[PATCH] Add audit.

[PATCH] Add audit.

[Ricardo Wurmus]

[-- Attachment #1: Type: text/plain, Size: 488 bytes --]

Hi Guix,

the tests for this package cannot easily be fixed by

       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'fix-tests
           (lambda _
             (substitute* "auparse/test/auparse_test.ref"
               (("\\(root\\)") "(unknown(0))"))
             #t)))

because for *some* of them “(root)” is returned (while for *most* of
them its “(unknown(0))”).  Ideas on how to fix the tests are very
welcome!

~~ Ricardo


[-- Attachment #2: 0001-gnu-Add-audit.patch --]
[-- Type: text/x-patch, Size: 2900 bytes --]

From c4948bc06b30e4e55810b82cc458cd6a429b6f80 Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
Date: Wed, 13 Jan 2016 16:00:06 +0100
Subject: [PATCH] gnu: Add audit.

* gnu/packages/admin.scm (audit): New variable.
---
 gnu/packages/admin.scm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index fbdc26d..87dd497 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
+;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -34,6 +35,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages linux)
@@ -47,6 +49,7 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages openldap)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages texinfo)
@@ -1317,3 +1320,33 @@ able to adapt itself dynamically to the overall system load.  Children
 processes and threads of the specified process may optionally share the same
 limits.")
     (license license:gpl2+)))
+
+(define-public audit
+  (package
+    (name "audit")
+    (version "2.4.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://people.redhat.com/sgrubb/audit/"
+                                  "audit-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1q1q51dvxscbi4kbakmd4bn0xrvwwaiwvaya79925cbrqwzxsg77"))))
+    (build-system gnu-build-system)
+    (home-page "http://people.redhat.com/sgrubb/audit/")
+    (arguments
+     `(;; The tests expect records like "uid=0 (root)" but only get "uid=0
+       ;; (unknown(0))" in most cases.
+       #:tests? #f
+       #:configure-flags (list "--with-python=no")))
+    (inputs
+     `(("openldap" ,openldap)
+       ("openssl" ,openssl)
+       ("sasl" ,cyrus-sasl)))
+    (synopsis "Userspace component to the Linux auditing system")
+    (description
+     "auditd is the userspace component to the Linux auditing system.  It's
+responsible for writing audit records to the disk.  Viewing the logs is done
+with the @code{ausearch} or @code{aureport} utilities.  Configuring the audit
+rules is done with the @code{auditctl} utility.")
+    (license license:gpl2+)))
-- 
2.1.0

Re: [PATCH] Add audit.

[Ludovic Courtès]

Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> skribis:

> the tests for this package cannot easily be fixed by
>
>        #:phases
>        (modify-phases %standard-phases
>          (add-after 'unpack 'fix-tests
>            (lambda _
>              (substitute* "auparse/test/auparse_test.ref"
>                (("\\(root\\)") "(unknown(0))"))
>              #t)))
>
> because for *some* of them “(root)” is returned (while for *most* of
> them its “(unknown(0))”).  Ideas on how to fix the tests are very
> welcome!

How does it get that info?

One thing to know is that /etc/passwd in the build environment contains
only two entries, and no entry for root/0; quoth build.cc:

--8<---------------cut here---------------start------------->8---
    writeFile(chrootRootDir + "/etc/passwd",
        (format(
            "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n"
            "nobody:x:65534:65534:Nobody:/:/noshell\n")
            % (buildUser.enabled() ? buildUser.getUID() : getuid())
            % (buildUser.enabled() ? buildUser.getGID() : getgid())).str());
--8<---------------cut here---------------end--------------->8---

Thus, getpwuid(0) and getpwnam("root") both fail.

> From c4948bc06b30e4e55810b82cc458cd6a429b6f80 Mon Sep 17 00:00:00 2001
> From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
> Date: Wed, 13 Jan 2016 16:00:06 +0100
> Subject: [PATCH] gnu: Add audit.
>
> * gnu/packages/admin.scm (audit): New variable.

[...]

> +    (synopsis "Userspace component to the Linux auditing system")

I’d write “User-space”.

> +    (description
> +     "auditd is the userspace component to the Linux auditing system.  It's

Maybe something like: “… to the Linux auditing system, which allows
logging of system calls made by user-land processes.”

Would be nice if we could fix those tests before pushing it.

Thanks,
Ludo’.

Re: [PATCH] Add audit.

[Ricardo Wurmus]

Ludovic Courtès <ludo@gnu.org> writes:

> Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> skribis:
>
>> the tests for this package cannot easily be fixed by
>>
>>        #:phases
>>        (modify-phases %standard-phases
>>          (add-after 'unpack 'fix-tests
>>            (lambda _
>>              (substitute* "auparse/test/auparse_test.ref"
>>                (("\\(root\\)") "(unknown(0))"))
>>              #t)))
>>
>> because for *some* of them “(root)” is returned (while for *most* of
>> them its “(unknown(0))”).  Ideas on how to fix the tests are very
>> welcome!
>
> How does it get that info?
>
> One thing to know is that /etc/passwd in the build environment contains
> only two entries, and no entry for root/0; quoth build.cc:
>
> --8<---------------cut here---------------start------------->8---
>     writeFile(chrootRootDir + "/etc/passwd",
>         (format(
>             "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n"
>             "nobody:x:65534:65534:Nobody:/:/noshell\n")
>             % (buildUser.enabled() ? buildUser.getUID() : getuid())
>             % (buildUser.enabled() ? buildUser.getGID() : getgid())).str());
> --8<---------------cut here---------------end--------------->8---
>
> Thus, getpwuid(0) and getpwnam("root") both fail.

Ah, this explains it.  With a variant of the above build phase I was
able to make the tests pass.  I added a comment to explain why that’s
needed.

>> From c4948bc06b30e4e55810b82cc458cd6a429b6f80 Mon Sep 17 00:00:00 2001
>> From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
>> Date: Wed, 13 Jan 2016 16:00:06 +0100
>> Subject: [PATCH] gnu: Add audit.
>>
>> * gnu/packages/admin.scm (audit): New variable.
>
> [...]
>
>> +    (synopsis "Userspace component to the Linux auditing system")
>
> I’d write “User-space”.
>
>> +    (description
>> +     "auditd is the userspace component to the Linux auditing system.  It's
>
> Maybe something like: “… to the Linux auditing system, which allows
> logging of system calls made by user-land processes.”

Okay.  I applied these changes and pushed.
Thanks for the review and the suggestions!

~~ Ricardo