slackbuilds/system/audit
Robby Workman 143991a46e Entire Repo: Remove APPROVED field from .info files
This field used to make sense in our pre-git days, but
the Signed-Off-By: line serves the same purpose (and
even more) now, so APPROVED has been rejected.  ;-)

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
2012-08-14 23:22:50 -05:00
..
README system/audit: Added (Auditing System Daemon) 2010-06-13 14:52:37 -05:00
README.SLACKWARE system/audit: Added (Auditing System Daemon) 2010-06-13 14:52:37 -05:00
audit-2.0.4-sysconfig.diff system/audit: Added (Auditing System Daemon) 2010-06-13 14:52:37 -05:00
audit.SlackBuild system/audit: Updated for version 2.0.5. 2010-10-25 07:55:12 -05:00
audit.info Entire Repo: Remove APPROVED field from .info files 2012-08-14 23:22:50 -05:00
doinst.sh system/audit: Added (Auditing System Daemon) 2010-06-13 14:52:37 -05:00
slack-desc system/audit: Added (Auditing System Daemon) 2010-06-13 14:52:37 -05:00

README

Audit for Slackware

The Linux Auditing System is a kernel subsystem the allows the kernel to 
record events of interest to intrusion detection systems, such as file 
access attempts, specific system calls, or custom events generated by 
trusted system binaries like login or sshd.  The audit package provides the 
tools to configure the audit system, and to collect and process its output.

To collect audit events, your kernel must have the audit system enabled, 
which is present in the stock Slackware kernels.

The audit package has no other dependencies. However, certain audit events 
of interest, such as failed login attempts from /bin/login, password changes, 
etcetera are generated by their respective binaries using libaudit.  If your 
site policy requires auditing those events, some reconfiguration and/or 
patching may be required.