xref: /OK3568_Linux_fs/yocto/meta-openembedded/meta-oe/recipes-security/audit/audit/auditd.service (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1[Unit]
2Description=Security Auditing Service
3DefaultDependencies=no
4After=local-fs.target systemd-tmpfiles-setup.service
5Before=sysinit.target shutdown.target
6Conflicts=shutdown.target
7ConditionKernelCommandLine=!audit=0
8
9[Service]
10Type=forking
11PIDFile=/run/auditd.pid
12ExecStart=/sbin/auditd
13## To use augenrules, uncomment the next line and comment/delete the auditctl line.
14## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
15#ExecStartPost=-/sbin/augenrules --load
16ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
17# By default we don't clear the rules on exit.
18# To enable this, uncomment the next line.
19#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
20
21### Security Settings ###
22MemoryDenyWriteExecute=true
23LockPersonality=true
24ProtectControlGroups=true
25ProtectKernelModules=true
26
27[Install]
28WantedBy=multi-user.target
29