GNU bug report logs - #42427
[PATCH] services: Fix auditd startup.

Previous Next

Package: guix-patches;

Reported by: Robin Green <greenrd <at> greenrd.org>

Date: Sun, 19 Jul 2020 17:26:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 42427 in the body.
You can then email your comments to 42427 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#42427; Package guix-patches. (Sun, 19 Jul 2020 17:26:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Robin Green <greenrd <at> greenrd.org>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sun, 19 Jul 2020 17:26:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Robin Green <greenrd <at> greenrd.org>
To: guix-patches <at> gnu.org
Cc: Robin Green <greenrd <at> greenrd.org>
Subject: [PATCH] services: Fix auditd startup.
Date: Sun, 19 Jul 2020 18:17:31 +0100
* gnu/services/auditd.scm: Make auditd start successfully in the default case.
* gnu/services/aux-files/auditd/auditd.conf: New file.
* doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
---
 doc/guix.texi                             | 11 +++++++--
 gnu/services/auditd.scm                   | 27 ++++++++++++++---------
 gnu/services/aux-files/auditd/auditd.conf |  9 ++++++++
 3 files changed, 34 insertions(+), 13 deletions(-)
 create mode 100644 gnu/services/aux-files/auditd/auditd.conf

diff --git a/doc/guix.texi b/doc/guix.texi
index 2c5c017eea..8c7c055ce0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27478,10 +27478,12 @@ Network access
 @command{auditctl} from the @code{audit} package can be used in order
 to add or remove events to be tracked (until the next reboot).
 In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
 @command{aureport} from the @code{audit} package can be used in order
 to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
 
 @end defvr
 
@@ -27493,6 +27495,11 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
+@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
+A directory containing a configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 8a9292015f..73db202bb6 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Danny Milosavljevic <dannym <at> scratchpost.org>
+;;; Copyright © 2020 Robin Green <greenrd <at> greenrd.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,27 +29,31 @@
   #:export (auditd-configuration
             auditd-service-type))
 
-; /etc/audit/audit.rules
-
-(define-configuration auditd-configuration
-  (audit
-   (package audit)
-   "Audit package."))
+(define-record-type* <auditd-configuration>
+  auditd-configuration make-auditd-configuration
+  auditd-configuration?
+  (audit           auditd-configuration-audit            ; package
+                   (default audit))
+  (configdir       auditd-configuration-configdir))      ; local-file
 
 (define (auditd-shepherd-service config)
-  (let* ((audit (auditd-configuration-audit config)))
+  (let* ((audit (auditd-configuration-audit config))
+         (configdir (auditd-configuration-configdir config)))
     (list (shepherd-service
-           (documentation "Auditd allows you to audit file system accesses.")
+           (documentation "Auditd allows you to audit file system accesses and process execution.")
            (provision '(auditd))
            (start #~(make-forkexec-constructor
-                     (list (string-append #$audit "/sbin/auditd"))))
+                     (list (string-append #$audit "/sbin/auditd") "-c" #$configdir)
+                     #:pid-file "/var/run/auditd.pid"))
            (stop #~(make-kill-destructor))))))
 
 (define auditd-service-type
   (service-type (name 'auditd)
-                (description "Allows auditing file system accesses.")
+                (description "Allows auditing file system accesses and process execution.")
                 (extensions
                  (list
                   (service-extension shepherd-root-service-type
                                      auditd-shepherd-service)))
-                (default-value (auditd-configuration))))
+                (default-value
+                  (auditd-configuration
+                   (configdir (local-file "aux-files/auditd" #:recursive? #t))))))
diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux-files/auditd/auditd.conf
new file mode 100644
index 0000000000..6e7555cf4c
--- /dev/null
+++ b/gnu/services/aux-files/auditd/auditd.conf
@@ -0,0 +1,9 @@
+log_file = /var/log/audit.log
+log_format = ENRICHED
+freq = 1
+space_left = 5%
+space_left_action = syslog
+admin_space_left_action = ignore
+disk_full_action = ignore
+disk_error_action = syslog
+
-- 
2.27.0





Information forwarded to guix-patches <at> gnu.org:
bug#42427; Package guix-patches. (Wed, 22 Jul 2020 22:08:01 GMT) Full text and rfc822 format available.

Message #8 received at 42427 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Robin Green <greenrd <at> greenrd.org>
Cc: 42427 <at> debbugs.gnu.org
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
Date: Thu, 23 Jul 2020 00:07:28 +0200
Hello Robin,

Robin Green <greenrd <at> greenrd.org> skribis:

> * gnu/services/auditd.scm: Make auditd start successfully in the default case.
> * gnu/services/aux-files/auditd/auditd.conf: New file.
> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.

Nice, it’s a good idea.  Some comments below:

> -(define-configuration auditd-configuration
> -  (audit
> -   (package audit)
> -   "Audit package."))
> +(define-record-type* <auditd-configuration>

I think we should keep using ‘define-configuration’, unless there’s a
good reason to change.  WDYT?

