From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id gN86H1OwHV+6UQAA0tVLHw (envelope-from ) for ; Sun, 26 Jul 2020 16:33:23 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id qGktG1OwHV+6IwAAB5/wlQ (envelope-from ) for ; Sun, 26 Jul 2020 16:33:23 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 71EBE94005D for ; Sun, 26 Jul 2020 16:33:22 +0000 (UTC) Received: from localhost ([::1]:53766 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jzjaR-00023x-Rm for larch@yhetil.org; Sun, 26 Jul 2020 12:33:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52934) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzjWL-0001Hx-Em for guix-patches@gnu.org; Sun, 26 Jul 2020 12:29:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41821) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jzjWH-0001pF-MX for guix-patches@gnu.org; Sun, 26 Jul 2020 12:29:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jzjWH-0002jG-J3 for guix-patches@gnu.org; Sun, 26 Jul 2020 12:29:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42427] [PATCH] services: Fix auditd startup. References: <20200719171731.7453-1-greenrd@greenrd.org> In-Reply-To: <20200719171731.7453-1-greenrd@greenrd.org> Resent-From: Robin Green Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 26 Jul 2020 16:29:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42427 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42427@debbugs.gnu.org Received: via spool by 42427-submit@debbugs.gnu.org id=B42427.159578093910481 (code B ref 42427); Sun, 26 Jul 2020 16:29:01 +0000 Received: (at 42427) by debbugs.gnu.org; 26 Jul 2020 16:28:59 +0000 Received: from localhost ([127.0.0.1]:53367 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jzjWE-0002iy-HS for submit@debbugs.gnu.org; Sun, 26 Jul 2020 12:28:58 -0400 Received: from [67.214.171.71] (port=40059 helo=mail.dnsexit.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jzjWA-0002im-Dp for 42427@debbugs.gnu.org; Sun, 26 Jul 2020 12:28:56 -0400 Received: from guix (greenrd.plus.com [212.159.116.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.dnsexit.com (Postfix) with ESMTPSA id 3D5F93C0FD6 for <42427@debbugs.gnu.org>; Sun, 26 Jul 2020 12:28:47 -0400 (EDT) From: Robin Green Date: Sun, 26 Jul 2020 17:28:49 +0100 Message-ID: <87k0yqxmta.fsf@greenrd.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.3 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: 0.3 (/) X-Mailman-Approved-At: Sun, 26 Jul 2020 12:33:12 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: oB6veMcACLOU --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2020-07-22 23:07, Ludovic Court=C3=A8s wrote: > Hello Robin, Hi > Robin Green skribis: >=20 >> * gnu/services/auditd.scm: Make auditd start successfully in the default= case. >> * gnu/services/aux-files/auditd/auditd.conf: New file. >> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes. >=20 > Nice, it=E2=80=99s a good idea. Some comments below: >=20 >> -(define-configuration auditd-configuration >> - (audit >> - (package audit) >> - "Audit package.")) >> +(define-record-type* >=20 > I think we should keep using =E2=80=98define-configuration=E2=80=99, unle= ss there=E2=80=99s a > good reason to change. WDYT? I couldn't get it to work with =E2=80=98define-configuration=E2=80=99 - I k= ept getting errors. I asked on #guix, and it was suggested that I do it this way instead. >> + auditd-configuration make-auditd-configuration >> + auditd-configuration? >> + (audit auditd-configuration-audit ; package >> + (default audit)) >> + (configdir auditd-configuration-configdir)) ; local-file >=20 > s/configdir/configuration-directory/, to be consistent with the rest of > the code. Done > You can also set its default value. I don't see the value in doing that, because the default is already set elsewhere, and if the user wants to use a different package, they probably also want to use a different configuration file than the default one! >=20 >> + (auditd-configuration >> + (configdir (local-file "aux-files/auditd" #:recursiv= e? #t)))))) >> diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/au= x-files/auditd/auditd.conf >> new file mode 100644 >> index 0000000000..6e7555cf4c >> --- /dev/null >> +++ b/gnu/services/aux-files/auditd/auditd.conf >=20 > Since it=E2=80=99s a small file, I have a slight preference for using > =E2=80=98plain-file=E2=80=99 + =E2=80=98computed-file=E2=80=99: >=20 > (define auditd.conf > (plain-file =E2=80=A6)) >=20 > (define %default-auditd-configuration-directory ;make it public > (computed-file "auditd" > #~(begin > (mkdir #$output) > (copy-file #$auditd.conf > (string-append #$output "/auditd.conf")= )))) >=20 > WDYT? Agreed - done --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-services-Fix-auditd-startup.patch Content-Transfer-Encoding: quoted-printable Content-Description: [PATCH] services: Fix auditd startup. >From 2944613bee5a742b04c26a7c27d3a09f9047dbe5 Mon Sep 17 00:00:00 2001 From: Robin Green Date: Sun, 19 Jul 2020 08:32:31 +0100 Subject: [PATCH] services: Fix auditd startup. * gnu/services/auditd.scm: Make auditd start successfully in the default ca= se. * gnu/services/aux-files/auditd/auditd.conf: New file. * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes. --- doc/guix.texi | 11 +++++++++-- gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++----------- 2 files changed, 39 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2c5c017eea..8c7c055ce0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27478,10 +27478,12 @@ Network access @command{auditctl} from the @code{audit} package can be used in order to add or remove events to be tracked (until the next reboot). In order to permanently track events, put the command line arguments -of auditctl into @file{/etc/audit/audit.rules}. +of auditctl into a file called @code{audit.rules} in the configuration +directory (see below). @command{aureport} from the @code{audit} package can be used in order to view a report of all recorded events. -The audit daemon usually logs into the directory @file{/var/log/audit}. +The audit daemon by default logs into the file +@file{/var/log/audit.log}. =20 @end defvr =20 @@ -27493,6 +27495,11 @@ This is the data type representing the configurati= on of auditd. @item @code{audit} (default: @code{audit}) The audit package to use. =20 +@item @code{configdir} (default: @code{(local-file "aux-files/auditd")}) +A directory containing a configuration file for the audit package, which +must be named @code{auditd.conf}, and optionally some audit rules to +instantiate on startup. + @end table @end deftp =20 diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm index 8a9292015f..1750614207 100644 --- a/gnu/services/auditd.scm +++ b/gnu/services/auditd.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2019 Danny Milosavljevic +;;; Copyright =C2=A9 2020 Robin Green ;;; ;;; This file is part of GNU Guix. ;;; @@ -26,29 +27,47 @@ #:use-module (guix gexp) #:use-module (guix packages) #:export (auditd-configuration - auditd-service-type)) + auditd-service-type + %default-auditd-configuration-directory)) =20 -; /etc/audit/audit.rules +(define auditd.conf + (plain-file "auditd.conf" "log_file =3D /var/log/audit.log\nlog_format = =3D \ +ENRICHED\nfreq =3D 1\nspace_left =3D 5%\nspace_left_action =3D \ +syslog\nadmin_space_left_action =3D ignore\ndisk_full_action =3D \ +ignore\ndisk_error_action =3D syslog\n")) =20 -(define-configuration auditd-configuration - (audit - (package audit) - "Audit package.")) +(define %default-auditd-configuration-directory + (computed-file "auditd" + #~(begin + (mkdir #$output) + (copy-file #$auditd.conf + (string-append #$output "/auditd.conf"))))) + +(define-record-type* + auditd-configuration make-auditd-configuration + auditd-configuration? + (audit auditd-configuration-audit = ; package + (default audit)) + (configuration-directory auditd-configuration-configuration-directory)) = ; local-file =20 (define (auditd-shepherd-service config) - (let* ((audit (auditd-configuration-audit config))) + (let* ((audit (auditd-configuration-audit config)) + (configuration-directory (auditd-configuration-configuration-dire= ctory config))) (list (shepherd-service - (documentation "Auditd allows you to audit file system accesses= .") + (documentation "Auditd allows you to audit file system accesses= and process execution.") (provision '(auditd)) (start #~(make-forkexec-constructor - (list (string-append #$audit "/sbin/auditd")))) + (list (string-append #$audit "/sbin/auditd") "-c" #$c= onfiguration-directory) + #:pid-file "/var/run/auditd.pid")) (stop #~(make-kill-destructor)))))) =20 (define auditd-service-type (service-type (name 'auditd) - (description "Allows auditing file system accesses.") + (description "Allows auditing file system accesses and pro= cess execution.") (extensions (list (service-extension shepherd-root-service-type auditd-shepherd-service))) - (default-value (auditd-configuration)))) + (default-value + (auditd-configuration + (configuration-directory %default-auditd-configuration-= directory))))) --=20 2.27.0 --=-=-=--