diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-09-25 11:40:29 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-09-25 11:40:29 +0000 |
commit | 6b46b736cc84f6697b21608e304026e847ac155d (patch) | |
tree | 923fed11093f1a6d233a2a592922f126f5d88228 /contrib/openbsm/man/audit_control.5 | |
parent | 3fc61fcaeb6c4f73a668795461e276064f449f38 (diff) | |
download | FreeBSD-src-6b46b736cc84f6697b21608e304026e847ac155d.zip FreeBSD-src-6b46b736cc84f6697b21608e304026e847ac155d.tar.gz |
Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change
history notes since the last import:
OpenBSM 1.0 alpha 12
- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.
MFC after: 3 days
Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/man/audit_control.5')
-rw-r--r-- | contrib/openbsm/man/audit_control.5 | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5 index edd38bb..25cb226 100644 --- a/contrib/openbsm/man/audit_control.5 +++ b/contrib/openbsm/man/audit_control.5 @@ -1,4 +1,5 @@ .\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -25,7 +26,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#13 $ .\" .Dd January 4, 2006 .Dt AUDIT_CONTROL 5 @@ -66,6 +67,12 @@ Not currently used as the value of 20 percent is chosen by the kernel. .It Va policy A list of global audit policy flags specifying various behaviors, such as fail stop, auditing of paths and arguments, etc. +.It Va filesz +Maximum trail size in bytes; if set to a non-0 value, the audit daemon will +rotate the audit trail file at around this size. +Sizes less than the minimum trail size (default of 512K) will be rejected as +invalid. +If 0, trail files will not be automatically rotated based on file size. .El .Sh AUDIT FLAGS Audit flags are a comma-delimited list of audit classes as defined in the @@ -78,12 +85,14 @@ Event classes may be preceded by a prefix which changes their interpretation. The following prefixes may be used for each class: .Pp .Bl -tag -width Ds -compact -offset indent +.It (none) +Record both successful and failed events .It + Record successful events .It - Record failed events .It ^ -Record both successful and failed events +Record neither successful nor failed events .It ^+ Do not record successful events .It ^- @@ -146,6 +155,7 @@ flags:lo minfree:20 naflags:lo policy:cnt +filesz:0 .Ed .Pp The @@ -156,7 +166,8 @@ The .Va policy parameter specifies that the system should neither fail stop nor suspend processes when the audit store fills. -will be audited. +The trail file will not be automatically rotated by the audit daemon based on +file size. .Sh FILES .Bl -tag -width "/etc/security/audit_control" -compact .It Pa /etc/security/audit_control |