Hi,
Am Mittwoch, dem 09.03.2022 um 22:00 +0100 schrieb fesoj000:
Use the upstream default log file for auditd.
* gnu/services/auditd.scm: add auditd-activation function and extend
activation-service-type.
---
gnu/services/auditd.scm | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index abde811f51..c88e974adb 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -31,10 +31,9 @@ (define-module (gnu services auditd)
%default-auditd-configuration-directory))
(define auditd.conf
- (plain-file "auditd.conf" "log_file =
/var/log/audit.log\nlog_format = \
-ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
-syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
-ignore\ndisk_error_action = syslog\n"))
+ (plain-file "auditd.conf" "log_format = ENRICHED\nfreq =
1\nspace_left = 5% \
+\nspace_left_action = syslog\nadmin_space_left_action = ignore\
+\ndisk_full_action = ignore\ndisk_error_action = syslog\n"))
I'm not sure what the rationale behind writing auditd.conf this way is,
but note that can simply writethis as "\
log_format = ENRICHED
freq = 1
space_left = 5%
..."
Doing this, it would take up some more vertical real estate, but imho
it'd be easier to read. We might also want to make some of these
configurable later on, e.g. space_left, but that's not relevant to this
patch set.
(define %default-auditd-configuration-directory
(computed-file "auditd"
@@ -50,6 +49,12 @@ (define-record-type* <auditd-configuration>
(default audit))
(configuration-directory auditd-configuration-configuration-
directory)) ; file-like
+(define (auditd-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p "/var/log/audit"))))
I think guix should already create this directory with the 700
permissions auditd demands, to prevent any TOCTOU-style tampering.