3 # auditd This starts and stops auditd
5 # chkconfig: 2345 11 88
6 # description: This starts the Linux Auditing System Daemon, \
7 # which collects security related events in a dedicated \
8 # audit log. If this daemon is turned off, audit events \
9 # will be sent to syslog.
11 # processname: /sbin/auditd
12 # config: /etc/sysconfig/auditd
13 # config: /etc/audit/auditd.conf
14 # pidfile: /var/run/auditd.pid
16 # Return values according to LSB for all commands but status:
18 # 1 - generic or unspecified error
19 # 2 - invalid or excess argument(s)
20 # 3 - unimplemented feature (e.g. "reload")
21 # 4 - insufficient privilege
22 # 5 - program is not installed
23 # 6 - program is not configured
24 # 7 - program is not running
28 PATH=/sbin:/bin:/usr/bin:/usr/sbin
31 # Source function library.
32 . /etc/init.d/functions
34 # Allow anyone to run status
35 if [ "$1" = "status" ] ; then
41 # Check that we are root ... so non-root users stop here
42 test $EUID = 0 || exit 4
45 test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd
50 test -x /sbin/auditd || exit 5
51 test -f /etc/audit/auditd.conf || exit 6
53 echo -n $"Starting $prog: "
55 # Localization for auditd is controlled in /etc/synconfig/auditd
56 if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
57 unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
60 LC_TIME="$AUDITD_LANG"
62 LC_MESSAGES="$AUDITD_LANG"
63 LC_NUMERIC="$AUDITD_LANG"
64 LC_MONETARY="$AUDITD_LANG"
65 LC_COLLATE="$AUDITD_LANG"
66 export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
68 unset HOME MAIL USER USERNAME
69 daemon $prog "$EXTRAOPTIONS"
72 if test $RETVAL = 0 ; then
73 touch /var/lock/subsys/auditd
74 # Prepare the default rules
75 if test x"$USE_AUGENRULES" != "x" ; then
76 if test "`echo $USE_AUGENRULES | tr 'NO' 'no'`" != "no"
78 test -d /etc/audit/rules.d && /sbin/augenrules
81 # Load the default rules
82 test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
88 echo -n $"Stopping $prog: "
92 rm -f /var/lock/subsys/auditd
93 # Remove watches so shutdown works cleanly
94 if test x"$AUDITD_CLEAN_STOP" != "x" ; then
95 if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"
97 /sbin/auditctl -D >/dev/null
100 if test x"$AUDITD_STOP_DISABLE" != "x" ; then
101 if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no"
103 /sbin/auditctl -e 0 >/dev/null
110 test -f /etc/audit/auditd.conf || exit 6
111 echo -n $"Reloading configuration: "
119 echo -n $"Rotating logs: "
127 echo -n $"Resuming logging: "
135 test -f /etc/audit/auditd.conf || exit 6
141 [ -e /var/lock/subsys/auditd ] && restart
146 # See how we were called.
166 condrestart|try-restart)
170 echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}"