William A. Kennington III | b95905d | 2021-06-02 12:40:56 -0700 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=Security Auditing Service |
| 3 | DefaultDependencies=no |
| 4 | After=local-fs.target systemd-tmpfiles-setup.service |
| 5 | Before=sysinit.target shutdown.target |
| 6 | Conflicts=shutdown.target |
| 7 | ConditionKernelCommandLine=!audit=0 |
| 8 | |
| 9 | [Service] |
| 10 | Type=forking |
| 11 | PIDFile=/run/auditd.pid |
| 12 | ExecStart=/sbin/auditd |
| 13 | ## To use augenrules, uncomment the next line and comment/delete the auditctl line. |
| 14 | ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ |
| 15 | #ExecStartPost=-/sbin/augenrules --load |
| 16 | ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules |
| 17 | # By default we don't clear the rules on exit. |
| 18 | # To enable this, uncomment the next line. |
| 19 | #ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules |
| 20 | |
| 21 | ### Security Settings ### |
| 22 | MemoryDenyWriteExecute=true |
| 23 | LockPersonality=true |
| 24 | ProtectControlGroups=true |
| 25 | ProtectKernelModules=true |
| 26 | |
| 27 | [Install] |
| 28 | WantedBy=multi-user.target |