diff options
Diffstat (limited to 'framework/src/audit/init.d')
-rw-r--r-- | framework/src/audit/init.d/Makefile.am | 82 | ||||
-rw-r--r-- | framework/src/audit/init.d/audispd.conf | 12 | ||||
-rw-r--r-- | framework/src/audit/init.d/audit.rules | 14 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.condrestart | 7 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.conf | 32 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.cron | 14 | ||||
-rwxr-xr-x | framework/src/audit/init.d/auditd.init | 175 | ||||
-rwxr-xr-x | framework/src/audit/init.d/auditd.restart | 13 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.resume | 16 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.rotate | 16 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.service | 22 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.stop | 16 | ||||
-rw-r--r-- | framework/src/audit/init.d/auditd.sysconfig | 24 | ||||
-rw-r--r-- | framework/src/audit/init.d/augenrules | 130 | ||||
-rw-r--r-- | framework/src/audit/init.d/libaudit.conf | 7 |
15 files changed, 0 insertions, 580 deletions
diff --git a/framework/src/audit/init.d/Makefile.am b/framework/src/audit/init.d/Makefile.am deleted file mode 100644 index 521dd1d0..00000000 --- a/framework/src/audit/init.d/Makefile.am +++ /dev/null @@ -1,82 +0,0 @@ -# Makefile.am-- -# Copyright 2004-07,2012-13 Red Hat Inc., Durham, North Carolina. -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# Authors: -# Steve Grubb <sgrubb@redhat.com> -# - -CONFIG_CLEAN_FILES = *.rej *.orig -EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \ - audit.rules auditd.cron libaudit.conf audispd.conf auditd.condrestart \ - auditd.restart auditd.resume auditd.rotate auditd.stop augenrules -libconfig = libaudit.conf -dispconfig = audispd.conf -dispconfigdir = $(sysconfdir)/audisp -if ENABLE_SYSTEMD -initdir = /usr/lib/systemd/system -legacydir = $(libexecdir)/initscripts/legacy-actions/auditd -else -initdir = $(sysconfdir)/rc.d/init.d -sysconfigdir = $(sysconfdir)/sysconfig -endif - -auditdir = $(sysconfdir)/audit -auditrdir = $(auditdir)/rules.d -dist_audit_DATA = auditd.conf -dist_auditr_DATA = audit.rules -sbin_SCRIPTS = augenrules - -install-data-hook: - $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir} - $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir} -if ENABLE_SYSTEMD -else - $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd -endif - -install-exec-hook: -if ENABLE_SYSTEMD - mkdir -p ${DESTDIR}${initdir} - mkdir -p ${DESTDIR}${legacydir} - $(INSTALL_SCRIPT) -D -m 640 ${srcdir}/auditd.service ${DESTDIR}${initdir} - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart -else - $(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd -endif - chmod 0750 $(DESTDIR)$(sbindir)/augenrules - - -uninstall-hook: - rm ${DESTDIR}${dispconfigdir}/${dispconfig} - rm ${DESTDIR}${sysconfdir}/${libconfig} -if ENABLE_SYSTEMD - rm ${DESTDIR}${initdir}/auditd.service - rm ${DESTDIR}${legacydir}/rotate - rm ${DESTDIR}${legacydir}/resume - rm ${DESTDIR}${legacydir}/stop - rm ${DESTDIR}${legacydir}/restart - rm ${DESTDIR}${legacydir}/condrestart -else - rm ${DESTDIR}${sysconfigdir}/auditd - rm ${DESTDIR}${initdir}/auditd -endif - diff --git a/framework/src/audit/init.d/audispd.conf b/framework/src/audit/init.d/audispd.conf deleted file mode 100644 index ee50e5b3..00000000 --- a/framework/src/audit/init.d/audispd.conf +++ /dev/null @@ -1,12 +0,0 @@ -# -# This file controls the configuration of the audit event -# dispatcher daemon, audispd. -# - -q_depth = 150 -overflow_action = SYSLOG -priority_boost = 4 -max_restarts = 10 -name_format = HOSTNAME -#name = mydomain - diff --git a/framework/src/audit/init.d/audit.rules