#!/bin/bash # # auditd This starts and stops auditd # # chkconfig: 2345 11 88 # description: This starts the Linux Auditing System Daemon # # processname: /sbin/auditd # config: /etc/sysconfig/auditd # config: /etc/audit/auditd.conf # pidfile: /var/run/auditd.pid PATH=/sbin:/bin:/usr/bin:/usr/sbin # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed set local and overall rc status to # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status . /etc/rc.status # First reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # Check that we are root ... so non-root users stop here test `/usr/bin/id -u` = 0 || exit 4 # Check config test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd test -x /sbin/auditd || exit 5 test -f /etc/audit/auditd.conf || exit 6 case $1 in start) echo -n $"Starting Audit Daemon" # Localization for auditd is controlled in /etc/synconfig/auditd if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE else LANG="$AUDITD_LANG" LC_TIME="$AUDITD_LANG" LC_ALL="$AUDITD_LANG" LC_MESSAGES="$AUDITD_LANG" LC_NUMERIC="$AUDITD_LANG" LC_MONETARY="$AUDITD_LANG" LC_COLLATE="$AUDITD_LANG" export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE fi unset HOME MAIL USER USERNAME touch /var/run/auditd.pid /sbin/auditd # Load the default rules test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null rc_status -v ;; stop) echo -n $"Stopping Audit Daemon" killproc auditd rm -f /var/run/auditd.pid # Remove watches so shutdown works cleanly if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ; then /sbin/auditctl -D >/dev/null fi rc_status -v ;; status) echo -n "Checking for Audit Daemon :" checkproc -p /var/run/auditd.pid /sbin/auditd rc_status -v ;; reload) echo -n $"Reloading configuration: " killproc auditd -HUP rc_status -v ;; rotate) echo -n $"Rotating logs: " killproc auditd -USR1 echo rc_status -v ;; restart) echo "Restarting Audit Daemon" echo -n $"Stopping Audit Daemon" killproc auditd rm -f /var/run/auditd.pid # Remove watches so shutdown works cleanly if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ; then /sbin/auditctl -D >/dev/null fi rc_status -v echo -n $"Starting Audit Daemon" # Localization for auditd is controlled in /etc/synconfig/auditd if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE else LANG="$AUDITD_LANG" LC_TIME="$AUDITD_LANG" LC_ALL="$AUDITD_LANG" LC_MESSAGES="$AUDITD_LANG" LC_NUMERIC="$AUDITD_LANG" LC_MONETARY="$AUDITD_LANG" LC_COLLATE="$AUDITD_LANG" export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE fi unset HOME MAIL USER USERNAME touch /var/run/auditd.pid /sbin/auditd # Load the default rules test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null rc_status -v ;; condrestart) [ -e /var/lock/subsys/auditd ] && restart return 0 ;; *) echo "usage: {start|stop|status|restart|condrestart|reload|rotate}" >&2 esac rc_exit