I'm trying to configure a 2.6 kernel (220.127.116.11 to be exact) and one of the first options to configure is auditing support. I've done some searching on the net to figure out exactly what it is and if I need it. My searches were unsuccessful and the description given from the menu
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
logging of avc messages output). Does not do system-call
auditing without CONFIG_AUDITSYSCALL
didn't help that much. What is the "auditing infrastructure" ? Do I need it?
Maybe this is just a minor option considering I have quite a few more left to configure, but
I've already compiled the kernel a few times now and was unsuccessful so I decided to figure out as best possible exactly what each option means.
I guess my next question is: What should I do when I can't figure out what an option does even after reading some docs and doing some searches? Is this the best place to come.