system/audit: Added (Auditing System Daemon)

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
author: Andy Bailey <bailey@akamai.com> 2010-06-13 02:11:41 -0500
committer: Robby Workman <rworkman@slackbuilds.org> 2010-06-13 14:52:37 -0500
commit: 51963c9cc9659cad5ac792f27974415d0f88a450 (patch)
tree: e4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README
parent: feb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff)
download: slackbuilds-51963c9cc9659cad5ac792f27974415d0f88a450.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/system/audit/README b/system/audit/README
new file mode 100644
index 0000000000..59dba16797
--- /dev/null
+++ b/system/audit/README
@@ -0,0 +1,16 @@
+Audit for Slackware
+
+The Linux Auditing System is a kernel subsystem the allows the kernel to 
+record events of interest to intrusion detection systems, such as file 
+access attempts, specific system calls, or custom events generated by 
+trusted system binaries like login or sshd.  The audit package provides the 
+tools to configure the audit system, and to collect and process its output.
+
+To collect audit events, your kernel must have the audit system enabled, 
+which is present in the stock Slackware kernels.
+
+The audit package has no other dependencies. However, certain audit events 
+of interest, such as failed login attempts from /bin/login, password changes, 
+etcetera are generated by their respective binaries using libaudit.  If your 
+site policy requires auditing those events, some reconfiguration and/or 
+patching may be required.
author	Andy Bailey <bailey@akamai.com>	2010-06-13 02:11:41 -0500
committer	Robby Workman <rworkman@slackbuilds.org>	2010-06-13 14:52:37 -0500
commit	51963c9cc9659cad5ac792f27974415d0f88a450 (patch)
tree	e4b3c03f848324277de2fec93c7b72fe5c10bf27 /system/audit/README
parent	feb4d19f4b32538bc0c27d6af7a7bdf9effe5a9e (diff)
download	slackbuilds-51963c9cc9659cad5ac792f27974415d0f88a450.tar.gz