From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 19 13:25:37 2020
Received: (at submit) by debbugs.gnu.org; 19 Jul 2020 17:25:37 +0000
Received: from localhost ([127.0.0.1]:32902 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1jxD4D-0004DN-Am
	for submit@debbugs.gnu.org; Sun, 19 Jul 2020 13:25:37 -0400
Received: from lists.gnu.org ([209.51.188.17]:40518)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <greenrd@greenrd.org>) id 1jxD4B-0004DF-09
 for submit@debbugs.gnu.org; Sun, 19 Jul 2020 13:25:36 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39802)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <greenrd@greenrd.org>)
 id 1jxD4A-0008UD-QL
 for guix-patches@gnu.org; Sun, 19 Jul 2020 13:25:34 -0400
Received: from [67.214.175.87] (port=45950 helo=vpn.dnsexit.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <greenrd@greenrd.org>)
 id 1jxD48-0001Rc-PP
 for guix-patches@gnu.org; Sun, 19 Jul 2020 13:25:34 -0400
Received: from mail.dnsexit.com (box2 [67.214.175.80])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by vpn.dnsexit.com (Postfix) with ESMTPS id EB0166084E
 for <guix-patches@gnu.org>; Sun, 19 Jul 2020 13:17:58 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
 by mail.dnsexit.com (Postfix) with ESMTP id CFEAA3C161B
 for <guix-patches@gnu.org>; Sun, 19 Jul 2020 13:17:43 -0400 (EDT)
X-Virus-Scanned: amavisd-new at dnsexit.com
Received: from mail.dnsexit.com ([127.0.0.1])
 by localhost (box2.dnsexit.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZYxS6m0fA-K4; Sun, 19 Jul 2020 13:17:43 -0400 (EDT)
Received: from localhost.localdomain (greenrd.plus.com [212.159.116.150])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.dnsexit.com (Postfix) with ESMTPSA id 6CE493C1635;
 Sun, 19 Jul 2020 13:17:41 -0400 (EDT)
From: Robin Green <greenrd@greenrd.org>
To: guix-patches@gnu.org
Subject: [PATCH] services: Fix auditd startup.
Date: Sun, 19 Jul 2020 18:17:31 +0100
Message-Id: <20200719171731.7453-1-greenrd@greenrd.org>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 67.214.175.87 (failed)
Received-SPF: pass client-ip=67.214.175.87; envelope-from=greenrd@greenrd.org;
 helo=vpn.dnsexit.com
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/19 13:17:51
X-ACL-Warn: Detected OS   = Linux 3.1-3.10 [fuzzy]
X-Spam_score_int: 26
X-Spam_score: 2.6
X-Spam_bar: ++
X-Spam_report: (2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335,
 RCVD_IN_XBL=0.375, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 2.2 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  * gnu/services/auditd.scm: Make auditd start successfully
 in the default case. * gnu/services/aux-files/auditd/auditd.conf: New file.
 * doc/guix.texi (Miscellaneous Services): Update docs to reflect c [...] 
 Content analysis details:   (2.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
 [67.214.175.87 listed in zen.spamhaus.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [209.51.188.17 listed in list.dnswl.org]
 0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
 [209.51.188.17 listed in wl.mailspike.net]
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: submit
Cc: Robin Green <greenrd@greenrd.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/services/auditd.scm: Make auditd start successfully
   in the default case. * gnu/services/aux-files/auditd/auditd.conf: New file.
    * doc/guix.texi (Miscellaneous Services): Update docs to reflect c [...] 
 
 Content analysis details:   (1.2 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
                             [209.51.188.17 listed in wl.mailspike.net]
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
                             medium trust
                             [209.51.188.17 listed in list.dnswl.org]
  3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                             [67.214.175.87 listed in zen.spamhaus.org]
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders

