diff options
Diffstat (limited to 'meta-oe/recipes-security/audit/audit/auditd.service')
-rw-r--r-- | meta-oe/recipes-security/audit/audit/auditd.service | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-security/audit/audit/auditd.service b/meta-oe/recipes-security/audit/audit/auditd.service new file mode 100644 index 0000000000..06c63f0e5e --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/auditd.service @@ -0,0 +1,28 @@ +[Unit] +Description=Security Auditing Service +DefaultDependencies=no +After=local-fs.target systemd-tmpfiles-setup.service +Before=sysinit.target shutdown.target +Conflicts=shutdown.target +ConditionKernelCommandLine=!audit=0 + +[Service] +Type=forking +PIDFile=/run/auditd.pid +ExecStart=/sbin/auditd +## To use augenrules, uncomment the next line and comment/delete the auditctl line. +## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ +#ExecStartPost=-/sbin/augenrules --load +ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules +# By default we don't clear the rules on exit. +# To enable this, uncomment the next line. +#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules + +### Security Settings ### +MemoryDenyWriteExecute=true +LockPersonality=true +ProtectControlGroups=true +ProtectKernelModules=true + +[Install] +WantedBy=multi-user.target |