security: enable audit logging of program launch
This commit is contained in:
parent
173678734c
commit
d33b8f05ee
2 changed files with 11 additions and 0 deletions
7
audit.nix
Normal file
7
audit.nix
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
security.auditd.enable = true;
|
||||||
|
security.audit.enable = true;
|
||||||
|
security.audit.rules = [
|
||||||
|
"-a exit,always -F arch=b64 -S execve"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
@ -5,10 +5,14 @@ in
|
||||||
{ lib, ... }: {
|
{ lib, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./audit.nix
|
||||||
|
|
||||||
./openssh.nix
|
./openssh.nix
|
||||||
./tailscale.nix
|
./tailscale.nix
|
||||||
|
|
||||||
./firewall.nix
|
./firewall.nix
|
||||||
./fail2ban.nix
|
./fail2ban.nix
|
||||||
|
|
||||||
./borgbackup.nix
|
./borgbackup.nix
|
||||||
|
|
||||||
./ftp.nix
|
./ftp.nix
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue