Alexander Ried
d91365d714
audit module: only enable service if kernel has audit ( #19569 )
2016-10-15 16:03:41 +02:00
Tuomas Tynkkynen
16b3e26da4
audit: Disable by default
...
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311 ) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710 ).
2016-08-31 23:15:41 +03:00
Tuomas Tynkkynen
5eff0b990c
audit service: Explicitly call auditctl to disable everything
...
Otherwise, journald might be starting auditing.
Some reading:
- https://fedorahosted.org/fesco/ticket/1311
- https://github.com/systemd/systemd/issues/959
- 64f83d3087
2016-08-31 23:15:32 +03:00
Eelco Dolstra
2352e2589e
audit: Disable in containers
...
This barfs:
Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
2016-01-26 16:25:40 +01:00
Dan Peebles
63bfe20b72
security.audit: add NixOS module
...
Part of the way towards #11864 . We still don't have the auditd
userland logging daemon, but journald also tracks audit logs so we
can already use this.
2016-01-07 03:06:10 +00:00