3 # auditd This starts and stops auditd
5 # chkconfig: 2345 18 82
6 # description: This starts the Linux Auditing System Daemon, \
7 # which collects security related events in a dedicated \
8 # audit log. If this daemon is turned off, audit events \
9 # will be sent to syslog.
12 # config: /etc/sysconfig/auditd
13 # config: /etc/audit/auditd.conf
14 # pidfile: /var/run/auditd.pid
16 PATH=/sbin:/bin:/usr/bin:/usr/sbin
18 # Source function library
19 . /etc/rc.d/init.d/functions
21 AUDITD_CLEAN_STOP="yes"
22 AUDITD_STOP_DISABLE="yes"
24 AUDIT_RULES=/etc/audit/audit.rules
26 # Get service config - may override defaults
27 [ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd
30 if [ -f /var/lock/subsys/auditd ]; then
31 msg_already_running auditd
37 # Localization for auditd is controlled in /etc/synconfig/auditd
38 if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
39 unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
42 LC_TIME="$AUDITD_LANG"
44 LC_MESSAGES="$AUDITD_LANG"
45 LC_NUMERIC="$AUDITD_LANG"
46 LC_MONETARY="$AUDITD_LANG"
47 LC_COLLATE="$AUDITD_LANG"
48 export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
50 unset HOME MAIL USER USERNAME
51 daemon /sbin/auditd "$EXTRAOPTIONS"
53 # Load the default rules if daemon started
54 if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
55 # Prepare the default rules
56 if is_yes "$USE_AUGENRULES"; then
59 # Load the default rules
60 /sbin/auditctl -R $AUDIT_RULES >/dev/null
62 # add error code, if it was an error
63 [ $rc -ne 0 ] && RETVAL=$rc
65 [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
69 if [ ! -f /var/lock/subsys/auditd ]; then
70 msg_not_running auditd
76 rm -f /var/lock/subsys/auditd
77 # Remove watches so shutdown works cleanly
78 if ! is_no "$AUDITD_CLEAN_STOP"; then
79 /sbin/auditctl -D >/dev/null
81 if ! is_no "$AUDITD_STOP_DISABLE"; then
82 /sbin/auditctl -e 0 >/dev/null
87 if [ ! -f /var/lock/subsys/auditd ]; then
88 msg_not_running auditd
98 if [ ! -f /var/lock/subsys/auditd ]; then
99 msg_not_running auditd
132 msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"