* gnu/services/auditd.scm: Make auditd start successfully in the default case.
* gnu/services/aux-files/auditd/auditd.conf: New file.
* doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
---
 doc/guix.texi                             | 11 +++++++--
 gnu/services/auditd.scm                   | 27 ++++++++++++++---------
 gnu/services/aux-files/auditd/auditd.conf |  9 ++++++++
 3 files changed, 34 insertions(+), 13 deletions(-)
 create mode 100644 gnu/services/aux-files/auditd/auditd.conf

diff --git a/doc/guix.texi b/doc/guix.texi
index 2c5c017eea..8c7c055ce0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27478,10 +27478,12 @@ Network access
 @command{auditctl} from the @code{audit} package can be used in order
 to add or remove events to be tracked (until the next reboot).
 In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
 @command{aureport} from the @code{audit} package can be used in order
 to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
 
 @end defvr
 
@@ -27493,6 +27495,11 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
+@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
+A directory containing a configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 8a9292015f..73db202bb6 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2020 Robin Green <greenrd@greenrd.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,27 +29,31 @@
   #:export (auditd-configuration
             auditd-service-type))
 
-; /etc/audit/audit.rules
-
-(define-configuration auditd-configuration
-  (audit
-   (package audit)
-   "Audit package."))
+(define-record-type* <auditd-configuration>
+  auditd-configuration make-auditd-configuration
+  auditd-configuration?
+  (audit           auditd-configuration-audit            ; package
+                   (default audit))
+  (configdir       auditd-configuration-configdir))      ; local-file
 
 (define (auditd-shepherd-service config)
-  (let* ((audit (auditd-configuration-audit config)))
+  (let* ((audit (auditd-configuration-audit config))
+         (configdir (auditd-configuration-configdir config)))
     (list (shepherd-service
-           (documentation "Auditd allows you to audit file system accesses.")
+           (documentation "Auditd allows you to audit file system accesses and process execution.")
            (provision '(auditd))
            (start #~(make-forkexec-constructor
-                     (list (string-append #$audit "/sbin/auditd"))))
+                     (list (string-append #$audit "/sbin/auditd") "-c" #$configdir)
+                     #:pid-file "/var/run/auditd.pid"))
            (stop #~(make-kill-destructor))))))
 
 (define auditd-service-type
   (service-type (name 'auditd)
-                (description "Allows auditing file system accesses.")
+                (description "Allows auditing file system accesses and process execution.")
                 (extensions
                  (list
                   (service-extension shepherd-root-service-type
                                      auditd-shepherd-service)))
-                (default-value (auditd-configuration))))
+                (default-value
+                  (auditd-configuration
+                   (configdir (local-file "aux-files/auditd" #:recursive? #t))))))
diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux-files/auditd/auditd.conf
new file mode 100644
index 0000000000..6e7555cf4c
--- /dev/null
+++ b/gnu/services/aux-files/auditd/auditd.conf
@@ -0,0 +1,9 @@
+log_file = /var/log/audit.log
+log_format = ENRICHED
+freq = 1
+space_left = 5%
+space_left_action = syslog
+admin_space_left_action = ignore
+disk_full_action = ignore
+disk_error_action = syslog
+
-- 
2.27.0





From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 22 18:07:40 2020
Received: (at 42427) by debbugs.gnu.org; 22 Jul 2020 22:07:40 +0000
Received: from localhost ([127.0.0.1]:43305 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1jyMtn-0007LR-W2
	for submit@debbugs.gnu.org; Wed, 22 Jul 2020 18:07:40 -0400
Received: from eggs.gnu.org ([209.51.188.92]:38860)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1jyMtm-0007LF-JZ
 for 42427@debbugs.gnu.org; Wed, 22 Jul 2020 18:07:39 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57004)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1jyMte-0002Iu-W1; Wed, 22 Jul 2020 18:07:32 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57886 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1jyMte-0007pS-H1; Wed, 22 Jul 2020 18:07:30 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Robin Green <greenrd@greenrd.org>
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
References: <20200719171731.7453-1-greenrd@greenrd.org>
Date: Thu, 23 Jul 2020 00:07:28 +0200
In-Reply-To: <20200719171731.7453-1-greenrd@greenrd.org> (Robin Green's
 message of "Sun, 19 Jul 2020 18:17:31 +0100")
Message-ID: <87zh7rfbkv.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42427
Cc: 42427@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Robin,

Robin Green <greenrd@greenrd.org> skribis:

> * gnu/services/auditd.scm: Make auditd start successfully in the default =
case.
> * gnu/services/aux-files/auditd/auditd.conf: New file.
> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.

