feat: set ACL's
This commit is contained in:
parent
f47e95c61d
commit
534dabca19
GPG key ID:
36F93D61BAD3FD7D
1 changed files with 15 additions and 0 deletions
|
|
@ -47,6 +47,21 @@ in {
|
|||
# might not be required
|
||||
networking.firewall.allowedTCPPorts = [8089];
|
||||
|
||||
# need to set access controls
|
||||
systemd.tmpfiles.rules = [
|
||||
"a /var/log - - - - u:splunk:rx"
|
||||
"a /var/log/auth.log - - - - splunk:r"
|
||||
"a /var/log/messages - - - - u:splunk:r"
|
||||
"a /var/log/secure - - - - u:splunk:r"
|
||||
"a /var/log/audit - - - - u:splunk:rx"
|
||||
"a /var/log/audit.log - - - - u:splunk:r"
|
||||
"a /var/log/audit/audit.log - - - - u:splunk:r"
|
||||
"a /root - - - - u:splunk:rx"
|
||||
"a /root/.bash_history - - - - u:splunk:r"
|
||||
"a /home/* - - - - u:splunk:rx"
|
||||
"a /home/*/.bash_history - - - - u:splunk:r"
|
||||
];
|
||||
|
||||
# set up the core files
|
||||
systemd.services."${name}_prestart" = {
|
||||
wantedBy = [
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue