;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016-2020 Julien Lepiller ;;; Copyright © 2016 Marius Bakke ;;; Copyright © 2018, 2020, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2018 Ricardo Wurmus ;;; Copyright © 2019 Oleg Pykhalov ;;; Copyright © 2020 Maxim Cournoyer ;;; Copyright © 2021 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have r
aboutsummaryrefslogtreecommitdiff
path: root/gnu/services/auditd.scm
blob: abde811f51f4358e262edef1b15a6b2d43107111 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2020 Robin Green <greenrd@greenrd.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services auditd)
  #:use-module (gnu services)
  #:use-module (gnu services configuration)
  #:use-module (gnu services base)
  #:use-module (gnu services shepherd)
  #:use-module (gnu packages admin)
  #:use-module (guix records)
  #:use-module (guix gexp)
  #:use-module (guix packages)
  #:export (auditd-configuration
            auditd-service-type
            %default-auditd-configuration-directory))

(define auditd.conf
  (plain-file "auditd.conf" "log_file = /var/log/audit.log\nlog_format = \
ENRICHED\nfreq = 1\nspace_left = 5%\nspace_left_action = \
syslog\nadmin_space_left_action = ignore\ndisk_full_action = \
ignore\ndisk_error_action = syslog\n"))

(define %default-auditd-configuration-directory
  (computed-file "auditd"
                 #~(begin
                     (mkdir #$output)
                     (copy-file #$auditd.conf
                                (string-append #$output "/auditd.conf")))))

(define-record-type* <auditd-configuration>
  auditd-configuration make-auditd-configuration
  auditd-configuration?
  (audit                   auditd-configuration-audit                          ; file-like
                           (default audit))
  (configuration-directory auditd-configuration-configuration-directory))      ; file-like

(define (auditd-shepherd-service config)
  (let* ((audit (auditd-configuration-audit config))
         (configuration-directory (auditd-configuration-configuration-directory config)))
    (list (shepherd-service
           (documentation "Auditd allows you to audit file system accesses and process execution.")
           (provision '(auditd))
           (start #~(make-forkexec-constructor
                     (list (string-append #$audit "/sbin/auditd") "-c" #$configuration-directory)
                     #:pid-file "/var/run/auditd.pid"))
           (stop #~(make-kill-destructor))))))

