diff options
Diffstat (limited to 'documentation/content/en/books/handbook/audit/_index.po')
| -rw-r--r-- | documentation/content/en/books/handbook/audit/_index.po | 336 |
1 files changed, 168 insertions, 168 deletions
diff --git a/documentation/content/en/books/handbook/audit/_index.po b/documentation/content/en/books/handbook/audit/_index.po index 0427e69384..66e75502d7 100644 --- a/documentation/content/en/books/handbook/audit/_index.po +++ b/documentation/content/en/books/handbook/audit/_index.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: FreeBSD Documentation VERSION\n" -"POT-Creation-Date: 2023-01-21 20:00-0300\n" +"POT-Creation-Date: 2023-04-20 20:56-0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -35,19 +35,19 @@ msgid "Chapter 18. Security Event Auditing" msgstr "" #. type: Title = -#: documentation/content/en/books/handbook/audit/_index.adoc:15 +#: documentation/content/en/books/handbook/audit/_index.adoc:14 #, no-wrap msgid "Security Event Auditing" msgstr "" #. type: Title == -#: documentation/content/en/books/handbook/audit/_index.adoc:53 +#: documentation/content/en/books/handbook/audit/_index.adoc:52 #, no-wrap msgid "Synopsis" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:59 +#: documentation/content/en/books/handbook/audit/_index.adoc:58 msgid "" "The FreeBSD operating system includes support for security event auditing. " "Event auditing supports reliable, fine-grained, and configurable logging of " @@ -60,7 +60,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:62 +#: documentation/content/en/books/handbook/audit/_index.adoc:61 msgid "" "This chapter focuses on the installation and configuration of event " "auditing. It explains audit policies and provides an example audit " @@ -68,54 +68,54 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:64 +#: documentation/content/en/books/handbook/audit/_index.adoc:63 msgid "After reading this chapter, you will know:" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:66 +#: documentation/content/en/books/handbook/audit/_index.adoc:65 msgid "What event auditing is and how it works." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:67 +#: documentation/content/en/books/handbook/audit/_index.adoc:66 msgid "How to configure event auditing on FreeBSD for users and processes." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:68 +#: documentation/content/en/books/handbook/audit/_index.adoc:67 msgid "" "How to review the audit trail using the audit reduction and review tools." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:70 +#: documentation/content/en/books/handbook/audit/_index.adoc:69 msgid "Before reading this chapter, you should:" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:72 +#: documentation/content/en/books/handbook/audit/_index.adoc:71 msgid "" "Understand UNIX(R) and FreeBSD basics (crossref:basics[basics,FreeBSD " "Basics])." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:73 +#: documentation/content/en/books/handbook/audit/_index.adoc:72 msgid "" "Be familiar with the basics of kernel configuration/compilation (crossref:" "kernelconfig[kernelconfig,Configuring the FreeBSD Kernel])." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:74 +#: documentation/content/en/books/handbook/audit/_index.adoc:73 msgid "" "Have some familiarity with security and how it pertains to FreeBSD (crossref:" "security[security,Security])." msgstr "" #. type: delimited block = 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:79 +#: documentation/content/en/books/handbook/audit/_index.adoc:78 msgid "" "The audit facility has some known limitations. Not all security-relevant " "system events are auditable and some login mechanisms, such as Xorg-based " @@ -124,7 +124,7 @@ msgid "" msgstr "" #. type: delimited block = 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:84 +#: documentation/content/en/books/handbook/audit/_index.adoc:83 msgid "" "The security event auditing facility is able to generate very detailed logs " "of system activity. On a busy system, trail file data can be very large " @@ -137,18 +137,18 @@ msgid "" msgstr "" #. type: Title == -#: documentation/content/en/books/handbook/audit/_index.adoc:87 +#: documentation/content/en/books/handbook/audit/_index.adoc:86 #, no-wrap msgid "Key Terms" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:90 +#: documentation/content/en/books/handbook/audit/_index.adoc:89 msgid "The following terms are related to security event auditing:" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:92 +#: documentation/content/en/books/handbook/audit/_index.adoc:91 msgid "" "_event_: an auditable event is any event that can be logged using the audit " "subsystem. Examples of security-relevant events include the creation of a " @@ -160,7 +160,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:93 +#: documentation/content/en/books/handbook/audit/_index.adoc:92 msgid "" "_class_: a named set of related events which are used in selection " "expressions. Commonly used classes of events include \"file creation\" (fc), " @@ -168,7 +168,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:94 +#: documentation/content/en/books/handbook/audit/_index.adoc:93 msgid "" "_record_: an audit log entry describing a security event. Records contain a " "record event type, information on the subject (user) performing the action, " @@ -177,7 +177,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:95 +#: documentation/content/en/books/handbook/audit/_index.adoc:94 msgid "" "_trail_: a log file consisting of a series of audit records describing " "security events. Trails are in roughly chronological order with respect to " @@ -186,14 +186,14 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:96 +#: documentation/content/en/books/handbook/audit/_index.adoc:95 msgid "" "_selection expression_: a string containing a list of prefixes and audit " "event class names used to match events." