Danny Milosavljevic wrote 6 years ago
(address . guix-patches@gnu.org)(name . Danny Milosavljevic)(address . dannym@scratchpost.org)
20190604073406.9297-1-dannym@scratchpost.org
* gnu/services/auditd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
---
doc/guix.texi | 24 +++++++++++++++++++
gnu/local.mk | 1 +
gnu/services/auditd.scm | 53 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 78 insertions(+)
create mode 100644 gnu/services/auditd.scm
Toggle diff (106 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index c01eb3a656..5cdd631738 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24105,6 +24105,30 @@ The Containerd package to use.
@end table
@end deftp
+@cindex Audit
+@subsubheading Auditd Service
+
+The @code{(gnu services auditd)} module provides the following service.
+
+@defvr {Scheme Variable} auditd-service-type
+
+This is the type of the service that runs
+@url{https://people.redhat.com/sgrubb/audit/,auditd},
+a daemon that track security-relevant information on your system.
+
+@end defvr
+
+@deftp {Data Type} auditd-configuration
+This is the data type representing the configuration of auditd.
+
+@table @asis
+
+@item @code{audit} (default: @code{audit})
+The audit package to use.
+
+@end table
+@end deftp
+
@node Setuid Programs
@section Setuid Programs
diff --git a/gnu/local.mk b/gnu/local.mk
index 55a8fcd361..9ab74a3e0f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES = \
%D%/services.scm \
%D%/services/admin.scm \
%D%/services/audio.scm \
+ %D%/services/auditd.scm \
%D%/services/avahi.scm \
%D%/services/base.scm \
%D%/services/certbot.scm \
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
new file mode 100644
index 0000000000..1c3ee7d421
--- /dev/null
+++ b/gnu/services/auditd.scm
@@ -0,0 +1,53 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services auditd)
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services base)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu packages admin)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:export (auditd-configuration
+ auditd-service-type))
+
+; /etc/audit/audit.rules
+
+(define-configuration auditd-configuration
+ (audit
+ (package audit)
+ "Audit package."))
+
+(define (auditd-shepherd-service config)
+ (let* ((audit (auditd-configuration-audit config)))
+ (list (shepherd-service
+ (documentation "Auditd allows you to audit file system accesses.")
+ (provision '(auditd))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$audit "/sbin/auditd"))))
+ (stop #~(make-kill-destructor))))))
+
+(define auditd-service-type
+ (service-type (name 'auditd)
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type
+ auditd-shepherd-service)))
+ (default-value (auditd-configuration))))