nixos/modules/security/auditd.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / auditd.nix

at 17.09-beta 649 B view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5{
 6  options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
 7
 8  config = mkIf config.security.auditd.enable {
 9    systemd.services.auditd = {
10      description = "Linux Audit daemon";
11      wantedBy = [ "basic.target" ];
12
13      unitConfig = {
14        ConditionVirtualization = "!container";
15        ConditionSecurity = [ "audit" ];
16        DefaultDependencies = false;
17      };
18
19      path = [ pkgs.audit ];
20
21      serviceConfig = {
22        ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit";
23        ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange";
24      };
25    };
26  };
27}