diff options
Diffstat (limited to 'system/audit/README')
| -rw-r--r-- | system/audit/README | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README b/system/audit/README new file mode 100644 index 0000000000..59dba16797 --- /dev/null +++ b/system/audit/README @@ -0,0 +1,16 @@ +Audit for Slackware + +The Linux Auditing System is a kernel subsystem the allows the kernel to +record events of interest to intrusion detection systems, such as file +access attempts, specific system calls, or custom events generated by +trusted system binaries like login or sshd. The audit package provides the +tools to configure the audit system, and to collect and process its output. + +To collect audit events, your kernel must have the audit system enabled, +which is present in the stock Slackware kernels. + +The audit package has no other dependencies. However, certain audit events +of interest, such as failed login attempts from /bin/login, password changes, +etcetera are generated by their respective binaries using libaudit. If your +site policy requires auditing those events, some reconfiguration and/or +patching may be required. |