Support for Event Auditing is installed with
the normal installworld
process. An
administrator may confirm this by viewing the contents
of /etc/security
. Files
beginning with the word audit should be present.
For example, audit_event
.
In-kernel support for the framework must also exist. This may be done by adding the following lines to the local kernel configuration file:
options AUDIT
Rebuild and reinstall the kernel via the normal process explained in Rozdział 8, Konfiguracja jądra FreeBSD.
Once completed, enable the audit daemon by adding the following line to rc.conf(5):
auditd_enable="YES"
Functionality not provided by the default may be added
here with the auditd_flags
option.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.