From 9e55c29185bf9ffe2c7a4485e417493a0fdf4ef0 Mon Sep 17 00:00:00 2001
From: schererleander <leander@schererleander.de>
Date: Tue, 23 Sep 2025 23:25:03 +0200
Subject: feat: setup audit, change openssh settings, install lynis

---
 hosts/sachiel/configuration.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'hosts')

diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix
index 18bcae7..1f898cd 100644
--- a/hosts/sachiel/configuration.nix
+++ b/hosts/sachiel/configuration.nix
@@ -43,6 +43,7 @@
     zoxide
     neovim
     htop
+    lynis
   ];
 
   system.autoUpgrade = {
@@ -78,6 +79,7 @@
     ports = [ 8693 ];
     settings = {
       PasswordAuthentication = false;
+      AllowUsers = [ username ];
       X11Forwarding = false;
       PermitRootLogin = "no";
     };
@@ -143,6 +145,10 @@
   };
 
   security.auditd.enable = true;
+  security.audit = {
+    enable = true;
+    rules = [ "-a exit,always -F arch=b64 -S execve" ];
+  };
 
   networking.firewall = {
     allowPing = false;
-- 
cgit v1.3.1