[PATCH] services: Add auditd.

DoneSubmitted by Danny Milosavljevic.
2 participants
  • Danny Milosavljevic
  • Ludovic Courtès
Danny Milosavljevic wrote on 4 Jun 2019 09:34
(address . guix-patches@gnu.org)(name . Danny Milosavljevic)(address . dannym@scratchpost.org)
* gnu/services/auditd.scm: New file.* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.* doc/guix.texi (Miscellaneous Services): Document it.--- doc/guix.texi | 24 +++++++++++++++++++ gnu/local.mk | 1 + gnu/services/auditd.scm | 53 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 gnu/services/auditd.scm
Toggle diff (106 lines)diff --git a/doc/guix.texi b/doc/guix.texiindex c01eb3a656..5cdd631738 100644--- a/doc/guix.texi+++ b/doc/guix.texi@@ -24105,6 +24105,30 @@ The Containerd package to use. @end table @end deftp +@cindex Audit+@subsubheading Auditd Service++The @code{(gnu services auditd)} module provides the following service.++@defvr {Scheme Variable} auditd-service-type++This is the type of the service that runs+@url{https://people.redhat.com/sgrubb/audit/,auditd},+a daemon that track security-relevant information on your system.++@end defvr++@deftp {Data Type} auditd-configuration+This is the data type representing the configuration of auditd.++@table @asis++@item @code{audit} (default: @code{audit})+The audit package to use.++@end table+@end deftp+ @node Setuid Programs @section Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mkindex 55a8fcd361..9ab74a3e0f 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES = \ %D%/services.scm \ %D%/services/admin.scm \ %D%/services/audio.scm \+ %D%/services/auditd.scm \ %D%/services/avahi.scm \ %D%/services/base.scm \ %D%/services/certbot.scm \diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scmnew file mode 100644index 0000000000..1c3ee7d421--- /dev/null+++ b/gnu/services/auditd.scm@@ -0,0 +1,53 @@+;;; GNU Guix --- Functional package management for GNU+;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>+;;;+;;; This file is part of GNU Guix.+;;;+;;; GNU Guix is free software; you can redistribute it and/or modify it+;;; under the terms of the GNU General Public License as published by+;;; the Free Software Foundation; either version 3 of the License, or (at+;;; your option) any later version.+;;;+;;; GNU Guix is distributed in the hope that it will be useful, but+;;; WITHOUT ANY WARRANTY; without even the implied warranty of+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the+;;; GNU General Public License for more details.+;;;+;;; You should have received a copy of the GNU General Public License+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.++(define-module (gnu services auditd)+ #:use-module (gnu services)+ #:use-module (gnu services configuration)+ #:use-module (gnu services base)+ #:use-module (gnu services shepherd)+ #:use-module (gnu packages admin)+ #:use-module (guix records)+ #:use-module (guix gexp)+ #:use-module (guix packages)+ #:export (auditd-configuration+ auditd-service-type))++; /etc/audit/audit.rules++(define-configuration auditd-configuration+ (audit+ (package audit)+ "Audit package."))++(define (auditd-shepherd-service config)+ (let* ((audit (auditd-configuration-audit config)))+ (list (shepherd-service+ (documentation "Auditd allows you to audit file system accesses.")+ (provision '(auditd))+ (start #~(make-forkexec-constructor+ (list (string-append #$audit "/sbin/auditd"))))+ (stop #~(make-kill-destructor))))))++(define auditd-service-type+ (service-type (name 'auditd)+ (extensions+ (list+ (service-extension shepherd-root-service-type+ auditd-shepherd-service)))+ (default-value (auditd-configuration))))
Ludovic Courtès wrote on 6 Jun 2019 12:57
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 36086@debbugs.gnu.org)
Hi Danny,
Danny Milosavljevic <dannym@scratchpost.org> skribis:
Toggle quote (4 lines)> * gnu/services/auditd.scm: New file.> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.> * doc/guix.texi (Miscellaneous Services): Document it.
Toggle quote (7 lines)> +The @code{(gnu services auditd)} module provides the following service.> +> +@defvr {Scheme Variable} auditd-service-type> +> +This is the type of the service that runs> +@url{https://people.redhat.com/sgrubb/audit/,auditd},> +a daemon that track security-relevant information on your system.
Could you add a few words, like whether/how it logs events, what kind ofevents it tracks, etc.?
Toggle quote (7 lines)> +; /etc/audit/audit.rules> +> +(define-configuration auditd-configuration> + (audit> + (package audit)> + "Audit package."))
I suppose this record could eventually be extended, right?
Toggle quote (8 lines)> +(define auditd-service-type> + (service-type (name 'auditd)> + (extensions> + (list> + (service-extension shepherd-root-service-type> + auditd-shepherd-service)))> + (default-value (auditd-configuration))))
Please add a ‘description’.
Otherwise LGTM, thanks!
Danny Milosavljevic wrote on 6 Jun 2019 22:26
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36086-done@debbugs.gnu.org)
Hi Ludo,
On Thu, 06 Jun 2019 12:57:25 +0200Ludovic Courtès <ludo@gnu.org> wrote:
Toggle quote (2 lines)> I suppose this record could eventually be extended, right?
Sure, but I don't know enough yet.
The intended way to use the configuration in the Guix operating-system formis by default configuration--so it shouldn't limit us in the future.
Thanks for the review!
Pushed as commit 07023ebc1892a559cad1f80235a4afb0955b29ab.
iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlz5dxEACgkQ5xo1VCwwuqXz9gf+I201O9m1pRJat058DXrnnCjrq0N+NKWymI8pdgEplT2r8PihbGbJ0tjsKvwavgnemfsFzvFS+g0cB/P6ijPMRBvpMbrGcRbflyXNOTmtUFsUUZ10ix3XI/fTBkpEebQOgp0CIlbF6AaJ30IGSrnWWESyWuvt2EAIG8RcK3KFPI2ygakELRZeZQqSewHkdvofcnKzlo96h8ue1er0bKjzreDQJYQRp8uZLFueNZI+h87VLKNBE7oxyZSkX3UsVjf+H/WlKPJvmozICDlYUIFeOd8yr/1eGHQE0mNhn4BvurUwEdQQThdKiCyiZYw+QVVJ0e8gD6srpYPCmW2jiUNOGg===2zTJ-----END PGP SIGNATURE-----

Your comment

This issue is archived.

To comment on this conversation send email to 36086@debbugs.gnu.org