1 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-security/audit/audit/auditd.service b/meta-oe/recipes-security/audit/audit/auditd.service
new file mode 100644
index 000000000..06c63f0e5
--- /dev/null
+++ b/meta-oe/recipes-security/audit/audit/auditd.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Security Auditing Service
+DefaultDependencies=no
+After=local-fs.target systemd-tmpfiles-setup.service
+Before=sysinit.target shutdown.target
+Conflicts=shutdown.target
+ConditionKernelCommandLine=!audit=0
+[Service]
+Type=forking
+PIDFile=/run/auditd.pid
+ExecStart=/sbin/auditd
+## To use augenrules, uncomment the next line and comment/delete the auditctl line.
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
+#ExecStartPost=-/sbin/augenrules --load
+ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
+# By default we don't clear the rules on exit.
+# To enable this, uncomment the next line.
+#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
+### Security Settings ###
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+[Install]
+WantedBy=multi-user.target

diff --git a/meta-oe/recipes-security/audit/audit/auditd.service b/meta-oe/recipes-security/audit/audit/auditd.service new file mode 100644 index 000000000..06c63f0e5 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/auditd.service
@@ -0,0 +1,28 @@
	1	[Unit]
	2	Description=Security Auditing Service
	3	DefaultDependencies=no
	4	After=local-fs.target systemd-tmpfiles-setup.service
	5	Before=sysinit.target shutdown.target
	6	Conflicts=shutdown.target
	7	ConditionKernelCommandLine=!audit=0
	8
	9	[Service]
	10	Type=forking
	11	PIDFile=/run/auditd.pid
	12	ExecStart=/sbin/auditd
	13	## To use augenrules, uncomment the next line and comment/delete the auditctl line.
	14	## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
	15	#ExecStartPost=-/sbin/augenrules --load
	16	ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
	17	# By default we don't clear the rules on exit.
	18	# To enable this, uncomment the next line.
	19	#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
	20
	21	### Security Settings ###
	22	MemoryDenyWriteExecute=true
	23	LockPersonality=true
	24	ProtectControlGroups=true
	25	ProtectKernelModules=true
	26
	27	[Install]
	28	WantedBy=multi-user.target