audit: Disable by default

Because in its default enabled state it it causes a global performance hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and unwanted spam in dmesg, in particular when using Chromium (https://github.com/NixOS/nixpkgs/issues/13710).
2024-12-26 04:43:09 +03:00 · 2016-08-22 18:11:53 +03:00 · 2016-08-22 18:11:53 +03:00 · 16b3e26da4
commit 16b3e26da4
parent 5eff0b990c
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/security/audit.nix
+++ b/nixos/modules/security/audit.nix
@ -55,7 +55,7 @@ in {
    security.audit = {
      enable = mkOption {
        type        = types.enum [ false true "lock" ];
-        default     = true; # The kernel seems to enable it by default with no rules anyway
+        default     = false;
        description = ''
          Whether to enable the Linux audit system. The special `lock' value can be used to
          enable auditing and prevent disabling it until a restart. Be careful about locking