aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-security/audit/audit/auditd.service
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-security/audit/audit/auditd.service')
-rw-r--r--meta-oe/recipes-security/audit/audit/auditd.service28
1 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-security/audit/audit/auditd.service b/meta-oe/recipes-security/audit/audit/auditd.service
new file mode 100644
index 0000000000..06c63f0e5e
--- /dev/null
+++ b/meta-oe/recipes-security/audit/audit/auditd.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Security Auditing Service
+DefaultDependencies=no
+After=local-fs.target systemd-tmpfiles-setup.service
+Before=sysinit.target shutdown.target
+Conflicts=shutdown.target
+ConditionKernelCommandLine=!audit=0
+
+[Service]
+Type=forking
+PIDFile=/run/auditd.pid
+ExecStart=/sbin/auditd
+## To use augenrules, uncomment the next line and comment/delete the auditctl line.
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
+#ExecStartPost=-/sbin/augenrules --load
+ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
+# By default we don't clear the rules on exit.
+# To enable this, uncomment the next line.
+#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
+
+### Security Settings ###
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+
+[Install]
+WantedBy=multi-user.target
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-05 21:46:19 +0000