[packages/audit.git] / auditd.init

#!/bin/sh
#
# auditd	This starts and stops auditd
#
# chkconfig: 2345 18 82
# description: This starts the Linux Auditing System Daemon, \
#              which collects security related events in a dedicated \
#              audit log. If this daemon is turned off, audit events \
#              will be sent to syslog.
#
# processname: auditd
# config: /etc/sysconfig/auditd
# config: /etc/audit/auditd.conf
# pidfile: /var/run/auditd.pid

PATH=/sbin:/bin:/usr/bin:/usr/sbin

# Source function library
. /etc/rc.d/init.d/functions

AUDITD_CLEAN_STOP="yes"
AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
AUDIT_RULES=/etc/audit/audit.rules

# Get service config - may override defaults
[ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd

start() {
	if [ -f /var/lock/subsys/auditd ]; then
		msg_already_running auditd
		return
	fi

	local rc
	msg_starting auditd
	# Localization for auditd is controlled in /etc/synconfig/auditd
	if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
		unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	else
		LANG="$AUDITD_LANG"
		LC_TIME="$AUDITD_LANG"
		LC_ALL="$AUDITD_LANG"
		LC_MESSAGES="$AUDITD_LANG"
		LC_NUMERIC="$AUDITD_LANG"
		LC_MONETARY="$AUDITD_LANG"
		LC_COLLATE="$AUDITD_LANG"
		export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	fi
	unset HOME MAIL USER USERNAME
	daemon /sbin/auditd "$EXTRAOPTIONS"
	RETVAL=$?
	# Load the default rules if daemon started
	if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
		# Prepare the default rules
		if is_yes "$USE_AUGENRULES"; then
			/sbin/augenrules
		fi
		# Load the default rules
		/sbin/auditctl -R $AUDIT_RULES >/dev/null
		rc=$?
		# add error code, if it was an error
		[ $rc -ne 0 ] && RETVAL=$rc
	fi
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
}

stop() {
	if [ ! -f /var/lock/subsys/auditd ]; then
		msg_not_running auditd
		return
	fi

	msg_stopping auditd
	killproc auditd
	rm -f /var/lock/subsys/auditd
	# Remove watches so shutdown works cleanly
	if ! is_no "$AUDITD_CLEAN_STOP"; then
		/sbin/auditctl -D >/dev/null
	fi
	if ! is_no "$AUDITD_STOP_DISABLE"; then
		/sbin/auditctl -e 0 >/dev/null
	fi
}

condrestart() {
	if [ ! -f /var/lock/subsys/auditd ]; then
		msg_not_running auditd
		RETVAL=$1
		return
	fi

	stop
	start
}

reload() {
	if [ ! -f /var/lock/subsys/auditd ]; then
		msg_not_running auditd
		RETVAL=7
		return
	fi

	msg_reloading auditd
	killproc auditd -HUP
	RETVAL=$?
}

RETVAL=0
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart)
	stop
	start
	;;
  try-restart)
	condrestart 0
	;;
  reload|force-reload)
	reload
	;;
  status)
	status auditd
	RETVAL=$?
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
	RETVAL=3
esac

