nixos/auditd: init at 2.7.6 (#27261)
#11864 Support Linux audit subsystem Add the auditd.service as NixOS module to be able to generate profiles from /var/log/audit/audit.log with apparmor-utils. auditd needs the folder /var/log/audit to be present on start so this is generated in ExecPreStart. auditd starts with -s nochange so that effective audit processing is managed by the audit.service.wip/yesman
parent
466e7e23c6
commit
ebaff599ba
@ -0,0 +1,26 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
{ |
||||
options.security.auditd.enable = mkEnableOption "the Linux Audit daemon"; |
||||
|
||||
config = mkIf config.security.auditd.enable { |
||||
systemd.services.auditd = { |
||||
description = "Linux Audit daemon"; |
||||
wantedBy = [ "basic.target" ]; |
||||
|
||||
unitConfig = { |
||||
ConditionVirtualization = "!container"; |
||||
ConditionSecurity = [ "audit" ]; |
||||
}; |
||||
|
||||
path = [ pkgs.audit ]; |
||||
|
||||
serviceConfig = { |
||||
ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit"; |
||||
ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
Loading…
Reference in new issue