Date: Mon, 30 May 2005 20:53:39 GMT From: Tom Rhodes <trhodes@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 77739 for review Message-ID: <200505302053.j4UKrdTG066906@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=77739 Change 77739 by trhodes@trhodes_local on 2005/05/30 20:52:53 Fix various mark up nits, adding some additional mark up and killing hard sentence breaks. Affected files ... .. //depot/projects/trustedbsd/openbsm/man/audit.log.5#5 edit .. //depot/projects/trustedbsd/openbsm/man/audit_class.5#2 edit .. //depot/projects/trustedbsd/openbsm/man/audit_control.5#2 edit .. //depot/projects/trustedbsd/openbsm/man/audit_event.5#2 edit .. //depot/projects/trustedbsd/openbsm/man/audit_user.5#2 edit .. //depot/projects/trustedbsd/openbsm/man/audit_warn.5#2 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/man/audit.log.5#5 (text+ko) ==== @@ -60,8 +60,7 @@ however, some variation may occur depending on the operating system in use, what system options, such as mandatory access control, are present. .Pp -.Pp -This man page documents the common token types and their binary format, and +This manual page documents the common token types and their binary format, and is intended for reference purposes only. It is recommended that application programmers use the .Xr libbsm 3 @@ -539,7 +538,7 @@ The .Dv seq token contains a unique and monotonically increasing audit event sequence ID. -Due to the limited range (32 bits), serial number arithmetic (and caution) +Due to the limited range of 32 bits, serial number arithmetic and caution should be used when comparing sequence numbers. .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description ==== //depot/projects/trustedbsd/openbsm/man/audit_class.5#2 (text+ko) ==== @@ -29,14 +29,16 @@ .Os "Mac OS X" .Sh NAME .Nm audit_class -.Nd contains audit event class descriptions +.Nd "contains audit event class descriptions" .Sh DESCRIPTION The .Nm -file contains descriptions of the auditable event classes on the system. Each -auditable event is a member of an event class. Each line maps an audit event -mask (bitmap) to a class and a description. Entries are of the form -classmask:eventclass:description. +file contains descriptions of the auditable event classes on the system. +Each auditable event is a member of an event class. +Each line maps an audit event +mask (bitmap) to a class and a description. +Entries are of the form +.Dl classmask:eventclass:description. .Pp Example entries in this file are: .Bd -literal -offset indent ==== //depot/projects/trustedbsd/openbsm/man/audit_control.5#2 (text+ko) ==== @@ -29,37 +29,44 @@ .Os "Mac OS X" .Sh NAME .Nm audit_control -.Nd contains audit system parameters +.Nd "contains audit system parameters" .Sh DESCRIPTION The .Nm -file contains several audit system parameters. Each line of this file is of -the form parameter:value. The parameters are: +file contains several audit system parameters. +Each line of this file is of the form: +.Dl parameter:value. +The parameters are: .Bl -tag -width Ds -.It Nm dir -The directory where audit log files are stored. There may be more than one of -these entries. Changes to this entry can only be enacted by restarting the -audit system. See +.It Pa dir +The directory where audit log files are stored. +There may be more than one of these entries. +Changes to this entry can only be enacted by restarting the +audit system. +See .Xr audit 1 for a description of how to restart the audit system. -.It Nm flags +.It Va flags Specifies which audit event classes are audited for all users. .Xr audit_user 5 -describes how to audit events for individual users. See the -information below for the format of the audit flags. -.It Nm naflags +describes how to audit events for individual users. +See the information below for the format of the audit flags. +.It Va naflags Contains the audit flags that define what classes of events are audited when an action cannot be attributed to a specific user. -.It Nm minfree -The minimum free space required on the file system audit logs are being written to. When the free space falls below this limit a warning will be issued. Not -currently used as the value of 20 percent is chosen by the kernel. +.It Va minfree +The minimum free space required on the file system audit logs are being written to. +When the free space falls below this limit a warning will be issued. +Not currently used as the value of 20 percent is chosen by the kernel. .El .Sh AUDIT FLAGS Audit flags are a comma delimited list of