S01auditd 1.58 KB
edit raw blame history



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80


#!/bin/sh
#
# auditd       This starts and stops auditd
#
# description: This starts the Linux Auditing System Daemon,
#              which collects security related events in a dedicated
#              audit log. If this daemon is turned off, audit events
#              will be sent to syslog.
#

NAME=auditd
DAEMON=/usr/sbin/${NAME}
CONFIG=/etc/audit/auditd.conf
PIDFILE=/var/run/${NAME}.pid

start(){
	printf "Starting ${NAME}: "

	# Create dir to store log files in if one doesn't exist. Create
	# the directory with SELinux permissions if possible
	command -v matchpathcon >/dev/null 2>&1
	if [ $? = 0 ]; then
		mkdir -p /var/log/audit -Z `matchpathcon -n /var/log/audit`
	else
		mkdir -p /var/log/audit
	fi

	# Run audit daemon executable
	start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON}

	if [ $? = 0 ]; then
		# Load the default rules
		test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null
		echo "OK"
	else
		echo "FAIL"
	fi
}

stop(){
	printf "Stopping ${NAME}: "

	start-stop-daemon -K -q -p ${PIDFILE}
	[ $? = 0 ] && echo "OK" || echo "FAIL"
}

reload(){
	printf "Reloading ${NAME} configuration: "
	start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null
	[ $? = 0 ] && echo "OK" || echo "FAIL"
}

rotate(){
	printf "Rotating ${NAME} logs: "
	start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null
	[ $? = 0 ] && echo "OK" || echo "FAIL"
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	reload)
		reload
		;;
	rotate)
		rotate
		;;
	*)
		echo "Usage: $0 {start|stop|restart|reload|rotate}"
		exit 1
		;;
esac