> +  auditd-configuration make-auditd-configuration
> +  auditd-configuration?
> +  (audit           auditd-configuration-audit            ; package
> +                   (default audit))
> +  (configdir       auditd-configuration-configdir))      ; local-file

s/configdir/configuration-directory/, to be consistent with the rest of
the code.  You can also set its default value.

> +                  (auditd-configuration
> +                   (configdir (local-file "aux-files/auditd" #:recursive? #t))))))
> diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux-files/auditd/auditd.conf
> new file mode 100644
> index 0000000000..6e7555cf4c
> --- /dev/null
> +++ b/gnu/services/aux-files/auditd/auditd.conf

Since it’s a small file, I have a slight preference for using
‘plain-file’ + ‘computed-file’:

  (define auditd.conf
    (plain-file …))

  (define %default-auditd-configuration-directory ;make it public
    (computed-file "auditd"
                   #~(begin
                       (mkdir #$output)
                       (copy-file #$auditd.conf
                                  (string-append #$output "/auditd.conf")))))

WDYT?

Thanks,
Ludo’.




Information forwarded to guix-patches <at> gnu.org:
bug#42427; Package guix-patches. (Sun, 26 Jul 2020 16:29:01 GMT) Full text and rfc822 format available.

Message #11 received at 42427 <at> debbugs.gnu.org (full text, mbox):

From: Robin Green <greenrd <at> greenrd.org>
To: 42427 <at> debbugs.gnu.org
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
Date: Sun, 26 Jul 2020 17:28:49 +0100
[Message part 1 (text/plain, inline)]
On 2020-07-22 23:07, Ludovic Courtès wrote:
> Hello Robin,

Hi

> Robin Green <greenrd <at> greenrd.org> skribis:
> 
>> * gnu/services/auditd.scm: Make auditd start successfully in the default case.
>> * gnu/services/aux-files/auditd/auditd.conf: New file.
>> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
> 
> Nice, it’s a good idea.  Some comments below:
> 
>> -(define-configuration auditd-configuration
>> -  (audit
>> -   (package audit)
>> -   "Audit package."))
>> +(define-record-type* <auditd-configuration>
> 
> I think we should keep using ‘define-configuration’, unless there’s a
> good reason to change.  WDYT?

I couldn't get it to work with ‘define-configuration’ - I kept getting
errors. I asked on #guix, and it was suggested that I do it this way
instead.

>> +  auditd-configuration make-auditd-configuration
>> +  auditd-configuration?
>> +  (audit           auditd-configuration-audit            ; package
>> +                   (default audit))
>> +  (configdir       auditd-configuration-configdir))      ; local-file
> 
> s/configdir/configuration-directory/, to be consistent with the rest of
> the code.

Done

> You can also set its default value.

I don't see the value in doing that, because the default is already set
elsewhere, and if the user wants to use a different package, they
probably also want to use a different configuration file than the
default one!

> 
>> +                  (auditd-configuration
>> +                   (configdir (local-file "aux-files/auditd" #:recursive? #t))))))
>> diff --git a/gnu/services/aux-files/auditd/auditd.conf b/gnu/services/aux-files/auditd/auditd.conf
>> new file mode 100644
>> index 0000000000..6e7555cf4c
>> --- /dev/null
>> +++ b/gnu/services/aux-files/auditd/auditd.conf
> 
> Since it’s a small file, I have a slight preference for using
> ‘plain-file’ + ‘computed-file’:
> 
>   (define auditd.conf
>     (plain-file …))
> 
>   (define %default-auditd-configuration-directory ;make it public
>     (computed-file "auditd"
>                    #~(begin
>                        (mkdir #$output)
>                        (copy-file #$auditd.conf
>                                   (string-append #$output "/auditd.conf")))))
> 
> WDYT?

Agreed - done

[0001-services-Fix-auditd-startup.patch (text/x-patch, inline)]
From 2944613bee5a742b04c26a7c27d3a09f9047dbe5 Mon Sep 17 00:00:00 2001
From: Robin Green <greenrd <at> greenrd.org>
Date: Sun, 19 Jul 2020 08:32:31 +0100
Subject: [PATCH] services: Fix auditd startup.

* gnu/services/auditd.scm: Make auditd start successfully in the default case.
* gnu/services/aux-files/auditd/auditd.conf: New file.
* doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
---
 doc/guix.texi           | 11 +++++++++--
 gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++-----------
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 2c5c017eea..8c7c055ce0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27478,10 +27478,12 @@ Network access
 @command{auditctl} from the @code{audit} package can be used in order
 to add or remove events to be tracked (until the next reboot).
 In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
 @command{aureport} from the @code{audit} package can be used in order
 to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
 
 @end defvr
 
@@ -27493,6 +27495,11 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
+@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
+A directory containing a configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 8a9292015f..1750614207 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Danny Milosavljevic <dannym <at> scratchpost.org>
+;;; Copyright © 2020 Robin Green <greenrd <at> greenrd.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,29 +27,47 @@
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:export (auditd-configuration
-            auditd-service-type))
+            auditd-service-type
+            %default-auditd-configuration-directory))
 
