#! /bin/sh
# Copyright (c) 2003 SuSE Linux AG, Nuernberg, Germany.
#
# Author: Olaf Kirch <okir@suse.de>
#  migration to RHEL 3 by Mark Dewandel
#  RHEL 3 maintenance: Charlie Bennett ccb@redhat.com
#
# /etc/init.d/audit
# chkconfig: 235 20 95
# description: Start Linux Audit Subsystem (LAuS)
#
### BEGIN INIT INFO
# Provides: audit
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Start audit subsystem
### END INIT INFO

test -s /etc/sysconfig/audit && \
      . /etc/sysconfig/audit

initdir=/etc/init.d

. $initdir/functions

# Set defaults
: ${AUDIT_ATTACH_ALL:=0}
: ${AUDIT_PARANOIA:=0}

AUDITD_BIN=/sbin/auditd

test -x $AUDITD_BIN || exit 5
prog=`basename $AUDITD_BIN`


# First reset status of this service
#rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

case "$1" in
    start)
	echo -n "Starting audit subsystem"
        ## Start daemon with startproc(8). If this fails
        ## the echo return value is set appropriate.
	/sbin/modprobe audit > /dev/null 2>&1
	RETVAL=$?
	if [ $RETVAL -ne 0 ]; then
	    # kernel support not available
	    echo -n " (kernel audit support unavailable)"
	    failure "$prog startup"
	    echo
	    exit $RETVAL
	fi
	sleep 1
	echo $AUDIT_ATTACH_ALL > /proc/sys/dev/audit/attach-all 2>/dev/null
	echo $AUDIT_PARANOIA > /proc/sys/dev/audit/paranoia 2>/dev/null

	daemon $AUDITD_BIN
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
	        > /var/lock/subsys/audit
		success "$prog startup"
	else
		failure "$prog startup"
	fi
	echo
	exit $RETVAL
	;;

    stop)
	echo -n "Shutting down audit subsystem"
	killproc $AUDITD_BIN -TERM
	RETVAL=$?
	if [ $RETVAL = 0 ]; then
	    rm -f /var/log/subsys/audit
	fi
	echo
	exit $RETVAL
	;;

    condrestart)
	## Stop the service and if this succeeds (i.e. the 
	## service was running before), start it again.
	## Note: try-restart is not (yet) part of LSB (as of 0.7.5)
	$0 status >/dev/null &&  $0 restart

	;;
    restart)
	## If first returns OK call the second, if first or
	## second command fails, set echo return value.
	$0 stop  &&  $0 start
	;;
    reload|force-reload)
        echo -n "Reload audit configuration"

	$AUDITD_BIN -r
	RETVAL=$?
	if [ $RETVAL = 0 ];then
	    success "$prog configuration reload"
	else
	    failure "$prog configuration reload"
	fi
	echo
	exit $RETVAL
	;;
    status)
        status $AUDITD_BIN
	;;
    *)
	echo "Usage: $0 {start|stop|condrestart|restart|force-reload|reload}"
	exit 1
esac

# return exit value from case
exit

