that some login mechanisms, such as X11-based display managers and third party daemons, do not properly configure auditing for user login sessions.</para> - </warning> - <warning> <para>The security event auditing facility is able to generate very detailed logs of system activity: on a busy system, trail file data can be very large when configured for high detail, exceeding @@ -192,10 +187,10 @@ requirements. --> <title>Installing Audit Support</title> <para>User space support for Event Auditing is installed as part of the - base &os; operating system. In &os; 7.0 and later, kernel support for - Event Auditing is compiled in by default. In &os; 6.<replaceable>X</replaceable>, - support must be explicitly compiled into the kernel by adding the - following lines to the kernel configuration file:</para> + base &os; operating system. Kernel support for + Event Auditing is compiled in by default, but support for this + feature must be explicitly compiled into the custom kernel by adding + the following line to the kernel configuration file:</para> <programlisting>options AUDIT</programlisting> @@ -238,7 +233,7 @@ requirements. --> <listitem> <para><filename>audit_event</filename> - Textual names and descriptions of system audit events, as well as a list of which - classes each event in.</para> + classes each event is in.</para> </listitem> <listitem> |