Nice, it=E2=80=99s a good idea.  Some comments below:

> -(define-configuration auditd-configuration
> -  (audit
> -   (package audit)
> -   "Audit package."))
> +(define-record-type* <auditd-configuration>

I think we should keep using =E2=80=98define-configuration=E2=80=99, unless=
 there=E2=80=99s a
good reason to change.  WDYT?

> +  auditd-configuration make-auditd-configuration
> +  auditd-configuration?
> +  (audit           auditd-configuration-audit            ; package
> +                   (default audit))
> +  (configdir       auditd-configuration-configdir))      ; local-file

s/configdir/configuration-directory/, to be consistent with the rest of
the code.  You can also set its default value.

> +                  (auditd-configuration
> +                   (configdir (local-file "aux-files/auditd" #:recursive=
? #t))))))
> diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux=
-files/auditd/auditd.conf
> new file mode 100644
> index 0000000000..6e7555cf4c
> --- /dev/null
> +++ b/gnu/services/aux-files/auditd/auditd.conf

Since it=E2=80=99s a small file, I have a slight preference for using
=E2=80=98plain-file=E2=80=99 + =E2=80=98computed-file=E2=80=99:

  (define auditd.conf
    (plain-file =E2=80=A6))

  (define %default-auditd-configuration-directory ;make it public
    (computed-file "auditd"
                   #~(begin
                       (mkdir #$output)
                       (copy-file #$auditd.conf
                                  (string-append #$output "/auditd.conf")))=
))

WDYT?

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 26 12:28:58 2020
Received: (at 42427) by debbugs.gnu.org; 26 Jul 2020 16:28:59 +0000
Received: from localhost ([127.0.0.1]:53367 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1jzjWE-0002iy-HS
	for submit@debbugs.gnu.org; Sun, 26 Jul 2020 12:28:58 -0400
Received: from [67.214.171.71] (port=40059 helo=mail.dnsexit.com)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <greenrd@greenrd.org>) id 1jzjWA-0002im-Dp
 for 42427@debbugs.gnu.org; Sun, 26 Jul 2020 12:28:56 -0400
Received: from guix (greenrd.plus.com [212.159.116.150])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.dnsexit.com (Postfix) with ESMTPSA id 3D5F93C0FD6
 for <42427@debbugs.gnu.org>; Sun, 26 Jul 2020 12:28:47 -0400 (EDT)
From: Robin Green <greenrd@greenrd.org>
To: 42427@debbugs.gnu.org
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
Date: Sun, 26 Jul 2020 17:28:49 +0100
Message-ID: <87k0yqxmta.fsf@greenrd.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  On 2020-07-22 23:07, Ludovic Courtès wrote: > Hello Robin,
    Hi > Robin Green <greenrd@greenrd.org> skribis: > >> * gnu/services/auditd.scm:
    Make auditd start successfully in the default case. >> * gnu/services/aux-files/auditd/auditd.conf:
    New file. >> * doc/guix [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
  1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
X-Debbugs-Envelope-To: 42427
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2020-07-22 23:07, Ludovic Court=C3=A8s wrote:
> Hello Robin,

Hi

> Robin Green <greenrd@greenrd.org> skribis:
>=20
>> * gnu/services/auditd.scm: Make auditd start successfully in the default=
 case.
>> * gnu/services/aux-files/auditd/auditd.conf: New file.
>> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
>=20
> Nice, it=E2=80=99s a good idea.  Some comments below:
>=20
>> -(define-configuration auditd-configuration
>> -  (audit
>> -   (package audit)
>> -   "Audit package."))
>> +(define-record-type* <auditd-configuration>
>=20
> I think we should keep using =E2=80=98define-configuration=E2=80=99, unle=
ss there=E2=80=99s a
> good reason to change.  WDYT?

I couldn't get it to work with =E2=80=98define-configuration=E2=80=99 - I k=
ept getting
errors. I asked on #guix, and it was suggested that I do it this way
instead.

