From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id oPt4HRWGFF8BTwAA0tVLHw (envelope-from ) for ; Sun, 19 Jul 2020 17:42:45 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id fRs5GRWGFF+3DgAA1q6Kng (envelope-from ) for ; Sun, 19 Jul 2020 17:42:45 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DB92C9403A0 for ; Sun, 19 Jul 2020 17:42:44 +0000 (UTC) Received: from localhost ([::1]:59784 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jxDKl-0003nW-T5 for larch@yhetil.org; Sun, 19 Jul 2020 13:42:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39850) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jxD4c-000090-UH for guix-patches@gnu.org; Sun, 19 Jul 2020 13:26:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49592) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jxD4c-0001Xo-Kd for guix-patches@gnu.org; Sun, 19 Jul 2020 13:26:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jxD4c-0004EN-HY for guix-patches@gnu.org; Sun, 19 Jul 2020 13:26:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42427] [PATCH] services: Fix auditd startup. Resent-From: Robin Green Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 19 Jul 2020 17:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 42427 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42427@debbugs.gnu.org Cc: Robin Green X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.159517953716210 (code B ref -1); Sun, 19 Jul 2020 17:26:02 +0000 Received: (at submit) by debbugs.gnu.org; 19 Jul 2020 17:25:37 +0000 Received: from localhost ([127.0.0.1]:32902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jxD4D-0004DN-Am for submit@debbugs.gnu.org; Sun, 19 Jul 2020 13:25:37 -0400 Received: from lists.gnu.org ([209.51.188.17]:40518) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jxD4B-0004DF-09 for submit@debbugs.gnu.org; Sun, 19 Jul 2020 13:25:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39802) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jxD4A-0008UD-QL for guix-patches@gnu.org; Sun, 19 Jul 2020 13:25:34 -0400 Received: from [67.214.175.87] (port=45950 helo=vpn.dnsexit.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jxD48-0001Rc-PP for guix-patches@gnu.org; Sun, 19 Jul 2020 13:25:34 -0400 Received: from mail.dnsexit.com (box2 [67.214.175.80]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vpn.dnsexit.com (Postfix) with ESMTPS id EB0166084E for ; Sun, 19 Jul 2020 13:17:58 -0400 (EDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.dnsexit.com (Postfix) with ESMTP id CFEAA3C161B for ; Sun, 19 Jul 2020 13:17:43 -0400 (EDT) X-Virus-Scanned: amavisd-new at dnsexit.com Received: from mail.dnsexit.com ([127.0.0.1]) by localhost (box2.dnsexit.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYxS6m0fA-K4; Sun, 19 Jul 2020 13:17:43 -0400 (EDT) Received: from localhost.localdomain (greenrd.plus.com [212.159.116.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.dnsexit.com (Postfix) with ESMTPSA id 6CE493C1635; Sun, 19 Jul 2020 13:17:41 -0400 (EDT) From: Robin Green Date: Sun, 19 Jul 2020 18:17:31 +0100 Message-Id: <20200719171731.7453-1-greenrd@greenrd.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 67.214.175.87 (failed) Received-SPF: pass client-ip=67.214.175.87; envelope-from=greenrd@greenrd.org; helo=vpn.dnsexit.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/19 13:17:51 X-ACL-Warn: Detected OS = Linux 3.1-3.10 [fuzzy] X-Spam_score_int: 26 X-Spam_score: 2.6 X-Spam_bar: ++ X-Spam_report: (2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, RCVD_IN_XBL=0.375, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: 2.2 (++) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: 1.2 (+) X-Mailman-Approved-At: Sun, 19 Jul 2020 13:42:40 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 4.29 X-TUID: dsZBJKWkE7Ku * gnu/services/auditd.scm: Make auditd start successfully in the default case. * gnu/services/aux-files/auditd/auditd.conf: New file. * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes. --- doc/guix.texi | 11 +++++++-- gnu/services/auditd.scm | 27 ++++++++++++++--------- gnu/services/aux-files/auditd/auditd.conf | 9 ++++++++ 3 files changed, 34 insertions(+), 13 deletions(-) create mode 100644 gnu/services/aux-files/auditd/auditd.conf diff --git a/doc/guix.texi b/doc/guix.texi index 2c5c017eea..8c7c055ce0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27478,10 +27478,12 @@ Network access @command{auditctl} from the @code{audit} package can be used in order to add or remove events to be tracked (until the next reboot). In order to permanently track events, put the command line arguments -of auditctl into @file{/etc/audit/audit.rules}. +of auditctl into a file called @code{audit.rules} in the configuration +directory (see below). @command{aureport} from the @code{audit} package can be used in order to view a report of all recorded events. -The audit daemon usually logs into the directory @file{/var/log/audit}. +The audit daemon by default logs into the file +@file{/var/log/audit.log}. @end defvr @@ -27493,6 +27495,11 @@ This is the data type representing the configuration of auditd. @item @code{audit} (default: @code{audit}) The audit package to use. +@item @code{configdir} (default: @code{(local-file "aux-files/auditd")}) +A directory containing a configuration file for the audit package, which +must be named @code{auditd.conf}, and optionally some audit rules to +instantiate on startup. + @end table @end deftp diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm index 8a9292015f..73db202bb6 100644 --- a/gnu/services/auditd.scm +++ b/gnu/services/auditd.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019 Danny Milosavljevic +;;; Copyright © 2020 Robin Green ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,27 +29,31 @@ #:export (auditd-configuration auditd-service-type)) -; /etc/audit/audit.rules - -(define-configuration auditd-configuration - (audit - (package audit) - "Audit package.")) +(define-record-type* + auditd-configuration make-auditd-configuration + auditd-configuration? + (audit auditd-configuration-audit ; package + (default audit)) + (configdir auditd-configuration-configdir)) ; local-file (define (auditd-shepherd-service config) - (let* ((audit (auditd-configuration-audit config))) + (let* ((audit (auditd-configuration-audit config)) + (configdir (auditd-configuration-configdir config))) (list (shepherd-service - (documentation "Auditd allows you to audit file system accesses.") + (documentation "Auditd allows you to audit file system accesses and process execution.") (provision '(auditd)) (start #~(make-forkexec-constructor - (list (string-append #$audit "/sbin/auditd")))) + (list (string-append #$audit "/sbin/auditd") "-c" #$configdir) + #:pid-file "/var/run/auditd.pid")) (stop #~(make-kill-destructor)))))) (define auditd-service-type (service-type (name 'auditd) - (description "Allows auditing file system accesses.") + (description "Allows auditing file system accesses and process execution.") (extensions (list (service-extension shepherd-root-service-type auditd-shepherd-service))) - (default-value (auditd-configuration)))) + (default-value + (auditd-configuration + (configdir (local-file "aux-files/auditd" #:recursive? #t)))))) diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux-files/auditd/auditd.conf new file mode 100644 index 0000000000..6e7555cf4c --- /dev/null +++ b/gnu/services/aux-files/auditd/auditd.conf @@ -0,0 +1,9 @@ +log_file = /var/log/audit.log +log_format = ENRICHED +freq = 1 +space_left = 5% +space_left_action = syslog +admin_space_left_action = ignore +disk_full_action = ignore +disk_error_action = syslog + -- 2.27.0