Add audit.4 man page, providing basic documentation for configuring the
kernel audit facility, warnings about the experimental nature of this implementation, and pointers at a large number of other audit related man pages. Obtained from: TrustedBSD Project
This commit is contained in:
rwatson
parent
eb02f34f2c
commit
53c68f87c6
@ -27,6 +27,7 @@ MAN= aac.4 \
|
||||
ath_hal.4 \
|
||||
atkbd.4 \
|
||||
atkbdc.4 \
|
||||
audit.4 \
|
||||
aue.4 \
|
||||
awi.4 \
|
||||
axe.4 \
|
||||
|
||||
114
share/man/man4/audit.4
Normal file
114
share/man/man4/audit.4
Normal file
@ -0,0 +1,114 @@
|
||||
.\" Copyright (c) 2006 Robert N. M. Watson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd February 2, 2006
|
||||
.Os
|
||||
.Dt AUDIT 4
|
||||
.Sh NAME
|
||||
.Nm audit
|
||||
.Nd Security Event Audit
|
||||
.Sh SYNOPSIS
|
||||
.Cd "options AUDIT"
|
||||
.Sh DESCRIPTION
|
||||
Security Event Audit is a facility to provide fine-grained, configurable
|
||||
logging of security-relevant events, and is intended to meet the requirements
|
||||
of the Common Criteria (CC) Common Access Protection Profile (CAPP)
|
||||
evaluation.
|
||||
The
|
||||
.Fx
|
||||
audit facility implements the de facto industry standard BSM API, file
|
||||
formats, and command line interface, first found in the Solaris operating
|
||||
system.
|
||||
Information on the user space implementation can be found in
|
||||
.Xr libbsm 3
|
||||
man page.
|
||||
.Pp
|
||||
Audit support is enabled at boot, if present in the kernel, using an
|
||||
.Xr rc.conf 5
|
||||
flag.
|
||||
The audit daemon,
|
||||
.Xr auditd 8 ,
|
||||
is responsible for configuring the kernel to perform audit, pushing
|
||||
configuration data from the various audit configuration files into the
|
||||
kernel.
|
||||
.Sh SEE ALSO
|
||||
.Xr auditreduce 1 ,
|
||||
.Xr praudit 1 ,
|
||||
.Xr audit 2 ,
|
||||
.Xr auditctl 2 ,
|
||||
.Xr auditon 2 ,
|
||||
.Xr getaudit 2 ,
|
||||
.Xr getauid 2 ,
|
||||
.Xr setaudit 2 ,
|
||||
.Xr setauid 2 ,
|
||||
.Xr libbsm 3 ,
|
||||
.Xr audit.log 5 ,
|
||||
.Xr audit_class 5 ,
|
||||
.Xr audit_control 5 ,
|
||||
.Xr audit_event 5 ,
|
||||
.Xr audit_user 5 ,
|
||||
.Xr audit_warn 5 ,
|
||||
.Xr event_code 5 ,
|
||||
.Xr rc.conf 5 ,
|
||||
.Xr audit 8 ,
|
||||
.Xr auditd 8
|
||||
.Sh AUTHORS
|
||||
This software was created by McAfee Research, the security research division
|
||||
of McAfee, Inc., under contract to Apple Computer Inc.
|
||||
Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
|
||||
.Pp
|
||||
The Basic Security Module (BSM) interface to audit records and audit event
|
||||
stream format were defined by Sun Microsystems.
|
||||
.Pp
|
||||
This manual page was written by
|
||||
.An Robert Watson Aq rwatson@FreeBSD.org .
|
||||
.Sh HISTORY
|
||||
The OpenBSM implementation was created by McAfee Research, the security
|
||||
division of McAfee Inc., under contract to Apple Computer Inc. in 2004.
|
||||
It was subsequently adopted by the TrustedBSD Project as the foundation for
|
||||
the OpenBSM distribution.
|
||||
.Pp
|
||||
Support for kernel audit first appeared in
|
||||
.Fx 6.1 .
|
||||
.Sh BUGS
|
||||
The audit facility in
|
||||
.Fx
|
||||
is considered experimental, and production deployment should occur only after
|
||||
careful consideration of the risks of deploying experimental software.
|
||||
.Pp
|
||||
The
|
||||
.Fx
|
||||
kernel does not fully validate that audit records submitted by user
|
||||
applications are syntactically valid BSM; as submission of records is limited
|
||||
to privileged processes, this is not a critical bug.
|
||||
.Pp
|
||||
Instrumentation of auditable events in the kernel is not complete, as some
|
||||
system calls do not generate audit records, or generate audit records with
|
||||
incomplete argument information.
|
||||
.Pp
|
||||
Mandatory Access Control (MAC) labels, as provided by the
|
||||
.Xr mac 4
|
||||
facility, are not audited as part of records involving MAC decisions.
|
||||
Loading…
Reference in New Issue
Block a user