diff options
Diffstat (limited to 'system/audit/README.SLACKWARE')
| -rw-r--r-- | system/audit/README.SLACKWARE | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README.SLACKWARE b/system/audit/README.SLACKWARE new file mode 100644 index 0000000000..36ae25c925 --- /dev/null +++ b/system/audit/README.SLACKWARE @@ -0,0 +1,16 @@ +# NOTES: +# This slackbuild won't do much unless you rebuild your kernel with audit enabled. +# Optionally you can enable syscall-level audit. +# +# RULES: +# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib +# stig.rules is an example ruleset for systems that are subject to the US Department of Defense +# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that +# they hadn't been updating it religiously. +# +# ROTATION: +# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd. +# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a +# common event rapidly to exhaust log space, then do something nefarious that would go unaudited. +# This package uses the default rotation size of 8MB. + |