Hello,
On 21 Aug 2016, at 21:00, Mateusz Piotrowski <0mp(a)freebsd.org> wrote:
I was able to fix this man page. Here's the patch:
From e0650ae46d13ea9e588d2552c83513c554cf52dd Mon Sep 17 00:00:00 2001
From: Mateusz Piotrowski <mpp302(a)gmail.com>
Date: Sun, 21 Aug 2016 21:42:00 +0200
Subject: [PATCH] Fix auditd man page.
Related to this email: [The default file for krb5_key_file is missing
from the auditd.conf(5) manual][1]
[1]:
https://www.redhat.com/archives/linux-audit/2016-August/msg00056.html.
---
docs/auditd.conf.5 | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/docs/auditd.conf.5 b/docs/auditd.conf.5
index 026a58d..1546b34 100644
--- a/docs/auditd.conf.5
+++ b/docs/auditd.conf.5
@@ -29,7 +29,7 @@ The log format describes how the information should be stored on disk.
There are
the audit records will be stored in a format exactly as the kernel sends it. The
.IR ENRICHED
option will resolve all uid, gid, syscall, architecture, and socket address information
before writing the event to disk. This aids in making sense of events created on one
system but reported/analized on another system.
-The
+The
.I NOLOG
option is now deprecated. If you were setting this format, now you should set
the write_logs option to no.
@@ -256,7 +256,7 @@ events. In this case you would increase the number only large enough
to let it
in too.
.TP
.I use_libwrap
-This setting determines whether or not to use tcp_wrappers to discern connection attempts
that are from allowed machines. Legal values are either
+This setting determines whether or not to use tcp_wrappers to discern connection attempts
that are from allowed machines. Legal values are either
.IR yes ", or " no "
The default value is yes.
.TP
@@ -288,12 +288,11 @@ server's host, as returned by a DNS lookup of its IP address.
.I krb5_key_file
Location of the key for this client's principal.
Note that the key file must be owned by root and mode 0400.
-The default is
+The default is \fI/etc/audit/audit.key\fP.
.TP
.I distribute_network
If set to "yes", network originating events will be distributed to the audit
dispatcher for processing. The default is "no".
-.I /etc/audit/audit.key
.SH NOTES
In a CAPP environment, the audit trail is considered so important that access to system
resources must be denied if an audit trail cannot be created. In this environment, it
would be suggested that /var/log/audit be on its own partition. This is to ensure that
space detection is accurate and that no other process comes along and consumes part of
it.
--
2.9.2