#! /bin/sh ### BEGIN INIT INFO # Provides: auditd # Required-Start: $local_fs # Required-Stop: $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Audit Daemon # Description: Collects audit information from Linux 2.6 Kernels. ### END INIT INFO # Author: Philipp Matthias Hahn # Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init # June, 2012: Adopted for yocto # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/bin:/usr/sbin:/usr/bin DESC="audit daemon" NAME=auditd DAEMON=/sbin/auditd PIDFILE=/var/run/"$NAME".pid SCRIPTNAME=/etc/init.d/"$NAME" # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" . /etc/default/rcS . /etc/init.d/functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ || return 1 start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ $EXTRAOPTIONS \ || return 2 if [ -f /etc/audit/audit.rules ] then /sbin/auditctl -R /etc/audit/audit.rules >/dev/null fi } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME" RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f "$PIDFILE" rm -f /var/run/audit_events # Remove watches so shutdown works cleanly case "$AUDITD_CLEAN_STOP" in no|NO) ;; *) /sbin/auditctl -D >/dev/null ;; esac return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME return 0 } if [ ! -e /var/log/audit ]; then mkdir -p /var/log/audit [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit fi case "$1" in start) [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && echo 0 ;; 2) [ "$VERBOSE" != no ] && echo 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && echo 0 ;; 2) [ "$VERBOSE" != no ] && echo 1 ;; esac ;; reload|force-reload) echo "Reloading $DESC" "$NAME" do_reload echo $? ;; restart) echo "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) echo 0 ;; 1) echo 1 ;; # Old process is still running *) echo 1 ;; # Failed to start esac ;; *) # Failed to stop echo 1 ;; esac ;; rotate) echo "Rotating $DESC logs" "$NAME" start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" echo $? ;; status) pidofproc "$DAEMON" >/dev/null status=$? if [ $status -eq 0 ]; then echo "$NAME is running." else echo "$NAME is not running." fi exit $status ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 exit 3 ;; esac :