auditd starting later in boot sequence, w/o ipV6
Lenny Bruzenak
lenny at magitekltd.com
Tue Oct 16 22:45:16 UTC 2018
In case anyone has as much trouble as I do following instructions, here
is my /etc/systemd/system/auditd.service file excerpt, which enables the
auditd to start a bit later, especially after disabling ipV6 in the
kernel command options. Just showing the changed part. I first copied
the entire file from /usr/lib/systemd/system/auditd.service.
HTH,
LCB
#cat /etc/systemd/system/auditd.service
[Unit]
Description=Security Auditing Service
DefaultDependencies=no
## If auditd.conf has tcp_listen_port enabled, copy this file to
## /etc/systemd/system/auditd.service and add network-online.target
## to the next line so it waits for the network to start before launching.
After=network-online.target local-fs.target systemd-tmpfiles-setup.service
#Conflicts=shutdown.target
#Before=sysinit.target shutdown.target
Before=shutdown.target
Conflicts=shutdown.target
RefuseManualStop=yes
ConditionKernelCommandLine=!audit=0
Documentation=man:auditd(8)
https://github.com/linux-audit/audit-documentation
...
--
Lenny Bruzenak
MagitekLTD
More information about the Linux-audit
mailing list