diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-11-03 20:58:24 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-11-03 21:51:28 +0100 |
commit | 875c2e220e2611165e09051c4747971811f1de58 (patch) | |
tree | 495219c8dce12b59ea2ad0d1bc72f3e4bea6db4d /units | |
parent | 8457f8d6ac7adc6c6ef31378e6e7761cce522141 (diff) |
journald: if available pull audit messages from the kernel into journal logs
Diffstat (limited to 'units')
-rw-r--r-- | units/systemd-journald-audit.socket | 18 | ||||
-rw-r--r-- | units/systemd-journald.service.in | 6 |
2 files changed, 21 insertions, 3 deletions
diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket new file mode 100644 index 000000000..ce849da04 --- /dev/null +++ b/units/systemd-journald-audit.socket @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Audit Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +[Socket] +Service=systemd-journald.service +ReceiveBuffer=128M +ListenNetlink=audit 1 +PassCredentials=yes diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 4de38fad5..7ee67fd00 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -10,17 +10,17 @@ Description=Journal Service Documentation=man:systemd-journald.service(8) man:journald.conf(5) DefaultDependencies=no Requires=systemd-journald.socket -After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket +After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket Before=sysinit.target [Service] -Sockets=systemd-journald.socket systemd-journald-dev-log.socket +Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket ExecStart=@rootlibexecdir@/systemd-journald Restart=always RestartSec=0 NotifyAccess=all StandardOutput=null -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE WatchdogSec=1min # Increase the default a bit in order to allow many simultaneous |