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:97 +#: documentation/content/en/books/handbook/audit/_index.adoc:96 msgid "" "_preselection_: the process by which the system identifies which events are " "of interest to the administrator. The preselection configuration uses a " @@ -203,7 +203,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:98 +#: documentation/content/en/books/handbook/audit/_index.adoc:97 msgid "" "_reduction_: the process by which records from existing audit trails are " "selected for preservation, printing, or analysis. Likewise, the process by " @@ -215,13 +215,13 @@ msgid "" msgstr "" #. type: Title == -#: documentation/content/en/books/handbook/audit/_index.adoc:100 +#: documentation/content/en/books/handbook/audit/_index.adoc:99 #, no-wrap msgid "Audit Configuration" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:104 +#: documentation/content/en/books/handbook/audit/_index.adoc:103 msgid "" "User space support for event auditing is installed as part of the base " "FreeBSD operating system. Kernel support is available in the [." @@ -230,43 +230,43 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:108 +#: documentation/content/en/books/handbook/audit/_index.adoc:107 #, no-wrap msgid "auditd_enable=\"YES\"\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:111 +#: documentation/content/en/books/handbook/audit/_index.adoc:110 msgid "Then, start the audit daemon:" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:115 +#: documentation/content/en/books/handbook/audit/_index.adoc:114 #, no-wrap msgid "# service auditd start\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:118 +#: documentation/content/en/books/handbook/audit/_index.adoc:117 msgid "" "Users who prefer to compile a custom kernel must include the following line " "in their custom kernel configuration file:" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:122 +#: documentation/content/en/books/handbook/audit/_index.adoc:121 #, no-wrap msgid "options\tAUDIT\n" msgstr "" #. type: Title === -#: documentation/content/en/books/handbook/audit/_index.adoc:124 +#: documentation/content/en/books/handbook/audit/_index.adoc:123 #, no-wrap msgid "Event Selection Expressions" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:129 +#: documentation/content/en/books/handbook/audit/_index.adoc:128 msgid "" "Selection expressions are used in a number of places in the audit " "configuration to determine which events should be audited. Expressions " @@ -276,393 +276,393 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:131 +#: documentation/content/en/books/handbook/audit/_index.adoc:130 msgid "<<event-selection>> summarizes the default audit event classes:" msgstr "" #. type: Block title -#: documentation/content/en/books/handbook/audit/_index.adoc:133 +#: documentation/content/en/books/handbook/audit/_index.adoc:132 #, no-wrap msgid "Default Audit Event Classes" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:137 +#: documentation/content/en/books/handbook/audit/_index.adoc:136 #, no-wrap msgid "Class Name" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:138 +#: documentation/content/en/books/handbook/audit/_index.adoc:137 #, no-wrap msgid "Description" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:140 -#: documentation/content/en/books/handbook/audit/_index.adoc:233 +#: documentation/content/en/books/handbook/audit/_index.adoc:139 +#: documentation/content/en/books/handbook/audit/_index.adoc:232 #, no-wrap msgid "Action" msgstr "" #. type: Table +#: documentation/content/en/books/handbook/audit/_index.adoc:140 #: documentation/content/en/books/handbook/audit/_index.adoc:141 -#: documentation/content/en/books/handbook/audit/_index.adoc:142 #, no-wrap msgid "all" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:144 +#: documentation/content/en/books/handbook/audit/_index.adoc:143 #, no-wrap msgid "Match all event classes." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:145 +#: documentation/content/en/books/handbook/audit/_index.adoc:144 #, no-wrap msgid "aa" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:146 +#: documentation/content/en/books/handbook/audit/_index.adoc:145 #, no-wrap msgid "authentication and authorization" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:149 +#: documentation/content/en/books/handbook/audit/_index.adoc:148 #, no-wrap msgid "ad" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:150 +#: documentation/content/en/books/handbook/audit/_index.adoc:149 #, no-wrap msgid "administrative" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:152 +#: documentation/content/en/books/handbook/audit/_index.adoc:151 #, no-wrap msgid "Administrative actions performed on the system as a whole." