audit documentation needs updating, badly!
The auditd(1M) and similar documentation that ships with illumos refers one to files in /etc/security (specifically /etc/security/audit_control) for configuring the daemon. This documentation, and those configuration files, provide a lot of information about configuring the audit tools... which the audit tools then summarily discard. Instead of having admins bang their heads against this, wasting time wondering why things aren't working, we need to update the documentation.
Updated by Peter Tribble almost 3 years ago
audit_control is just the tip of the iceberg - it's now in SMF
We still have these references to bsmconv that are no longer relevant and need to be removed
Also, the 3bsm man pages haven't kept up with reality:
getacinfo and friends went away with audit_control
audit_user and associated routines have been removed
There's probably more if you chase all this through
Updated by Electric Monk almost 3 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 291a8a98a6ce8a2e0a5203468242b79d419b06b6 Author: Peter Tribble <email@example.com> Date: 2017-03-18T17:41:29.000Z 3766 audit documentation needs updating, badly! Reviewed by: Toomas Soome <firstname.lastname@example.org> Reviewed by: Robert Mustacchi <email@example.com> Approved by: Richard Lowe <firstname.lastname@example.org>