17.3. Installing Audit Support

Support for Event Auditing is installed with the normal installworld process. An administrator may confirm this by viewing the contents of /etc/security. Files beginning with the word audit should be present. For example, audit_event.

In-kernel support for the framework must also exist. This may be done by adding the following lines to the local kernel configuration file:

options	AUDIT

Rebuild and reinstall the kernel via the normal process explained in 章 8, 設定 FreeBSD Kernel.

Once completed, enable the audit daemon by adding the following line to rc.conf(5):

auditd_enable="YES"

Functionality not provided by the default may be added here with the auditd_flags option.

All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/

Questions that are not answered by the documentation may be sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.