GNU bug report logs -
#36086
[PATCH] services: Add auditd.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 36086 in the body.
You can then email your comments to 36086 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#36086; Package
guix-patches.
(Tue, 04 Jun 2019 07:35:06 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Danny Milosavljevic <dannym <at> scratchpost.org>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 04 Jun 2019 07:35:09 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/services/auditd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
---
doc/guix.texi | 24 +++++++++++++++++++
gnu/local.mk | 1 +
gnu/services/auditd.scm | 53 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 78 insertions(+)
create mode 100644 gnu/services/auditd.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index c01eb3a656..5cdd631738 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24105,6 +24105,30 @@ The Containerd package to use.
@end table
@end deftp
+@cindex Audit
+@subsubheading Auditd Service
+
+The @code{(gnu services auditd)} module provides the following service.
+
+@defvr {Scheme Variable} auditd-service-type
+
+This is the type of the service that runs
+@url{https://people.redhat.com/sgrubb/audit/,auditd},
+a daemon that track security-relevant information on your system.
+
+@end defvr
+
+@deftp {Data Type} auditd-configuration
+This is the data type representing the configuration of auditd.
+
+@table @asis
+
+@item @code{audit} (default: @code{audit})
+The audit package to use.
+
+@end table
+@end deftp
+
@node Setuid Programs
@section Setuid Programs
diff --git a/gnu/local.mk b/gnu/local.mk
index 55a8fcd361..9ab74a3e0f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES = \
%D%/services.scm \
%D%/services/admin.scm \
%D%/services/audio.scm \
+ %D%/services/auditd.scm \
%D%/services/avahi.scm \
%D%/services/base.scm \
%D%/services/certbot.scm \
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
new file mode 100644
index 0000000000..1c3ee7d421
--- /dev/null
+++ b/gnu/services/auditd.scm
@@ -0,0 +1,53 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Danny Milosavljevic <dannym <at> scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services auditd)
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services base)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu packages admin)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:export (auditd-configuration
+ auditd-service-type))
+
+; /etc/audit/audit.rules
+
+(define-configuration auditd-configuration
+ (audit
+ (package audit)
+ "Audit package."))
+
+(define (auditd-shepherd-service config)
+ (let* ((audit (auditd-configuration-audit config)))
+ (list (shepherd-service
+ (documentation "Auditd allows you to audit file system accesses.")
+ (provision '(auditd))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$audit "/sbin/auditd"))))
+ (stop #~(make-kill-destructor))))))
+
+(define auditd-service-type
+ (service-type (name 'auditd)
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type
+ auditd-shepherd-service)))
+ (default-value (auditd-configuration))))
Information forwarded
to
guix-patches <at> gnu.org:
bug#36086; Package
guix-patches.
(Thu, 06 Jun 2019 10:58:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 36086 <at> debbugs.gnu.org (full text, mbox):
Hi Danny,
Danny Milosavljevic <dannym <at> scratchpost.org> skribis:
> * gnu/services/auditd.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> * doc/guix.texi (Miscellaneous Services): Document it.
[...]
> +The @code{(gnu services auditd)} module provides the following service.
> +
> +@defvr {Scheme Variable} auditd-service-type
> +
> +This is the type of the service that runs
> +@url{https://people.redhat.com/sgrubb/audit/,auditd},
> +a daemon that track security-relevant information on your system.
^^
“tracks”
Could you add a few words, like whether/how it logs events, what kind of
events it tracks, etc.?
> +; /etc/audit/audit.rules
> +
> +(define-configuration auditd-configuration
> + (audit
> + (package audit)
> + "Audit package."))
I suppose this record could eventually be extended, right?
> +(define auditd-service-type
> + (service-type (name 'auditd)
> + (extensions
> + (list
> + (service-extension shepherd-root-service-type
> + auditd-shepherd-service)))
> + (default-value (auditd-configuration))))
Please add a ‘description’.
Otherwise LGTM, thanks!
Ludo’.
Reply sent
to
Danny Milosavljevic <dannym <at> scratchpost.org>:
You have taken responsibility.
(Thu, 06 Jun 2019 20:28:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Danny Milosavljevic <dannym <at> scratchpost.org>:
bug acknowledged by developer.
(Thu, 06 Jun 2019 20:28:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 36086-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Ludo,
On Thu, 06 Jun 2019 12:57:25 +0200
Ludovic Courtès <ludo <at> gnu.org> wrote:
> I suppose this record could eventually be extended, right?
Sure, but I don't know enough yet.
The intended way to use the configuration in the Guix operating-system form
is by default configuration--so it shouldn't limit us in the future.
Thanks for the review!
Pushed as commit 07023ebc1892a559cad1f80235a4afb0955b29ab.
[Message part 2 (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 05 Jul 2019 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 350 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.