about summary refs log tree commit diff
path: root/nixos/modules/security
diff options
context:
space:
mode:
authorTuomas Tynkkynen <tuomas@tuxera.com>2016-08-22 18:11:53 +0300
committerTuomas Tynkkynen <tuomas@tuxera.com>2016-08-31 23:15:41 +0300
commit16b3e26da4455c6d3f876639ce27ce6cd40d6895 (patch)
tree363c1f17ffb34dcdb538738b1a06438d848e49c4 /nixos/modules/security
parent5eff0b990cb2f2a9492b31f825679608d5f09d19 (diff)
audit: Disable by default
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710).
Diffstat (limited to 'nixos/modules/security')
-rw-r--r--nixos/modules/security/audit.nix2
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/audit.nix b/nixos/modules/security/audit.nix
index 8d70811b01c76..ebfe594d0c718 100644
--- a/nixos/modules/security/audit.nix
+++ b/nixos/modules/security/audit.nix
@@ -55,7 +55,7 @@ in {
     security.audit = {
       enable = mkOption {
         type        = types.enum [ false true "lock" ];
-        default     = true; # The kernel seems to enable it by default with no rules anyway
+        default     = false;
         description = ''
           Whether to enable the Linux audit system. The special `lock' value can be used to
           enable auditing and prevent disabling it until a restart. Be careful about locking
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-19 01:54:17 +0000