From d33b8f05ee6bf37e16f39cee6c890008e6d31ec8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kha=C3=AFs=20COLIN?= <khais.colin@gmail.com>
Date: Fri, 30 Aug 2024 14:20:29 +0200
Subject: [PATCH] security: enable audit logging of program launch

---
 audit.nix         | 7 +++++++
 configuration.nix | 4 ++++
 2 files changed, 11 insertions(+)
 create mode 100644 audit.nix

diff --git a/audit.nix b/audit.nix
new file mode 100644
index 0000000..eed35c2
--- /dev/null
+++ b/audit.nix
@@ -0,0 +1,7 @@
+{
+  security.auditd.enable = true;
+  security.audit.enable = true;
+  security.audit.rules = [
+    "-a exit,always -F arch=b64 -S execve"
+  ];
+}
diff --git a/configuration.nix b/configuration.nix
index b77def7..4009c67 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -5,10 +5,14 @@ in
 { lib, ... }: {
   imports = [
     ./hardware-configuration.nix
+    ./audit.nix
+
     ./openssh.nix
     ./tailscale.nix
+
     ./firewall.nix
     ./fail2ban.nix
+
     ./borgbackup.nix
 
     ./ftp.nix