| [Unit] | |
| Description=Check level-1 CIS Compliance by using CIS Scanner | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=True | |
| # NX feature is mandatory on ARMv8. Therefore, excluded this check from the scanning. | |
| ExecStart=/usr/bin/cis_scanner \ | |
| --config=/usr/share/google/security/cis-compliance/cis_config.textproto \ | |
| --result=/var/lib/google/cis_scanner_scan_result.textproto \ | |
| --show-compliant-benchmarks=true \ | |
| --max-cis-profile-level=1 \ | |
| --benchmark-opt-out-ids=nx-enabled | |
| [Install] | |
| WantedBy=multi-user.target |