>> +  auditd-configuration make-auditd-configuration
>> +  auditd-configuration?
>> +  (audit           auditd-configuration-audit            ; package
>> +                   (default audit))
>> +  (configdir       auditd-configuration-configdir))      ; local-file
>=20
> s/configdir/configuration-directory/, to be consistent with the rest of
> the code.

Done

> You can also set its default value.

I don't see the value in doing that, because the default is already set
elsewhere, and if the user wants to use a different package, they
probably also want to use a different configuration file than the
default one!

>=20
>> +                  (auditd-configuration
>> +                   (configdir (local-file "aux-files/auditd" #:recursiv=
e? #t))))))
>> diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/au=
x-files/auditd/auditd.conf
>> new file mode 100644
>> index 0000000000..6e7555cf4c
>> --- /dev/null
>> +++ b/gnu/services/aux-files/auditd/auditd.conf
>=20
> Since it=E2=80=99s a small file, I have a slight preference for using
> =E2=80=98plain-file=E2=80=99 + =E2=80=98computed-file=E2=80=99:
>=20
>   (define auditd.conf
>     (plain-file =E2=80=A6))
>=20
>   (define %default-auditd-configuration-directory ;make it public
>     (computed-file "auditd"
>                    #~(begin
>                        (mkdir #$output)
>                        (copy-file #$auditd.conf
>                                   (string-append #$output "/auditd.conf")=
))))
>=20
> WDYT?

Agreed - done


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline; filename=0001-services-Fix-auditd-startup.patch
Content-Transfer-Encoding: quoted-printable
Content-Description: [PATCH] services: Fix auditd startup.

>From 2944613bee5a742b04c26a7c27d3a09f9047dbe5 Mon Sep 17 00:00:00 2001
From: Robin Green <greenrd@greenrd.org>
Date: Sun, 19 Jul 2020 08:32:31 +0100
Subject: [PATCH] services: Fix auditd startup.

* gnu/services/auditd.scm: Make auditd start successfully in the default ca=
se.
* gnu/services/aux-files/auditd/auditd.conf: New file.
* doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
---
 doc/guix.texi           | 11 +++++++++--
 gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++-----------
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 2c5c017eea..8c7c055ce0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27478,10 +27478,12 @@ Network access
 @command{auditctl} from the @code{audit} package can be used in order
 to add or remove events to be tracked (until the next reboot).
 In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
 @command{aureport} from the @code{audit} package can be used in order
 to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
=20
 @end defvr
=20
@@ -27493,6 +27495,11 @@ This is the data type representing the configurati=
on of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
=20
+@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
+A directory containing a configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
+
 @end table
 @end deftp
=20
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 8a9292015f..1750614207 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright =C2=A9 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright =C2=A9 2020 Robin Green <greenrd@greenrd.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,29 +27,47 @@
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:export (auditd-configuration
-            auditd-service-type))
+            auditd-service-type
+            %default-auditd-configuration-directory))
=20
-; /etc/audit/audit.rules
+(define auditd.conf
+  (plain-file "auditd.conf" "log_file =3D /var/log/audit.log\nlog_format =
=3D \
+ENRICHED\nfreq =3D 1\nspace_left =3D 5%\nspace_left_action =3D \
+syslog\nadmin_space_left_action =3D ignore\ndisk_full_action =3D \
+ignore\ndisk_error_action =3D syslog\n"))
=20
-(define-configuration auditd-configuration
-  (audit
-   (package audit)
-   "Audit package."))
+(define %default-auditd-configuration-directory
+  (computed-file "auditd"
+                 #~(begin
+                     (mkdir #$output)
+                     (copy-file #$auditd.conf
+                                (string-append #$output "/auditd.conf")))))
+
+(define-record-type* <auditd-configuration>
+  auditd-configuration make-auditd-configuration
+  auditd-configuration?
+  (audit                   auditd-configuration-audit                     =
     ; package
+                           (default audit))
+  (configuration-directory auditd-configuration-configuration-directory)) =
     ; local-file
=20
 (define (auditd-shepherd-service config)
-  (let* ((audit (auditd-configuration-audit config)))
+  (let* ((audit (auditd-configuration-audit config))
+         (configuration-directory (auditd-configuration-configuration-dire=
ctory config)))
     (list (shepherd-service
-           (documentation "Auditd allows you to audit file system accesses=
.")
+           (documentation "Auditd allows you to audit file system accesses=
 and process execution.")
            (provision '(auditd))
            (start #~(make-forkexec-constructor
-                     (list (string-append #$audit "/sbin/auditd"))))
+                     (list (string-append #$audit "/sbin/auditd") "-c" #$c=
onfiguration-directory)
+                     #:pid-file "/var/run/auditd.pid"))
            (stop #~(make-kill-destructor))))))
=20
 (define auditd-service-type
   (service-type (name 'auditd)
-                (description "Allows auditing file system accesses.")
+                (description "Allows auditing file system accesses and pro=
cess execution.")
                 (extensions
                  (list
                   (service-extension shepherd-root-service-type
                                      auditd-shepherd-service)))
-                (default-value (auditd-configuration))))
+                (default-value
+                  (auditd-configuration
+                   (configuration-directory %default-auditd-configuration-=
directory)))))
--=20
2.27.0


