diff options
Diffstat (limited to 'nixpkgs/nixos/modules/security/auditd.nix')
-rw-r--r-- | nixpkgs/nixos/modules/security/auditd.nix | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/security/auditd.nix b/nixpkgs/nixos/modules/security/auditd.nix new file mode 100644 index 000000000000..6abac244dac2 --- /dev/null +++ b/nixpkgs/nixos/modules/security/auditd.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + options.security.auditd.enable = mkEnableOption "the Linux Audit daemon"; + + config = mkIf config.security.auditd.enable { + systemd.services.auditd = { + description = "Linux Audit daemon"; + wantedBy = [ "basic.target" ]; + + unitConfig = { + ConditionVirtualization = "!container"; + ConditionSecurity = [ "audit" ]; + DefaultDependencies = false; + }; + + path = [ pkgs.audit ]; + + serviceConfig = { + ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit"; + ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange"; + }; + }; + }; +} |