1#!/bin/sh 2# 3# auditd This starts and stops auditd 4# 5# description: This starts the Linux Auditing System Daemon, 6# which collects security related events in a dedicated 7# audit log. If this daemon is turned off, audit events 8# will be sent to syslog. 9# 10 11NAME=auditd 12DAEMON=/usr/sbin/${NAME} 13CONFIG=/etc/audit/auditd.conf 14PIDFILE=/var/run/${NAME}.pid 15 16start(){ 17 printf "Starting ${NAME}: " 18 19 # Create dir to store log files in if one doesn't exist. Create 20 # the directory with SELinux permissions if possible 21 command -v selabel_lookup >/dev/null 2>&1 22 if [ $? = 0 ]; then 23 mkdir -p /var/log/audit -Z `selabel_lookup -b file -k /var/log/audit | cut -d ' ' -f 3` 24 else 25 mkdir -p /var/log/audit 26 fi 27 28 # Run audit daemon executable 29 start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON} 30 31 if [ $? = 0 ]; then 32 # Load the default rules 33 test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null 34 echo "OK" 35 else 36 echo "FAIL" 37 fi 38} 39 40stop(){ 41 printf "Stopping ${NAME}: " 42 43 start-stop-daemon -K -q -p ${PIDFILE} 44 [ $? = 0 ] && echo "OK" || echo "FAIL" 45} 46 47reload(){ 48 printf "Reloading ${NAME} configuration: " 49 start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null 50 [ $? = 0 ] && echo "OK" || echo "FAIL" 51} 52 53rotate(){ 54 printf "Rotating ${NAME} logs: " 55 start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null 56 [ $? = 0 ] && echo "OK" || echo "FAIL" 57} 58 59case "$1" in 60 start) 61 start 62 ;; 63 stop) 64 stop 65 ;; 66 restart) 67 stop 68 start 69 ;; 70 reload) 71 reload 72 ;; 73 rotate) 74 rotate 75 ;; 76 *) 77 echo "Usage: $0 {start|stop|restart|reload|rotate}" 78 exit 1 79 ;; 80esac 81