17.3. Installing Audit Support

Support for Event Auditing is installed with the normal installworld process. An administrator may confirm this by viewing the contents of /etc/security. Files beginning with the word audit should be present. For example, audit_event.

In-kernel support for the framework must also exist. This may be done by adding the following lines to the local kernel configuration file:

options	AUDIT

Rebuild and reinstall the kernel via the normal process explained in 章 9, 設定 FreeBSD Kernel.

Once completed, enable the audit daemon by adding the following line to rc.conf(5):


Functionality not provided by the default may be added here with the auditd_flags option.

本文及其他文件,可由此下載: ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/

若有 FreeBSD 方面疑問,請先閱讀 FreeBSD 相關文件,如不能解決的話,再洽詢 <questions@FreeBSD.org>。

關於本文件的問題,請洽詢 <doc@FreeBSD.org>。