services: Add auditd.

* gnu/services/auditd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
This commit is contained in:
Danny Milosavljevic 2019-06-04 09:27:43 +02:00
parent 850f787345
commit 07023ebc18
No known key found for this signature in database
GPG key ID: E71A35542C30BAA5
3 changed files with 104 additions and 0 deletions

View file

@ -24114,6 +24114,55 @@ The Containerd package to use.
@end table @end table
@end deftp @end deftp
@cindex Audit
@subsubheading Auditd Service
The @code{(gnu services auditd)} module provides the following service.
@defvr {Scheme Variable} auditd-service-type
This is the type of the service that runs
@url{https://people.redhat.com/sgrubb/audit/,auditd},
a daemon that tracks security-relevant information on your system.
Examples of things that can be tracked:
@enumerate
@item
File accesses
@item
System calls
@item
Invoked commands
@item
Failed login attempts
@item
Firewall filtering
@item
Network access
@end enumerate
@command{auditctl} from the @code{audit} package can be used in order
to add or remove events to be tracked (until the next reboot).
In order to permanently track events, put the command line arguments
of auditctl into @file{/etc/audit/audit.rules}.
@command{aureport} from the @code{audit} package can be used in order
to view a report of all recorded events.
The audit daemon usually logs into the directory @file{/var/log/audit}.
@end defvr
@deftp {Data Type} auditd-configuration
This is the data type representing the configuration of auditd.
@table @asis
@item @code{audit} (default: @code{audit})
The audit package to use.
@end table
@end deftp
@node Setuid Programs @node Setuid Programs
@section Setuid Programs @section Setuid Programs

View file

@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES = \
%D%/services.scm \ %D%/services.scm \
%D%/services/admin.scm \ %D%/services/admin.scm \
%D%/services/audio.scm \ %D%/services/audio.scm \
%D%/services/auditd.scm \
%D%/services/avahi.scm \ %D%/services/avahi.scm \
%D%/services/base.scm \ %D%/services/base.scm \
%D%/services/certbot.scm \ %D%/services/certbot.scm \

54
gnu/services/auditd.scm Normal file
View file

@ -0,0 +1,54 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services auditd)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu services base)
#:use-module (gnu services shepherd)
#:use-module (gnu packages admin)
#:use-module (guix records)
#:use-module (guix gexp)
#:use-module (guix packages)
#:export (auditd-configuration
auditd-service-type))
; /etc/audit/audit.rules
(define-configuration auditd-configuration
(audit
(package audit)
"Audit package."))
(define (auditd-shepherd-service config)
(let* ((audit (auditd-configuration-audit config)))
(list (shepherd-service
(documentation "Auditd allows you to audit file system accesses.")
(provision '(auditd))
(start #~(make-forkexec-constructor
(list (string-append #$audit "/sbin/auditd"))))
(stop #~(make-kill-destructor))))))
(define auditd-service-type
(service-type (name 'auditd)
(description "Allows auditing file system accesses.")
(extensions
(list
(service-extension shepherd-root-service-type
auditd-shepherd-service)))
(default-value (auditd-configuration))))