blob: 06c63f0e5ed8c9765793b71b69514e872ed250ca [file] [log] [blame]
William A. Kennington IIIb95905d2021-06-02 12:40:56 -07001[Unit]
2Description=Security Auditing Service
3DefaultDependencies=no
4After=local-fs.target systemd-tmpfiles-setup.service
5Before=sysinit.target shutdown.target
6Conflicts=shutdown.target
7ConditionKernelCommandLine=!audit=0
8
9[Service]
10Type=forking
11PIDFile=/run/auditd.pid
12ExecStart=/sbin/auditd
13## To use augenrules, uncomment the next line and comment/delete the auditctl line.
14## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
15#ExecStartPost=-/sbin/augenrules --load
16ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
17# By default we don't clear the rules on exit.
18# To enable this, uncomment the next line.
19#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
20
21### Security Settings ###
22MemoryDenyWriteExecute=true
23LockPersonality=true
24ProtectControlGroups=true
25ProtectKernelModules=true
26
27[Install]
28WantedBy=multi-user.target