[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#54309] [PATCH] services: auditd: use exclusive log directory for au
From: |
Liliana Marie Prikler |
Subject: |
[bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd |
Date: |
Thu, 10 Mar 2022 08:12:38 +0100 |
User-agent: |
Evolution 3.42.1 |
Hi,
Am Mittwoch, dem 09.03.2022 um 22:00 +0100 schrieb fesoj000:
> Use the upstream default log file for auditd.
>
> * gnu/services/auditd.scm: add auditd-activation function and extend
> activation-service-type.
> ---
> gnu/services/auditd.scm | 17 ++++++++++++-----
> 1 file changed, 12 insertions(+), 5 deletions(-)
>
> diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
> index abde811f51..c88e974adb 100644
> --- a/gnu/services/auditd.scm
> +++ b/gnu/services/auditd.scm
> @@ -31,10 +31,9 @@ (define-module (gnu services auditd)
> %default-auditd-configuration-directory))
>
> (define auditd.conf
> - (plain-file "auditd.conf" "log_file =
> /var/log/audit.log\nlog_format = \
> -ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
> -syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
> -ignore\ndisk_error_action = syslog\n"))
> + (plain-file "auditd.conf" "log_format = ENRICHED\nfreq =
> 1\nspace_left = 5% \
> +\nspace_left_action = syslog\nadmin_space_left_action = ignore\
> +\ndisk_full_action = ignore\ndisk_error_action = syslog\n"))
I'm not sure what the rationale behind writing auditd.conf this way is,
but note that can simply writethis as "\
log_format = ENRICHED
freq = 1
space_left = 5%
..."
Doing this, it would take up some more vertical real estate, but imho
it'd be easier to read. We might also want to make some of these
configurable later on, e.g. space_left, but that's not relevant to this
patch set.
> (define %default-auditd-configuration-directory
> (computed-file "auditd"
> @@ -50,6 +49,12 @@ (define-record-type* <auditd-configuration>
> (default audit))
> (configuration-directory auditd-configuration-configuration-
> directory)) ; file-like
>
> +(define (auditd-activation config)
> + (with-imported-modules '((guix build utils))
> + #~(begin
> + (use-modules (guix build utils))
> + (mkdir-p "/var/log/audit"))))
I think guix should already create this directory with the 700
permissions auditd demands, to prevent any TOCTOU-style tampering.
Cheers
- [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd, fesoj000, 2022/03/09
- [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd, Maxime Devos, 2022/03/09
- [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd, fesoj000, 2022/03/09
- [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd,
Liliana Marie Prikler <=
- [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd, fesoj000, 2022/03/10
- [bug#54309] What is the process from here?, fesoj000, 2022/03/18
- [bug#54309] What is the process from here?, Liliana Marie Prikler, 2022/03/18
- [bug#54309] What is the process from here?, fesoj000, 2022/03/18
- [bug#54309] What is the process from here?, Liliana Marie Prikler, 2022/03/18
- [bug#54309] What is the process from here?, fesoj000, 2022/03/19
- [bug#54309] What is the process from here?, Maxime Devos, 2022/03/19
- [bug#54309] What is the process from here?, fesoj000, 2022/03/22
- [bug#54309] What is the process from here?, Liliana Marie Prikler, 2022/03/22