aboutsummaryrefslogtreecommitdiff
path: root/nixpkgs/nixos/modules/security/auditd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/security/auditd.nix')
-rw-r--r--nixpkgs/nixos/modules/security/auditd.nix31
1 files changed, 31 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/security/auditd.nix b/nixpkgs/nixos/modules/security/auditd.nix
new file mode 100644
index 00000000000..9d26cfbcfb1
--- /dev/null
+++ b/nixpkgs/nixos/modules/security/auditd.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
+
+ config = mkIf config.security.auditd.enable {
+ boot.kernelParams = [ "audit=1" ];
+
+ environment.systemPackages = [ pkgs.audit ];
+
+ systemd.services.auditd = {
+ description = "Linux Audit daemon";
+ wantedBy = [ "basic.target" ];
+
+ unitConfig = {
+ ConditionVirtualization = "!container";
+ ConditionSecurity = [ "audit" ];
+ DefaultDependencies = false;
+ };
+
+ path = [ pkgs.audit ];
+
+ serviceConfig = {
+ ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit";
+ ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange";
+ };
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 06:21:06 +0000