2020-11-01 18:48:40 +01:00
|
|
|
import ./make-test-python.nix (
|
|
|
|
|
{ pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
name = "systemd-journal";
|
2021-01-10 20:08:30 +01:00
|
|
|
meta = with pkgs.lib.maintainers; {
|
2020-11-01 18:48:40 +01:00
|
|
|
maintainers = [ lewo ];
|
|
|
|
|
};
|
|
|
|
|
|
2025-02-07 14:10:48 +01:00
|
|
|
nodes.machine = {
|
|
|
|
|
environment.systemPackages = [ pkgs.audit ];
|
|
|
|
|
};
|
|
|
|
|
nodes.auditd = {
|
|
|
|
|
security.auditd.enable = true;
|
2025-02-24 16:33:06 -05:00
|
|
|
security.audit.enable = true;
|
2025-02-07 14:10:48 +01:00
|
|
|
environment.systemPackages = [ pkgs.audit ];
|
2025-02-24 16:33:06 -05:00
|
|
|
boot.kernel.sysctl."kernel.printk_ratelimit" = 0;
|
|
|
|
|
boot.kernelParams = [ "audit_backlog_limit=8192" ];
|
2025-02-07 14:10:48 +01:00
|
|
|
};
|
|
|
|
|
nodes.journaldAudit = {
|
|
|
|
|
services.journald.audit = true;
|
2025-02-24 16:33:06 -05:00
|
|
|
security.audit.enable = true;
|
2025-02-07 14:10:48 +01:00
|
|
|
environment.systemPackages = [ pkgs.audit ];
|
2025-02-24 16:33:06 -05:00
|
|
|
boot.kernel.sysctl."kernel.printk_ratelimit" = 0;
|
|
|
|
|
boot.kernelParams = [ "audit_backlog_limit=8192" ];
|
2025-02-07 14:10:48 +01:00
|
|
|
};
|
2020-11-01 18:48:40 +01:00
|
|
|
|
|
|
|
|
testScript = ''
|
|
|
|
|
machine.wait_for_unit("multi-user.target")
|
2020-12-26 17:03:34 +01:00
|
|
|
machine.succeed("journalctl --grep=systemd")
|
2025-02-07 14:10:48 +01:00
|
|
|
|
|
|
|
|
with subtest("no audit messages"):
|
|
|
|
|
machine.fail("journalctl _TRANSPORT=audit --grep 'unit=systemd-journald'")
|
|
|
|
|
machine.fail("journalctl _TRANSPORT=kernel --grep 'unit=systemd-journald'")
|
|
|
|
|
|
|
|
|
|
with subtest("auditd enabled"):
|
|
|
|
|
auditd.wait_for_unit("multi-user.target")
|
|
|
|
|
|
|
|
|
|
# logs should end up in the journald
|
|
|
|
|
auditd.succeed("journalctl _TRANSPORT=audit --grep 'unit=systemd-journald'")
|
|
|
|
|
# logs should end up in the auditd audit log
|
|
|
|
|
auditd.succeed("grep 'unit=systemd-journald' /var/log/audit/audit.log")
|
|
|
|
|
# logs should not end up in kmesg
|
|
|
|
|
machine.fail("journalctl _TRANSPORT=kernel --grep 'unit=systemd-journald'")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with subtest("journald audit"):
|
|
|
|
|
journaldAudit.wait_for_unit("multi-user.target")
|
|
|
|
|
|
|
|
|
|
# logs should end up in the journald
|
|
|
|
|
journaldAudit.succeed("journalctl _TRANSPORT=audit --grep 'unit=systemd-journald'")
|
|
|
|
|
# logs should NOT end up in audit log
|
|
|
|
|
journaldAudit.fail("grep 'unit=systemd-journald' /var/log/audit/audit.log")
|
|
|
|
|
# FIXME: If systemd fixes #15324 this test will start failing.
|
|
|
|
|
# You can fix this text by removing the below line.
|
|
|
|
|
# logs ideally should NOT end up in kmesg, but they do due to
|
|
|
|
|
# https://github.com/systemd/systemd/issues/15324
|
|
|
|
|
journaldAudit.succeed("journalctl _TRANSPORT=kernel --grep 'unit=systemd-journald'")
|
2020-11-01 18:48:40 +01:00
|
|
|
'';
|
|
|
|
|
}
|
|
|
|
|
)
|