audit classes as defined in the -audit_class file. (See +audit_class file. +See .Xr audit_class 5 -for details.) Event classes may be preceded by a prefix which changes their -interpretation. The following prefixes may be used for each class: +for details. +Event classes may be preceded by a prefix which changes their interpretation. +The following prefixes may be used for each class: .Bl -tag -width Ds -compact -offset indent .It + Record successful events @@ -84,7 +91,7 @@ .Ed .Pp The -.Nm flags +.Va flags parameter above specifies the system-wide mask corresponding to login/logout events, administrative events, and all failures except for failures in creating or closing files. ==== //depot/projects/trustedbsd/openbsm/man/audit_event.5#2 (text+ko) ==== @@ -29,14 +29,18 @@ .Os "Mac OS X" .Sh NAME .Nm audit_event -.Nd contains audit event descriptions +.Nd "contains audit event descriptions" .Sh DESCRIPTION The .Nm -file contains descriptions of the auditable events on the system. Each line -maps an audit event number to a name, a description, and a class. Entries -are of the form eventnum:eventname:description:eventclass. Each eventclass -should have a corresponding entry in the audit_class file. See +file contains descriptions of the auditable events on the system. +Each line maps an audit event number to a name, a description, and a class. +Entries are of the form +.Dl eventnum:eventname:description:eventclass . +Each +.Vt eventclass +should have a corresponding entry in the audit_class file. +See .Xr audit_class 5 for details. .Pp ==== //depot/projects/trustedbsd/openbsm/man/audit_user.5#2 (text+ko) ==== @@ -29,21 +29,29 @@ .Os "Mac OS X" .Sh NAME .Nm audit_user -.Nd specifies events to be audited for the given users +.Nd "specifies events to be audited for the given users" .Sh DESCRIPTION The .Nm file specifies which audit event classes are to be audited for the given users. If specified, these flags are combined with the system-wide audit flags in the -audit_control file to determine which classes of events to audit for that user. +.Pa audit_control +file to determine which classes of events to audit for that user. These settings take effect when the user logs in. .Pp -Each line maps a user name to a list of classes that should be audited and a list of classes that should not be audited. -Entries are of the form username:alwaysaudit:neveraudit, where alwaysaudit -is a set of event classes that are always audited, and neveraudit -is a set of event classes that should not be audited. These sets can indicate +Each line maps a user name to a list of classes that should be audited and a +list of classes that should not be audited. +Entries are of the form of +.Dl username:alwaysaudit:neveraudit , +where +.Vt alwaysaudit +is a set of event classes that are always audited, and +.Vt neveraudit +is a set of event classes that should not be audited. +These sets can indicate the inclusion or exclusion of multiple classes, and whether to audit successful -or failed events. See +or failed events. +See .Xr audit_control 5 for more information about audit flags. .Pp @@ -54,8 +62,11 @@ .Ed .Pp These settings would cause login and administrative events that succeed on -behalf of user root to be audited. No failure events are audited. For the -user jdoe, failed file creation events are audited, administrative events are +behalf of user root to be audited. +No failure events are audited. +For the user +.Em jdoe , +failed file creation events are audited, administrative events are audited, and successful file write events are never audited. .Sh FILES .Bl -tag -width "/etc/security/audit_user" -compact ==== //depot/projects/trustedbsd/openbsm/man/audit_warn.5#2 (text+ko) ==== @@ -29,7 +29,7 @@ .Os "Mac OS X" .Sh NAME .Nm audit_warn -.Nd alert when audit daemon issues warnings +.Nd "alert when audit daemon issues warnings" .Sh DESCRIPTION .Nm runs when @@ -42,8 +42,9 @@ appends its arguments to .Pa /etc/security/audit_messages . Administrators may replace this script: a more comprehensive one would take -different actions based on the type of warning. For example, a low-space -warning could result in an email message being sent to the administrator. +different actions based on the type of warning. +For example, a low-space warning +could result in an email message being sent to the administrator. .Sh FILES .Bl -tag -width "/etc/security/audit_warn" -compact .It Pa /etc/security/audit_warn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505302053.j4UKrdTG066906>