Hello, On 21 Aug 2016, at 21:00, Mateusz Piotrowski <[email protected]> wrote: > See this line[1]. It lacks the name of the default file. > > [1]: > https://github.com/linux-audit/audit-userspace/blob/master/docs/auditd.conf.5#L291
I was able to fix this man page. Here's the patch: >From e0650ae46d13ea9e588d2552c83513c554cf52dd Mon Sep 17 00:00:00 2001 From: Mateusz Piotrowski <[email protected]> Date: Sun, 21 Aug 2016 21:42:00 +0200 Subject: [PATCH] Fix auditd man page. Related to this email: [The default file for krb5_key_file is missing from the auditd.conf(5) manual][1] [1]: https://www.redhat.com/archives/linux-audit/2016-August/msg00056.html. --- docs/auditd.conf.5 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/auditd.conf.5 b/docs/auditd.conf.5 index 026a58d..1546b34 100644 --- a/docs/auditd.conf.5 +++ b/docs/auditd.conf.5 @@ -29,7 +29,7 @@ The log format describes how the information should be stored on disk. There are the audit records will be stored in a format exactly as the kernel sends it. The .IR ENRICHED option will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system. -The +The .I NOLOG option is now deprecated. If you were setting this format, now you should set the write_logs option to no. @@ -256,7 +256,7 @@ events. In this case you would increase the number only large enough to let it in too. .TP .I use_libwrap -This setting determines whether or not to use tcp_wrappers to discern connection attempts that are from allowed machines. Legal values are either +This setting determines whether or not to use tcp_wrappers to discern connection attempts that are from allowed machines. Legal values are either .IR yes ", or " no " The default value is yes. .TP @@ -288,12 +288,11 @@ server's host, as returned by a DNS lookup of its IP address. .I krb5_key_file Location of the key for this client's principal. Note that the key file must be owned by root and mode 0400. -The default is +The default is \fI/etc/audit/audit.key\fP. .TP .I distribute_network If set to "yes", network originating events will be distributed to the audit dispatcher for processing. The default is "no". -.I /etc/audit/audit.key .SH NOTES In a CAPP environment, the audit trail is considered so important that access to system resources must be denied if an audit trail cannot be created. In this environment, it would be suggested that /var/log/audit be on its own partition. This is to ensure that space detection is accurate and that no other process comes along and consumes part of it. -- 2.9.2 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
