]>
Commit | Line | Data |
---|---|---|
11fba1fa JB |
1 | #!/bin/sh |
2 | # | |
43c48577 | 3 | # auditd This starts and stops auditd |
11fba1fa | 4 | # |
8f8af021 | 5 | # chkconfig: 2345 18 82 |
11fba1fa JB |
6 | # description: This starts the Linux Auditing System Daemon |
7 | # | |
eb091ca6 | 8 | # processname: auditd |
11fba1fa JB |
9 | # config: /etc/sysconfig/auditd |
10 | # config: /etc/auditd.conf | |
11 | # pidfile: /var/run/auditd.pid | |
12 | ||
43c48577 ER |
13 | PATH=/sbin:/bin:/usr/bin:/usr/sbin |
14 | ||
11fba1fa JB |
15 | # Source function library |
16 | . /etc/rc.d/init.d/functions | |
17 | ||
738da8d6 JR |
18 | AUDITD_CLEAN_STOP="yes" |
19 | AUDITD_STOP_DISABLE="yes" | |
11fba1fa | 20 | EXTRAOPTIONS= |
c66cc7b2 | 21 | AUDIT_RULES=/etc/audit/audit.rules |
11fba1fa JB |
22 | |
23 | # Get service config - may override defaults | |
24 | [ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd | |
25 | ||
4c844ee0 | 26 | start() { |
e15c234e | 27 | if [ -f /var/lock/subsys/auditd ]; then |
11fba1fa | 28 | msg_already_running auditd |
e15c234e | 29 | return |
11fba1fa | 30 | fi |
e15c234e | 31 | |
43c48577 | 32 | local rc |
e15c234e | 33 | msg_starting auditd |
738da8d6 JR |
34 | # Localization for auditd is controlled in /etc/synconfig/auditd |
35 | if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then | |
36 | unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE | |
37 | else | |
38 | LANG="$AUDITD_LANG" | |
39 | LC_TIME="$AUDITD_LANG" | |
40 | LC_ALL="$AUDITD_LANG" | |
41 | LC_MESSAGES="$AUDITD_LANG" | |
42 | LC_NUMERIC="$AUDITD_LANG" | |
43 | LC_MONETARY="$AUDITD_LANG" | |
44 | LC_COLLATE="$AUDITD_LANG" | |
45 | export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE | |
46 | fi | |
e15c234e ER |
47 | unset HOME MAIL USER USERNAME |
48 | daemon /sbin/auditd "$EXTRAOPTIONS" | |
49 | RETVAL=$? | |
43c48577 ER |
50 | # Load the default rules if daemon started |
51 | if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then | |
738da8d6 JR |
52 | # Prepare the default rules |
53 | if is_yes "$USE_AUGENRULES"; then | |
54 | /sbin/augenrules | |
55 | fi | |
56 | # Load the default rules | |
43c48577 ER |
57 | /sbin/auditctl -R $AUDIT_RULES >/dev/null |
58 | rc=$? | |
59 | # add error code, if it was an error | |
60 | [ $rc -ne 0 ] && RETVAL=$rc | |
61 | fi | |
e15c234e | 62 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd |
4c844ee0 JB |
63 | } |
64 | ||
65 | stop() { | |
e15c234e | 66 | if [ ! -f /var/lock/subsys/auditd ]; then |
11fba1fa | 67 | msg_not_running auditd |
e15c234e ER |
68 | return |
69 | fi | |
70 | ||
71 | msg_stopping auditd | |
72 | killproc auditd | |
73 | rm -f /var/lock/subsys/auditd | |
74 | # Remove watches so shutdown works cleanly | |
75 | if ! is_no "$AUDITD_CLEAN_STOP"; then | |
76 | /sbin/auditctl -D >/dev/null | |
11fba1fa | 77 | fi |
738da8d6 JR |
78 | if ! is_no "$AUDITD_STOP_DISABLE"; then |
79 | /sbin/auditctl -e 0 >/dev/null | |
80 | fi | |
4c844ee0 JB |
81 | } |
82 | ||
83 | condrestart() { | |
e15c234e | 84 | if [ ! -f /var/lock/subsys/auditd ]; then |
4c844ee0 JB |
85 | msg_not_running auditd |
86 | RETVAL=$1 | |
e15c234e | 87 | return |
4c844ee0 | 88 | fi |
e15c234e ER |
89 | |
90 | stop | |
91 | start | |
92 | } | |
93 | ||
94 | reload() { | |
95 | if [ ! -f /var/lock/subsys/auditd ]; then | |
96 | msg_not_running auditd | |
97 | RETVAL=7 | |
98 | return | |
99 | fi | |
100 | ||
101 | msg_reloading auditd | |
102 | killproc auditd -HUP | |
103 | RETVAL=$? | |
4c844ee0 JB |
104 | } |
105 | ||
106 | RETVAL=0 | |
107 | case "$1" in | |
108 | start) | |
109 | start | |
110 | ;; | |
111 | stop) | |
112 | stop | |
11fba1fa JB |
113 | ;; |
114 | restart) | |
4c844ee0 JB |
115 | stop |
116 | start | |
117 | ;; | |
118 | try-restart) | |
119 | condrestart 0 | |
11fba1fa JB |
120 | ;; |
121 | reload|force-reload) | |
e15c234e | 122 | reload |
11fba1fa JB |
123 | ;; |
124 | status) | |
125 | status auditd | |
126 | RETVAL=$? | |
127 | ;; | |
128 | *) | |
4c844ee0 | 129 | msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}" |
11fba1fa JB |
130 | RETVAL=3 |
131 | esac | |
132 | ||
133 | exit $RETVAL |