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:153 +#: documentation/content/en/books/handbook/audit/_index.adoc:152 #, no-wrap msgid "ap" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:154 +#: documentation/content/en/books/handbook/audit/_index.adoc:153 #, no-wrap msgid "application" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:156 +#: documentation/content/en/books/handbook/audit/_index.adoc:155 #, no-wrap msgid "Application defined action." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:157 +#: documentation/content/en/books/handbook/audit/_index.adoc:156 #, no-wrap msgid "cl" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:158 +#: documentation/content/en/books/handbook/audit/_index.adoc:157 #, no-wrap msgid "file close" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:160 +#: documentation/content/en/books/handbook/audit/_index.adoc:159 #, no-wrap msgid "Audit calls to the `close` system call." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:161 +#: documentation/content/en/books/handbook/audit/_index.adoc:160 #, no-wrap msgid "ex" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:162 +#: documentation/content/en/books/handbook/audit/_index.adoc:161 #, no-wrap msgid "exec" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:164 +#: documentation/content/en/books/handbook/audit/_index.adoc:163 #, no-wrap msgid "Audit program execution. Auditing of command line arguments and environmental variables is controlled via man:audit_control[5] using the `argv` and `envv` parameters to the `policy` setting." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:165 +#: documentation/content/en/books/handbook/audit/_index.adoc:164 #, no-wrap msgid "fa" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:166 +#: documentation/content/en/books/handbook/audit/_index.adoc:165 #, no-wrap msgid "file attribute access" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:168 +#: documentation/content/en/books/handbook/audit/_index.adoc:167 #, no-wrap msgid "Audit the access of object attributes such as man:stat[1] and man:pathconf[2]." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:169 +#: documentation/content/en/books/handbook/audit/_index.adoc:168 #, no-wrap msgid "fc" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:170 +#: documentation/content/en/books/handbook/audit/_index.adoc:169 #, no-wrap msgid "file create" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:172 +#: documentation/content/en/books/handbook/audit/_index.adoc:171 #, no-wrap msgid "Audit events where a file is created as a result." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:173 +#: documentation/content/en/books/handbook/audit/_index.adoc:172 #, no-wrap msgid "fd" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:174 +#: documentation/content/en/books/handbook/audit/_index.adoc:173 #, no-wrap msgid "file delete" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:176 +#: documentation/content/en/books/handbook/audit/_index.adoc:175 #, no-wrap msgid "Audit events where file deletion occurs." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:177 +#: documentation/content/en/books/handbook/audit/_index.adoc:176 #, no-wrap msgid "fm" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:178 +#: documentation/content/en/books/handbook/audit/_index.adoc:177 #, no-wrap msgid "file attribute modify" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:180 +#: documentation/content/en/books/handbook/audit/_index.adoc:179 #, no-wrap msgid "Audit events where file attribute modification occurs, such as by man:chown[8], man:chflags[1], and man:flock[2]." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:181 +#: documentation/content/en/books/handbook/audit/_index.adoc:180 #, no-wrap msgid "fr" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:182 +#: documentation/content/en/books/handbook/audit/_index.adoc:181 #, no-wrap msgid "file read" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:184 +#: documentation/content/en/books/handbook/audit/_index.adoc:183 #, no-wrap msgid "Audit events in which data is read or files are opened for reading." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:185 +#: documentation/content/en/books/handbook/audit/_index.adoc:184 #, no-wrap msgid "fw" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:186 +#: documentation/content/en/books/handbook/audit/_index.adoc:185 #, no-wrap msgid "file write" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:188 +#: documentation/content/en/books/handbook/audit/_index.adoc:187 #, no-wrap msgid "Audit events in which data is written or files are written or modified." