GNU bug report logs - #42427
[PATCH] services: Fix auditd startup.

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#42427: closed ([PATCH] services: Fix auditd startup.)
Date: Mon, 27 Jul 2020 09:32:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Mon, 27 Jul 2020 11:31:37 +0200
with message-id <87365d1eyu.fsf <at> gnu.org>
and subject line Re: [bug#42427] [PATCH] services: Fix auditd startup.
has caused the debbugs.gnu.org bug report #42427,
regarding [PATCH] services: Fix auditd startup.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
42427: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=42427
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Robin Green <greenrd <at> greenrd.org>
To: guix-patches <at> gnu.org
Cc: Robin Green <greenrd <at> greenrd.org>
Subject: [PATCH] services: Fix auditd startup.
Date: Sun, 19 Jul 2020 18:17:31 +0100

* gnu/services/auditd.scm: Make auditd start successfully in the default case.
* gnu/services/aux-files/auditd/auditd.conf: New file.
* doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
---
 doc/guix.texi                             | 11 +++++++--
 gnu/services/auditd.scm                   | 27 ++++++++++++++---------
 gnu/services/aux-files/auditd/auditd.conf |  9 ++++++++
 3 files changed, 34 insertions(+), 13 deletions(-)
 create mode 100644 gnu/services/aux-files/auditd/auditd.conf

diff --git a/doc/guix.texi b/doc/guix.texi
index 2c5c017eea..8c7c055ce0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27478,10 +27478,12 @@ Network access
 @command{auditctl} from the @code{audit} package can be used in order
 to add or remove events to be tracked (until the next reboot).
 In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
 @command{aureport} from the @code{audit} package can be used in order
 to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
 
 @end defvr
 
@@ -27493,6 +27495,11 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
+@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
+A directory containing a configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 8a9292015f..73db202bb6 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Danny Milosavljevic <dannym <at> scratchpost.org>
+;;; Copyright © 2020 Robin Green <greenrd <at> greenrd.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,27 +29,31 @@
   #:export (auditd-configuration
             auditd-service-type))
 
-; /etc/audit/audit.rules
-
-(define-configuration auditd-configuration
-  (audit
-   (package audit)
-   "Audit package."))
+(define-record-type* <auditd-configuration>
+  auditd-configuration make-auditd-configuration
+  auditd-configuration?
+  (audit           auditd-configuration-audit            ; package
+                   (default audit))
+  (configdir       auditd-configuration-configdir))      ; local-file
 
 (define (auditd-shepherd-service config)
-  (let* ((audit (auditd-configuration-audit config)))
+  (let* ((audit (auditd-configuration-audit config))
+         (configdir (auditd-configuration-configdir config)))
     (list (shepherd-service
-           (documentation "Auditd allows you to audit file system accesses.")
+           (documentation "Auditd allows you to audit file system accesses and process execution.")
            (provision '(auditd))
            (start #~(make-forkexec-constructor
-                     (list (string-append #$audit "/sbin/auditd"))))
+                     (list (string-append #$audit "/sbin/auditd") "-c" #$configdir)
+                     #:pid-file "/var/run/auditd.pid"))
            (stop #~(make-kill-destructor))))))
 
 (define auditd-service-type
   (service-type (name 'auditd)
-                (description "Allows auditing file system accesses.")
+                (description "Allows auditing file system accesses and process execution.")
                 (extensions
                  (list
                   (service-extension shepherd-root-service-type
                                      auditd-shepherd-service)))
-                (default-value (auditd-configuration))))
+                (default-value
+                  (auditd-configuration
+                   (configdir (local-file "aux-files/auditd" #:recursive? #t))))))
diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux-files/auditd/auditd.conf
new file mode 100644
index 0000000000..6e7555cf4c
--- /dev/null
+++ b/gnu/services/aux-files/auditd/auditd.conf
@@ -0,0 +1,9 @@
+log_file = /var/log/audit.log
+log_format = ENRICHED
+freq = 1
+space_left = 5%
+space_left_action = syslog
+admin_space_left_action = ignore
+disk_full_action = ignore
+disk_error_action = syslog
+
-- 
2.27.0

[Message part 3 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Robin Green <greenrd <at> greenrd.org>
Cc: 42427-done <at> debbugs.gnu.org
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
Date: Mon, 27 Jul 2020 11:31:37 +0200

[Message part 4 (text/plain, inline)]

Hi,

Robin Green <greenrd <at> greenrd.org> skribis:

>>From 2944613bee5a742b04c26a7c27d3a09f9047dbe5 Mon Sep 17 00:00:00 2001
> From: Robin Green <greenrd <at> greenrd.org>
> Date: Sun, 19 Jul 2020 08:32:31 +0100
> Subject: [PATCH] services: Fix auditd startup.
>
> * gnu/services/auditd.scm: Make auditd start successfully in the default case.
> * gnu/services/aux-files/auditd/auditd.conf: New file.
> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
> ---
>  doc/guix.texi           | 11 +++++++++--
>  gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++-----------
>  2 files changed, 39 insertions(+), 13 deletions(-)

Applied with the changes below and a tweaked commit log.

Thank you!

Ludo’.

[Message part 5 (text/x-patch, inline)]

diff --git a/doc/guix.texi b/doc/guix.texi
index 8b9eb791c7..d4557b360a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27629,8 +27629,8 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
-@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
-A directory containing a configuration file for the audit package, which
+@item @code{configuration-directory} (default: @code{%default-auditd-configuration-directory})
+The directory containing the configuration file for the audit package, which
 must be named @code{auditd.conf}, and optionally some audit rules to
 instantiate on startup.
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 1750614207..cffc226ec9 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -48,7 +48,7 @@ ignore\ndisk_error_action = syslog\n"))
   auditd-configuration?
   (audit                   auditd-configuration-audit                          ; package
                            (default audit))
-  (configuration-directory auditd-configuration-configuration-directory))      ; local-file
+  (configuration-directory auditd-configuration-configuration-directory))      ; file-like
 
 (define (auditd-shepherd-service config)
   (let* ((audit (auditd-configuration-audit config))

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.