From 1fa89834d03983b416fee719d5686f3c8feaff77 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Fri, 5 Sep 2025 22:35:09 +0100
Subject: [PATCH] feat: enabled auditd

---
 applications/itd/splunk/module.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/applications/itd/splunk/module.nix b/applications/itd/splunk/module.nix
index 8500a41..52d0e4b 100644
--- a/applications/itd/splunk/module.nix
+++ b/applications/itd/splunk/module.nix
@@ -62,6 +62,13 @@ in {
        "a /home/*/.bash_history    - - - - u:splunk:r"
     ];
 
+    security.auditd = {
+        enable = true;
+        settings = {
+            log_group = cfg.user.group;
+        };
+    };
+
     # set up the core files
     systemd.services."${name}_prestart" = {
       wantedBy = [