system/audit: Added (Auditing System Daemon)

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
author: Andy Bailey <bailey@akamai.com> 2010-06-13 02:11:41 -0500
committer: Robby Workman <rworkman@slackbuilds.org> 2010-06-13 14:52:37 -0500
commit: 51963c9cc9659cad5ac792f27974415d0f88a450 (patch)
tree: e4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README.SLACKWARE
parent: feb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff)
download: slackbuilds-51963c9cc9659cad5ac792f27974415d0f88a450.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README.SLACKWARE b/system/audit/README.SLACKWARE
new file mode 100644
index 0000000000..36ae25c925
--- /dev/null
+++ b/system/audit/README.SLACKWARE
@@ -0,0 +1,16 @@
+# NOTES:
+# This slackbuild won't do much unless you rebuild your kernel with audit enabled.
+# Optionally you can enable syscall-level audit.
+#
+# RULES: 
+# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib
+# stig.rules is an example ruleset for systems that are subject to the US Department of Defense
+# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that
+# they hadn't been updating it religiously.
+#
+# ROTATION:
+# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd. 
+# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a 
+# common event rapidly to exhaust log space, then do something nefarious that would go unaudited.
+# This package uses the default rotation size of 8MB.
+
author	Andy Bailey <bailey@akamai.com>	2010-06-13 02:11:41 -0500
committer	Robby Workman <rworkman@slackbuilds.org>	2010-06-13 14:52:37 -0500
commit	51963c9cc9659cad5ac792f27974415d0f88a450 (patch)
tree	e4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README.SLACKWARE
parent	feb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff)
download	slackbuilds-51963c9cc9659cad5ac792f27974415d0f88a450.tar.gz