meta-oe/recipes-security/audit/audit/auditd.service


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

[Unit]
Description=Security Auditing Service
DefaultDependencies=no
After=local-fs.target systemd-tmpfiles-setup.service
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
ConditionKernelCommandLine=!audit=0

[Service]
Type=forking
PIDFile=/run/auditd.pid
ExecStart=/sbin/auditd
## To use augenrules, uncomment the next line and comment/delete the auditctl line.
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
#ExecStartPost=-/sbin/augenrules --load
ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
# By default we don't clear the rules on exit.
# To enable this, uncomment the next line.
#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules

### Security Settings ###
MemoryDenyWriteExecute=true
LockPersonality=true
ProtectControlGroups=true
ProtectKernelModules=true

[Install]
WantedBy=multi-user.target