File: auditd.init

package info (click to toggle)
audit 1:2.8.5-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 6,392 kB
  • sloc: ansic: 55,468; sh: 4,848; python: 2,916; makefile: 1,443; sed: 32
file content (152 lines) | stat: -rw-r--r-- 3,617 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#! /bin/sh
### BEGIN INIT INFO
# Provides:          auditd
# Required-Start:    $remote_fs
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Audit Daemon
# Description:       Collects audit information from Linux 2.6 Kernels.
### END INIT INFO

# Author: Philipp Matthias Hahn <pmhahn@debian.org>
# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="audit daemon"
NAME=auditd
DAEMON=/sbin/auditd
PIDFILE=/var/run/"$NAME".pid
SCRIPTNAME=/etc/init.d/"$NAME"

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME"

# Define LSB log_* functions.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started
	start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \
		|| return 1
	start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \
		$EXTRAOPTIONS \
		|| return 2
        # Call augenrules to compile audit rules.
        case "$USE_AUGENRULES" in
                no|NO) ;;
                *) [ -d /etc/audit/rules.d ] && /sbin/augenrules >/dev/null ;;
        esac
	if [ -f /etc/audit/audit.rules ]
	then
		/sbin/auditctl -R /etc/audit/audit.rules >/dev/null
	fi
}

#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$PIDFILE" --name "$NAME"
	RETVAL="$?"
	[ "$RETVAL" = 2 ] && return 2
	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$DAEMON"
	[ "$?" = 2 ] && return 2
	# Many daemons don't delete their pidfiles when they exit.
	rm -f "$PIDFILE"
	rm -f /var/run/audit_events
	# Remove watches so shutdown works cleanly
	case "$AUDITD_CLEAN_STOP" in
		no|NO) ;;
		*) /sbin/auditctl -R /etc/audit/audit-stop.rules >/dev/null ;;
	esac
	return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
	start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME
	return 0
}

case "$1" in
  start)
	log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
		0|1) log_end_msg 0 ;;
		2) log_end_msg 1 ;;
	esac
	;;
  stop)
	log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
		0|1) log_end_msg 0 ;;
		2) log_end_msg 1 ;;
	esac
	;;
  reload|force-reload)
	log_daemon_msg "Reloading $DESC" "$NAME"
	do_reload
	log_end_msg $?
	;;
  restart)
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	  0|1)
		do_start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
		esac
		;;
	  *)
		# Failed to stop
		log_end_msg 1
		;;
	esac
	;;
  rotate)
	log_daemon_msg "Rotating $DESC logs" "$NAME"
	start-stop-daemon --stop --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME"
	log_end_msg $?
	;;
  status)
	pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null
	status=$?
	if [ $status -eq 0 ]; then
		log_success_msg "$NAME is running."
	else
		log_failure_msg "$NAME is not running."
	fi
	exit $status
	;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2
	exit 3
	;;
esac

: