Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/auditd: init at 2.7.6 #27261

Merged
merged 3 commits into from
Jul 9, 2017
Merged

nixos/auditd: init at 2.7.6 #27261

merged 3 commits into from
Jul 9, 2017
+27 −0

Conversation

calbrecht
Copy link
Member

@calbrecht calbrecht commented Jul 9, 2017
edited
Loading

#11864 Support Linux audit subsystem
Add the auditd.service as NixOS module to be able to
generate profiles from /var/log/audit/audit.log
with apparmor-utils.

auditd needs the folder /var/log/audit to be present on start
so this is generated in ExecPreStart.

auditd starts with -s nochange so that effective audit processing
is managed by the audit.service.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@mention-bot
Copy link

@calbrecht, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @bjornfor and @offlinehacker to be potential reviewers.

Mic92
Mic92 reviewed Jul 9, 2017
View reviewed changes
nixos/modules/security/auditd.nix Outdated
options = {
security.auditd = {
enable = mkOption {
type = types.enum [ false true ];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

types.bool is more appropriate here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah sorry :) copy pasta

calbrecht added 2 commits July 9, 2017 18:21
@calbrecht
nixos/auditd: init at 2.7.6
4bb403c 
NixOS#11864 Support Linux audit subsystem
Add the auditd.service as NixOS module to be able to
generate profiles from /var/log/audit/audit.log
with apparmor-utils.

auditd needs the folder /var/log/audit to be present on start
so this is generated in ExecPreStart.

auditd starts with -s nochange so that effective audit processing
is managed by the audit.service.
@calbrecht
nixos/auditd: init at 2.7.6 NixOS#27261
59c0d16 
types.bool because there is nothing enum in it
@calbrecht calbrecht force-pushed the upstream-auditd-11864 branch from 032bb61 to 59c0d16 Compare July 9, 2017 16:21
@Mic92 Mic92 merged commit ebaff59 into NixOS:master Jul 9, 2017
@calbrecht
Copy link
Member Author

@Mic92 thanks :)

@calbrecht calbrecht deleted the upstream-auditd-11864 branch July 9, 2017 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@calbrecht @mention-bot @Mic92