#!/bin/sh
|
#
|
# auditd This starts and stops auditd
|
#
|
# description: This starts the Linux Auditing System Daemon,
|
# which collects security related events in a dedicated
|
# audit log. If this daemon is turned off, audit events
|
# will be sent to syslog.
|
#
|
|
NAME=auditd
|
DAEMON=/usr/sbin/${NAME}
|
CONFIG=/etc/audit/auditd.conf
|
PIDFILE=/var/run/${NAME}.pid
|
|
start(){
|
printf "Starting ${NAME}: "
|
|
# Create dir to store log files in if one doesn't exist. Create
|
# the directory with SELinux permissions if possible
|
command -v selabel_lookup >/dev/null 2>&1
|
if [ $? = 0 ]; then
|
mkdir -p /var/log/audit -Z `selabel_lookup -b file -k /var/log/audit`
|
else
|
mkdir -p /var/log/audit
|
fi
|
|
# Run audit daemon executable
|
start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON}
|
|
if [ $? = 0 ]; then
|
# Load the default rules
|
test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null
|
echo "OK"
|
else
|
echo "FAIL"
|
fi
|
}
|
|
stop(){
|
printf "Stopping ${NAME}: "
|
|
start-stop-daemon -K -q -p ${PIDFILE}
|
[ $? = 0 ] && echo "OK" || echo "FAIL"
|
}
|
|
reload(){
|
printf "Reloading ${NAME} configuration: "
|
start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null
|
[ $? = 0 ] && echo "OK" || echo "FAIL"
|
}
|
|
rotate(){
|
printf "Rotating ${NAME} logs: "
|
start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null
|
[ $? = 0 ] && echo "OK" || echo "FAIL"
|
}
|
|
case "$1" in
|
start)
|
start
|
;;
|
stop)
|
stop
|
;;
|
restart)
|
stop
|
start
|
;;
|
reload)
|
reload
|
;;
|
rotate)
|
rotate
|
;;
|
*)
|
echo "Usage: $0 {start|stop|restart|reload|rotate}"
|
exit 1
|
;;
|
esac
|
