diff options
| author | schererleander <leander@schererleander.de> | 2025-09-23 23:25:03 +0200 |
|---|---|---|
| committer | schererleander <leander@schererleander.de> | 2025-09-23 23:25:30 +0200 |
| commit | 9e55c29185bf9ffe2c7a4485e417493a0fdf4ef0 (patch) | |
| tree | 26b1b928c2d0c52202e94e726fcb2209e7c3954c /hosts/sachiel | |
| parent | e5e89eddb35eda00e32a9570f9a04ca303617776 (diff) | |
feat: setup audit, change openssh settings, install lynis
Diffstat (limited to 'hosts/sachiel')
| -rw-r--r-- | hosts/sachiel/configuration.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix index 18bcae7..1f898cd 100644 --- a/hosts/sachiel/configuration.nix +++ b/hosts/sachiel/configuration.nix @@ -43,6 +43,7 @@ zoxide neovim htop + lynis ]; system.autoUpgrade = { @@ -78,6 +79,7 @@ ports = [ 8693 ]; settings = { PasswordAuthentication = false; + AllowUsers = [ username ]; X11Forwarding = false; PermitRootLogin = "no"; }; @@ -143,6 +145,10 @@ }; security.auditd.enable = true; + security.audit = { + enable = true; + rules = [ "-a exit,always -F arch=b64 -S execve" ]; + }; networking.firewall = { allowPing = false; |