]>
Commit | Line | Data |
---|---|---|
11fba1fa JB |
1 | #!/bin/sh |
2 | # | |
43c48577 | 3 | # auditd This starts and stops auditd |
11fba1fa | 4 | # |
8f8af021 | 5 | # chkconfig: 2345 18 82 |
49caa03e JB |
6 | # description: This starts the Linux Auditing System Daemon, \ |
7 | # which collects security related events in a dedicated \ | |
8 | # audit log. If this daemon is turned off, audit events \ | |
9 | # will be sent to syslog. | |
11fba1fa | 10 | # |
eb091ca6 | 11 | # processname: auditd |
11fba1fa | 12 | # config: /etc/sysconfig/auditd |
49caa03e | 13 | # config: /etc/audit/auditd.conf |
11fba1fa JB |
14 | # pidfile: /var/run/auditd.pid |
15 | ||
43c48577 ER |
16 | PATH=/sbin:/bin:/usr/bin:/usr/sbin |
17 | ||
11fba1fa JB |
18 | # Source function library |
19 | . /etc/rc.d/init.d/functions | |
20 | ||
738da8d6 JR |
21 | AUDITD_CLEAN_STOP="yes" |
22 | AUDITD_STOP_DISABLE="yes" | |
11fba1fa | 23 | EXTRAOPTIONS= |
c66cc7b2 | 24 | AUDIT_RULES=/etc/audit/audit.rules |
11fba1fa JB |
25 | |
26 | # Get service config - may override defaults | |
27 | [ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd | |
28 | ||
4c844ee0 | 29 | start() { |
e15c234e | 30 | if [ -f /var/lock/subsys/auditd ]; then |
11fba1fa | 31 | msg_already_running auditd |
e15c234e | 32 | return |
11fba1fa | 33 | fi |
e15c234e | 34 | |
43c48577 | 35 | local rc |
e15c234e | 36 | msg_starting auditd |
738da8d6 JR |
37 | # Localization for auditd is controlled in /etc/synconfig/auditd |
38 | if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then | |
39 | unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE | |
40 | else | |
41 | LANG="$AUDITD_LANG" | |
42 | LC_TIME="$AUDITD_LANG" | |
43 | LC_ALL="$AUDITD_LANG" | |
44 | LC_MESSAGES="$AUDITD_LANG" | |
45 | LC_NUMERIC="$AUDITD_LANG" | |
46 | LC_MONETARY="$AUDITD_LANG" | |
47 | LC_COLLATE="$AUDITD_LANG" | |
48 | export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE | |
49 | fi | |
e15c234e ER |
50 | unset HOME MAIL USER USERNAME |
51 | daemon /sbin/auditd "$EXTRAOPTIONS" | |
52 | RETVAL=$? | |
43c48577 ER |
53 | # Load the default rules if daemon started |
54 | if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then | |
738da8d6 JR |
55 | # Prepare the default rules |
56 | if is_yes "$USE_AUGENRULES"; then | |
57 | /sbin/augenrules | |
58 | fi | |
59 | # Load the default rules | |
43c48577 ER |
60 | /sbin/auditctl -R $AUDIT_RULES >/dev/null |
61 | rc=$? | |
62 | # add error code, if it was an error | |
63 | [ $rc -ne 0 ] && RETVAL=$rc | |
64 | fi | |
e15c234e | 65 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd |
4c844ee0 JB |
66 | } |
67 | ||
68 | stop() { | |
e15c234e | 69 | if [ ! -f /var/lock/subsys/auditd ]; then |
11fba1fa | 70 | msg_not_running auditd |
e15c234e ER |
71 | return |
72 | fi | |
73 | ||
74 | msg_stopping auditd | |
75 | killproc auditd | |
76 | rm -f /var/lock/subsys/auditd | |
77 | # Remove watches so shutdown works cleanly | |
78 | if ! is_no "$AUDITD_CLEAN_STOP"; then | |
79 | /sbin/auditctl -D >/dev/null | |
11fba1fa | 80 | fi |
738da8d6 JR |
81 | if ! is_no "$AUDITD_STOP_DISABLE"; then |
82 | /sbin/auditctl -e 0 >/dev/null | |
83 | fi | |
4c844ee0 JB |
84 | } |
85 | ||
86 | condrestart() { | |
e15c234e | 87 | if [ ! -f /var/lock/subsys/auditd ]; then |
4c844ee0 JB |
88 | msg_not_running auditd |
89 | RETVAL=$1 | |
e15c234e | 90 | return |
4c844ee0 | 91 | fi |
e15c234e ER |
92 | |
93 | stop | |
94 | start | |
95 | } | |
96 | ||
97 | reload() { | |
98 | if [ ! -f /var/lock/subsys/auditd ]; then | |
99 | msg_not_running auditd | |
100 | RETVAL=7 | |
101 | return | |
102 | fi | |
103 | ||
104 | msg_reloading auditd | |
105 | killproc auditd -HUP | |
106 | RETVAL=$? | |
4c844ee0 JB |
107 | } |
108 | ||
109 | RETVAL=0 | |
110 | case "$1" in | |
111 | start) | |
112 | start | |
113 | ;; | |
114 | stop) | |
115 | stop | |
11fba1fa JB |
116 | ;; |
117 | restart) | |
4c844ee0 JB |
118 | stop |
119 | start | |
120 | ;; | |
121 | try-restart) | |
122 | condrestart 0 | |
11fba1fa JB |
123 | ;; |
124 | reload|force-reload) | |
e15c234e | 125 | reload |
11fba1fa JB |
126 | ;; |
127 | status) | |
128 | status auditd | |
129 | RETVAL=$? | |
130 | ;; | |
131 | *) | |
4c844ee0 | 132 | msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}" |
11fba1fa JB |
133 | RETVAL=3 |
134 | esac | |
135 | ||
136 | exit $RETVAL |