01/01: services: Add auditd.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: services: Add auditd.

From:	guix-commits
Subject:	01/01: services: Add auditd.
Date:	Thu, 6 Jun 2019 16:24:05 -0400 (EDT)

dannym pushed a commit to branch master
in repository guix.

commit 07023ebc1892a559cad1f80235a4afb0955b29ab
Author: Danny Milosavljevic <address@hidden>
Date:   Tue Jun 4 09:27:43 2019 +0200

    services: Add auditd.
    
    * gnu/services/auditd.scm: New file.
    * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
    * doc/guix.texi (Miscellaneous Services): Document it.
---
 doc/guix.texi           | 49 ++++++++++++++++++++++++++++++++++++++++++++
 gnu/local.mk            |  1 +
 gnu/services/auditd.scm | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 104 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 996255d..bdfe14c 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24114,6 +24114,55 @@ The Containerd package to use.
 @end table
 @end deftp
 
+@cindex Audit
+@subsubheading Auditd Service
+
+The @code{(gnu services auditd)} module provides the following service.
+
+@defvr {Scheme Variable} auditd-service-type
+
+This is the type of the service that runs
+@url{https://people.redhat.com/sgrubb/audit/,auditd},
+a daemon that tracks security-relevant information on your system.
+
+Examples of things that can be tracked:
+
+@enumerate
+@item
+File accesses
+@item
+System calls
+@item
+Invoked commands
+@item
+Failed login attempts
+@item
+Firewall filtering
+@item
+Network access
+@end enumerate
+
+@command{auditctl} from the @code{audit} package can be used in order
+to add or remove events to be tracked (until the next reboot).
+In order to permanently track events, put the command line arguments
+of auditctl into @file{/etc/audit/audit.rules}.
+@command{aureport} from the @code{audit} package can be used in order
+to view a report of all recorded events.
+The audit daemon usually logs into the directory @file{/var/log/audit}.
+
+@end defvr
+
+@deftp {Data Type} auditd-configuration
+This is the data type representing the configuration of auditd.
+
+@table @asis
+
+@item @code{audit} (default: @code{audit})
+The audit package to use.
+
+@end table
+@end deftp
+
 @node Setuid Programs
 @section Setuid Programs
 
diff --git a/gnu/local.mk b/gnu/local.mk
index 6878aef..203445e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES =                                \
   %D%/services.scm                             \
   %D%/services/admin.scm                       \
   %D%/services/audio.scm                        \
+  %D%/services/auditd.scm                      \
   %D%/services/avahi.scm                       \
   %D%/services/base.scm                                \
   %D%/services/certbot.scm                     \
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
new file mode 100644
index 0000000..8a92920
--- /dev/null
+++ b/gnu/services/auditd.scm
@@ -0,0 +1,54 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Danny Milosavljevic <address@hidden>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services auditd)
+  #:use-module (gnu services)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services base)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu packages admin)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (guix packages)
+  #:export (auditd-configuration
+            auditd-service-type))
+
+; /etc/audit/audit.rules
+
+(define-configuration auditd-configuration
+  (audit
+   (package audit)
+   "Audit package."))
+
+(define (auditd-shepherd-service config)
+  (let* ((audit (auditd-configuration-audit config)))
+    (list (shepherd-service
+           (documentation "Auditd allows you to audit file system accesses.")
+           (provision '(auditd))
+           (start #~(make-forkexec-constructor
+                     (list (string-append #$audit "/sbin/auditd"))))
+           (stop #~(make-kill-destructor))))))
+
+(define auditd-service-type
+  (service-type (name 'auditd)
+                (description "Allows auditing file system accesses.")
+                (extensions
+                 (list
+                  (service-extension shepherd-root-service-type
+                                     auditd-shepherd-service)))
+                (default-value (auditd-configuration))))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (850f787 -> 07023eb), guix-commits, 2019/06/06
- 01/01: services: Add auditd., guix-commits <=

Prev by Date: branch master updated (850f787 -> 07023eb)
Next by Date: branch master updated (07023eb -> 8190e1e)
Previous by thread: branch master updated (850f787 -> 07023eb)
Next by thread: branch master updated (07023eb -> 8190e1e)
Index(es):
- Date
- Thread