The default file for krb5_key_file is missing from the auditd.conf(5) manual
Mateusz Piotrowski
0mp at FreeBSD.org
Sun Aug 21 19:49:08 UTC 2016
Hello,
On 21 Aug 2016, at 21:00, Mateusz Piotrowski <0mp at freebsd.org> wrote:
> See this line[1]. It lacks the name of the default file.
>
> [1]: https://github.com/linux-audit/audit-userspace/blob/master/docs/auditd.conf.5#L291
I was able to fix this man page. Here's the patch:
>From e0650ae46d13ea9e588d2552c83513c554cf52dd Mon Sep 17 00:00:00 2001
From: Mateusz Piotrowski <mpp302 at gmail.com>
Date: Sun, 21 Aug 2016 21:42:00 +0200
Subject: [PATCH] Fix auditd man page.
Related to this email: [The default file for krb5_key_file is missing
from the auditd.conf(5) manual][1]
[1]: https://www.redhat.com/archives/linux-audit/2016-August/msg00056.html.
---
docs/auditd.conf.5 | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/docs/auditd.conf.5 b/docs/auditd.conf.5
index 026a58d..1546b34 100644
--- a/docs/auditd.conf.5
+++ b/docs/auditd.conf.5
@@ -29,7 +29,7 @@ The log format describes how the information should be stored on disk. There are
the audit records will be stored in a format exactly as the kernel sends it. The
.IR ENRICHED
option will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system.
-The
+The
.I NOLOG
option is now deprecated. If you were setting this format, now you should set
the write_logs option to no.
@@ -256,7 +256,7 @@ events. In this case you would increase the number only large enough to let it
in too.
.TP
.I use_libwrap
-This setting determines whether or not to use tcp_wrappers to discern connection attempts that are from allowed machines. Legal values are either
+This setting determines whether or not to use tcp_wrappers to discern connection attempts that are from allowed machines. Legal values are either
.IR yes ", or " no "
The default value is yes.
.TP
@@ -288,12 +288,11 @@ server's host, as returned by a DNS lookup of its IP address.
.I krb5_key_file
Location of the key for this client's principal.
Note that the key file must be owned by root and mode 0400.
-The default is
+The default is \fI/etc/audit/audit.key\fP.
.TP
.I distribute_network
If set to "yes", network originating events will be distributed to the audit
dispatcher for processing. The default is "no".
-.I /etc/audit/audit.key
.SH NOTES
In a CAPP environment, the audit trail is considered so important that access to system resources must be denied if an audit trail cannot be created. In this environment, it would be suggested that /var/log/audit be on its own partition. This is to ensure that space detection is accurate and that no other process comes along and consumes part of it.
--
2.9.2
More information about the Linux-audit
mailing list