| [Unit] |
| Description=Security Auditing Service |
| DefaultDependencies=no |
| After=local-fs.target systemd-tmpfiles-setup.service |
| Before=sysinit.target shutdown.target |
| Conflicts=shutdown.target |
| ConditionKernelCommandLine=!audit=0 |
| |
| [Service] |
| Type=forking |
| PIDFile=/run/auditd.pid |
| ExecStart=/sbin/auditd |
| ## To use augenrules, uncomment the next line and comment/delete the auditctl line. |
| ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ |
| #ExecStartPost=-/sbin/augenrules --load |
| ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules |
| # By default we don't clear the rules on exit. |
| # To enable this, uncomment the next line. |
| #ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules |
| |
| ### Security Settings ### |
| MemoryDenyWriteExecute=true |
| LockPersonality=true |
| ProtectControlGroups=true |
| ProtectKernelModules=true |
| |
| [Install] |
| WantedBy=multi-user.target |