Commit Graph

16 Commits

Author SHA1 Message Date
Christian S.J. Peron
49f12e36d0 Document the limitations associated with using the audit syscalls
from jailed process.  These might get implemented in jails in the
future, but for now they are not supported.

Discussed on:   freebsd-security@
Reviewed by:    brueffer@
MFC after:      2 weeks
2018-03-21 17:22:42 +00:00
Baptiste Daroussin
923544aa8d Sort SEE ALSO 2014-12-26 22:30:18 +00:00
Baptiste Daroussin
6c89995002 use .Mt to mark up email addresses consistently (final part)
PR:		191174
Submitted by:	Franco Fichtner <franco at lastsummer.de>
2014-06-26 21:46:14 +00:00
Robert Watson
16648b4fff Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by:	pjd
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 15:11:46 +00:00
Ulrich Spörlein
aa12cea2cc mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
Robert Watson
89614fc2ff Upgrade audit(4) from experimental to production status for FreeBSD 8.0.
While there remain some incomplete aspects of the implementation (such
as incomplete auditing of some system calls), the implementation has
been burned in for a few years, as well as in GENERIC for a few years.

Obtained from:	TrustedBSD Project
2009-05-31 09:03:14 +00:00
Mike Pritchard
0af221178a Spelling fixes. 2006-12-14 16:40:57 +00:00
Ruslan Ermilov
ae91966b64 Revise markup. 2006-09-30 15:14:49 +00:00
Robert Watson
c6c571f1e3 s/6.1/6.2/ as the introduction date for kernel audit support.
Obtained from:	TrustedBSD Project
2006-09-02 11:55:38 +00:00
Robert Watson
673937ac08 Break out description of the audit pipe facility from audit.4 into a new
man page, auditpipe.4, which describes the behavior of audit pipes, the
ioctls, preselection, etc.

Obtained from:	TrustedBSD Project
2006-06-05 15:26:09 +00:00
Robert Watson
7be995ed2a Clarify and expand on some of the points about audit pipe devices.
Discussed with:	remko
2006-02-06 20:27:00 +00:00
Christian Brueffer
f5674a39c7 Add a missing word and use the .Qq macro for quotes. 2006-02-06 19:28:02 +00:00
Robert Watson
f10a5f6cc4 Add information on audit pipe special devices, which allow user processes
to "tee" the BSM record stream for the purposes of live monitoring,
intrusion detection, etc.  Support for audit pipes will be committed in
the near future.

Obtained from:	TrustedBSD Project
2006-02-06 18:41:00 +00:00
Christian Brueffer
ec41774c58 Remove reference to non-existant manpage.
Confirmed by:	rwatson
2006-02-04 21:10:48 +00:00
Christian Brueffer
9ca971bce6 Fix a sentence. 2006-02-03 11:10:50 +00:00
Robert Watson
0739bd6008 Add audit.4 man page, providing basic documentation for configuring the
kernel audit facility, warnings about the experimental nature of this
implementation, and pointers at a large number of other audit related
man pages.

Obtained from:	TrustedBSD Project
2006-02-02 10:32:27 +00:00