| [Unit] |
| Description=Check for CIS Compliance up to level-2 by using CIS Scanner |
| After=chronyd.service |
| Requires=chronyd.service |
| |
| [Service] |
| Type=oneshot |
| RemainAfterExit=True |
| ExecStart=/usr/share/google/security/cis-compliance/scripts/configure.sh |
| # NX feature is mandatory on ARMv8. Therefore, excluded this check from the scanning. |
| ExecStart=/usr/bin/cis_scanner \ |
| --config=/usr/share/google/security/cis-compliance/cis_config.textproto \ |
| --result=/var/lib/google/cis_scanner_scan_result.textproto \ |
| --show-compliant-benchmarks=true \ |
| --max-cis-profile-level=2 \ |
| --benchmark-opt-out-ids=nx-enabled |
| |
| [Install] |
| WantedBy=multi-user.target |