PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`[Unit] Description=Security Auditing Service DefaultDependencies=no ## If auditd is sending or recieving remote logging, copy this file to ## /etc/systemd/system/auditd.service and comment out the first After and ## uncomment the second so that network-online.target is part of After. ## then comment the first Before and uncomment the second Before to remove ## sysinit.target from "Before". After=local-fs.target systemd-tmpfiles-setup.service ##After=network-online.target local-fs.target systemd-tmpfiles-setup.service Before=sysinit.target shutdown.target ##Before=shutdown.target Conflicts=shutdown.target RefuseManualStop=yes ConditionKernelCommandLine=!audit=0 ConditionKernelCommandLine=!audit=off Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation [Service] Type=forking PIDFile=/run/auditd.pid ExecStart=/sbin/auditd ## To not use augenrules, copy this file to /etc/systemd/system/auditd.service ## and comment/delete the next line and uncomment the auditctl line. ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ ExecStartPost=-/sbin/augenrules --load #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules # By default we don't clear the rules on exit. To enable this, uncomment # the next line after copying the file to /etc/systemd/system/auditd.service #ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules Restart=on-failure # Do not restart for intentional exits. See EXIT CODES section in auditd(8). RestartPreventExitStatus=2 4 6 ### Security Settings ### MemoryDenyWriteExecute=true LockPersonality=true # The following control prevents rules on /proc so its off by default #ProtectControlGroups=true ## The following control prevents rules on /usr/lib/modules/ its off by default #ProtectKernelModules=true RestrictRealtime=true [Install] WantedBy=multi-user.target