aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/init.d/augenrules
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/init.d/augenrules')
-rw-r--r--framework/src/audit/init.d/augenrules130
1 files changed, 130 insertions, 0 deletions
diff --git a/framework/src/audit/init.d/augenrules b/framework/src/audit/init.d/augenrules
new file mode 100644
index 00000000..aa0758f6
--- /dev/null
+++ b/framework/src/audit/init.d/augenrules
@@ -0,0 +1,130 @@
+#!/bin/bash
+
+# Script to concatenate rules files found in a base audit rules directory
+# to form a single /etc/audit/audit.rules file suitable for loading into
+# the Linux audit system
+
+# When forming the interim rules file, both empty lines and comment
+# lines (starting with # or <whitespace>#) are stripped as the source files
+# are processed.
+#
+# Having formed the interim rules file, the script checks if the file is empty
+# or is identical to the existing /etc/audit/audit.rules and if either of
+# these cases are true, it does not replace the existing file
+#
+
+# Variables
+#
+# DestinationFile:
+# Destination rules file
+# SourceRulesDir:
+# Directory location to find component rule files
+# TmpRules:
+# Temporary interim rules file
+# ASuffix:
+# Suffix for previous audit.rules file if this script replaces it.
+# The file is left in the destination directory with suffix with $ASuffix
+
+DestinationFile=/etc/audit/audit.rules
+SourceRulesDir=/etc/audit/rules.d
+TmpRules=`mktemp /tmp/aurules.XXXXXXXX`
+ASuffix="prev"
+OnlyCheck=0
+LoadRules=0
+RETVAL=0
+usage="Usage: $0 [--check|--load]"
+
+# Delete the interim file on faults
+trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15
+
+try_load() {
+ if [ $LoadRules -eq 1 ] ; then
+ auditctl -R ${DestinationFile}
+ RETVAL=$?
+ fi
+}
+
+while [ $# -ge 1 ]
+do
+ if [ "$1" = "--check" ] ; then
+ OnlyCheck=1
+ elif [ "$1" = "--load" ] ; then
+ LoadRules=1
+ else
+ echo "$usage"
+ exit 1
+ fi
+ shift
+done
+
+# Check environment
+if [ ! -d ${SourceRulesDir} ]; then
+ echo "$0: No rules directory - ${SourceRulesDir}"
+ rm -f ${TmpRules}
+ try_load
+ exit 1
+fi
+
+# Create the interim rules file ensuring its access modes protect it
+# from normal users and strip empty lines and comment lines. We also ensure
+# - the last processed -D directive without an option is emitted as the first
+# line. -D directives with options are left in place
+# - the last processed -b directory is emitted as the second line
+# - the last processed -f directory is emitted as the third line
+# - the last processed -e directive is emitted as the last line
+umask 0137
+echo "## This file is automatically generated from $SourceRulesDir" >> ${TmpRules}
+for rules in $(/bin/ls -1v ${SourceRulesDir} | grep ".rules$") ; do
+ cat ${SourceRulesDir}/${rules}
+done | awk '\
+BEGIN {
+ minus_e = "";
+ minus_D = "";
+ minus_f = "";
+ minus_b = "";
+ rest = 0;
+} {
+ if (length($0) < 1) { next; }
+ if (match($0, "^\\s*#")) { next; }
+ if (match($0, "^\\s*-e")) { minus_e = $0; next; }
+ if (match($0, "^\\s*-D\\s*$")) { minus_D = $0; next; }
+ if (match($0, "^\\s*-f")) { minus_f = $0; next; }
+ if (match($0, "^\\s*-b")) { minus_b = $0; next; }
+ rules[rest++] = $0;
+}
+END {
+ printf "%s\n%s\n%s\n", minus_D, minus_b, minus_f;
+ for (i = 0; i < rest; i++) { printf "%s\n", rules[i]; }
+ printf "%s\n", minus_e;
+}' >> ${TmpRules}
+
+# If empty then quit
+if [ ! -s ${TmpRules} ]; then
+ echo "$0: No rules"
+ rm -f ${TmpRules}
+ try_load
+ exit $RETVAL
+fi
+
+# If the same then quit
+cmp -s ${TmpRules} ${DestinationFile} > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo "$0: No change"
+ rm -f ${TmpRules}
+ try_load
+ exit $RETVAL
+elif [ $OnlyCheck -eq 1 ] ; then
+ echo "$0: Rules have changed and should be updated"
+ exit 0
+fi
+
+# Otherwise we install the new file
+if [ -f ${DestinationFile} ]; then
+ cp ${DestinationFile} ${DestinationFile}.prev
+fi
+# We copy the file so that it gets the right selinux lable
+cp ${TmpRules} ${DestinationFile}
+rm -f ${TmpRules}
+
+try_load
+exit $RETVAL