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:189 +#: documentation/content/en/books/handbook/audit/_index.adoc:188 #, no-wrap msgid "io" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:190 +#: documentation/content/en/books/handbook/audit/_index.adoc:189 #, no-wrap msgid "ioctl" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:192 +#: documentation/content/en/books/handbook/audit/_index.adoc:191 #, no-wrap msgid "Audit use of the `ioctl` system call." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:193 +#: documentation/content/en/books/handbook/audit/_index.adoc:192 #, no-wrap msgid "ip" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:194 +#: documentation/content/en/books/handbook/audit/_index.adoc:193 #, no-wrap msgid "ipc" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:196 +#: documentation/content/en/books/handbook/audit/_index.adoc:195 #, no-wrap msgid "Audit various forms of Inter-Process Communication, including POSIX pipes and System V IPC operations." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:197 +#: documentation/content/en/books/handbook/audit/_index.adoc:196 #, no-wrap msgid "lo" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:198 +#: documentation/content/en/books/handbook/audit/_index.adoc:197 #, no-wrap msgid "login_logout" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:200 +#: documentation/content/en/books/handbook/audit/_index.adoc:199 #, no-wrap msgid "Audit man:login[1] and man:logout[1] events." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:201 +#: documentation/content/en/books/handbook/audit/_index.adoc:200 #, no-wrap msgid "na" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:202 +#: documentation/content/en/books/handbook/audit/_index.adoc:201 #, no-wrap msgid "non attributable" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:204 +#: documentation/content/en/books/handbook/audit/_index.adoc:203 #, no-wrap msgid "Audit non-attributable events." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:205 +#: documentation/content/en/books/handbook/audit/_index.adoc:204 #, no-wrap msgid "no" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:206 +#: documentation/content/en/books/handbook/audit/_index.adoc:205 #, no-wrap msgid "invalid class" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:208 +#: documentation/content/en/books/handbook/audit/_index.adoc:207 #, no-wrap msgid "Match no audit events." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:209 +#: documentation/content/en/books/handbook/audit/_index.adoc:208 #, no-wrap msgid "nt" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:210 +#: documentation/content/en/books/handbook/audit/_index.adoc:209 #, no-wrap msgid "network" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:212 +#: documentation/content/en/books/handbook/audit/_index.adoc:211 #, no-wrap msgid "Audit events related to network actions such as man:connect[2] and man:accept[2]." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:213 +#: documentation/content/en/books/handbook/audit/_index.adoc:212 #, no-wrap msgid "ot" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:214 +#: documentation/content/en/books/handbook/audit/_index.adoc:213 #, no-wrap msgid "other" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:216 +#: documentation/content/en/books/handbook/audit/_index.adoc:215 #, no-wrap msgid "Audit miscellaneous events." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:217 +#: documentation/content/en/books/handbook/audit/_index.adoc:216 #, no-wrap msgid "pc" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:218 +#: documentation/content/en/books/handbook/audit/_index.adoc:217 #, no-wrap msgid "process" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:219 +#: documentation/content/en/books/handbook/audit/_index.adoc:218 #, no-wrap msgid "Audit process operations such as man:exec[3] and man:exit[3]." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:222 +#: documentation/content/en/books/handbook/audit/_index.adoc:221 msgid "" "These audit event classes may be customized by modifying the [." "filename]#audit_class# and [.filename]#audit_event# configuration files." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:225 +#: documentation/content/en/books/handbook/audit/_index.adoc:224 msgid "" "Each audit event class may be combined with a prefix indicating whether " "successful/failed operations are matched, and whether the entry is adding or " @@ -671,118 +671,118 @@ msgid "" msgstr "" #. type: Block title -#: documentation/content/en/books/handbook/audit/_index.adoc:227 +#: documentation/content/en/books/handbook/audit/_index.adoc:226 #, no-wrap msgid "Prefixes for Audit Event Classes" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:231 +#: documentation/content/en/books/handbook/audit/_index.adoc:230 #, no-wrap msgid "Prefix" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:234 +#: documentation/content/en/books/handbook/audit/_index.adoc:233 #, no-wrap msgid "+" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:236 +#: documentation/content/en/books/handbook/audit/_index.adoc:235 #, no-wrap msgid "Audit successful events in this class." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:237 +#: documentation/content/en/books/handbook/audit/_index.adoc:236 #, no-wrap msgid "-" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:239 +#: documentation/content/en/books/handbook/audit/_index.adoc:238 #, no-wrap msgid "Audit failed events in this class." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:240 +#: documentation/content/en/books/handbook/audit/_index.adoc:239 #, no-wrap msgid "^" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:242 +#: documentation/content/en/books/handbook/audit/_index.adoc:241 #, no-wrap msgid "Audit neither successful nor failed events in this class." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:243 +#: documentation/content/en/books/handbook/audit/_index.adoc:242 #, no-wrap msgid "^+" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:245 +#: documentation/content/en/books/handbook/audit/_index.adoc:244 #, no-wrap msgid "Do not audit successful events in this class." msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:246 +#: documentation/content/en/books/handbook/audit/_index.adoc:245 #, no-wrap msgid "^-" msgstr "" #. type: Table -#: documentation/content/en/books/handbook/audit/_index.adoc:247 +#: documentation/content/en/books/handbook/audit/_index.adoc:246 #, no-wrap msgid "Do not audit failed events in this class." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:250 +#: documentation/content/en/books/handbook/audit/_index.adoc:249 msgid "" "If no prefix is present, both successful and failed instances of the event " "will be audited." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:252 +#: documentation/content/en/books/handbook/audit/_index.adoc:251 msgid "" "The following example selection string selects both successful and failed " "login/logout events, but only successful execution events:" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:256 +#: documentation/content/en/books/handbook/audit/_index.adoc:255 #, no-wrap msgid "lo,+ex\n" msgstr "" #. type: Title === -#: documentation/content/en/books/handbook/audit/_index.adoc:258 +#: documentation/content/en/books/handbook/audit/_index.adoc:257 #, no-wrap msgid "Configuration Files" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:261 +#: documentation/content/en/books/handbook/audit/_index.adoc:260 msgid "" "The following configuration files for security event auditing are found in [." "filename]#/etc/security#:" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:263 +#: documentation/content/en/books/handbook/audit/_index.adoc:262 msgid "" "[.filename]#audit_class#: contains the definitions of the audit classes." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:264 +#: documentation/content/en/books/handbook/audit/_index.adoc:263 msgid "" "[.filename]#audit_control#: controls aspects of the audit subsystem, such as " "default audit classes, minimum disk space to leave on the audit log volume, " @@ -790,21 +790,21 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:265 +#: documentation/content/en/books/handbook/audit/_index.adoc:264 msgid "" "[.filename]#audit_event#: textual names and descriptions of system audit " "events and a list of which classes each event is in." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:266 +#: documentation/content/en/books/handbook/audit/_index.adoc:265 msgid "" "[.filename]#audit_user#: user-specific audit requirements to be combined " "with the global defaults at login." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:267 +#: documentation/content/en/books/handbook/audit/_index.adoc:266 msgid "" "[.filename]#audit_warn#: a customizable shell script used by man:auditd[8] " "to generate warning messages in exceptional situations, such as when space " @@ -813,14 +813,14 @@ msgid "" msgstr "" #. type: delimited block = 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:271 +#: documentation/content/en/books/handbook/audit/_index.adoc:270 msgid "" "Audit configuration files should be edited and maintained carefully, as " "errors in configuration may result in improper logging of events." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:275 +#: documentation/content/en/books/handbook/audit/_index.adoc:274 msgid "" "In most cases, administrators will only need to modify [." "filename]#audit_control# and [.filename]#audit_user#. The first file " @@ -829,20 +829,20 @@ msgid "" msgstr "" #. type: Title ==== -#: documentation/content/en/books/handbook/audit/_index.adoc:277 +#: documentation/content/en/books/handbook/audit/_index.adoc:276 #, no-wrap msgid "The [.filename]#audit_control# File" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:280 +#: documentation/content/en/books/handbook/audit/_index.adoc:279 msgid "" "A number of defaults for the audit subsystem are specified in [." "filename]#audit_control#:" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:291 +#: documentation/content/en/books/handbook/audit/_index.adoc:290 #, no-wrap msgid "" "dir:/var/audit\n" @@ -856,7 +856,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:296 +#: documentation/content/en/books/handbook/audit/_index.adoc:295 msgid "" "The `dir` entry is used to set one or more directories where audit logs will " "be stored. If more than one directory entry appears, they will be used in " @@ -866,14 +866,14 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:298 +#: documentation/content/en/books/handbook/audit/_index.adoc:297 msgid "" "If the `dist` field is set to `on` or `yes`, hard links will be created to " "all trail files in [.filename]#/var/audit/dist#." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:301 +#: documentation/content/en/books/handbook/audit/_index.adoc:300 msgid "" "The `flags` field sets the system-wide default preselection mask for " "attributable events. In the example above, successful and failed login/" @@ -882,14 +882,14 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:303 +#: documentation/content/en/books/handbook/audit/_index.adoc:302 msgid "" "The `minfree` entry defines the minimum percentage of free space for the " "file system where the audit trail is stored." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:305 +#: documentation/content/en/books/handbook/audit/_index.adoc:304 msgid "" "The `naflags` entry specifies audit classes to be audited for non-attributed " "events, such as the login/logout process and authentication and " @@ -897,7 +897,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:309 +#: documentation/content/en/books/handbook/audit/_index.adoc:308 msgid "" "The `policy` entry specifies a comma-separated list of policy flags " "controlling various aspects of audit behavior. The `cnt` indicates that the " @@ -907,7 +907,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:313 +#: documentation/content/en/books/handbook/audit/_index.adoc:312 msgid "" "The `filesz` entry specifies the maximum size for an audit trail before " "automatically terminating and rotating the trail file. A value of `0` " @@ -916,20 +916,20 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:315 +#: documentation/content/en/books/handbook/audit/_index.adoc:314 msgid "" "The `expire-after` field specifies when audit log files will expire and be " "removed." msgstr "" #. type: Title ==== -#: documentation/content/en/books/handbook/audit/_index.adoc:317 +#: documentation/content/en/books/handbook/audit/_index.adoc:316 #, no-wrap msgid "The [.filename]#audit_user# File" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:321 +#: documentation/content/en/books/handbook/audit/_index.adoc:320 msgid "" "The administrator can specify further audit requirements for specific users " "in [.filename]#audit_user#. Each line configures auditing for a user via " @@ -939,7 +939,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:324 +#: documentation/content/en/books/handbook/audit/_index.adoc:323 msgid "" "The following example entries audit login/logout events and successful " "command execution for `root` and file creation and successful command " @@ -949,7 +949,7 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:329 +#: documentation/content/en/books/handbook/audit/_index.adoc:328 #, no-wrap msgid "" "root:lo,+ex:no\n" @@ -957,13 +957,13 @@ msgid "" msgstr "" #. type: Title == -#: documentation/content/en/books/handbook/audit/_index.adoc:332 +#: documentation/content/en/books/handbook/audit/_index.adoc:331 #, no-wrap msgid "Working with Audit Trails" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:338 +#: documentation/content/en/books/handbook/audit/_index.adoc:337 msgid "" "Since audit trails are stored in the BSM binary format, several built-in " "tools are available to modify or convert these trails to text. To convert " @@ -975,25 +975,25 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:340 +#: documentation/content/en/books/handbook/audit/_index.adoc:339 msgid "" "For example, to dump the entire contents of a specified audit log in plain " "text:" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:344 +#: documentation/content/en/books/handbook/audit/_index.adoc:343 #, no-wrap msgid "# praudit /var/audit/AUDITFILE\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:347 +#: documentation/content/en/books/handbook/audit/_index.adoc:346 msgid "Where _AUDITFILE_ is the audit log to dump." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:351 +#: documentation/content/en/books/handbook/audit/_index.adoc:350 msgid "" "Audit trails consist of a series of audit records made up of tokens, which " "`praudit` prints sequentially, one per line. Each token is of a specific " @@ -1002,7 +1002,7 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:361 +#: documentation/content/en/books/handbook/audit/_index.adoc:360 #, no-wrap msgid "" "header,133,10,execve(2),0,Mon Sep 25 15:58:03 2006, + 384 msec\n" @@ -1015,7 +1015,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:370 +#: documentation/content/en/books/handbook/audit/_index.adoc:369 msgid "" "This audit represents a successful `execve` call, in which the command " "`finger doug` has been run. The `exec arg` token contains the processed " @@ -1031,13 +1031,13 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:372 +#: documentation/content/en/books/handbook/audit/_index.adoc:371 msgid "" "XML output format is also supported and can be selected by including `-x`." