unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd
@ 2022-03-09 19:21 fesoj000
  2022-03-09 19:36 ` Maxime Devos
                   ` (6 more replies)
  0 siblings, 7 replies; 22+ messages in thread
From: fesoj000 @ 2022-03-09 19:21 UTC (permalink / raw)
  To: 54309

Currently auditd writes logs to /var/log/audit.log. This is a problem because
auditd changes the permissions of the directory audit.log lives in to
700. /var/log usually has 755, this is assumed by some services. postgresql
for example, fails when used together with auditd.

On redhat for example, auditd uses /var/log/audit/ as its log directory. This
change mirrors this behaviour.

* gnu/services/auditd.scm: add auditd-activation function and extend
activation-service-type.
---
  gnu/services/auditd.scm | 12 ++++++++++--
  1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index abde811f51..8478581999 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -31,7 +31,7 @@ (define-module (gnu services auditd)
              %default-auditd-configuration-directory))
  
  (define auditd.conf
-  (plain-file "auditd.conf" "log_file = /var/log/audit.log\nlog_format = \
+  (plain-file "auditd.conf" "log_file = /var/log/audit/audit.log\nlog_format = \
  ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
  syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
  ignore\ndisk_error_action = syslog\n"))
@@ -50,6 +50,12 @@ (define-record-type* <auditd-configuration>
                             (default audit))
    (configuration-directory auditd-configuration-configuration-directory))      ; file-like
  
+(define (auditd-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (mkdir-p "/var/log/audit"))))
+
  (define (auditd-shepherd-service config)
    (let* ((audit (auditd-configuration-audit config))
           (configuration-directory (auditd-configuration-configuration-directory config)))
@@ -67,7 +73,9 @@ (define auditd-service-type
                  (extensions
                   (list
                    (service-extension shepherd-root-service-type
-                                     auditd-shepherd-service)))
+                                     auditd-shepherd-service)
+                  (service-extension activation-service-type
+                                     auditd-activation)))
                  (default-value
                    (auditd-configuration
                     (configuration-directory %default-auditd-configuration-directory)))))
-- 
2.34.0





^ permalink raw reply related	[flat|nested] 22+ messages in thread

end of thread, other threads:[~2022-03-23 20:40 UTC | newest]

Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-09 19:21 [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd fesoj000
2022-03-09 19:36 ` Maxime Devos
2022-03-09 20:44   ` fesoj000
2022-03-09 21:00 ` fesoj000
2022-03-10  7:12   ` Liliana Marie Prikler
2022-03-10 10:36     ` fesoj000
2022-03-10 16:29 ` fesoj000
2022-03-18 19:17 ` [bug#54309] What is the process from here? fesoj000
2022-03-18 20:06   ` Liliana Marie Prikler
2022-03-18 21:48     ` fesoj000
2022-03-18 22:36       ` Liliana Marie Prikler
2022-03-19 11:10         ` fesoj000
2022-03-19 23:09         ` Maxime Devos
2022-03-22 16:50           ` fesoj000
2022-03-22 20:06             ` Liliana Marie Prikler
2022-03-19 11:34 ` [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd fesoj000
2022-03-19 23:13   ` Maxime Devos
2022-03-20 20:22     ` fesoj000
2022-03-20 20:30       ` Maxime Devos
2022-03-20 20:35         ` Maxime Devos
2022-03-23 20:22 ` [bug#54309] [PATCHv2] " fesoj000
2022-03-23 20:39 ` [bug#54309] [PATCHv3] " fesoj000

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).