diff --git a/audit.nix b/audit.nix
new file mode 100644
index 0000000..eed35c2
--- /dev/null
+++ b/audit.nix
@@ -0,0 +1,7 @@
+{
+  security.auditd.enable = true;
+  security.audit.enable = true;
+  security.audit.rules = [
+    "-a exit,always -F arch=b64 -S execve"
+  ];
+}
diff --git a/configuration.nix b/configuration.nix
index b77def7..4009c67 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -5,10 +5,14 @@ in
 { lib, ... }: {
   imports = [
     ./hardware-configuration.nix
+    ./audit.nix
+
     ./openssh.nix
     ./tailscale.nix
+
     ./firewall.nix
     ./fail2ban.nix
+
     ./borgbackup.nix
 
     ./ftp.nix