- updated to 3.1.2; flexible array workaround already in code

[packages/audit.git] / auditd.init

#!/bin/sh
#
# auditd        This starts and stops auditd
#
# chkconfig: 2345 18 82
# description: This starts the Linux Auditing System Daemon, \
#              which collects security related events in a dedicated \
#              audit log. If this daemon is turned off, audit events \
#              will be sent to syslog.
#
# processname: auditd
# config: /etc/sysconfig/auditd
# config: /etc/audit/auditd.conf
# pidfile: /var/run/auditd.pid

PATH=/sbin:/bin:/usr/bin:/usr/sbin

# Source function library
. /etc/rc.d/init.d/functions

AUDITD_CLEAN_STOP="yes"
AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
AUDIT_RULES=/etc/audit/audit.rules

# Get service config - may override defaults
[ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd

start() {
        if [ -f /var/lock/subsys/auditd ]; then
                msg_already_running auditd
                return
        fi

        local rc
        msg_starting auditd
        # Localization for auditd is controlled in /etc/synconfig/auditd
        if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
                unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
        else
                LANG="$AUDITD_LANG"
                LC_TIME="$AUDITD_LANG"
                LC_ALL="$AUDITD_LANG"
                LC_MESSAGES="$AUDITD_LANG"
                LC_NUMERIC="$AUDITD_LANG"
                LC_MONETARY="$AUDITD_LANG"
                LC_COLLATE="$AUDITD_LANG"
                export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
        fi
        unset HOME MAIL USER USERNAME
        daemon /sbin/auditd "$EXTRAOPTIONS"
        RETVAL=$?
        # Load the default rules if daemon started
        if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
                # Prepare the default rules
                if is_yes "$USE_AUGENRULES"; then
                        /sbin/augenrules
                fi
                # Load the default rules
                /sbin/auditctl -R $AUDIT_RULES >/dev/null
                rc=$?
                # add error code, if it was an error
                [ $rc -ne 0 ] && RETVAL=$rc
        fi
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
}

stop() {
        if [ ! -f /var/lock/subsys/auditd ]; then
                msg_not_running auditd
                return
        fi

        msg_stopping auditd
        killproc auditd
        rm -f /var/lock/subsys/auditd
        # Remove watches so shutdown works cleanly
        if ! is_no "$AUDITD_CLEAN_STOP"; then
                /sbin/auditctl -D >/dev/null
        fi
        if ! is_no "$AUDITD_STOP_DISABLE"; then
                /sbin/auditctl -e 0 >/dev/null
        fi
}

condrestart() {
        if [ ! -f /var/lock/subsys/auditd ]; then
                msg_not_running auditd
                RETVAL=$1
                return
        fi

        stop
        start
}

reload() {
        if [ ! -f /var/lock/subsys/auditd ]; then
                msg_not_running auditd
                RETVAL=7
                return
        fi

        msg_reloading auditd
        killproc auditd -HUP
        RETVAL=$?
}

RETVAL=0
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        stop
        start
        ;;
  try-restart)
        condrestart 0
        ;;
  reload|force-reload)
        reload
        ;;
  status)
        status auditd
        RETVAL=$?
        ;;
  *)
        msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
        RETVAL=3
esac

exit $RETVAL