-; /etc/audit/audit.rules
+(define auditd.conf
+  (plain-file "auditd.conf" "log_file = /var/log/audit.log\nlog_format = \
+ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
+syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
+ignore\ndisk_error_action = syslog\n"))
 
-(define-configuration auditd-configuration
-  (audit
-   (package audit)
-   "Audit package."))
+(define %default-auditd-configuration-directory
+  (computed-file "auditd"
+                 #~(begin
+                     (mkdir #$output)
+                     (copy-file #$auditd.conf
+                                (string-append #$output "/auditd.conf")))))
+
+(define-record-type* <auditd-configuration>
+  auditd-configuration make-auditd-configuration
+  auditd-configuration?
+  (audit                   auditd-configuration-audit                          ; package
+                           (default audit))
+  (configuration-directory auditd-configuration-configuration-directory))      ; local-file
 
 (define (auditd-shepherd-service config)
-  (let* ((audit (auditd-configuration-audit config)))
+  (let* ((audit (auditd-configuration-audit config))
+         (configuration-directory (auditd-configuration-configuration-directory config)))
     (list (shepherd-service
-           (documentation "Auditd allows you to audit file system accesses.")
+           (documentation "Auditd allows you to audit file system accesses and process execution.")
            (provision '(auditd))
            (start #~(make-forkexec-constructor
-                     (list (string-append #$audit "/sbin/auditd"))))
+                     (list (string-append #$audit "/sbin/auditd") "-c" #$configuration-directory)
+                     #:pid-file "/var/run/auditd.pid"))
            (stop #~(make-kill-destructor))))))
 
 (define auditd-service-type
   (service-type (name 'auditd)
-                (description "Allows auditing file system accesses.")
+                (description "Allows auditing file system accesses and process execution.")
                 (extensions
                  (list
                   (service-extension shepherd-root-service-type
                                      auditd-shepherd-service)))
-                (default-value (auditd-configuration))))
+                (default-value
+                  (auditd-configuration
+                   (configuration-directory %default-auditd-configuration-directory)))))
-- 
2.27.0


Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Mon, 27 Jul 2020 09:32:01 GMT) Full text and rfc822 format available.

Notification sent to Robin Green <greenrd <at> greenrd.org>:
bug acknowledged by developer. (Mon, 27 Jul 2020 09:32:01 GMT) Full text and rfc822 format available.

Message #16 received at 42427-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Robin Green <greenrd <at> greenrd.org>
Cc: 42427-done <at> debbugs.gnu.org
Subject: Re: [bug#42427] [PATCH] services: Fix auditd startup.
Date: Mon, 27 Jul 2020 11:31:37 +0200
[Message part 1 (text/plain, inline)]
Hi,

Robin Green <greenrd <at> greenrd.org> skribis:

>>From 2944613bee5a742b04c26a7c27d3a09f9047dbe5 Mon Sep 17 00:00:00 2001
> From: Robin Green <greenrd <at> greenrd.org>
> Date: Sun, 19 Jul 2020 08:32:31 +0100
> Subject: [PATCH] services: Fix auditd startup.
>
> * gnu/services/auditd.scm: Make auditd start successfully in the default case.
> * gnu/services/aux-files/auditd/auditd.conf: New file.
> * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes.
> ---
>  doc/guix.texi           | 11 +++++++++--
>  gnu/services/auditd.scm | 41 ++++++++++++++++++++++++++++++-----------
>  2 files changed, 39 insertions(+), 13 deletions(-)

Applied with the changes below and a tweaked commit log.

Thank you!

Ludo’.

[Message part 2 (text/x-patch, inline)]
diff --git a/doc/guix.texi b/doc/guix.texi
index 8b9eb791c7..d4557b360a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27629,8 +27629,8 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
 
-@item @code{configdir} (default: @code{(local-file "aux-files/auditd")})
-A directory containing a configuration file for the audit package, which
+@item @code{configuration-directory} (default: @code{%default-auditd-configuration-directory})
+The directory containing the configuration file for the audit package, which
 must be named @code{auditd.conf}, and optionally some audit rules to
 instantiate on startup.
 
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
index 1750614207..cffc226ec9 100644
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
@@ -48,7 +48,7 @@ ignore\ndisk_error_action = syslog\n"))
   auditd-configuration?
   (audit                   auditd-configuration-audit                          ; package
                            (default audit))
-  (configuration-directory auditd-configuration-configuration-directory))      ; local-file
+  (configuration-directory auditd-configuration-configuration-directory))      ; file-like
 
 (define (auditd-shepherd-service config)
   (let* ((audit (auditd-configuration-audit config))

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 24 Aug 2020 11:24:06 GMT) Full text and rfc822 format available.

This bug report was last modified 3 years and 217 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.