[PATCH] services: Add auditd.

  • Done
  • quality assurance status badge
Details
2 participants
  • Danny Milosavljevic
  • Ludovic Courtès
Owner
unassigned
Submitted by
Danny Milosavljevic
Severity
normal
D
D
Danny Milosavljevic wrote on 4 Jun 2019 09:34
(address . guix-patches@gnu.org)(name . Danny Milosavljevic)(address . dannym@scratchpost.org)
20190604073406.9297-1-dannym@scratchpost.org
* gnu/services/auditd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
---
doc/guix.texi | 24 +++++++++++++++++++
gnu/local.mk | 1 +
gnu/services/auditd.scm | 53 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 78 insertions(+)
create mode 100644 gnu/services/auditd.scm

Toggle diff (106 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index c01eb3a656..5cdd631738 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24105,6 +24105,30 @@ The Containerd package to use.
@end table
@end deftp
+@cindex Audit
+@subsubheading Auditd Service
+
+The @code{(gnu services auditd)} module provides the following service.
+
+@defvr {Scheme Variable} auditd-service-type
+
+This is the type of the service that runs
+@url{https://people.redhat.com/sgrubb/audit/,auditd},
+a daemon that track security-relevant information on your system.
+
+@end defvr
+
+@deftp {Data Type} auditd-configuration
+This is the data type representing the configuration of auditd.
+
+@table @asis
+
+@item @code{audit} (default: @code{audit})
+The audit package to use.
+
+@end table
+@end deftp
+
@node Setuid Programs
@section Setuid Programs
diff --git a/gnu/local.mk b/gnu/local.mk
index 55a8fcd361..9ab74a3e0f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES = \
%D%/services.scm \
%D%/services/admin.scm \
%D%/services/audio.scm \
+ %D%/services/auditd.scm \
%D%/services/avahi.scm \
%D%/services/base.scm \
%D%/services/certbot.scm \
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
new file mode 100644
index 0000000000..1c3ee7d421
--- /dev/null
+++ b/gnu/services/auditd.scm
@@ -0,0 +1,53 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services auditd)
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services base)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu packages admin)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:export (auditd-configuration
+ auditd-service-type))
+
+; /etc/audit/audit.rules
+
+(define-configuration auditd-configuration
+ (audit
+ (package audit)
+ "Audit package."))
+
+(define (auditd-shepherd-service config)
+ (let* ((audit (auditd-configuration-audit config)))
+ (list (shepherd-service
+ (documentation "Auditd allows you to audit file system accesses.")
+ (provision '(auditd))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$audit "/sbin/auditd"))))
+ (stop #~(make-kill-destructor))))))
+
+(define auditd-service-type
+ (service-type (name 'auditd)
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type
+ auditd-shepherd-service)))
+ (default-value (auditd-configuration))))
L
L
Ludovic Courtès wrote on 6 Jun 2019 12:57
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 36086@debbugs.gnu.org)
87v9xjm162.fsf@gnu.org
Hi Danny,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (4 lines)
> * gnu/services/auditd.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> * doc/guix.texi (Miscellaneous Services): Document it.

[...]

Toggle quote (7 lines)
> +The @code{(gnu services auditd)} module provides the following service.
> +
> +@defvr {Scheme Variable} auditd-service-type
> +
> +This is the type of the service that runs
> +@url{https://people.redhat.com/sgrubb/audit/,auditd},
> +a daemon that track security-relevant information on your system.
^^
“tracks”

Could you add a few words, like whether/how it logs events, what kind of
events it tracks, etc.?

Toggle quote (7 lines)
> +; /etc/audit/audit.rules
> +
> +(define-configuration auditd-configuration
> + (audit
> + (package audit)
> + "Audit package."))

I suppose this record could eventually be extended, right?

Toggle quote (8 lines)
> +(define auditd-service-type
> + (service-type (name 'auditd)
> + (extensions
> + (list
> + (service-extension shepherd-root-service-type
> + auditd-shepherd-service)))
> + (default-value (auditd-configuration))))

Please add a ‘description’.

Otherwise LGTM, thanks!

Ludo’.
D
D
Danny Milosavljevic wrote on 6 Jun 2019 22:26
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36086-done@debbugs.gnu.org)
20190606222657.0931d761@scratchpost.org
Hi Ludo,

On Thu, 06 Jun 2019 12:57:25 +0200
Ludovic Courtès <ludo@gnu.org> wrote:

Toggle quote (2 lines)
> I suppose this record could eventually be extended, right?

Sure, but I don't know enough yet.

The intended way to use the configuration in the Guix operating-system form
is by default configuration--so it shouldn't limit us in the future.

Thanks for the review!

Pushed as commit 07023ebc1892a559cad1f80235a4afb0955b29ab.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlz5dxEACgkQ5xo1VCww
uqXz9gf+I201O9m1pRJat058DXrnnCjrq0N+NKWymI8pdgEplT2r8PihbGbJ0tjs
KvwavgnemfsFzvFS+g0cB/P6ijPMRBvpMbrGcRbflyXNOTmtUFsUUZ10ix3XI/fT
BkpEebQOgp0CIlbF6AaJ30IGSrnWWESyWuvt2EAIG8RcK3KFPI2ygakELRZeZQqS
ewHkdvofcnKzlo96h8ue1er0bKjzreDQJYQRp8uZLFueNZI+h87VLKNBE7oxyZSk
X3UsVjf+H/WlKPJvmozICDlYUIFeOd8yr/1eGHQE0mNhn4BvurUwEdQQThdKiCyi
ZYw+QVVJ0e8gD6srpYPCmW2jiUNOGg==
=2zTJ
-----END PGP SIGNATURE-----


Closed
?