Add systemd unit

truenas · Dec 24, 2024 · 19f4a7b · 19f4a7b
1 parent c74bd59
commit 19f4a7b
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/debian/rules b/debian/rules
@@ -12,6 +12,8 @@ override_dh_auto_install:
 		cp -a plugins/* debian/trueans-audit-rules/conf/audit_plugins/; \
 		mkdir -p debian/truenas-audit-rules/usr/local/libexec/; \
 		cp -a scripts/* debian/truenas-audit-rules/usr/local/libexec/; \
+		mkdir -p debian/truenas-audit-rules/lib/systemd/system/'; \
+		cp -a systemd/* debian/truenas-audit-rules/lib/systemd/system/; \
 	"
 
 override_dh_fixperms:

diff --git a/systemd/truenas_auditd_handler.service b/systemd/truenas_auditd_handler.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=TrueNAS Auditd Handler
+DefaultDependencies=no
+
+# Restart this service concurrently with auditd
+PartOf=auditd.service
+
+[Service]
+type=exec
+ExecStart=/usr/local/libexec/truenas_audit_handler.py
+SendSIGKILL=no
+Restart=on-failure
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+
+[Install]
+WantedBy=multi-user.target