diff --git a/GNUmakefile b/GNUmakefile index 3fdb0cd..be7b44a 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -3,7 +3,6 @@ RELEASE ?= 0 TARGETDIR ?= target -CONFFILE ?= agent/agent.conf ifeq ($(RELEASE),1) PROFILE ?= release @@ -17,8 +16,13 @@ systemdsystemunitdir := $(shell pkg-config systemd --variable=systemdsystemunitd programs = \ ${TARGETDIR}/${PROFILE}/crypto-auditing-agent \ + ${TARGETDIR}/${PROFILE}/crypto-auditing-event-broker \ ${TARGETDIR}/${PROFILE}/crypto-auditing-log-parser +conffiles = \ + dist/conf/agent.conf \ + dist/conf/event-broker.conf + .PHONY: all all: $(programs) @@ -30,15 +34,24 @@ $(programs): agent/src/bpf/vmlinux.h .PHONY: install install: all - mkdir -p /etc/crypto-auditing/ - cp ${CONFFILE} /etc/crypto-auditing/agent.conf + for f in $(conffiles); do \ + install -D -m 644 -S .orig -t /etc/crypto-auditing "$$f"; \ + done for f in $(programs); do \ install -D -t ${DESTDIR}/usr/bin "$$f"; \ done install -D -m 644 -t ${DESTDIR}$(systemdsystemunitdir) dist/systemd/system/crypto-auditing-agent.service + install -D -m 644 -t ${DESTDIR}$(systemdsystemunitdir) dist/systemd/system/crypto-auditing-event-broker.service + install -d ${DESTDIR}/var/lib/crypto-auditing + install -d ${DESTDIR}/var/log/crypto-auditing # This only runs tests without TPM access. See tests/run.sh for # running full testsuite with swtpm. .PHONY: check check: all cargo test --target-dir="${TARGETDIR}" + +.PHONY: clean +clean: + cargo clean + rm -f agent/src/bpf/vmlinux.h diff --git a/agent/agent.conf b/dist/conf/agent.conf similarity index 53% rename from agent/agent.conf rename to dist/conf/agent.conf index a52edc2..46747ef 100644 --- a/agent/agent.conf +++ b/dist/conf/agent.conf @@ -1,5 +1,5 @@ # library = ["/usr/lib64/libgnutls.so.30", "/usr/lib64/libssl.so.3"] -# log_file = /var/log/crypto-auditing/agent.log -# user = crypto-auditing-agent:crypto-auditing-agent +# log_file = "/var/log/crypto-auditing/audit.cborseq" +# user = "crypto-auditing:crypto-auditing" # coalesce_window = 100 # max_events = 1000000 \ No newline at end of file diff --git a/dist/conf/event-broker.conf b/dist/conf/event-broker.conf new file mode 100644 index 0000000..affcdc1 --- /dev/null +++ b/dist/conf/event-broker.conf @@ -0,0 +1,2 @@ +# log_file = "/var/log/crypto-auditing/audit.cborseq" +# socket_path = "/var/lib/crypto-auditing/audit.sock" diff --git a/dist/systemd/system/crypto-auditing-agent.service b/dist/systemd/system/crypto-auditing-agent.service index 808a98c..445738e 100644 --- a/dist/systemd/system/crypto-auditing-agent.service +++ b/dist/systemd/system/crypto-auditing-agent.service @@ -3,7 +3,6 @@ Description=Event collector agent for crypto-auditing project StartLimitInterval=10s StartLimitBurst=5 After=local-fs.target systemd-tmpfiles-setup.service -Before=sysinit.target shutdown.target [Service] ExecStart=/usr/bin/crypto-auditing-agent diff --git a/dist/systemd/system/crypto-auditing-event-broker.service b/dist/systemd/system/crypto-auditing-event-broker.service new file mode 100644 index 0000000..a11a6b2 --- /dev/null +++ b/dist/systemd/system/crypto-auditing-event-broker.service @@ -0,0 +1,18 @@ +[Unit] +Description=Event broker service for crypto-auditing project +StartLimitInterval=10s +StartLimitBurst=5 +After=crypto-auditing-agent.service + +[Service] +ExecStart=/usr/bin/crypto-auditing-event-broker +ExecStopPost=rm -f /var/lib/crypto-auditing/audit.sock +KillSignal=SIGINT +TimeoutSec=60s +Restart=on-failure +RestartSec=120s +# User=crypto-auditing +# Group=crypto-auditing + +[Install] +WantedBy=default.target