b/framework/src/audit/init.d/audit.rules deleted file mode 100644 index 479ff470..00000000 --- a/framework/src/audit/init.d/audit.rules +++ /dev/null @@ -1,14 +0,0 @@ -# This file contains the auditctl rules that are loaded -# whenever the audit daemon is started via the initscripts. -# The rules are simply the parameters that would be passed -# to auditctl. - -# First rule - delete all --D - -# Increase the buffers to survive stress events. -# Make this bigger for busy systems --b 320 - -# Feel free to add below this line. See auditctl man page - diff --git a/framework/src/audit/init.d/auditd.condrestart b/framework/src/audit/init.d/auditd.condrestart deleted file mode 100644 index efbaaa85..00000000 --- a/framework/src/audit/init.d/auditd.condrestart +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -# Helper script to provide legacy auditd service options not -# directly supported by systemd. - -/usr/libexec/initscripts/legacy-actions/auditd/restart -RETVAL="$?" -exit $RETVAL diff --git a/framework/src/audit/init.d/auditd.conf b/framework/src/audit/init.d/auditd.conf deleted file mode 100644 index fdc93f0e..00000000 --- a/framework/src/audit/init.d/auditd.conf +++ /dev/null @@ -1,32 +0,0 @@ -# -# This file controls the configuration of the audit daemon -# - -log_file = /var/log/audit/audit.log -log_format = RAW -log_group = root -priority_boost = 4 -flush = INCREMENTAL -freq = 20 -num_logs = 5 -disp_qos = lossy -dispatcher = /sbin/audispd -name_format = NONE -##name = mydomain -max_log_file = 6 -max_log_file_action = ROTATE -space_left = 75 -space_left_action = SYSLOG -action_mail_acct = root -admin_space_left = 50 -admin_space_left_action = SUSPEND -disk_full_action = SUSPEND -disk_error_action = SUSPEND -##tcp_listen_port = -tcp_listen_queue = 5 -tcp_max_per_addr = 1 -##tcp_client_ports = 1024-65535 -tcp_client_max_idle = 0 -enable_krb5 = no -krb5_principal = auditd -##krb5_key_file = /etc/audit/audit.key diff --git a/framework/src/audit/init.d/auditd.cron b/framework/src/audit/init.d/auditd.cron deleted file mode 100644 index 7b898697..00000000 --- a/framework/src/audit/init.d/auditd.cron +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -########## -# This script can be installed to get a daily log rotation -# based on a cron job. -########## - -/sbin/service auditd rotate -EXITVALUE=$? -if [ $EXITVALUE != 0 ]; then - /usr/bin/logger -t auditd "ALERT exited abnormally with [$EXITVALUE]" -fi -exit 0 - diff --git a/framework/src/audit/init.d/auditd.init b/framework/src/audit/init.d/auditd.init deleted file mode 100755 index ccf8afb1..00000000 --- a/framework/src/audit/init.d/auditd.init +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/bash -# -# auditd This starts and stops auditd -# -# chkconfig: 2345 11 88 -# description: This starts the Linux Auditing System Daemon, \ -# which collects security related events in a dedicated \ -# audit log. If this daemon is turned off, audit events \ -# will be sent to syslog. -# -# processname: /sbin/auditd -# config: /etc/sysconfig/auditd -# config: /etc/audit/auditd.conf -# pidfile: /var/run/auditd.pid -# -# Return values according to LSB for all commands but status: -# 0 - success -# 1 - generic or unspecified error -# 2 - invalid or excess argument(s) -# 3 - unimplemented feature (e.g. "reload") -# 4 - insufficient privilege -# 5 - program is not installed -# 6 - program is not configured -# 7 - program is not running -# - - -PATH=/sbin:/bin:/usr/bin:/usr/sbin -prog="auditd" - -# Source function library. -. /etc/init.d/functions - -# Allow anyone to run status -if [ "$1" = "status" ] ; then - status $prog - RETVAL=$? - exit $RETVAL -fi - -# Check that we are root ... so non-root