# NOTES: # This slackbuild won't do much unless you rebuild your kernel with audit enabled. # Optionally you can enable syscall-level audit. # # RULES: # Some example rulesets are available at /usr/doc/audit-2.0.4/contrib # stig.rules is an example ruleset for systems that are subject to the US Department of Defense # UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that # they hadn't been updating it religiously. # # ROTATION: # The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd. # Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a # common event rapidly to exhaust log space, then do something nefarious that would go unaudited. # This package uses the default rotation size of 8MB.