From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id CM2NLgqlKWI4dQAAgWs5BA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 10 Mar 2022 08:13:14 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id cAFPKwqlKWIJqgAAauVa8A
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 10 Mar 2022 08:13:14 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 6BFAB3A854
	for <larch@yhetil.org>; Thu, 10 Mar 2022 08:13:14 +0100 (CET)
Received: from localhost ([::1]:49590 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1nSCz3-0006UL-Cj
	for larch@yhetil.org; Thu, 10 Mar 2022 02:13:13 -0500
Received: from eggs.gnu.org ([209.51.188.92]:46614)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nSCyt-0006UC-1E
 for guix-patches@gnu.org; Thu, 10 Mar 2022 02:13:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:39152)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nSCys-0008Py-OM
 for guix-patches@gnu.org; Thu, 10 Mar 2022 02:13:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nSCys-00072r-Hh
 for guix-patches@gnu.org; Thu, 10 Mar 2022 02:13:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#54309] [PATCH] services: auditd: use exclusive log directory for
 auditd
Resent-From: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 10 Mar 2022 07:13:02 +0000
Resent-Message-ID: <handler.54309.B54309.164689636427055@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 54309
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: fesoj000 <fesoj000@gmail.com>, 54309@debbugs.gnu.org
Received: via spool by 54309-submit@debbugs.gnu.org id=B54309.164689636427055
 (code B ref 54309); Thu, 10 Mar 2022 07:13:02 +0000
Received: (at 54309) by debbugs.gnu.org; 10 Mar 2022 07:12:44 +0000
Received: from localhost ([127.0.0.1]:33049 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nSCya-00072I-Im
 for submit@debbugs.gnu.org; Thu, 10 Mar 2022 02:12:44 -0500
Received: from mailrelay.tugraz.at ([129.27.2.202]:18705)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <liliana.prikler@ist.tugraz.at>) id 1nSCyY-00072A-R8
 for 54309@debbugs.gnu.org; Thu, 10 Mar 2022 02:12:43 -0500
Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4KDgHr1lmTz1LWp5;
 Thu, 10 Mar 2022 08:12:40 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4KDgHr1lmTz1LWp5
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1646896360;
 bh=1VudQc5a0uQuW1BsVmHAzS5+/bj3ccU2/VkOfSDu1gQ=;
 h=Subject:From:To:Date:In-Reply-To:References:From;
 b=lerqVRUD+qxU52GCXfTy0fwql4BqOKxZyDZdqz4ndom4gteXU+awF18gKoG5gGTkV
 Q8rZCIIFVSbYzc07RNumTrhjYUqHArIY1bLs56AS8oOxhUbS6u9LMeA9Te6pMVm443
 CCcZIJMo30LpYuoCm5XETX5BnRzXoq11fAKK8lIo=
Message-ID: <ddafff6b38aba33f1e4a703114b243ac8273cb6c.camel@ist.tugraz.at>
From: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
Date: Thu, 10 Mar 2022 08:12:38 +0100
In-Reply-To: <b2d2cc9b-0c3f-b5a3-e564-76ab8f17459f@gmail.com>
References: <b2d2cc9b-0c3f-b5a3-e564-76ab8f17459f@gmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.1 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1646896394;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=1VudQc5a0uQuW1BsVmHAzS5+/bj3ccU2/VkOfSDu1gQ=;
	b=Dlv22s+b1G+tWB/XkP7EUfmYS3FqNi664weiSOY0owEMntlt0/6mjJNxKiUGDB5eaDv0+d
	kY42rtLsTmdC4DrVTsBp8v46CkGSzpeKTD0ykk61xwBAvUhO1La9YkmrglsCVOd8VHoblM
	/sJmorfVUREAy9d/vIVti2uuIBiOTVzyLoHB+tPidFONO5Sa881+a6lWoQB0brgPWOe/XU
	tHXTvSacgh1VhajHPec7XedxcaAzV6YEJBAA1G2tWj+WYn6dUjpjXxm/nSuK/iTqAMu6N0
	9AtVduh5xT13g0INaLFL8jRl6pRXspiObApWtHuiwPalCKC+nRvclHydp3Scvw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1646896394; a=rsa-sha256; cv=none;
	b=Fxom/0TIDc9PfuVUjOV+SIDIOleP5D2XSqp/hXYvny4StwWqQ2+G6KaZh94/x+xJccKYlQ
	iceI8RsG9JqKLO4zEQDYkyuF2B+UxetpVFvpmuNT+pQzwCuoYX3OjY6FHjnUUDMBGzag+W
	26NQp6j22JxOhL3uvhjkDNpTHTuvrziF7W0SsqYUe1zozAZnlZzPYwJWqqhu7b0cR6Ff19
	2i1lz+iLpUWqqayAn20AJdWyi/SpN+/9hgQjAPVuRtPiFtRXXs97d74C1sdcLSY10wwKlc
	74SS3OjhvN2zeddI3wSnBO3BQUlNuzOitPR4Lc5rmoycP9ebbBynR+JhB33+zQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=tugraz.at header.s=mailrelay header.b=lerqVRUD;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=tugraz.at (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 4.49
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=tugraz.at header.s=mailrelay header.b=lerqVRUD;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=tugraz.at (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 6BFAB3A854
X-Spam-Score: 4.49
X-Migadu-Scanner: scn0.migadu.com
X-TUID: GKN1fWBDptSE

Hi,

Am Mittwoch, dem 09.03.2022 um 22:00 +0100 schrieb fesoj000:
> Use the upstream default log file for auditd.
> 
> * gnu/services/auditd.scm: add auditd-activation function and extend
> activation-service-type.
> ---
>   gnu/services/auditd.scm | 17 ++++++++++++-----
>   1 file changed, 12 insertions(+), 5 deletions(-)
> 
> diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
> index abde811f51..c88e974adb 100644
> --- a/gnu/services/auditd.scm
> +++ b/gnu/services/auditd.scm
> @@ -31,10 +31,9 @@ (define-module (gnu services auditd)
>               %default-auditd-configuration-directory))
>   
>   (define auditd.conf
> -  (plain-file "auditd.conf" "log_file =
> /var/log/audit.log\nlog_format = \
> -ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
> -syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
> -ignore\ndisk_error_action = syslog\n"))
> +  (plain-file "auditd.conf" "log_format = ENRICHED\nfreq =
> 1\nspace_left = 5% \
> +\nspace_left_action = syslog\nadmin_space_left_action = ignore\
> +\ndisk_full_action = ignore\ndisk_error_action = syslog\n"))
I'm not sure what the rationale behind writing auditd.conf this way is,
but note that can simply writethis as "\
log_format = ENRICHED
freq = 1
space_left = 5%
..."

Doing this, it would take up some more vertical real estate, but imho
it'd be easier to read.  We might also want to make some of these
configurable later on, e.g. space_left, but that's not relevant to this
patch set.

>   (define %default-auditd-configuration-directory
>     (computed-file "auditd"
> @@ -50,6 +49,12 @@ (define-record-type* <auditd-configuration>
>                              (default audit))
>     (configuration-directory auditd-configuration-configuration-
> directory))      ; file-like
>   
> +(define (auditd-activation config)
> +  (with-imported-modules '((guix build utils))
> +    #~(begin
> +        (use-modules (guix build utils))
> +        (mkdir-p "/var/log/audit"))))
I think guix should already create this directory with the 700
permissions auditd demands, to prevent any TOCTOU-style tampering.


Cheers