(define auditd-service-type
  (service-type (name 'auditd)
                (description "Allows auditing file system accesses and process execution.")
                (extensions
                 (list
                  (service-extension shepherd-root-service-type
                                     auditd-shepherd-service)))
                (default-value
                  (auditd-configuration
                   (configuration-directory %default-auditd-configuration-directory)))))
generated by cgit
4.phpt" "ext/pcre/tests/preg_match_error3.phpt" "ext/pcre/tests/cache_limit.phpt" "ext/sockets/tests/socket_getopt.phpt" "ext/sockets/tests/socket_sendrecvmsg_error.phpt" "ext/standard/tests/general_functions/var_export-locale.phpt" "ext/standard/tests/general_functions/var_export_basic1.phpt" "ext/intl/tests/timezone_getErrorCodeMessage_basic.phpt" "ext/intl/tests/timezone_getOffset_error.phpt" "sapi/cli/tests/cli_process_title_unix.phpt" "sapi/cli/tests/upload_2G.phpt" "Zend/tests/concat_003.phpt"))) '()) ,@(if (target-ppc64le?) ;; Drop tests known to fail on powerpc64le. '((for-each delete-file (list ;; phpdbg watchpoints don't work. ;; Bug tracked upstream at: ;; https://bugs.php.net/bug.php?id=81408 "sapi/phpdbg/tests/watch_001.phpt" "sapi/phpdbg/tests/watch_003.phpt" "sapi/phpdbg/tests/watch_004.phpt" "sapi/phpdbg/tests/watch_005.phpt" "sapi/phpdbg/tests/watch_006.phpt"))) '()) ;; Drop tests that are known to fail. (for-each delete-file '("ext/posix/tests/posix_getgrgid.phpt" ; Requires /etc/group. "ext/posix/tests/posix_getgrnam_basic.phpt" ; Requires /etc/group. "ext/sockets/tests/bug63000.phpt" ; Fails to detect OS. "ext/sockets/tests/socket_shutdown.phpt" ; Requires DNS. "ext/sockets/tests/socket_send.phpt" ; Likewise. "ext/sockets/tests/mcast_ipv4_recv.phpt" ; Requires multicast. ;; These needs /etc/services. "ext/standard/tests/general_functions/getservbyname_basic.phpt" "ext/standard/tests/general_functions/getservbyport_basic.phpt" "ext/standard/tests/general_functions/getservbyport_variation1.phpt" ;; And /etc/protocols. "ext/standard/tests/network/getprotobyname_basic.phpt" "ext/standard/tests/network/getprotobynumber_basic.phpt" ;; And exotic locales. "ext/standard/tests/strings/setlocale_basic1.phpt" "ext/standard/tests/strings/setlocale_basic2.phpt" "ext/standard/tests/strings/setlocale_basic3.phpt" "ext/standard/tests/strings/setlocale_variation1.phpt" ;; This failing test is skipped on PHP's Travis CI as it is ;; supposedly inaccurate. "ext/standard/tests/file/disk_free_space_basic.phpt" ;; The following test erroneously expect the link ;; count of a sub-directory to increase compared to ;; its parent. "ext/standard/tests/file/lstat_stat_variation8.phpt" ;; This tests whether microseconds ‘differ enough’ and ;; fails inconsistently on ‘fast’ machines. "ext/date/tests/bug73837.phpt" ;; XXX: These gd tests fails. Likely because our version ;; is different from the (patched) bundled one. ;; Here, gd quits immediately after "fatal libpng error"; while the ;; test expects it to additionally return a "setjmp" error and warning. "ext/gd/tests/bug39780_extern.phpt" "ext/gd/tests/libgd00086_extern.phpt" ;; Extra newline in gd-png output. "ext/gd/tests/bug45799.phpt" ;; Test expects generic "gd warning" but gets the actual function name. "ext/gd/tests/createfromwbmp2_extern.phpt" ;; This bug should have been fixed in gd 2.2.2. ;; Is it a regression? "ext/gd/tests/bug65148.phpt" ;; This bug should have been fixed in the gd 2.2 ;; series. Perhaps a regression introduced by gd ;; 2.3.0? "ext/gd/tests/bug66590.phpt" ;; This bug should have been fixed in the php-5.5 ;; series. Perhaps a regression introduced by gd ;; 2.3.0? "ext/gd/tests/bug70102.phpt" ;; This bug should have been fixed in the php-5.6 ;; series. Perhaps a regression introduced by gd ;; 2.3.0? "ext/gd/tests/bug73869.phpt" ;; Some WebP related tests fail. "ext/gd/tests/webp_basic.phpt" "ext/gd/tests/imagecreatefromstring_webp.phpt" ;; Expected error message, but from the wrong function "ext/gd/tests/bug77269.phpt" ;; TODO: Enable these when libgd is built with xpm support. "ext/gd/tests/xpm2gd.phpt" "ext/gd/tests/xpm2jpg.phpt" "ext/gd/tests/xpm2png.phpt" ;; Whitespace difference, probably caused by a very ;; long store path "ext/gd/tests/bug77479.phpt" ;; Expected invalid XBM but got EOF before image was ;; complete. It's a warning in both cases and test ;; result is the same. "ext/gd/tests/bug77973.phpt" ;; Test expects uninitialized value to be false, but ;; instead gets "resource(5) of type (gd)". "ext/gd/tests/bug79067.phpt" ;; The following test fails with "The image size ;; differs: expected 114x115, got 117x117". "ext/gd/tests/bug79068.phpt" ;; XXX: These iconv tests have the expected outcome, ;; but with different error messages. ;; Expects "illegal character", instead gets "unknown error (84)". "ext/iconv/tests/bug52211.phpt" "ext/iconv/tests/bug60494.phpt" ;; Expects "wrong charset", gets unknown error (22). "ext/iconv/tests/iconv_strlen_error2.phpt" "ext/iconv/tests/iconv_substr_error2.phpt" ;; Expects conversion error, gets "error condition Termsig=11". "ext/iconv/tests/iconv_strpos_error2.phpt" "ext/iconv/tests/iconv_strrpos_error2.phpt" ;; Expects "invalid multibyte sequence" but got ;; "unknown error". "ext/iconv/tests/bug76249.phpt" ;; XXX: These test failures appear legitimate, needs investigation. ;; open_basedir() restriction failure. "ext/curl/tests/bug61948-unix.phpt" ;; Expects a false boolean, gets empty array from glob(). "ext/standard/tests/file/bug41655_1.phpt" "ext/standard/tests/file/glob_variation5.phpt" ;; The test expects an Array, but instead get the contents(?). "ext/gd/tests/bug43073.phpt" ;; imagettftext() returns wrong coordinates. "ext/gd/tests/bug48732-mb.phpt" "ext/gd/tests/bug48732.phpt" ;; Similarly for imageftbbox(). "ext/gd/tests/bug48801-mb.phpt" "ext/gd/tests/bug48801.phpt" ;; Different expected output from imagecolorallocate(). "ext/gd/tests/bug53504.phpt" ;; Wrong image size after scaling an image. "ext/gd/tests/bug73272.phpt" ;; Expects iconv to detect illegal characters, instead gets ;; "unknown error (84)" and heap corruption(!). "ext/iconv/tests/bug48147.phpt" ;; Expects illegal character ".", gets "=?utf-8?Q?." "ext/iconv/tests/bug51250.phpt" ;; iconv throws "buffer length exceeded" on some string checks. "ext/iconv/tests/iconv_mime_encode.phpt" ;; file_get_contents(): iconv stream filter ;; ("ISO-8859-1"=>"UTF-8") unknown error. "ext/standard/tests/file/bug43008.phpt" ;; Table data not created in sqlite(?). "ext/pdo_sqlite/tests/bug_42589.phpt" ;; Expects an Array with 3 preg_matches; gets 0. "ext/pcre/tests/bug79846.phpt" ;; Expects an empty Array; gets one with " " in it. "ext/pcre/tests/bug80118.phpt" ;; Renicing a process fails in the build environment. "ext/standard/tests/general_functions/proc_nice_basic.phpt" ;; Can fail on fast machines? "Zend/tests/bug74093.phpt")) ;; Accomodate two extra openssl errors flanking the expected one: ;; random number generator:RAND_{load,write}_file:Cannot open file ;; This is due to an invalid $HOME, but changing it in the test ;; still prints the first one & changing it globally is overkill. (substitute* "ext/openssl/tests/bug80747.phpt" ((".*error:%s:key size too small.*" match) (string-append "%s\n" match "%s\n"))) ;; Skip tests requiring network access. (setenv "SKIP_ONLINE_TESTS" "1") ;; Without this variable, 'make test' passes regardless of failures. (setenv "REPORT_EXIT_STATUS" "1") ;; Skip tests requiring I/O facilities that are unavailable in the ;; build environment (setenv "SKIP_IO_CAPTURE_TESTS" "1")))) #:test-target "test")) (inputs `(("aspell" ,aspell) ("bzip2" ,bzip2) ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("gd" ,gd) ("gdbm" ,gdbm) ("gmp" ,gmp) ("gnutls" ,gnutls) ("icu4c" ,icu4c) ("libgcrypt" ,libgcrypt) ("libpng" ,libpng) ("libsodium" ,libsodium) ("libxml2" ,libxml2) ("libxslt" ,libxslt) ("libx11" ,libx11) ("libzip" ,libzip) ("oniguruma" ,oniguruma) ("openldap" ,openldap) ("openssl" ,openssl-1.1) ("pcre" ,pcre2) ("postgresql" ,postgresql) ("readline" ,readline) ("sqlite" ,sqlite) ("tidy" ,tidy) ("zlib" ,zlib))) (native-inputs `(("pkg-config" ,pkg-config) ("bison" ,bison) ("gettext" ,gettext-minimal) ("procps" ,procps))) ; for tests (synopsis "PHP programming language") (description "PHP (PHP Hypertext Processor) is a server-side (CGI) scripting language designed primarily for web development but is also used as a general-purpose programming language. PHP code may be embedded into HTML code, or it can be used in combination with various web template systems, web content management systems and web frameworks." ) (license (list (license:non-copyleft "file://LICENSE") ; The PHP license. (license:non-copyleft "file://Zend/LICENSE") ; The Zend license. license:lgpl2.1 ; ext/mbstring/libmbfl license:lgpl2.1+ ; ext/bcmath/libbcmath license:bsd-2 ; ext/fileinfo/libmagic license:expat)))) ; ext/date/lib