A bit missing in documentation on RHEL4, however I fetched sources
from rawhide
(that have some documentation).
At the time tha RHEL4 shipped, the audit framework had a lot of work to go. It
couldn't really be documented since the utilities didn't really exist. It is
slated for inclusion in U2. Also, FC4 has a respectable piece of the audit
subsystem in it.
Is Audit Framework part of SELinux, used by SELinux, or something
totally
unrelated?
Its a separate entity with a different control interface. SE Linux uses it to
send AVC messages. The audit system determines whether an audit daemon is in use.
If so the messages go to the audit daemon. If not, they go to syslog.
If you want to experiment with the audit system, try out FC4. I'll probably start
writing tutorials and howto's once the audit system gets closer to completion.
-Steve Grubb
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail