In case anyone has as much trouble as I do following instructions, here is my /etc/systemd/system/auditd.service file excerpt, which enables the auditd to start a bit later, especially after disabling ipV6 in the kernel command options. Just showing the changed part. I first copied the entire file from /usr/lib/systemd/system/auditd.service.
HTH, LCB #cat /etc/systemd/system/auditd.service [Unit] Description=Security Auditing Service DefaultDependencies=no ## If auditd.conf has tcp_listen_port enabled, copy this file to ## /etc/systemd/system/auditd.service and add network-online.target ## to the next line so it waits for the network to start before launching. After=network-online.target local-fs.target systemd-tmpfiles-setup.service #Conflicts=shutdown.target #Before=sysinit.target shutdown.target Before=shutdown.target Conflicts=shutdown.target RefuseManualStop=yes ConditionKernelCommandLine=!audit=0 Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation ... -- Lenny Bruzenak MagitekLTD -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