exit $RETVAL
Commit	Line	Data
11fba1fa JB	1	#!/bin/sh
11fba1fa JB	2	#
43c48577	3	# auditd This starts and stops auditd
11fba1fa	4	#
8f8af021	5	# chkconfig: 2345 18 82
49caa03e JB	6	# description: This starts the Linux Auditing System Daemon, \
	7	# which collects security related events in a dedicated \
	8	# audit log. If this daemon is turned off, audit events \
	9	# will be sent to syslog.
11fba1fa	10	#
eb091ca6	11	# processname: auditd
11fba1fa	12	# config: /etc/sysconfig/auditd
49caa03e	13	# config: /etc/audit/auditd.conf
11fba1fa JB	14	# pidfile: /var/run/auditd.pid
11fba1fa JB	15
43c48577 ER	16	PATH=/sbin:/bin:/usr/bin:/usr/sbin
43c48577 ER	17
11fba1fa JB	18	# Source function library
	19	. /etc/rc.d/init.d/functions
	20
738da8d6 JR	21	AUDITD_CLEAN_STOP="yes"
738da8d6 JR	22	AUDITD_STOP_DISABLE="yes"
11fba1fa	23	EXTRAOPTIONS=
c66cc7b2	24	AUDIT_RULES=/etc/audit/audit.rules
11fba1fa JB	25
	26	# Get service config - may override defaults
	27	[ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd
	28
4c844ee0	29	start() {
e15c234e	30	if [ -f /var/lock/subsys/auditd ]; then
11fba1fa	31	msg_already_running auditd
e15c234e	32	return
11fba1fa	33	fi
e15c234e	34
43c48577	35	local rc
e15c234e	36	msg_starting auditd
738da8d6 JR	37	# Localization for auditd is controlled in /etc/synconfig/auditd
	38	if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
	39	unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	40	else
	41	LANG="$AUDITD_LANG"
	42	LC_TIME="$AUDITD_LANG"
	43	LC_ALL="$AUDITD_LANG"
	44	LC_MESSAGES="$AUDITD_LANG"
	45	LC_NUMERIC="$AUDITD_LANG"
	46	LC_MONETARY="$AUDITD_LANG"
	47	LC_COLLATE="$AUDITD_LANG"
	48	export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	49	fi
e15c234e ER	50	unset HOME MAIL USER USERNAME
	51	daemon /sbin/auditd "$EXTRAOPTIONS"
	52	RETVAL=$?
43c48577 ER	53	# Load the default rules if daemon started
43c48577 ER	54	if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
738da8d6 JR	55	# Prepare the default rules
	56	if is_yes "$USE_AUGENRULES"; then
	57	/sbin/augenrules
	58	fi
	59	# Load the default rules
43c48577 ER	60	/sbin/auditctl -R $AUDIT_RULES >/dev/null
	61	rc=$?
	62	# add error code, if it was an error
	63	[ $rc -ne 0 ] && RETVAL=$rc
	64	fi
e15c234e	65	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
4c844ee0 JB	66	}
	67
	68	stop() {
e15c234e	69	if [ ! -f /var/lock/subsys/auditd ]; then
11fba1fa	70	msg_not_running auditd
e15c234e ER	71	return
	72	fi
	73
	74	msg_stopping auditd
	75	killproc auditd
	76	rm -f /var/lock/subsys/auditd
	77	# Remove watches so shutdown works cleanly
	78	if ! is_no "$AUDITD_CLEAN_STOP"; then
	79	/sbin/auditctl -D >/dev/null
11fba1fa	80	fi
738da8d6 JR	81	if ! is_no "$AUDITD_STOP_DISABLE"; then
	82	/sbin/auditctl -e 0 >/dev/null
	83	fi
4c844ee0 JB	84	}
	85
	86	condrestart() {
e15c234e	87	if [ ! -f /var/lock/subsys/auditd ]; then
4c844ee0 JB	88	msg_not_running auditd
4c844ee0 JB	89	RETVAL=$1
e15c234e	90	return
4c844ee0	91	fi
e15c234e ER	92
	93	stop
	94	start
	95	}
	96
	97	reload() {
	98	if [ ! -f /var/lock/subsys/auditd ]; then
	99	msg_not_running auditd
	100	RETVAL=7
	101	return
	102	fi
	103
	104	msg_reloading auditd
	105	killproc auditd -HUP
	106	RETVAL=$?
4c844ee0 JB	107	}
	108
	109	RETVAL=0
	110	case "$1" in
	111	start)
	112	start
	113	;;
	114	stop)
	115	stop
11fba1fa JB	116	;;
11fba1fa JB	117	restart)
4c844ee0 JB	118	stop
	119	start
	120	;;
	121	try-restart)
	122	condrestart 0
11fba1fa JB	123	;;
11fba1fa JB	124	reload\|force-reload)
e15c234e	125	reload
11fba1fa JB	126	;;
	127	status)
	128	status auditd
	129	RETVAL=$?
	130	;;
	131	*)
4c844ee0	132	msg_usage "$0 {start\|stop\|restart\|try-restart\|reload\|force-reload\|status}"
11fba1fa JB	133	RETVAL=3
	134	esac
	135
	136	exit $RETVAL