docs: Add instruction on how to run the services

Signed-off-by: Daiki Ueno <[email protected]>

README.md

@@ -37,11 +37,6 @@ $ sudo dnf install kernel-devel
 $ cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/src/bpf
 ```
 
-1. Install the programs with `make install` (optional)
-```console
-$ sudo make install
-```
-
 ## Running
 
 1. Compile the target crypto library with defined tracepoints are enabled
@@ -63,6 +58,45 @@ $ ./src/gnutls-cli --x509cafile=doc/credentials/x509/ca.pem localhost -p 5556
 $ ./src/gnutls-cli --x509cafile=doc/credentials/x509/ca.pem localhost -p 5556 --priority NORMAL:-VERS-TLS1.3
 ```
 
+## Running as system service
+
+1. Install the programs with `make install`
+```console
+$ sudo make install
+```
+1. Create dedicated user and group (e.g., crypto-auditing:crypto-auditing)
+```console
+$ sudo groupadd crypto-auditing
+$ sudo useradd -g crypto-auditing
+```
+1. Modify systemd configuration for agent in `/lib/systemd/system/crypto-auditing-agent.service`:
+```ini
+User=crypto-auditing
+Group=crypto-auditing
+```
+1. Modify systemd configuration for event-broker in `/lib/systemd/system/crypto-auditing-event-broker.socket`:
+```ini
+SocketUser=crypto-auditing
+SocketGroup=crypto-auditing
+SocketMode=0660
+```
+1. Modify agent configuration in `/etc/crypto-auditing/agent.conf`:
+```toml
+library = ["/usr/lib64/libgnutls.so.30"]
+user = "crypto-auditing:crypto-auditing"
+```
+1. Enable agent and event-broker
+```console
+$ sudo systemd daemon-reload
+$ sudo systemctl restart crypto-auditing-agent.service
+$ sudo systemctl start crypto-auditing-event-broker.socket
+```
+1. Connect to event-broker with client
+```console
+$ crypto-auditing-client --scope tls --format json
+$ crypto-auditing-client --scope tls --format cbor --output audit.cborseq
+```
+
 ## Inspecting logs
 
 By default, the log will be stored in `audit.cborseq` in a sequence of