Rev 3 | Blame | Compare with Previous | Last modification | View Log | RSS feed
#!/bin/bash## auditd This starts and stops auditd## chkconfig: 2345 11 88# description: This starts the Linux Auditing System Daemon, \# which collects security related events in a dedicated \# audit log. If this daemon is turned off, audit events \# will be sent to syslog.## processname: /sbin/auditd# config: /etc/sysconfig/auditd# config: /etc/audit/auditd.conf# pidfile: /var/run/auditd.pid## Return values according to LSB for all commands but status:# 0 - success# 1 - generic or unspecified error# 2 - invalid or excess argument(s)# 3 - unimplemented feature (e.g. "reload")# 4 - insufficient privilege# 5 - program is not installed# 6 - program is not configured# 7 - program is not running#PATH=/sbin:/bin:/usr/bin:/usr/sbinprog="auditd"# Source function library.. /etc/init.d/functions# Allow anyone to run statusif [ "$1" = "status" ] ; thenstatus $progRETVAL=$?exit $RETVALfi# Check that we are root ... so non-root users stop heretest $EUID = 0 || exit 4# Check configtest -f /etc/sysconfig/auditd && . /etc/sysconfig/auditdRETVAL=0start(){test -x /sbin/auditd || exit 5test -f /etc/audit/auditd.conf || exit 6echo -n $"Starting $prog: "# Localization for auditd is controlled in /etc/synconfig/auditdif [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; thenunset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATEelseLANG="$AUDITD_LANG"LC_TIME="$AUDITD_LANG"LC_ALL="$AUDITD_LANG"LC_MESSAGES="$AUDITD_LANG"LC_NUMERIC="$AUDITD_LANG"LC_MONETARY="$AUDITD_LANG"LC_COLLATE="$AUDITD_LANG"export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATEfiunset HOME MAIL USER USERNAMEdaemon $prog "$EXTRAOPTIONS"RETVAL=$?echoif test $RETVAL = 0 ; thentouch /var/lock/subsys/auditd# Prepare the default rulesif test x"$USE_AUGENRULES" != "x" ; thenif test "`echo $USE_AUGENRULES | tr 'NO' 'no'`" != "no"thentest -d /etc/audit/rules.d && /sbin/augenrulesfifi# Load the default rulestest -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/nullfireturn $RETVAL}stop(){echo -n $"Stopping $prog: "killproc $progRETVAL=$?echorm -f /var/lock/subsys/auditd# Remove watches so shutdown works cleanlyif test x"$AUDITD_CLEAN_STOP" != "x" ; thenif test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"then/sbin/auditctl -D >/dev/nullfifiif test x"$AUDITD_STOP_DISABLE" != "x" ; thenif test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no"then/sbin/auditctl -e 0 >/dev/nullfifireturn $RETVAL}reload(){test -f /etc/audit/auditd.conf || exit 6echo -n $"Reloading configuration: "killproc $prog -HUPRETVAL=$?echoreturn $RETVAL}rotate(){echo -n $"Rotating logs: "killproc $prog -USR1RETVAL=$?echoreturn $RETVAL}resume(){echo -n $"Resuming logging: "killproc $prog -USR2RETVAL=$?echoreturn $RETVAL}restart(){test -f /etc/audit/auditd.conf || exit 6stopstart}condrestart(){[ -e /var/lock/subsys/auditd ] && restartreturn 0}# See how we were called.case "$1" instart)start;;stop)stop;;restart)restart;;reload|force-reload)reload;;rotate)rotate;;resume)resume;;condrestart|try-restart)condrestart;;*)echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}"RETVAL=3esacexit $RETVAL