GNU bug report logs -
#54309
[PATCH] services: auditd: use exclusive log directory for auditd
Previous Next
Full log
View this message in rfc822 format
Hi,
Am Mittwoch, dem 09.03.2022 um 22:00 +0100 schrieb fesoj000:
> Use the upstream default log file for auditd.
>
> * gnu/services/auditd.scm: add auditd-activation function and extend
> activation-service-type.
> ---
> gnu/services/auditd.scm | 17 ++++++++++++-----
> 1 file changed, 12 insertions(+), 5 deletions(-)
>
> diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
> index abde811f51..c88e974adb 100644
> --- a/gnu/services/auditd.scm
> +++ b/gnu/services/auditd.scm
> @@ -31,10 +31,9 @@ (define-module (gnu services auditd)
> %default-auditd-configuration-directory))
>
> (define auditd.conf
> - (plain-file "auditd.conf" "log_file =
> /var/log/audit.log\nlog_format = \
> -ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
> -syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
> -ignore\ndisk_error_action = syslog\n"))
> + (plain-file "auditd.conf" "log_format = ENRICHED\nfreq =
> 1\nspace_left = 5% \
> +\nspace_left_action = syslog\nadmin_space_left_action = ignore\
> +\ndisk_full_action = ignore\ndisk_error_action = syslog\n"))
I'm not sure what the rationale behind writing auditd.conf this way is,
but note that can simply writethis as "\
log_format = ENRICHED
freq = 1
space_left = 5%
..."
Doing this, it would take up some more vertical real estate, but imho
it'd be easier to read. We might also want to make some of these
configurable later on, e.g. space_left, but that's not relevant to this
patch set.
> (define %default-auditd-configuration-directory
> (computed-file "auditd"
> @@ -50,6 +49,12 @@ (define-record-type* <auditd-configuration>
> (default audit))
> (configuration-directory auditd-configuration-configuration-
> directory)) ; file-like
>
> +(define (auditd-activation config)
> + (with-imported-modules '((guix build utils))
> + #~(begin
> + (use-modules (guix build utils))
> + (mkdir-p "/var/log/audit"))))
I think guix should already create this directory with the 700
permissions auditd demands, to prevent any TOCTOU-style tampering.
Cheers
This bug report was last modified 3 years and 85 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.