diff options
author | Danny Milosavljevic <dannym@scratchpost.org> | 2019-06-04 09:27:43 +0200 |
---|---|---|
committer | Danny Milosavljevic <dannym@scratchpost.org> | 2019-06-06 22:23:35 +0200 |
commit | 07023ebc1892a559cad1f80235a4afb0955b29ab (patch) | |
tree | f6af29e13e89e0b79840f133219c2150bbcb350c /doc | |
parent | 850f7873452a8936c5cdb5206aac728e18c44d4c (diff) | |
download | guix-07023ebc1892a559cad1f80235a4afb0955b29ab.tar.gz |
services: Add auditd.
* gnu/services/auditd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 996255d9dc..bdfe14c724 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24114,6 +24114,55 @@ The Containerd package to use. @end table @end deftp +@cindex Audit +@subsubheading Auditd Service + +The @code{(gnu services auditd)} module provides the following service. + +@defvr {Scheme Variable} auditd-service-type + +This is the type of the service that runs +@url{https://people.redhat.com/sgrubb/audit/,auditd}, +a daemon that tracks security-relevant information on your system. + +Examples of things that can be tracked: + +@enumerate +@item +File accesses +@item +System calls +@item +Invoked commands +@item +Failed login attempts +@item +Firewall filtering +@item +Network access +@end enumerate + +@command{auditctl} from the @code{audit} package can be used in order +to add or remove events to be tracked (until the next reboot). +In order to permanently track events, put the command line arguments +of auditctl into @file{/etc/audit/audit.rules}. +@command{aureport} from the @code{audit} package can be used in order +to view a report of all recorded events. +The audit daemon usually logs into the directory @file{/var/log/audit}. + +@end defvr + +@deftp {Data Type} auditd-configuration +This is the data type representing the configuration of auditd. + +@table @asis + +@item @code{audit} (default: @code{audit}) +The audit package to use. + +@end table +@end deftp + @node Setuid Programs @section Setuid Programs |