From: fesoj000 <fesoj000@gmail.com>
To: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>,
54309@debbugs.gnu.org
Subject: [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd
Date: Thu, 10 Mar 2022 11:36:57 +0100 [thread overview]
Message-ID: <dc42a4cf-791a-1f0f-e8bc-66d498af63bd@gmail.com> (raw)
In-Reply-To: <ddafff6b38aba33f1e4a703114b243ac8273cb6c.camel@ist.tugraz.at>
Hi,
On 3/10/22 8:12 AM, Liliana Marie Prikler wrote:
> Hi,
>
> Am Mittwoch, dem 09.03.2022 um 22:00 +0100 schrieb fesoj000:
>> Use the upstream default log file for auditd.
>>
>> * gnu/services/auditd.scm: add auditd-activation function and extend
>> activation-service-type.
>> ---
>> gnu/services/auditd.scm | 17 ++++++++++++-----
>> 1 file changed, 12 insertions(+), 5 deletions(-)
>>
>> diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
>> index abde811f51..c88e974adb 100644
>> --- a/gnu/services/auditd.scm
>> +++ b/gnu/services/auditd.scm
>> @@ -31,10 +31,9 @@ (define-module (gnu services auditd)
>> %default-auditd-configuration-directory))
>>
>> (define auditd.conf
>> - (plain-file "auditd.conf" "log_file =
>> /var/log/audit.log\nlog_format = \
>> -ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
>> -syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
>> -ignore\ndisk_error_action = syslog\n"))
>> + (plain-file "auditd.conf" "log_format = ENRICHED\nfreq =
>> 1\nspace_left = 5% \
>> +\nspace_left_action = syslog\nadmin_space_left_action = ignore\
>> +\ndisk_full_action = ignore\ndisk_error_action = syslog\n"))
> I'm not sure what the rationale behind writing auditd.conf this way is,
> but note that can simply writethis as "\
> log_format = ENRICHED
> freq = 1
> space_left = 5%
> ..."
>
> Doing this, it would take up some more vertical real estate, but imho
> it'd be easier to read. We might also want to make some of these
> configurable later on, e.g. space_left, but that's not relevant to this
> patch set.
Sure, i will send a new patch later.
>> (define %default-auditd-configuration-directory
>> (computed-file "auditd"
>> @@ -50,6 +49,12 @@ (define-record-type* <auditd-configuration>
>> (default audit))
>> (configuration-directory auditd-configuration-configuration-
>> directory)) ; file-like
>>
>> +(define (auditd-activation config)
>> + (with-imported-modules '((guix build utils))
>> + #~(begin
>> + (use-modules (guix build utils))
>> + (mkdir-p "/var/log/audit"))))
> I think guix should already create this directory with the 700
> permissions auditd demands, to prevent any TOCTOU-style tampering.
Good point.
next prev parent reply other threads:[~2022-03-10 10:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 19:21 [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd fesoj000
2022-03-09 19:36 ` Maxime Devos
2022-03-09 20:44 ` fesoj000
2022-03-09 21:00 ` fesoj000
2022-03-10 7:12 ` Liliana Marie Prikler
2022-03-10 10:36 ` fesoj000 [this message]
2022-03-10 16:29 ` fesoj000
2022-03-18 19:17 ` [bug#54309] What is the process from here? fesoj000
2022-03-18 20:06 ` Liliana Marie Prikler
2022-03-18 21:48 ` fesoj000
2022-03-18 22:36 ` Liliana Marie Prikler
2022-03-19 11:10 ` fesoj000
2022-03-19 23:09 ` Maxime Devos
2022-03-22 16:50 ` fesoj000
2022-03-22 20:06 ` Liliana Marie Prikler
2022-03-19 11:34 ` [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd fesoj000
2022-03-19 23:13 ` Maxime Devos
2022-03-20 20:22 ` fesoj000
2022-03-20 20:30 ` Maxime Devos
2022-03-20 20:35 ` Maxime Devos
2022-03-23 20:22 ` [bug#54309] [PATCHv2] " fesoj000
2022-03-23 20:39 ` [bug#54309] [PATCHv3] " fesoj000
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc42a4cf-791a-1f0f-e8bc-66d498af63bd@gmail.com \
--to=fesoj000@gmail.com \
--cc=54309@debbugs.gnu.org \
--cc=liliana.prikler@ist.tugraz.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.