blob: 4d55ce99f5d2c6f8f19733b6d6f2d40bf02f96b0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/sbin/runscript
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
start_auditd() {
ebegin "Starting auditd"
start-stop-daemon \
--start --quiet --pidfile /var/run/auditd.pid \
--exec /sbin/auditd -- ${EXTRAOPTIONS}
local ret=$?
eend $ret
return $ret
}
stop_auditd() {
ebegin "Stopping auditd"
start-stop-daemon \
--stop --quiet --pidfile /var/run/auditd.pid
local ret=$?
eend $ret
return $ret
}
loadfile() {
local rules="$1"
if [ -n "${rules}" -a -f "${rules}" ]; then
einfo "Loading audit rules from ${rules}"
/sbin/auditctl -R "${rules}" 1>/dev/null
return $?
else
return 0
fi
}
start() {
start_auditd
local ret=$?
if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
loadfile "${RULEFILE_STARTUP}"
fi
return $ret
}
stop() {
[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
stop_auditd
local ret=$?
[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
return $ret
}
# This is a special case, we do not want to touch the rules at all
restart() {
stop_auditd
start_auditd
}
|
GitWeb
