It should be possible, but only if you give it the appropriate capabilities to process and set the config file permissions/owner. Those permissions will depend on what features you are using. It's needs a lot of permissions to be able to monitor everything.
For file integrity, it needs to be able read any files that it's monitoring.
For the system module it's a little more complicated. The system/network dataset requires several permissions. The error you posted should be addressed by adding CAP_SETPCAP capability. Then the modules uses perf to monitor the network and processes so it probably needs CAP_SYSADMIN.
For adding capabilties with systemd see systemd.exec.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.