[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
06/13: services: auditd: Provide default configuration directory.
|
From: |
guix-commits |
|
Subject: |
06/13: services: auditd: Provide default configuration directory. |
|
Date: |
Mon, 27 Jul 2020 06:07:31 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 73cb3e103f35356b83cb091f15c536c21bf53981
Author: Robin Green <greenrd@greenrd.org>
AuthorDate: Sun Jul 19 08:32:31 2020 +0100
services: auditd: Provide default configuration directory.
* gnu/services/auditd.scm (auditd.conf)
(%default-auditd-configuration-directory): New variables.
(<auditd-configuration>): Switch to 'define-record-type*'.
[configuration-directory]: New field.
(auditd-shepherd-service): Honor 'configuration-directory'. Pass
#:pid-file.
(auditd-service-type)[description]: Tweak.
[default-value]: Provide 'configuration-directory'.
* doc/guix.texi (Miscellaneous Services): Update docs to reflect
changes.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
doc/guix.texi | 11 +++++++++--
gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++-----------
2 files changed, 39 insertions(+), 13 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index d45deed..d4557b3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27612,10 +27612,12 @@ Network access
@command{auditctl} from the @code{audit} package can be used in order
to add or remove events to be tracked (until the next reboot).
In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
@command{aureport} from the @code{audit} package can be used in order
to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
@end defvr
@@ -27627,6 +27629,11 @@ This is the data type representing the configuration
of auditd.
@item @code{audit} (default: @code{audit})
The audit package to use.
+@item @code{configuration-directory} (default:
@code{%default-auditd-configuration-directory})
+The directory containing the configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
+
@end table
@end deftp
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 8a92920..cffc226 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2020 Robin Green <greenrd@greenrd.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -26,29 +27,47 @@
#:use-module (guix gexp)
#:use-module (guix packages)
#:export (auditd-configuration
- auditd-service-type))
+ auditd-service-type
+ %default-auditd-configuration-directory))
-; /etc/audit/audit.rules
+(define auditd.conf
+ (plain-file "auditd.conf" "log_file = /var/log/audit.log\nlog_format = \
+ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
+syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
+ignore\ndisk_error_action = syslog\n"))
-(define-configuration auditd-configuration
- (audit
- (package audit)
- "Audit package."))
+(define %default-auditd-configuration-directory
+ (computed-file "auditd"
+ #~(begin
+ (mkdir #$output)
+ (copy-file #$auditd.conf
+ (string-append #$output "/auditd.conf")))))
+
+(define-record-type* <auditd-configuration>
+ auditd-configuration make-auditd-configuration
+ auditd-configuration?
+ (audit auditd-configuration-audit
; package
+ (default audit))
+ (configuration-directory auditd-configuration-configuration-directory))
; file-like
(define (auditd-shepherd-service config)
- (let* ((audit (auditd-configuration-audit config)))
+ (let* ((audit (auditd-configuration-audit config))
+ (configuration-directory
(auditd-configuration-configuration-directory config)))
(list (shepherd-service
- (documentation "Auditd allows you to audit file system accesses.")
+ (documentation "Auditd allows you to audit file system accesses and
process execution.")
(provision '(auditd))
(start #~(make-forkexec-constructor
- (list (string-append #$audit "/sbin/auditd"))))
+ (list (string-append #$audit "/sbin/auditd") "-c"
#$configuration-directory)
+ #:pid-file "/var/run/auditd.pid"))
(stop #~(make-kill-destructor))))))
(define auditd-service-type
(service-type (name 'auditd)
- (description "Allows auditing file system accesses.")
+ (description "Allows auditing file system accesses and process
execution.")
(extensions
(list
(service-extension shepherd-root-service-type
auditd-shepherd-service)))
- (default-value (auditd-configuration))))
+ (default-value
+ (auditd-configuration
+ (configuration-directory
%default-auditd-configuration-directory)))))
- branch master updated (578a1d7 -> 1dba0b4), guix-commits, 2020/07/27
- 01/13: processes: Allow 'less' to properly estimate line length., guix-commits, 2020/07/27
- 02/13: machine: ssh: Check for potential system downgrades., guix-commits, 2020/07/27
- 03/13: gnu: guile-reader: Update to 0.6.3., guix-commits, 2020/07/27
- 04/13: gnu: guile-reader: Switch to Guile 3.0., guix-commits, 2020/07/27
- 05/13: services: Add 'unattended-upgrade-service-type'., guix-commits, 2020/07/27
- 06/13: services: auditd: Provide default configuration directory.,
guix-commits <=
- 08/13: gnu: Add libportal., guix-commits, 2020/07/27
- 10/13: gnu: Add xdg-desktop-portal., guix-commits, 2020/07/27
- 12/13: nls: Update 'fr' translation., guix-commits, 2020/07/27
- 09/13: gnu: pipewire@0.3: Update to 0.3.7., guix-commits, 2020/07/27
- 07/13: gnu: Add pipewire-0.3., guix-commits, 2020/07/27
- 13/13: maint: 'authenticate' runs the user's 'guix git authenticate'., guix-commits, 2020/07/27
- 11/13: gnu: Add xdg-desktop-portal-gtk., guix-commits, 2020/07/27