Discussion:
auditd starting later in boot sequence, w/o ipV6
(too old to reply)
Lenny Bruzenak
2018-10-16 22:45:16 UTC
Permalink
In case anyone has as much trouble as I do following instructions, here
is my /etc/systemd/system/auditd.service file excerpt, which enables the
auditd to start a bit later, especially after disabling ipV6 in the
kernel command options.  Just showing the changed part. I first copied
the entire file from /usr/lib/systemd/system/auditd.service.

HTH,

LCB


#cat /etc/systemd/system/auditd.service
[Unit]
Description=Security Auditing Service
DefaultDependencies=no
## If auditd.conf has tcp_listen_port enabled, copy this file to
## /etc/systemd/system/auditd.service and add network-online.target
## to the next line so it waits for the network to start before launching.
After=network-online.target local-fs.target systemd-tmpfiles-setup.service
#Conflicts=shutdown.target
#Before=sysinit.target shutdown.target
Before=shutdown.target
Conflicts=shutdown.target
RefuseManualStop=yes
ConditionKernelCommandLine=!audit=0
Documentation=man:auditd(8)
https://github.com/linux-audit/audit-documentation
...
--
Lenny Bruzenak
MagitekLTD
Loading...