--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 27 05:31:49 2020
Received: (at 42427-done) by debbugs.gnu.org; 27 Jul 2020 09:31:49 +0000
Received: from localhost ([127.0.0.1]:54026 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1jzzU4-0006N9-RG
	for submit@debbugs.gnu.org; Mon, 27 Jul 2020 05:31:49 -0400
Received: from eggs.gnu.org ([209.51.188.92]:41790)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1jzzU2-0006Mx-N7
 for 42427-done@debbugs.gnu.org; Mon, 27 Jul 2020 05:31:47 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52869)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1jzzTv-0004Dy-Ia; Mon, 27 Jul 2020 05:31:40 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38852 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1jzzTv-0008RT-6M; Mon, 27 Jul 2020 05:31:39 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Robin Green <greenrd@greenrd.org>
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
References: <20200719171731.7453-1-greenrd@greenrd.org>
 <87k0yqxmta.fsf@greenrd.org>
Date: Mon, 27 Jul 2020 11:31:37 +0200
In-Reply-To: <87k0yqxmta.fsf@greenrd.org> (Robin Green's message of "Sun, 26
 Jul 2020 17:28:49 +0100")
Message-ID: <87365d1eyu.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42427-done
Cc: 42427-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi,

Robin Green <greenrd@greenrd.org> skribis:

>>>From 2944613bee5a742b04c26a7c27d3a09f9047dbe5 Mon Sep 17 00:00:00 2001
> From: Robin Green <greenrd@greenrd.org>
> Date: Sun, 19 Jul 2020 08:32:31 +0100
> Subject: [PATCH] services: Fix auditd startup.
>
> * gnu/services/auditd.scm: Make auditd start successfully in the default =
case.
> * gnu/services/aux-files/auditd/auditd.conf: New file.
> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
> ---
>  doc/guix.texi           | 11 +++++++++--
>  gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++-----------
>  2 files changed, 39 insertions(+), 13 deletions(-)

Applied with the changes below and a tweaked commit log.

Thank you!

Ludo=E2=80=99.


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline

diff --git a/doc/guix.texi b/doc/guix.texi
index 8b9eb791c7..d4557b360a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27629,8 +27629,8 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
-@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
-A directory containing a configuration file for the audit package, which
+@item @code{configuration-directory} (default: @code{%default-auditd-configuration-directory})
+The directory containing the configuration file for the audit package, which
 must be named @code{auditd.conf}, and optionally some audit rules to
 instantiate on startup.
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 1750614207..cffc226ec9 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -48,7 +48,7 @@ ignore\ndisk_error_action = syslog\n"))
   auditd-configuration?
   (audit                   auditd-configuration-audit                          ; package
                            (default audit))
-  (configuration-directory auditd-configuration-configuration-directory))      ; local-file
+  (configuration-directory auditd-configuration-configuration-directory))      ; file-like
 
 (define (auditd-shepherd-service config)
   (let* ((audit (auditd-configuration-audit config))

--=-=-=--




From unknown Fri Jun 20 18:18:59 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Mon, 24 Aug 2020 11:24:06 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator