aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorDanny Milosavljevic <dannym@scratchpost.org>2019-06-04 09:27:43 +0200
committerDanny Milosavljevic <dannym@scratchpost.org>2019-06-06 22:23:35 +0200
commit07023ebc1892a559cad1f80235a4afb0955b29ab (patch)
treef6af29e13e89e0b79840f133219c2150bbcb350c /gnu/services
parent850f7873452a8936c5cdb5206aac728e18c44d4c (diff)
downloadguix-07023ebc1892a559cad1f80235a4afb0955b29ab.tar.gz
guix-07023ebc1892a559cad1f80235a4afb0955b29ab.zip
services: Add auditd.
* gnu/services/auditd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/auditd.scm54
1 files changed, 54 insertions, 0 deletions
diff --git a/gnu/services/auditd.scm b/gnu/services/auditd.scm
new file mode 100644
index 0000000000..8a9292015f
--- /dev/null
+++ b/gnu/services/auditd.scm
@@ -0,0 +1,54 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services auditd)
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services base)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu packages admin)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:export (auditd-configuration
+ auditd-service-type))
+
+; /etc/audit/audit.rules
+
+(define-configuration auditd-configuration
+ (audit
+ (package audit)
+ "Audit package."))
+
+(define (auditd-shepherd-service config)
+ (let* ((audit (auditd-configuration-audit config)))
+ (list (shepherd-service
+ (documentation "Auditd allows you to audit file system accesses.")
+ (provision '(auditd))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$audit "/sbin/auditd"))))
+ (stop #~(make-kill-destructor))))))
+
+(define auditd-service-type
+ (service-type (name 'auditd)
+ (description "Allows auditing file system accesses.")
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type
+ auditd-shepherd-service)))
+ (default-value (auditd-configuration))))