users stop here -test $EUID = 0 || exit 4 - -# Check config -test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd - -RETVAL=0 - -start(){ - test -x /sbin/auditd || exit 5 - test -f /etc/audit/auditd.conf || exit 6 - - echo -n $"Starting $prog: " - -# Localization for auditd is controlled in /etc/synconfig/auditd - if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then - unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE - else - LANG="$AUDITD_LANG" - LC_TIME="$AUDITD_LANG" - LC_ALL="$AUDITD_LANG" - LC_MESSAGES="$AUDITD_LANG" - LC_NUMERIC="$AUDITD_LANG" - LC_MONETARY="$AUDITD_LANG" - LC_COLLATE="$AUDITD_LANG" - export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE - fi - unset HOME MAIL USER USERNAME - daemon $prog "$EXTRAOPTIONS" - RETVAL=$? - echo - if test $RETVAL = 0 ; then - touch /var/lock/subsys/auditd - # Prepare the default rules - if test x"$USE_AUGENRULES" != "x" ; then - if test "`echo $USE_AUGENRULES | tr 'NO' 'no'`" != "no" - then - test -d /etc/audit/rules.d && /sbin/augenrules - fi - fi - # Load the default rules - test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null - fi - return $RETVAL -} - -stop(){ - echo -n $"Stopping $prog: " - killproc $prog - RETVAL=$? - echo - rm -f /var/lock/subsys/auditd - # Remove watches so shutdown works cleanly - if test x"$AUDITD_CLEAN_STOP" != "x" ; then - if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" - then - /sbin/auditctl -D >/dev/null - fi - fi - if test x"$AUDITD_STOP_DISABLE" != "x" ; then - if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no" - then - /sbin/auditctl -e 0 >/dev/null - fi - fi - return $RETVAL -} - -reload(){ - test -f /etc/audit/auditd.conf || exit 6 - echo -n $"Reloading configuration: " - killproc $prog -HUP - RETVAL=$? - echo - return $RETVAL -} - -rotate(){ - echo -n $"Rotating logs: " - killproc $prog -USR1 - RETVAL=$? - echo - return $RETVAL -} - -resume(){ - echo -n $"Resuming logging: " - killproc $prog -USR2 - RETVAL=$? - echo - return $RETVAL -} - -restart(){ - test -f /etc/audit/auditd.conf || exit 6 - stop - start -} - -condrestart(){ - [ -e /var/lock/subsys/auditd ] && restart - return 0 -} - - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - restart - ;; - reload|force-reload) - reload - ;; - rotate) - rotate - ;; - resume) - resume - ;; - condrestart|try-restart) - condrestart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}" - RETVAL=3 -esac - -exit $RETVAL - diff --git a/framework/src/audit/init.d/auditd.restart b/framework/src/audit/init.d/auditd.restart deleted file mode 100755 index 42669ff1..00000000 --- a/framework/src/audit/init.d/auditd.restart +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# Helper script to provide legacy auditd service options not -# directly supported by systemd. - -test -f /etc/audit/auditd.conf || exit 6 - -/usr/libexec/initscripts/legacy-actions/auditd/stop -sleep 1 -echo "Redirecting start to /bin/systemctl start auditd.service" -/bin/systemctl start auditd.service -RETVAL="$?" - -exit $RETVAL diff --git a/framework/src/audit/init.d/auditd.resume b/framework/src/audit/init.d/auditd.resume deleted file mode 100644 index 55c71a4b..00000000 --- a/framework/src/audit/init.d/auditd.resume +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# Helper script to provide legacy auditd service options not -# directly supported by systemd - -# Check that we are root ... so non-root users stop here -test $EUID = 0 || exit 4 - -PATH=/sbin:/bin:/usr/bin:/usr/sbin -prog="auditd" -source /etc/init.d/functions - -echo -n $"Resuming logging: " -killproc $prog -USR2 -RETVAL=$? -echo -exit $RETVAL diff --git a/framework/src/audit/init.d/auditd.rotate b/framework/src/audit/init.d/auditd.rotate