arch-audit.service

This unit is provided by:

https://archlinux.org/packages/community/x86_64/arch-audit/

Options

[Install]
- WantedBy=multi-user.target
[Service]
- AmbientCapabilities=
- CPUAccounting=yes
- CapabilityBoundingSet=
- DevicePolicy=closed
- DynamicUser=yes
- ExecStart=/usr/bin/arch-audit -u
- Group=arch-audit
- IPAddressDeny=localhost
- LockPersonalityIntroduced in systemd 235=yes
- MemoryAccounting=yes
- MemoryDenyWriteExecuteIntroduced in systemd 231=yes
- NoNewPrivilegesIntroduced in systemd 239=yes
- PrivateDevicesIntroduced in systemd 209=yes
- PrivateTmp=yes
- PrivateUsers=yes
- ProcSubsetIntroduced in systemd 247=pid
- ProtectClockIntroduced in systemd 245=yes
- ProtectControlGroupsIntroduced in systemd 232=true true
- ProtectHomeIntroduced in systemd 214=yes
- ProtectHostnameIntroduced in systemd 242=yes
- ProtectKernelLogsIntroduced in systemd 244=yes
- ProtectKernelModulesIntroduced in systemd 232=yes
- ProtectKernelTunablesIntroduced in systemd 232=yes
- ProtectProcIntroduced in systemd 247=invisible
- ProtectSystemIntroduced in systemd 214=strict
- RemoveIPCIntroduced in systemd 232=yes
- RestrictAddressFamilies=AF_INET AF_INET6
- RestrictNamespacesIntroduced in systemd 233=yes
- RestrictRealtimeIntroduced in systemd 231=yes
- RestrictSUIDSGIDIntroduced in systemd 242=yes
- SystemCallArchitectures=native
- SystemCallFilter=~@clock ~@cpu-emulation ~@debug ~@module ~@mount ~@obsolete ~@privileged ~@raw-io ~@reboot ~@resources ~@swap
- Type=oneshot
- UMask=077
- User=arch-audit
[Unit]
- After=network-online.target
- Description=Audit installed packages against known vulnerabilities
- Wants=network-online.target

Additionnal notes

Nothing here.