add some audit rules

2025-01-06 16:14:17 +00:00 · 2024-07-30 07:32:41 +03:00 · 2024-07-30 07:32:41 +03:00 · 9d026e0750
parent 6457b5cc9e
commit 9d026e0750
1 changed files with 9 additions and 0 deletions
--- a/sp-modules/monitoring/module.nix
+++ b/sp-modules/monitoring/module.nix
@ -24,6 +24,15 @@ in
      };
    };
    security.auditd.enable = true;
+    security.audit.enable = true;
+    security.audit.rules = [
+      "-w /root -p war -k root"
+      "-w /etc/nixos -p w -k nixos_config"
+      "-w /etc/selfprivacy.nix -p w -k selfprivacy_folder"
+      "-w /sbin/insmod -p x -k module_insertion"
+      "-w /etc/passwd -p rwxa -k passwd_changes"
+      "-a exit,always -F arch=b64 -S execve"
+    ];
    services.cadvisor = {
      enable = true;
      port = 9003;