diff --git a/sp-modules/monitoring/module.nix b/sp-modules/monitoring/module.nix
index 758c6c6..7126f53 100644
--- a/sp-modules/monitoring/module.nix
+++ b/sp-modules/monitoring/module.nix
@@ -27,11 +27,27 @@ in
     security.audit.enable = true;
     security.audit.rules = [
       "-w /root -p war -k root"
-      "-w /etc/nixos -p w -k nixos_config"
-      "-w /etc/selfprivacy.nix -p w -k selfprivacy_folder"
-      "-w /sbin/insmod -p x -k module_insertion"
-      "-w /etc/passwd -p rwxa -k passwd_changes"
+      "-w /root/.ssh -p wa -k rootkey"
+      "-w /etc/nixos -p w -k nixosconfig"
+      "-w /etc/selfprivacy.nix -p w -k selfprivacyfolder"
       "-a exit,always -F arch=b64 -S execve"
+      "-a always,exit -F arch=b64 -S kexec_load -k KEXEC"
+      "-a always,exit -F arch=b64 -S mknod -S mknodat -k specialfiles"
+      "-a always,exit -F arch=b64 -S mount -S umount2 -F auid!=-1 -k mount"
+      "-a always,exit -F arch=b64 -S swapon -S swapoff -F auid!=-1 -k swap"
+      "-a always,exit -F arch=b64 -F uid!=ntp -S adjtimex -S settimeofday -S clock_settime -k time"
+      "-w /etc/group -p wa -k etcgroup"
+      "-w /etc/passwd -p wa -k etcpasswd"
+      "-w /etc/shadow -k etcpasswd"
+      "-w /etc/sudoers -p wa -k actions"
+      "-a always,exit -F arch=b64 -S sethostname -S setdomainname -k network_modifications"
+      "-a always,exit -F arch=b64 -S open -F dir=/etc -F success=0 -k unauthedfileaccess"
+      "-a always,exit -F arch=b64 -S open -F dir=/bin -F success=0 -k unauthedfileaccess"
+      "-a always,exit -F arch=b64 -S open -F dir=/usr/bin -F success=0 -k unauthedfileaccess"
+      "-a always,exit -F arch=b64 -S open -F dir=/var -F success=0 -k unauthedfileaccess"
+      "-a always,exit -F arch=b64 -S open -F dir=/home -F success=0 -k unauthedfileaccess"
+      "-a always,exit -F arch=b64 -S open -F dir=/srv -F success=0 -k unauthedfileaccess"
+
     ];
     services.cadvisor = {
       enable = true;
@@ -66,6 +82,19 @@ in
         }
       ];
     };
+    services.logrotate = {
+      enable = true;
+      settings = {
+        "/var/log/audit/audit.log" = {
+          rotate = 7;
+          compress = true;
+          missingok = true;
+          notifempty = true;
+          sharedscripts = true;
+          postrotate = "systemctl kill -s USR1 auditd.service";
+        };
+      };
+    };
     systemd = {
       services = {
         prometheus.serviceConfig.Slice = "monitoring.slice";