package/audit/S01auditd


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

#!/bin/sh
#
# auditd       This starts and stops auditd
#
# description: This starts the Linux Auditing System Daemon,
#              which collects security related events in a dedicated
#              audit log. If this daemon is turned off, audit events
#              will be sent to syslog.
#

NAME=auditd
DAEMON=/usr/sbin/${NAME}
CONFIG=/etc/audit/auditd.conf
PIDFILE=/var/run/${NAME}.pid

start(){
	printf "Starting ${NAME}: "

	# Create dir to store log files in if one doesn't exist. Create
	# the directory with SELinux permissions if possible
	command -v matchpathcon >/dev/null 2>&1
	if [ $? = 0 ]; then
		mkdir -p /var/log/audit -Z `matchpathcon -n /var/log/audit`
	else
		mkdir -p /var/log/audit
	fi

	# Run audit daemon executable
	start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON}

	if [ $? = 0 ]; then
		# Load the default rules
		test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null
		echo "OK"
	else
		echo "FAIL"
	fi
}

stop(){
	printf "Stopping ${NAME}: "

	start-stop-daemon -K -q -p ${PIDFILE}
	[ $? = 0 ] && echo "OK" || echo "FAIL"
}

reload(){
	printf "Reloading ${NAME} configuration: "
	start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null
	[ $? = 0 ] && echo "OK" || echo "FAIL"
}

rotate(){
	printf "Rotating ${NAME} logs: "
	start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null
	[ $? = 0 ] && echo "OK" || echo "FAIL"
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	reload)
		reload
		;;
	rotate)
		rotate
		;;
	*)
		echo "Usage: $0 {start|stop|restart|reload|rotate}"
		exit 1
		;;
esac