Bug 510776

Summary: The localise Help Button in Yast Configuration of Audit Framework is Abysmal and Confusing and Leaves Important Information
Product: [openSUSE] openSUSE 11.1 Reporter: Scott Couston <scott>
Component: YaST2Assignee: Gabriele Mohr <gs>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Enhancement    
Priority: P4 - Low CC: ke, scott
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 11.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Scott Couston 2009-06-07 09:38:32 UTC 
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.10) Gecko/2009042700 SUSE/3.0.10-1.1.1 Firefox/3.0.10

On opening the optional Yast application
Yast>Security and Users>Configuration of Linux Audit Framework does off different help pages in respect to each of the differing tabs, however this information is of a bear minimum of nature and some function, especially in Rules for Audit, the the application is not easily able to be used with much confidants and in some places it describes fields that are not present and at other omits fields which are. 

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
Help on each Tab offers sometimes no information on fields and purpose and at other times offers very little and poor information especially in the Rules for Audit
Comment 1 Gabriele Mohr 2009-07-01 10:12:18 UTC 
AFAICS all functionality (fields and buttons) is mentioned in the help text (at the right place).
Please add the information which fields are missing and which fields described in the help text are not present.
Help text about all available option settings will be added.
Comment 2 Scott Couston 2009-07-01 21:46:54 UTC 
The First page of help text is
quote
Auditd Log File Configuration
The audit daemon logs all relevant audit events to the default log file /var/log/audit/audit.log. Events may come from the apparmor kernel module, from applications which use libaudit (e.g. PAM) or incidents caused by rules (e.g. file watches).
More information about rules and the possiblity to add rules offers the dialog Rules for auditctl. Detailed information about the log file settings can be obtained from 'man auditd.conf'.
Log File: Enter the full path name to the log file (or use Select File.)
Format: set RAW to log all data or NOLOG to discard all audit information (does not affect data sent to the dispatcher).
Flush: describes how to write the data to disk. If set to INCREMANTAL the Frequency parameter tells how many records to write before issuing an explicit flush to disk.
Configure the maximum log file size and the action to take when this value is reached in Size and Action frame. If action is set to ROTATE the Number of Log Files specifies the number of files to keep.
Computer Name Format describes how to write the computer name to the log file. If User is set the User Defined Name is used. 
Unquote

1.There needs to be a Hyperlink to man auditd.conf and or its location within the directory structure.
2. The messages that come from Apparmour are more easily dealt with in Apparmour reporting via proxmail to an email address in HTML.(Bad Example)
3. The words 'full pathway' should read 'absolute path' to be consistent.
4. The word 'possiblity' is spelt incorrectly
5. The description of FORMAT options is unclear, are you refering to raw text, and NOLOG seems to indicate the removal of all information?
6.All Flush options are not described
7.'Size and Action frame' all options are not disused
8. The Computer Name option 'FQD' is not discussed.

If I continue with the other tabs things get far far worse. Writing help is always had as you have to write to the lowest possible denominator of experience of the person who is going to use the Module given its function.

I am not suggesting this help text should be baby food, I would grab a non Linux, say a normal good user out of the building of yours to test the understanding and focus of the help text given the application nature. 

I never log a bug for the sake of missing 'x' I only wish what we all wish, a product that everyone can use and understand and moving outside of both our environments to be that person is often difficult and not an easy task.
Comment 3 Gabriele Mohr 2009-07-09 11:45:13 UTC 
I have improved the help text according to your suggestions (have added the description of all option settings for all dialogs).
The text about 'apparmor' remains unchanged (the information is correct because the kernel uses a running audit daemon to log audit events to /var/log/audit/audit.log) as well as the part: "Log File: Enter the full path name..." which is taken from the manual page (man 'auditd.conf').
The audit module is optional for openSUSE because it has been developed for SLES products. It was agreed with the project manager to accept some restrictions (due to time limitation), esp. for the 'Rules' dialog. Editing the rules manually is meant for advanced users only (I have added this hint to the help text). The flag to enable the auditing can be changed easily (and is described in detail).
The changes will be available with yast2-audit-laf-2.18.3.