Support for Event Auditing is installed with
the normal installworld
process. An
administrator may confirm this by viewing the contents
of /etc/security
. Files
beginning with the word audit should be present.
For example, audit_event
.
In-kernel support for the framework must also exist. This may be done by adding the following lines to the local kernel configuration file:
options AUDIT
Rebuild and reinstall the kernel via the normal process explained in 章 8, 設定 FreeBSD Kernel.
Once completed, enable the audit daemon by adding the following line to rc.conf(5):
auditd_enable="YES"
Functionality not provided by the default may be added
here with the auditd_flags
option.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.