deleted file mode 100644 index e89850a6..00000000 --- a/framework/src/audit/init.d/auditd.rotate +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# Helper script to provide legacy auditd service options not -# directly supported by systemd - -# Check that we are root ... so non-root users stop here -test $EUID = 0 || exit 4 - -PATH=/sbin:/bin:/usr/bin:/usr/sbin -prog="auditd" -source /etc/init.d/functions - -echo -n $"Rotating logs: " -killproc $prog -USR1 -RETVAL=$? -echo -exit $RETVAL diff --git a/framework/src/audit/init.d/auditd.service b/framework/src/audit/init.d/auditd.service deleted file mode 100644 index 5921c1cd..00000000 --- a/framework/src/audit/init.d/auditd.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Security Auditing Service -DefaultDependencies=no -After=local-fs.target systemd-tmpfiles-setup.service -Conflicts=shutdown.target -Before=sysinit.target shutdown.target -RefuseManualStop=yes -ConditionKernelCommandLine=!audit=0 - -[Service] -ExecStart=/sbin/auditd -n -## To use augenrules, copy this file to /etc/systemd/system/auditd.service -## and uncomment the next line and delete/comment out the auditctl line. -## Then copy existing rules to /etc/audit/rules.d/ -## Not doing this last step can cause loss of existing rules -#ExecStartPost=-/sbin/augenrules --load -ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target - diff --git a/framework/src/audit/init.d/auditd.stop b/framework/src/audit/init.d/auditd.stop deleted file mode 100644 index 009da23c..00000000 --- a/framework/src/audit/init.d/auditd.stop +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# Helper script to provide legacy auditd service options not -# directly supported by systemd - -# Check that we are root ... so non-root users stop here -test $EUID = 0 || exit 4 - -PATH=/sbin:/bin:/usr/bin:/usr/sbin -prog="auditd" -source /etc/init.d/functions - -echo -n $"Stopping logging: " -killproc $prog -TERM -RETVAL=$? -echo -exit $RETVAL diff --git a/framework/src/audit/init.d/auditd.sysconfig b/framework/src/audit/init.d/auditd.sysconfig deleted file mode 100644 index 1485539a..00000000 --- a/framework/src/audit/init.d/auditd.sysconfig +++ /dev/null @@ -1,24 +0,0 @@ -# Add extra options here -EXTRAOPTIONS="" -# -# This is the locale information that audit uses. Its defaulted to en_US. -# To remove all locale information from audit's environment, set -# AUDITD_LANG to the empty string or the string "none". -AUDITD_LANG="en_US" -# -# This option is used to determine if rules & watches should be deleted on -# shutdown. This is beneficial in most cases so that a watch doesn't linger -# on a drive that is being unmounted. If set to no, it will NOT be cleaned up. -AUDITD_CLEAN_STOP="yes" -# -# This option determines whether the audit system should be disabled when -# the audit daemon is shutdown -AUDITD_STOP_DISABLE="yes" -# -# This option determines whether or not to call augenrules to compile the -# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing -# happens to existing rules. When setting this up, any existing rules need to -# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets -# overwritten. -USE_AUGENRULES="no" - diff --git a/framework/src/audit/init.d/augenrules b/framework/src/audit/init.d/augenrules deleted file mode 100644 index aa0758f6..00000000 --- a/framework/src/audit/init.d/augenrules +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -# Script to concatenate rules files found in a base audit rules directory -# to form a single /etc/audit/audit.rules file suitable for loading into -# the Linux audit system - -# When forming the interim rules file, both empty lines and comment -# lines (starting with # or <whitespace>#) are stripped as the source files -# are processed. -# -# Having formed the interim rules file, the script checks if the file is empty -# or is identical to the existing /etc/audit/audit.rules and if either of -# these cases are true, it does not replace the existing file -# - -# Variables -# -# DestinationFile: -# Destination rules file -# SourceRulesDir: -# Directory location to find component rule files -# TmpRules: -# Temporary interim rules file -# ASuffix: -# Suffix for previous audit.rules file if this script replaces it. -# The file is left in the destination directory with suffix with $ASuffix - -DestinationFile=/etc/audit/audit.rules -SourceRulesDir=/etc/audit/rules.d -TmpRules=`mktemp /tmp/aurules.XXXXXXXX` -ASuffix="prev" -OnlyCheck=0 -LoadRules=0 -RETVAL=0 -usage="Usage: $0 [--check|--load]" - -# Delete the interim file on faults -trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15 - -try_load() { - if [ $LoadRules -eq 1 ] ; then - auditctl -R ${DestinationFile} - RETVAL=$? - fi -} - -while [ $# -ge 1 ] -do - if [ "$1" = "--check" ] ; then - OnlyCheck=1 - elif [ "$1" = "--load" ] ; then - LoadRules=1 - else - echo "$usage" - exit 1 - fi - shift -done - -# Check environment -if [ ! -d ${SourceRulesDir} ]; then - echo "$0: No rules directory - ${SourceRulesDir}" - rm -f ${TmpRules} - try_load - exit 1 -fi - -# Create the interim rules file ensuring its access modes protect it -# from normal users and strip empty lines and comment lines. We also ensure -# - the last processed -D directive without an option is emitted as the first -# line. -D directives with options are left in place -# - the last processed -b directory is emitted as the second line -# - the last processed -f directory is emitted as the third line -# - the last processed -e directive is emitted as the last line -umask 0137 -echo "## This file is automatically generated from $SourceRulesDir" >> ${TmpRules} -for rules in $(/bin/ls -1v ${SourceRulesDir} | grep ".rules$") ; do - cat ${SourceRulesDir}/${rules} -done | awk '\ -BEGIN { - minus_e = ""; - minus_D = ""; - minus_f = ""; - minus_b = ""; - rest = 0; -} { - if (length($0) < 1) { next; } - if (match($0, "^\\s*#")) { next; } - if (match($0, "^\\s*-e")) { minus_e = $0; next; } - if (match($0, "^\\s*-D\\s*$")) { minus_D = $0; next; } - if (match($0, "^\\s*-f")) { minus_f = $0; next; } - if (match($0, "^\\s*-b")) { minus_b = $0; next; } - rules[rest++] = $0; -} -END { - printf "%s\n%s\n%s\n", minus_D, minus_b, minus_f; - for (i = 0; i < rest; i++) { printf "%s\n", rules[i]; } - printf "%s\n", minus_e; -}' >> ${TmpRules} - -# If empty then quit -if [ ! -s ${TmpRules} ]; then - echo "$0: No rules" - rm -f ${TmpRules} - try_load - exit $RETVAL -fi - -# If the same then quit -cmp -s ${TmpRules} ${DestinationFile} > /dev/null 2>&1 -if [ $? -eq 0 ]; then - echo "$0: No change" - rm -f ${TmpRules} - try_load - exit $RETVAL -elif [ $OnlyCheck -eq 1 ] ; then - echo "$0: Rules have changed and should be updated" - exit 0 -fi - -# Otherwise we install the new file -if [ -f ${DestinationFile} ]; then - cp ${DestinationFile} ${DestinationFile}.prev -fi -# We copy the file so that it gets the right selinux lable -cp ${TmpRules} ${DestinationFile} -rm -f ${TmpRules} - -try_load -exit $RETVAL diff --git a/framework/src/audit/init.d/libaudit.conf b/framework/src/audit/init.d/libaudit.conf deleted file mode 100644 index 90855d72..00000000 --- a/framework/src/audit/init.d/libaudit.conf +++ /dev/null @@ -1,7 +0,0 @@ -# This is the configuration file for libaudit tunables. -# It is currently only used for the failure_action tunable. - -# failure_action can be: log, ignore, terminate -failure_action = ignore - - |