#!/bin/sh # # auditd This starts and stops auditd # # description: This starts the Linux Auditing System Daemon, # which collects security related events in a dedicated # audit log. If this daemon is turned off, audit events # will be sent to syslog. # NAME=auditd DAEMON=/usr/sbin/${NAME} CONFIG=/etc/audit/auditd.conf PIDFILE=/var/run/${NAME}.pid start(){ printf "Starting ${NAME}: " # Create dir to store log files in if one doesn't exist. Create # the directory with SELinux permissions if possible command -v selabel_lookup >/dev/null 2>&1 if [ $? = 0 ]; then mkdir -p /var/log/audit -Z `selabel_lookup -b file -k /var/log/audit | cut -d ' ' -f 3` else mkdir -p /var/log/audit fi # Run audit daemon executable start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON} if [ $? = 0 ]; then # Load the default rules test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null echo "OK" else echo "FAIL" fi } stop(){ printf "Stopping ${NAME}: " start-stop-daemon -K -q -p ${PIDFILE} [ $? = 0 ] && echo "OK" || echo "FAIL" } reload(){ printf "Reloading ${NAME} configuration: " start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null [ $? = 0 ] && echo "OK" || echo "FAIL" } rotate(){ printf "Rotating ${NAME} logs: " start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null [ $? = 0 ] && echo "OK" || echo "FAIL" } case "$1" in start) start ;; stop) stop ;; restart) stop start ;; reload) reload ;; rotate) rotate ;; *) echo "Usage: $0 {start|stop|restart|reload|rotate}" exit 1 ;; esac