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:375 +#: documentation/content/en/books/handbook/audit/_index.adoc:374 msgid "" "Since audit logs may be very large, a subset of records can be selected " "using `auditreduce`. This example selects all audit records produced for " @@ -1045,13 +1045,13 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:379 +#: documentation/content/en/books/handbook/audit/_index.adoc:378 #, no-wrap msgid "# auditreduce -u trhodes /var/audit/AUDITFILE | praudit\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:385 +#: documentation/content/en/books/handbook/audit/_index.adoc:384 msgid "" "Members of the `audit` group have permission to read audit trails in [." "filename]#/var/audit#. By default, this group is empty, so only the `root` " @@ -1063,13 +1063,13 @@ msgid "" msgstr "" #. type: Title === -#: documentation/content/en/books/handbook/audit/_index.adoc:386 +#: documentation/content/en/books/handbook/audit/_index.adoc:385 #, no-wrap msgid "Live Monitoring Using Audit Pipes" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:392 +#: documentation/content/en/books/handbook/audit/_index.adoc:391 msgid "" "Audit pipes are cloning pseudo-devices which allow applications to tap the " "live audit record stream. This is primarily of interest to authors of " @@ -1081,13 +1081,13 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:396 +#: documentation/content/en/books/handbook/audit/_index.adoc:395 #, no-wrap msgid "# praudit /dev/auditpipe\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:400 +#: documentation/content/en/books/handbook/audit/_index.adoc:399 msgid "" "By default, audit pipe device nodes are accessible only to the `root` user. " "To make them accessible to the members of the `audit` group, add a `devfs` " @@ -1095,20 +1095,20 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:404 +#: documentation/content/en/books/handbook/audit/_index.adoc:403 #, no-wrap msgid "add path 'auditpipe*' mode 0440 group audit\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:407 +#: documentation/content/en/books/handbook/audit/_index.adoc:406 msgid "" "See man:devfs.rules[5] for more information on configuring the devfs file " "system." msgstr "" #. type: delimited block = 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:413 +#: documentation/content/en/books/handbook/audit/_index.adoc:412 msgid "" "It is easy to produce audit event feedback cycles, in which the viewing of " "each audit event results in the generation of more audit events. For " @@ -1120,13 +1120,13 @@ msgid "" msgstr "" #. type: Title === -#: documentation/content/en/books/handbook/audit/_index.adoc:415 +#: documentation/content/en/books/handbook/audit/_index.adoc:414 #, no-wrap msgid "Rotating and Compressing Audit Trail Files" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:422 +#: documentation/content/en/books/handbook/audit/_index.adoc:421 msgid "" "Audit trails are written to by the kernel and managed by the audit daemon, " "man:auditd[8]. Administrators should not attempt to use man:newsyslog." @@ -1139,38 +1139,38 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:426 +#: documentation/content/en/books/handbook/audit/_index.adoc:425 #, no-wrap msgid "# audit -n\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:429 +#: documentation/content/en/books/handbook/audit/_index.adoc:428 msgid "" "If man:auditd[8] is not currently running, this command will fail and an " "error message will be produced." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:431 +#: documentation/content/en/books/handbook/audit/_index.adoc:430 msgid "" "Adding the following line to [.filename]#/etc/crontab# will schedule this " "rotation every twelve hours:" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:435 +#: documentation/content/en/books/handbook/audit/_index.adoc:434 #, no-wrap msgid "0 */12 * * * root /usr/sbin/audit -n\n" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:438 +#: documentation/content/en/books/handbook/audit/_index.adoc:437 msgid "The change will take effect once [.filename]#/etc/crontab# is saved." msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:440 +#: documentation/content/en/books/handbook/audit/_index.adoc:439 msgid "" "Automatic rotation of the audit trail file based on file size is possible " "using `filesz` in [.filename]#audit_control# as described in <<audit-" @@ -1178,7 +1178,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:444 +#: documentation/content/en/books/handbook/audit/_index.adoc:443 msgid "" "As audit trail files can become very large, it is often desirable to " "compress or otherwise archive trails once they have been closed by the audit " @@ -1190,7 +1190,7 @@ msgid "" msgstr "" #. type: delimited block . 4 -#: documentation/content/en/books/handbook/audit/_index.adoc:453 +#: documentation/content/en/books/handbook/audit/_index.adoc:452 #, no-wrap msgid "" "#\n" @@ -1202,7 +1202,7 @@ msgid "" msgstr "" #. type: Plain text -#: documentation/content/en/books/handbook/audit/_index.adoc:457 +#: documentation/content/en/books/handbook/audit/_index.adoc:456 msgid "" "Other archiving activities might include copying trail files to a " "centralized server, deleting old trail files, or reducing the audit trail to " |