|
|
|
@ -1,7 +1,7 @@
|
|
|
|
|
#!/sbin/runscript
|
|
|
|
|
# Copyright 1999-2014 Gentoo Foundation
|
|
|
|
|
#!/sbin/openrc-run
|
|
|
|
|
# Copyright 1999-2015 Gentoo Foundation
|
|
|
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
|
|
|
# $Header: $
|
|
|
|
|
# $Id$
|
|
|
|
|
|
|
|
|
|
extra_started_commands='reload reload_auditd reload_rules'
|
|
|
|
|
description='Linux Auditing System'
|
|
|
|
@ -15,18 +15,18 @@ command='/sbin/auditd'
|
|
|
|
|
|
|
|
|
|
start_auditd() {
|
|
|
|
|
# Env handling taken from the upstream init script
|
|
|
|
|
if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
|
|
|
|
|
unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
|
|
|
|
|
else
|
|
|
|
|
LANG="$AUDITD_LANG"
|
|
|
|
|
LC_TIME="$AUDITD_LANG"
|
|
|
|
|
LC_ALL="$AUDITD_LANG"
|
|
|
|
|
LC_MESSAGES="$AUDITD_LANG"
|
|
|
|
|
LC_NUMERIC="$AUDITD_LANG"
|
|
|
|
|
LC_MONETARY="$AUDITD_LANG"
|
|
|
|
|
LC_COLLATE="$AUDITD_LANG"
|
|
|
|
|
export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
|
|
|
|
|
fi
|
|
|
|
|
if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
|
|
|
|
|
unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
|
|
|
|
|
else
|
|
|
|
|
LANG="$AUDITD_LANG"
|
|
|
|
|
LC_TIME="$AUDITD_LANG"
|
|
|
|
|
LC_ALL="$AUDITD_LANG"
|
|
|
|
|
LC_MESSAGES="$AUDITD_LANG"
|
|
|
|
|
LC_NUMERIC="$AUDITD_LANG"
|
|
|
|
|
LC_MONETARY="$AUDITD_LANG"
|
|
|
|
|
LC_COLLATE="$AUDITD_LANG"
|
|
|
|
|
export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
|
|
|
|
|
fi
|
|
|
|
|
unset HOME MAIL USER USERNAME
|
|
|
|
|
|
|
|
|
|
ebegin "Starting ${name}"
|
|
|
|
@ -38,7 +38,7 @@ start_auditd() {
|
|
|
|
|
return $ret
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stop_auditd() {
|
|
|
|
|
stop_auditd() {
|
|
|
|
|
ebegin "Stopping ${name}"
|
|
|
|
|
start-stop-daemon --stop --quiet --pidfile ${pidfile}
|
|
|
|
|
local ret=$?
|
|
|
|
@ -46,12 +46,11 @@ stop_auditd() {
|
|
|
|
|
return $ret
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
loadfile() {
|
|
|
|
|
local rules="$1"
|
|
|
|
|
if [ -n "${rules}" -a -f "${rules}" ]; then
|
|
|
|
|
einfo "Loading audit rules from ${rules}"
|
|
|
|
|
/sbin/auditctl -R "${rules}" 1>/dev/null
|
|
|
|
|
/sbin/auditctl -R "${rules}" >/dev/null
|
|
|
|
|
return $?
|
|
|
|
|
else
|
|
|
|
|
return 0
|
|
|
|
@ -62,7 +61,6 @@ start() {
|
|
|
|
|
start_auditd
|
|
|
|
|
local ret=$?
|
|
|
|
|
if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
|
|
|
|
|
touch /var/lock/${name}
|
|
|
|
|
if yesno ${USE_AUGENRULES:-no}; then
|
|
|
|
|
test -d /etc/audit/rules.d && /sbin/augenrules
|
|
|
|
|
fi
|
|
|
|
@ -76,7 +74,10 @@ reload_rules() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reload_auditd() {
|
|
|
|
|
[ -f ${pidfile} ] && kill -HUP `cat ${pidfile}`
|
|
|
|
|
ebegin "Reloading ${SVCNAME}"
|
|
|
|
|
start-stop-daemon --signal HUP \
|
|
|
|
|
--exec "${command}" --pidfile "${pidfile}"
|
|
|
|
|
eend $?
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reload() {
|
|
|
|
@ -87,14 +88,7 @@ reload() {
|
|
|
|
|
stop() {
|
|
|
|
|
[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
|
|
|
|
|
stop_auditd
|
|
|
|
|
rm -f /var/lock/${name}
|
|
|
|
|
local ret=$?
|
|
|
|
|
[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
|
|
|
|
|
return $ret
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# This is a special case, we do not want to touch the rules at all
|
|
|
|
|
restart() {
|
|
|
|
|
stop_auditd
|
|
|
|
|
start_auditd
|
|
|
|
|
}
|