S02auditd (revision 4882a59341e53eb6f0b4789bf948001014eff981) - OpenGrok cross reference for /OK3568_Linux_fs/buildroot/package/audit/S02auditd

*4882a593Smuzhiyun#!/bin/sh
*4882a593Smuzhiyun#
*4882a593Smuzhiyun# auditd       This starts and stops auditd
*4882a593Smuzhiyun#
*4882a593Smuzhiyun# description: This starts the Linux Auditing System Daemon,
*4882a593Smuzhiyun#              which collects security related events in a dedicated
*4882a593Smuzhiyun#              audit log. If this daemon is turned off, audit events
*4882a593Smuzhiyun#              will be sent to syslog.
*4882a593Smuzhiyun#
*4882a593Smuzhiyun
*4882a593SmuzhiyunNAME=auditd
*4882a593SmuzhiyunDAEMON=/usr/sbin/${NAME}
*4882a593SmuzhiyunCONFIG=/etc/audit/auditd.conf
*4882a593SmuzhiyunPIDFILE=/var/run/${NAME}.pid
*4882a593Smuzhiyun
*4882a593Smuzhiyunstart(){
*4882a593Smuzhiyun	printf "Starting ${NAME}: "
*4882a593Smuzhiyun
*4882a593Smuzhiyun	# Create dir to store log files in if one doesn't exist. Create
*4882a593Smuzhiyun	# the directory with SELinux permissions if possible
*4882a593Smuzhiyun	command -v selabel_lookup >/dev/null 2>&1
*4882a593Smuzhiyun	if [ $? = 0 ]; then
*4882a593Smuzhiyun		mkdir -p /var/log/audit -Z `selabel_lookup -b file -k /var/log/audit | cut -d ' ' -f 3`
*4882a593Smuzhiyun	else
*4882a593Smuzhiyun		mkdir -p /var/log/audit
*4882a593Smuzhiyun	fi
*4882a593Smuzhiyun
*4882a593Smuzhiyun	# Run audit daemon executable
*4882a593Smuzhiyun	start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON}
*4882a593Smuzhiyun
*4882a593Smuzhiyun	if [ $? = 0 ]; then
*4882a593Smuzhiyun		# Load the default rules
*4882a593Smuzhiyun		test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null
*4882a593Smuzhiyun		echo "OK"
*4882a593Smuzhiyun	else
*4882a593Smuzhiyun		echo "FAIL"
*4882a593Smuzhiyun	fi
*4882a593Smuzhiyun}
*4882a593Smuzhiyun
*4882a593Smuzhiyunstop(){
*4882a593Smuzhiyun	printf "Stopping ${NAME}: "
*4882a593Smuzhiyun
*4882a593Smuzhiyun	start-stop-daemon -K -q -p ${PIDFILE}
*4882a593Smuzhiyun	[ $? = 0 ] && echo "OK" || echo "FAIL"
*4882a593Smuzhiyun}
*4882a593Smuzhiyun
*4882a593Smuzhiyunreload(){
*4882a593Smuzhiyun	printf "Reloading ${NAME} configuration: "
*4882a593Smuzhiyun	start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null
*4882a593Smuzhiyun	[ $? = 0 ] && echo "OK" || echo "FAIL"
*4882a593Smuzhiyun}
*4882a593Smuzhiyun
*4882a593Smuzhiyunrotate(){
*4882a593Smuzhiyun	printf "Rotating ${NAME} logs: "
*4882a593Smuzhiyun	start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null
*4882a593Smuzhiyun	[ $? = 0 ] && echo "OK" || echo "FAIL"
*4882a593Smuzhiyun}
*4882a593Smuzhiyun
*4882a593Smuzhiyuncase "$1" in
*4882a593Smuzhiyun	start)
*4882a593Smuzhiyun		start
*4882a593Smuzhiyun		;;
*4882a593Smuzhiyun	stop)
*4882a593Smuzhiyun		stop
*4882a593Smuzhiyun		;;
*4882a593Smuzhiyun	restart)
*4882a593Smuzhiyun		stop
*4882a593Smuzhiyun		start
*4882a593Smuzhiyun		;;
*4882a593Smuzhiyun	reload)
*4882a593Smuzhiyun		reload
*4882a593Smuzhiyun		;;
*4882a593Smuzhiyun	rotate)
*4882a593Smuzhiyun		rotate
*4882a593Smuzhiyun		;;
*4882a593Smuzhiyun	*)
*4882a593Smuzhiyun		echo "Usage: $0 {start|stop|restart|reload|rotate}"
*4882a593Smuzhiyun		exit 1
*4882a593Smuzhiyun		;;
*4882a593Smuzhiyunesac