|
|
|
@ -1,7 +1,7 @@ |
|
|
|
|
#!/sbin/runscript |
|
|
|
|
# Copyright 1999-2014 Gentoo Foundation |
|
|
|
|
#!/sbin/openrc-run |
|
|
|
|
# Copyright 1999-2015 Gentoo Foundation |
|
|
|
|
# Distributed under the terms of the GNU General Public License v2 |
|
|
|
|
# $Header: $ |
|
|
|
|
# $Id$ |
|
|
|
|
|
|
|
|
|
extra_started_commands='reload reload_auditd reload_rules' |
|
|
|
|
description='Linux Auditing System' |
|
|
|
@ -15,18 +15,18 @@ command='/sbin/auditd' |
|
|
|
|
|
|
|
|
|
start_auditd() { |
|
|
|
|
# Env handling taken from the upstream init script |
|
|
|
|
if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then |
|
|
|
|
unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE |
|
|
|
|
else |
|
|
|
|
LANG="$AUDITD_LANG" |
|
|
|
|
LC_TIME="$AUDITD_LANG" |
|
|
|
|
LC_ALL="$AUDITD_LANG" |
|
|
|
|
LC_MESSAGES="$AUDITD_LANG" |
|
|
|
|
LC_NUMERIC="$AUDITD_LANG" |
|
|
|
|
LC_MONETARY="$AUDITD_LANG" |
|
|
|
|
LC_COLLATE="$AUDITD_LANG" |
|
|
|
|
export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE |
|
|
|
|
fi |
|
|
|
|
if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then |
|
|
|
|
unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE |
|
|
|
|
else |
|
|
|
|
LANG="$AUDITD_LANG" |
|
|
|
|
LC_TIME="$AUDITD_LANG" |
|
|
|
|
LC_ALL="$AUDITD_LANG" |
|
|
|
|
LC_MESSAGES="$AUDITD_LANG" |
|
|
|
|
LC_NUMERIC="$AUDITD_LANG" |
|
|
|
|
LC_MONETARY="$AUDITD_LANG" |
|
|
|
|
LC_COLLATE="$AUDITD_LANG" |
|
|
|
|
export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE |
|
|
|
|
fi |
|
|
|
|
unset HOME MAIL USER USERNAME |
|
|
|
|
|
|
|
|
|
ebegin "Starting ${name}" |
|
|
|
@ -38,7 +38,7 @@ start_auditd() { |
|
|
|
|
return $ret |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
stop_auditd() { |
|
|
|
|
stop_auditd() { |
|
|
|
|
ebegin "Stopping ${name}" |
|
|
|
|
start-stop-daemon --stop --quiet --pidfile ${pidfile} |
|
|
|
|
local ret=$? |
|
|
|
@ -46,12 +46,11 @@ stop_auditd() { |
|
|
|
|
return $ret |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
loadfile() { |
|
|
|
|
local rules="$1" |
|
|
|
|
if [ -n "${rules}" -a -f "${rules}" ]; then |
|
|
|
|
einfo "Loading audit rules from ${rules}" |
|
|
|
|
/sbin/auditctl -R "${rules}" 1>/dev/null |
|
|
|
|
/sbin/auditctl -R "${rules}" >/dev/null |
|
|
|
|
return $? |
|
|
|
|
else |
|
|
|
|
return 0 |
|
|
|
@ -62,7 +61,6 @@ start() { |
|
|
|
|
start_auditd |
|
|
|
|
local ret=$? |
|
|
|
|
if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then |
|
|
|
|
touch /var/lock/${name} |
|
|
|
|
if yesno ${USE_AUGENRULES:-no}; then |
|
|
|
|
test -d /etc/audit/rules.d && /sbin/augenrules |
|
|
|
|
fi |
|
|
|
@ -76,7 +74,10 @@ reload_rules() { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
reload_auditd() { |
|
|
|
|
[ -f ${pidfile} ] && kill -HUP `cat ${pidfile}` |
|
|
|
|
ebegin "Reloading ${SVCNAME}" |
|
|
|
|
start-stop-daemon --signal HUP \ |
|
|
|
|
--exec "${command}" --pidfile "${pidfile}" |
|
|
|
|
eend $? |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
reload() { |
|
|
|
@ -87,14 +88,7 @@ reload() { |
|
|
|
|
stop() { |
|
|
|
|
[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}" |
|
|
|
|
stop_auditd |
|
|
|
|
rm -f /var/lock/${name} |
|
|
|
|
local ret=$? |
|
|
|
|
[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}" |
|
|
|
|
return $ret |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# This is a special case, we do not want to touch the rules at all |
|
|
|
|
restart() { |
|
|
|
|
stop_auditd |
|
|
|
|
start_auditd |
|
|
|
|
} |