From 9d026e0750836728c86f897d77222e4d3c097e5f Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Tue, 30 Jul 2024 07:32:41 +0300
Subject: [PATCH] add some audit rules

---
 sp-modules/monitoring/module.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sp-modules/monitoring/module.nix b/sp-modules/monitoring/module.nix
index cfaf9d6..758c6c6 100644
--- a/sp-modules/monitoring/module.nix
+++ b/sp-modules/monitoring/module.nix
@@ -24,6 +24,15 @@ in
       };
     };
     security.auditd.enable = true;
+    security.audit.enable = true;
+    security.audit.rules = [
+      "-w /root -p war -k root"
+      "-w /etc/nixos -p w -k nixos_config"
+      "-w /etc/selfprivacy.nix -p w -k selfprivacy_folder"
+      "-w /sbin/insmod -p x -k module_insertion"
+      "-w /etc/passwd -p rwxa -k passwd_changes"
+      "-a exit,always -F arch=b64 -S execve"
+    ];
     services.cadvisor = {
       enable = true;
       port = 9003;