Blame - meta-openembedded/meta-oe/recipes-security/audit/audit/auditd.service - openbmc/openbmc

blob: 06c63f0e5ed8c9765793b71b69514e872ed250ca [file] [log] [blame]

William A. Kennington III	b95905d	2021-06-02 12:40:56 -0700	[diff] [blame]	1	[Unit]
				2	Description=Security Auditing Service
				3	DefaultDependencies=no
				4	After=local-fs.target systemd-tmpfiles-setup.service
				5	Before=sysinit.target shutdown.target
				6	Conflicts=shutdown.target
				7	ConditionKernelCommandLine=!audit=0
				8
				9	[Service]
				10	Type=forking
				11	PIDFile=/run/auditd.pid
				12	ExecStart=/sbin/auditd
				13	## To use augenrules, uncomment the next line and comment/delete the auditctl line.
				14	## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
				15	#ExecStartPost=-/sbin/augenrules --load
				16	ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
				17	# By default we don't clear the rules on exit.
				18	# To enable this, uncomment the next line.
				19	#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
				20
				21	### Security Settings ###
				22	MemoryDenyWriteExecute=true
				23	LockPersonality=true
				24	ProtectControlGroups=true
				25	ProtectKernelModules=true
				26
				27	[Install]
				28	WantedBy=multi-user.target