services: auditd: Provide default configuration directory.

* gnu/services/auditd.scm (auditd.conf) (%default-auditd-configuration-directory): New variables. (<auditd-configuration>): Switch to 'define-record-type*'. [configuration-directory]: New field. (auditd-shepherd-service): Honor 'configuration-directory'. Pass #:pid-file. (auditd-service-type)[description]: Tweak. [default-value]: Provide 'configuration-directory'. * doc/guix.texi (Miscellaneous Services): Update docs to reflect changes. Signed-off-by: Ludovic Courtès <ludo@gnu.org>

services: auditd: Provide default configuration directory.
73cb3e10 · Robin Green · Ludovic Courtès · 79501f26 · 73cb3e10 · 73cb3e10
Unverified Commit 73cb3e10 authored 4 years ago by Robin Green Committed by Ludovic Courtès 4 years ago
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27612,10 +27612,12 @@ Network access
 @command{auditctl} from the @code{audit} package can be used in order
 to add or remove events to be tracked (until the next reboot).
 In order to permanently track events, put the command line arguments
-of auditctl into @file{/etc/audit/audit.rules}.
+of auditctl into a file called @code{audit.rules} in the configuration
+directory (see below).
 @command{aureport} from the @code{audit} package can be used in order
 to view a report of all recorded events.
-The audit daemon usually logs into the directory @file{/var/log/audit}.
+The audit daemon by default logs into the file
+@file{/var/log/audit.log}.
 @end defvr
@@ -27627,6 +27629,11 @@ This is the data type representing the configuration of auditd.
 @item @code{audit} (default: @code{audit})
 The audit package to use.
+@item @code{configuration-directory} (default: @code{%default-auditd-configuration-directory})
+The directory containing the configuration file for the audit package, which
+must be named @code{auditd.conf}, and optionally some audit rules to
+instantiate on startup.
 @end table
 @end deftp
--- a/gnu/services/auditd.scm
+++ b/gnu/services/auditd.scm
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2020 Robin Green <greenrd@greenrd.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,29 +27,47 @@ (define-module (gnu services auditd)
  #:use-module (guix gexp)
  #:use-module (guix packages)
  #:export (auditd-configuration
-            auditd-service-type))
+            auditd-service-type
+            %default-auditd-configuration-directory))
-; /etc/audit/audit.rules
+(define auditd.conf
+  (plain-file "auditd.conf" "log_file = /var/log/audit.log\nlog_format = \
+ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
+syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
+ignore\ndisk_error_action = syslog\n"))
-(define-configuration auditd-configuration
+(define %default-auditd-configuration-directory
-  (audit
+  (computed-file "auditd"
-   (package audit)
+                 #~(begin
-   "Audit package."))
+                     (mkdir #$output)
+                     (copy-file #$auditd.conf
+                                (string-append #$output "/auditd.conf")))))
+(define-record-type* <auditd-configuration>
+  auditd-configuration make-auditd-configuration
+  auditd-configuration?
+  (audit                   auditd-configuration-audit                          ; package
+                           (default audit))
+  (configuration-directory auditd-configuration-configuration-directory))      ; file-like
 (define (auditd-shepherd-service config)
-  (let* ((audit (auditd-configuration-audit config)))
+  (let* ((audit (auditd-configuration-audit config))
+         (configuration-directory (auditd-configuration-configuration-directory config)))
    (list (shepherd-service
-           (documentation "Auditd allows you to audit file system accesses.")
+           (documentation "Auditd allows you to audit file system accesses and process execution.")
           (provision '(auditd))
           (start #~(make-forkexec-constructor
-                     (list (string-append #$audit "/sbin/auditd"))))
+                     (list (string-append #$audit "/sbin/auditd") "-c" #$configuration-directory)
+                     #:pid-file "/var/run/auditd.pid"))
           (stop #~(make-kill-destructor))))))
 (define auditd-service-type
  (service-type (name 'auditd)
-                (description "Allows auditing file system accesses.")
+                (description "Allows auditing file system accesses and process execution.")
                (extensions
                 (list
                  (service-extension shepherd-root-service-type
                                     auditd-shepherd-service)))
-                (default-value (auditd-configuration))))
+                (default-value
+                  (auditd-configuration
+                   (configuration-directory %default-auditd-configuration-directory)))))