• Christian Rebischke's avatar
    [service]: Activated different security features and disabled logfile · eef17741
    Christian Rebischke authored
    There is no need for a call like `usr/bin/sh -c 'arch-audit -uq >
    /tmp/arch-audit.log'` journald will log every output to STDOUT, STDERR
    etc. The logfile for arch-audit will be `journalctl -u
    arch-audit.service`.
    
    I've also activated a few security features that systemd provides:
    
    * PrivateTmp (arch-audit will have an own /tmp dir)
    * ProtectSystem=full (arch-audit will have no write access to /usr /boot
    or /etc)
    * ProtectHome (arch-audit will have no access to user /homes/)
    * PrivateDevices (arch audit will have no access to devices like
    /dev/sda, only to a few dummy devices like /dev/urandom etc)
    eef17741
Name
Last commit
Last update
..
arch-audit.service Loading commit data...
arch-audit.timer Loading commit data...