summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorDanny Milosavljevic <dannym@scratchpost.org>2019-06-04 09:27:43 +0200
committerDanny Milosavljevic <dannym@scratchpost.org>2019-06-06 22:23:35 +0200
commit07023ebc1892a559cad1f80235a4afb0955b29ab (patch)
treef6af29e13e89e0b79840f133219c2150bbcb350c /doc
parent850f7873452a8936c5cdb5206aac728e18c44d4c (diff)
downloadguix-07023ebc1892a559cad1f80235a4afb0955b29ab.tar.gz
services: Add auditd.
* gnu/services/auditd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi49
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 996255d9dc..bdfe14c724 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24114,6 +24114,55 @@ The Containerd package to use.
 @end table
 @end deftp
 
+@cindex Audit
+@subsubheading Auditd Service
+
+The @code{(gnu services auditd)} module provides the following service.
+
+@defvr {Scheme Variable} auditd-service-type
+
+This is the type of the service that runs
+@url{https://people.redhat.com/sgrubb/audit/,auditd},
+a daemon that tracks security-relevant information on your system.
+
+Examples of things that can be tracked:
+
+@enumerate
+@item
+File accesses
+@item
+System calls
+@item
+Invoked commands
+@item
+Failed login attempts
+@item
+Firewall filtering
+@item
+Network access
+@end enumerate
+
+@command{auditctl} from the @code{audit} package can be used in order
+to add or remove events to be tracked (until the next reboot).
+In order to permanently track events, put the command line arguments
+of auditctl into @file{/etc/audit/audit.rules}.
+@command{aureport} from the @code{audit} package can be used in order
+to view a report of all recorded events.
+The audit daemon usually logs into the directory @file{/var/log/audit}.
+
+@end defvr
+
+@deftp {Data Type} auditd-configuration
+This is the data type representing the configuration of auditd.
+
+@table @asis
+
+@item @code{audit} (default: @code{audit})
+The audit package to use.
+
+@end table
+@end deftp
+
 @node Setuid Programs
 @section Setuid Programs