#!/bin/sh
#
-# auditd This starts and stops auditd
+# auditd This starts and stops auditd
#
-# chkconfig: 2345 18 87
-# description: This starts the Linux Auditing System Daemon
+# chkconfig: 2345 18 82
+# description: This starts the Linux Auditing System Daemon, \
+# which collects security related events in a dedicated \
+# audit log. If this daemon is turned off, audit events \
+# will be sent to syslog.
#
-# processname: /sbin/auditd
+# processname: auditd
# config: /etc/sysconfig/auditd
-# config: /etc/auditd.conf
+# config: /etc/audit/auditd.conf
# pidfile: /var/run/auditd.pid
PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library
. /etc/rc.d/init.d/functions
-AUDITD_CLEAN_STOP=yes
+AUDITD_CLEAN_STOP="yes"
+AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
+AUDIT_RULES=/etc/audit/audit.rules
# Get service config - may override defaults
[ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd
-RETVAL=0
+start() {
+ if [ -f /var/lock/subsys/auditd ]; then
+ msg_already_running auditd
+ return
+ fi
-# See how we were called.
-case "$1" in
- start)
- if [ ! -f /var/lock/subsys/auditd ]; then
- # show "Starting %s service" auditd
- msg_starting auditd
- unset HOME MAIL USER USERNAME
- daemon auditd "$EXTRAOPTIONS"
- RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
- # Load the default rules
- [ -f /etc/audit.rules ] && /sbin/auditctl -R /etc/audit.rules >/dev/null
+ local rc
+ msg_starting auditd
+ # Localization for auditd is controlled in /etc/synconfig/auditd
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
else
- # show "%s service is already running." auditd
- msg_already_running auditd
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
fi
- ;;
- stop)
- if [ -f /var/lock/subsys/auditd ]; then
- # Stop daemons.
- # show "Stopping %s service" auditd
- msg_stopping auditd
- killproc auditd
- rm -f /var/lock/subsys/auditd
- # Remove watches so shutdown works cleanly
- if ! is_no "$AUDITD_CLEAN_STOP"; then
- /sbin/auditctl -D >/dev/null
+ unset HOME MAIL USER USERNAME
+ daemon /sbin/auditd "$EXTRAOPTIONS"
+ RETVAL=$?
+ # Load the default rules if daemon started
+ if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
+ # Prepare the default rules
+ if is_yes "$USE_AUGENRULES"; then
+ /sbin/augenrules
fi
- else
- # show "%s service is not running." auditd
+ # Load the default rules
+ /sbin/auditctl -R $AUDIT_RULES >/dev/null
+ rc=$?
+ # add error code, if it was an error
+ [ $rc -ne 0 ] && RETVAL=$rc
+ fi
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
+}
+
+stop() {
+ if [ ! -f /var/lock/subsys/auditd ]; then
+ msg_not_running auditd
+ return
+ fi
+
+ msg_stopping auditd
+ killproc auditd
+ rm -f /var/lock/subsys/auditd
+ # Remove watches so shutdown works cleanly
+ if ! is_no "$AUDITD_CLEAN_STOP"; then
+ /sbin/auditctl -D >/dev/null
+ fi
+ if ! is_no "$AUDITD_STOP_DISABLE"; then
+ /sbin/auditctl -e 0 >/dev/null
+ fi
+}
+
+condrestart() {
+ if [ ! -f /var/lock/subsys/auditd ]; then
+ msg_not_running auditd
+ RETVAL=$1
+ return
+ fi
+
+ stop
+ start
+}
+
+reload() {
+ if [ ! -f /var/lock/subsys/auditd ]; then
msg_not_running auditd
+ RETVAL=7
+ return
fi
+
+ msg_reloading auditd
+ killproc auditd -HUP
+ RETVAL=$?
+}
+
+RETVAL=0
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
;;
restart)
- $0 stop
- $0 start
- exit $?
+ stop
+ start
+ ;;
+ try-restart)
+ condrestart 0
;;
reload|force-reload)
- if [ -f /var/lock/subsys/auditd ]; then
- # show "Reload %s service" auditd
- msg_reloading auditd
- killproc auditd -HUP
- RETVAL=$?
- else
- # show "%s service is not running." auditd
- msg_not_running auditd >&2
- RETVAL=7
- fi
+ reload
;;
status)
status auditd
RETVAL=$?
;;
*)
- # show "Usage: %s {start|stop|restart|reload|force-reload|status}"
- msg_usage "$0 {start|stop|restart|reload|force-reload|status}"
+ msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
RETVAL=3
esac