#!/bin/sh
#
-# auditd This starts and stops auditd
+# auditd This starts and stops auditd
#
-# chkconfig: 2345 18 87
-# description: This starts the Linux Auditing System Daemon
+# chkconfig: 2345 18 82
+# description: This starts the Linux Auditing System Daemon, \
+# which collects security related events in a dedicated \
+# audit log. If this daemon is turned off, audit events \
+# will be sent to syslog.
#
# processname: auditd
# config: /etc/sysconfig/auditd
-# config: /etc/auditd.conf
+# config: /etc/audit/auditd.conf
# pidfile: /var/run/auditd.pid
PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library
. /etc/rc.d/init.d/functions
-AUDITD_CLEAN_STOP=yes
+AUDITD_CLEAN_STOP="yes"
+AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
+AUDIT_RULES=/etc/audit/audit.rules
# Get service config - may override defaults
[ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd
start() {
- if [ ! -f /var/lock/subsys/auditd ]; then
- msg_starting auditd
- unset HOME MAIL USER USERNAME
- daemon /sbin/auditd "$EXTRAOPTIONS"
- RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
- # Load the default rules
- [ -f /etc/audit.rules ] && /sbin/auditctl -R /etc/audit.rules >/dev/null
- else
+ if [ -f /var/lock/subsys/auditd ]; then
msg_already_running auditd
+ return
fi
+
+ local rc
+ msg_starting auditd
+ # Localization for auditd is controlled in /etc/synconfig/auditd
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ else
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ fi
+ unset HOME MAIL USER USERNAME
+ daemon /sbin/auditd "$EXTRAOPTIONS"
+ RETVAL=$?
+ # Load the default rules if daemon started
+ if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
+ # Prepare the default rules
+ if is_yes "$USE_AUGENRULES"; then
+ /sbin/augenrules
+ fi
+ # Load the default rules
+ /sbin/auditctl -R $AUDIT_RULES >/dev/null
+ rc=$?
+ # add error code, if it was an error
+ [ $rc -ne 0 ] && RETVAL=$rc
+ fi
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
}
stop() {
- if [ -f /var/lock/subsys/auditd ]; then
- msg_stopping auditd
- killproc auditd
- rm -f /var/lock/subsys/auditd
- # Remove watches so shutdown works cleanly
- if ! is_no "$AUDITD_CLEAN_STOP"; then
- /sbin/auditctl -D >/dev/null
- fi
- else
+ if [ ! -f /var/lock/subsys/auditd ]; then
msg_not_running auditd
+ return
+ fi
+
+ msg_stopping auditd
+ killproc auditd
+ rm -f /var/lock/subsys/auditd
+ # Remove watches so shutdown works cleanly
+ if ! is_no "$AUDITD_CLEAN_STOP"; then
+ /sbin/auditctl -D >/dev/null
+ fi
+ if ! is_no "$AUDITD_STOP_DISABLE"; then
+ /sbin/auditctl -e 0 >/dev/null
fi
}
condrestart() {
- if [ -f /var/lock/subsys/auditd ]; then
- stop
- start
- else
+ if [ ! -f /var/lock/subsys/auditd ]; then
msg_not_running auditd
RETVAL=$1
+ return
+ fi
+
+ stop
+ start
+}
+
+reload() {
+ if [ ! -f /var/lock/subsys/auditd ]; then
+ msg_not_running auditd
+ RETVAL=7
+ return
fi
+
+ msg_reloading auditd
+ killproc auditd -HUP
+ RETVAL=$?
}
RETVAL=0
condrestart 0
;;
reload|force-reload)
- if [ -f /var/lock/subsys/auditd ]; then
- msg_reloading auditd
- killproc auditd -HUP
- RETVAL=$?
- else
- msg_not_running auditd
- RETVAL=7
- fi
+ reload
;;
status)
status auditd