| #!/bin/sh |
| # |
| # auditd This starts and stops auditd |
| # |
| # description: This starts the Linux Auditing System Daemon, |
| # which collects security related events in a dedicated |
| # audit log. If this daemon is turned off, audit events |
| # will be sent to syslog. |
| # |
| |
| NAME=auditd |
| DAEMON=/usr/sbin/${NAME} |
| CONFIG=/etc/audit/auditd.conf |
| PIDFILE=/var/run/${NAME}.pid |
| |
| start(){ |
| printf "Starting ${NAME}: " |
| |
| # Create dir to store log files in if one doesn't exist. Create |
| # the directory with SELinux permissions if possible |
| command -v matchpathcon >/dev/null 2>&1 |
| if [ $? = 0 ]; then |
| mkdir -p /var/log/audit -Z `matchpathcon -n /var/log/audit` |
| else |
| mkdir -p /var/log/audit |
| fi |
| |
| # Run audit daemon executable |
| start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON} |
| |
| if [ $? = 0 ]; then |
| # Load the default rules |
| test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null |
| echo "OK" |
| else |
| echo "FAIL" |
| fi |
| } |
| |
| stop(){ |
| printf "Stopping ${NAME}: " |
| |
| start-stop-daemon -K -q -p ${PIDFILE} |
| [ $? = 0 ] && echo "OK" || echo "FAIL" |
| } |
| |
| reload(){ |
| printf "Reloading ${NAME} configuration: " |
| start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null |
| [ $? = 0 ] && echo "OK" || echo "FAIL" |
| } |
| |
| rotate(){ |
| printf "Rotating ${NAME} logs: " |
| start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null |
| [ $? = 0 ] && echo "OK" || echo "FAIL" |
| } |
| |
| case "$1" in |
| start) |
| start |
| ;; |
| stop) |
| stop |
| ;; |
| restart) |
| stop |
| start |
| ;; |
| reload) |
| reload |
| ;; |
| rotate) |
| rotate |
| ;; |
| *) |
| echo "Usage: $0 {start|stop|restart|reload|rotate}" |
| exit 1 |
| ;; |
| esac |
