GNU bug report logs -
#54309
[PATCH] services: auditd: use exclusive log directory for auditd
Previous Next
Full log
Message #20 received at 54309 <at> debbugs.gnu.org (full text, mbox):
Hi,
On 3/10/22 8:12 AM, Liliana Marie Prikler wrote:
> Hi,
>
> Am Mittwoch, dem 09.03.2022 um 22:00 +0100 schrieb fesoj000:
>> Use the upstream default log file for auditd.
>>
>> * gnu/services/auditd.scm: add auditd-activation function and extend
>> activation-service-type.
>> ---
>> gnu/services/auditd.scm | 17 ++++++++++++-----
>> 1 file changed, 12 insertions(+), 5 deletions(-)
>>
>> diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
>> index abde811f51..c88e974adb 100644
>> --- a/gnu/services/auditd.scm
>> +++ b/gnu/services/auditd.scm
>> @@ -31,10 +31,9 @@ (define-module (gnu services auditd)
>> %default-auditd-configuration-directory))
>>
>> (define auditd.conf
>> - (plain-file "auditd.conf" "log_file =
>> /var/log/audit.log\nlog_format = \
>> -ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
>> -syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
>> -ignore\ndisk_error_action = syslog\n"))
>> + (plain-file "auditd.conf" "log_format = ENRICHED\nfreq =
>> 1\nspace_left = 5% \
>> +\nspace_left_action = syslog\nadmin_space_left_action = ignore\
>> +\ndisk_full_action = ignore\ndisk_error_action = syslog\n"))
> I'm not sure what the rationale behind writing auditd.conf this way is,
> but note that can simply writethis as "\
> log_format = ENRICHED
> freq = 1
> space_left = 5%
> ..."
>
> Doing this, it would take up some more vertical real estate, but imho
> it'd be easier to read. We might also want to make some of these
> configurable later on, e.g. space_left, but that's not relevant to this
> patch set.
Sure, i will send a new patch later.
>> (define %default-auditd-configuration-directory
>> (computed-file "auditd"
>> @@ -50,6 +49,12 @@ (define-record-type* <auditd-configuration>
>> (default audit))
>> (configuration-directory auditd-configuration-configuration-
>> directory)) ; file-like
>>
>> +(define (auditd-activation config)
>> + (with-imported-modules '((guix build utils))
>> + #~(begin
>> + (use-modules (guix build utils))
>> + (mkdir-p "/var/log/audit"))))
> I think guix should already create this directory with the 700
> permissions auditd demands, to prevent any TOCTOU-style tampering.
Good point.
This bug report was last modified 3 years and 85 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.