aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2020 Robin Green <greenrd@greenrd.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services auditd)
  #:use-module (gnu services)
  #:use-module (gnu services configuration)
  #:use-module (gnu services base)
  #:use-module (gnu services shepherd)
  #:use-module (gnu packages admin)
  #:use-module (guix records)
  #:use-module (guix gexp)
  #:use-module (guix packages)
  #:export (auditd-configuration
            auditd-service-type
            %default-auditd-configuration-directory))

(define auditd.conf
  (plain-file "auditd.conf" "log_file = /var/log/audit.log\nlog_format = \
ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
ignore\ndisk_error_action = syslog\n"))

(define %default-auditd-configuration-directory
  (computed-file "auditd"
                 #~(begin
                     (mkdir #$output)
                     (copy-file #$auditd.conf
                                (string-append #$output "/auditd.conf")))))

(define-record-type* <auditd-configuration>
  auditd-configuration make-auditd-configuration
  auditd-configuration?
  (audit                   auditd-configuration-audit                          ; file-like
                           (default audit))
  (configuration-directory auditd-configuration-configuration-directory))      ; file-like

(define (auditd-shepherd-service config)
  (let* ((audit (auditd-configuration-audit config))
         (configuration-directory (auditd-configuration-configuration-directory config)))
    (list (shepherd-service
           (documentation "Auditd allows you to audit file system accesses and process execution.")
           (provision '(auditd))
           (start #~(make-forkexec-constructor
                     (list (string-append #$audit "/sbin/auditd") "-c" #$configuration-directory)
                     #:pid-file "/var/run/auditd.pid"))
           (stop #~(make-kill-destructor))))))

(define auditd-service-type
  (service-type (name 'auditd)
                (description "Allows auditing file system accesses and process execution.")
                (extensions
                 (list
                  (service-extension shepherd-root-service-type
                                     auditd-shepherd-service)))
                (default-value
                  (auditd-configuration
                   (configuration-directory %default-auditd-configuration-directory)))))
generated by cgit
logheader'>2021-04-25import: Remove Nix importer.Ludovic Courtès This importer has suffered from bitrot and no longer works with current Nix and Nixpkgs. See <https://bugs.gnu.org/32339> and <https://bugs.gnu.org/36255>. * guix/import/snix.scm, guix/scripts/import/nix.scm, tests/snix.scm: Remove. * Makefile.am (MODULES, SCM_TESTS): Remove them. * guix/scripts/import.scm (importers): Remove "nix". * build-aux/test-env.in: Remove NIXPKGS variable. * configure.ac: Remove '--with-nixpkgs' option. * doc/guix.texi (Invoking guix import): Remove bit about "guix import nix". * etc/completion/fish/guix.fish: Likewise. 2021-04-23build: Add a check for Guile-Lib.Maxim Cournoyer * configure.ac: Check if the Guile-Lib module is present and recent enough and warn in case it isn't. 2021-03-17maint: Check whether Guile-zlib is recent enough.Ludovic Courtès This is a followup to a04aef2430645357d7796969d4b6453478ff8a3f. * m4/guix.m4 (GUIX_CHECK_GUILE_ZLIB): New macro. * configure.ac: Use it when checking for Guile-zlib. 2021-02-04build: Add '--with-channel-commit' and related configure flags.Ludovic Courtès Partially fixes <https://bugs.gnu.org/45896>. * m4/guix.m4 (GUIX_CHANNEL_METADATA): New macro. * configure.ac: Use it. * guix/config.scm.in (%channel-metadata): Adjust accordingly. 2020-12-27maint: Remove unused '--with-nix-prefix' configure option.Ludovic Courtès * configure.ac: Remove '--with-nix-prefix' and 'NIX_PREFIX' variable. * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Remove '--with-nix-prefix'. 2020-12-19maint: Require Guile >= 2.2.6.Ludovic Courtès * configure.ac: For Guile 2.2, require 2.2.6 or later. * guix/gexp.scm (define-syntax-parameter-once): Remove. Use 'define-syntax-parameter' instead. * guix/mnoads.scm: Likewise. * guix/inferior.scm (proxy)[select*]: Remove. * guix/scripts/publish.scm <top level>: Remove replacement for (@@ (web http) read-header-line). * guix/store/deduplication.scm (counting-wrapper-port): Remove. (nar-sha256): Call 'port-position' on PORT to compute SIZE. 2020-12-11maint: Avoid macros obsolete in Autoconf 2.70.Ludovic Courtès * configure.ac: Require Autoconf 2.69. Use 'AS_HELP_STRING' instead of 'AC_HELP_STRING'. * m4/guix.m4: Likewise. * config-daemon.ac: Use 'AC_CONFIG_HEADERS' instead of the singular variant. 2020-11-29Make "guile-avahi" dependency optional.Mathieu Othacehe * configure.ac (HAVE_GUILE_AVAHI): New conditional. * Makefile.am (MODULES): Add "guix/avahi.scm" and "guix/scripts/discover.scm" if HAVE_GUILE_AVAHI is set. * guix/scripts/publish.scm: Autoload (guix avahi). * guix/scripts/substitute.scm: Autoload (guix scripts discovery). 2020-11-29Add Avahi support.Mathieu Othacehe * guix/avahi.scm: New file. * Makefile.am (MODULES): Add it. * configure.ac: Add Guile-Avahi dependency. * doc/guix.texi (Requirements): Document it. * gnu/packages/package-management.scm (guix)[native-inputs]: Add "guile-avahi", [propagated-inputs]: ditto. * guix/self.scm (specification->package): Add guile-avahi. (compiled-guix): Ditto.