update

2024-11-27 05:11:30 +00:00 · 2024-07-30 15:22:57 +03:00 · 2024-07-30 15:22:57 +03:00 · fca4b2d3ee
parent a3b514b391
commit fca4b2d3ee
2 changed files with 4 additions and 45 deletions
--- a/flake.lock
+++ b/flake.lock
@ -28,11 +28,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1722312464,
-        "narHash": "sha256-+nbgcYTYNuIzIheQyRbxHK2hGy0xP8hyc6dDpjpD3Rc=",
+        "lastModified": 1722342143,
+        "narHash": "sha256-n8L2sBYCm0M7/Murq4hhPLoefRo9lbAQKaflGy8Mk7o=",
        "ref": "add_monitoring_prometheus",
-        "rev": "bd2fae2e6d014384cd216dda3f9365ec94b8298e",
-        "revCount": 1472,
+        "rev": "806c3052ff08d85f737191946a43a79aa0f626cb",
+        "revCount": 1473,
        "type": "git",
        "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git"
      },
--- a/sp-modules/monitoring/module.nix
+++ b/sp-modules/monitoring/module.nix
@ -23,34 +23,6 @@ in
        ];
      };
    };
-    security.auditd.enable = true;
-    security.audit.enable = true;
-    security.audit.rules = [
-      "-w /root -p war -k root"
-      "-w /root/.ssh -p wa -k rootkey"
-      "-w /etc/nixos -p w -k nixosconfig"
-      "-w /etc/selfprivacy.nix -p w -k selfprivacyfolder"
-      "-a always,exclude -F msgtype=CWD"
-      "-a always,exclude -F msgtype=PATH"
-      # "-a exit,always -F arch=b64 -S execve"
-      "-a always,exit -F arch=b64 -S kexec_load -k KEXEC"
-      "-a always,exit -F arch=b64 -S mknod -S mknodat -k specialfiles"
-      "-a always,exit -F arch=b64 -S mount -S umount2 -F auid!=-1 -k mount"
-      "-a always,exit -F arch=b64 -S swapon -S swapoff -F auid!=-1 -k swap"
-      "-a always,exit -F arch=b64 -S adjtimex -S settimeofday -S clock_settime -k time"
-      "-w /etc/group -p wa -k etcgroup"
-      "-w /etc/passwd -p wa -k etcpasswd"
-      "-w /etc/shadow -k etcpasswd"
-      "-w /etc/sudoers -p wa -k actions"
-      "-a always,exit -F arch=b64 -S sethostname -S setdomainname -k network_modifications"
-      "-a always,exit -F arch=b64 -S open -F dir=/etc -F success=0 -k unauthedfileaccess"
-      "-a always,exit -F arch=b64 -S open -F dir=/bin -F success=0 -k unauthedfileaccess"
-      "-a always,exit -F arch=b64 -S open -F dir=/usr/bin -F success=0 -k unauthedfileaccess"
-      "-a always,exit -F arch=b64 -S open -F dir=/var -F success=0 -k unauthedfileaccess"
-      "-a always,exit -F arch=b64 -S open -F dir=/home -F success=0 -k unauthedfileaccess"
-      "-a always,exit -F arch=b64 -S open -F dir=/srv -F success=0 -k unauthedfileaccess"
-
-    ];
    services.cadvisor = {
      enable = true;
      port = 9003;
@ -84,19 +56,6 @@ in
        }
      ];
    };
-    services.logrotate = {
-      enable = true;
-      settings = {
-        "/var/log/audit/audit.log" = {
-          rotate = 7;
-          compress = true;
-          missingok = true;
-          notifempty = true;
-          sharedscripts = true;
-          postrotate = "systemctl kill -s USR1 auditd.service";
-        };
-      };
-    };
    systemd = {
      services = {
        prometheus.serviceConfig.Slice = "monitoring.slice";