#!/bin/sh
#
# auditd	This starts and stops auditd
#
# chkconfig: 2345 18 82
# description: This starts the Linux Auditing System Daemon, \
#              which collects security related events in a dedicated \
#              audit log. If this daemon is turned off, audit events \
#              will be sent to syslog.
#
# processname: auditd
# config: /etc/sysconfig/auditd
# config: /etc/audit/auditd.conf
# pidfile: /var/run/auditd.pid

PATH=/sbin:/bin:/usr/bin:/usr/sbin

# Source function library
. /etc/rc.d/init.d/functions

AUDITD_CLEAN_STOP="yes"
AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
AUDIT_RULES=/etc/audit/audit.rules

# Get service config - may override defaults
[ -f /etc/sysconfig/auditd ] && . /etc/sysconfig/auditd

start() {
	if [ -f /var/lock/subsys/auditd ]; then
		msg_already_running auditd
		return
	fi

	local rc
	msg_starting auditd
	# Localization for auditd is controlled in /etc/synconfig/auditd
	if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
		unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	else
		LANG="$AUDITD_LANG"
		LC_TIME="$AUDITD_LANG"
		LC_ALL="$AUDITD_LANG"
		LC_MESSAGES="$AUDITD_LANG"
		LC_NUMERIC="$AUDITD_LANG"
		LC_MONETARY="$AUDITD_LANG"
		LC_COLLATE="$AUDITD_LANG"
		export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	fi
	unset HOME MAIL USER USERNAME
	daemon /sbin/auditd "$EXTRAOPTIONS"
	RETVAL=$?
	# Load the default rules if daemon started
	if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
		# Prepare the default rules
		if is_yes "$USE_AUGENRULES"; then
			/sbin/augenrules
		fi
		# Load the default rules
		/sbin/auditctl -R $AUDIT_RULES >/dev/null
		rc=$?
		# add error code, if it was an error
		[ $rc -ne 0 ] && RETVAL=$rc
	fi
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/auditd
}

stop() {
	if [ ! -f /var/lock/subsys/auditd ]; then
		msg_not_running auditd
		return
	fi

	msg_stopping auditd
	killproc auditd
	rm -f /var/lock/subsys/auditd
	# Remove watches so shutdown works cleanly
	if ! is_no "$AUDITD_CLEAN_STOP"; then
		/sbin/auditctl -D >/dev/null
	fi
	if ! is_no "$AUDITD_STOP_DISABLE"; then
		/sbin/auditctl -e 0 >/dev/null
	fi
}

condrestart() {
	if [ ! -f /var/lock/subsys/auditd ]; then
		msg_not_running auditd
		RETVAL=$1
		return
	fi

	stop
	start
}

reload() {
	if [ ! -f /var/lock/subsys/auditd ]; then
		msg_not_running auditd
		RETVAL=7
		return
	fi

	msg_reloading auditd
	killproc auditd -HUP
	RETVAL=$?
}

RETVAL=0
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart)
	stop
	start
	;;
  try-restart)
	condrestart 0
	;;
  reload|force-reload)
	reload
	;;
  status)
	status auditd
	RETVAL=$?
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
	RETVAL=3
esac

exit $RETVAL
