aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/init.d
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/init.d')
-rw-r--r--framework/src/audit/init.d/Makefile.am82
-rw-r--r--framework/src/audit/init.d/audispd.conf12
-rw-r--r--framework/src/audit/init.d/audit.rules14
-rw-r--r--framework/src/audit/init.d/auditd.condrestart7
-rw-r--r--framework/src/audit/init.d/auditd.conf32
-rw-r--r--framework/src/audit/init.d/auditd.cron14
-rwxr-xr-xframework/src/audit/init.d/auditd.init175
-rwxr-xr-xframework/src/audit/init.d/auditd.restart13
-rw-r--r--framework/src/audit/init.d/auditd.resume16
-rw-r--r--framework/src/audit/init.d/auditd.rotate16
-rw-r--r--framework/src/audit/init.d/auditd.service22
-rw-r--r--framework/src/audit/init.d/auditd.stop16
-rw-r--r--framework/src/audit/init.d/auditd.sysconfig24
-rw-r--r--framework/src/audit/init.d/augenrules130
-rw-r--r--framework/src/audit/init.d/libaudit.conf7
15 files changed, 0 insertions, 580 deletions
diff --git a/framework/src/audit/init.d/Makefile.am b/framework/src/audit/init.d/Makefile.am
deleted file mode 100644
index 521dd1d0..00000000
--- a/framework/src/audit/init.d/Makefile.am
+++ /dev/null
@@ -1,82 +0,0 @@
-# Makefile.am--
-# Copyright 2004-07,2012-13 Red Hat Inc., Durham, North Carolina.
-# All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Authors:
-# Steve Grubb <sgrubb@redhat.com>
-#
-
-CONFIG_CLEAN_FILES = *.rej *.orig
-EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \
- audit.rules auditd.cron libaudit.conf audispd.conf auditd.condrestart \
- auditd.restart auditd.resume auditd.rotate auditd.stop augenrules
-libconfig = libaudit.conf
-dispconfig = audispd.conf
-dispconfigdir = $(sysconfdir)/audisp
-if ENABLE_SYSTEMD
-initdir = /usr/lib/systemd/system
-legacydir = $(libexecdir)/initscripts/legacy-actions/auditd
-else
-initdir = $(sysconfdir)/rc.d/init.d
-sysconfigdir = $(sysconfdir)/sysconfig
-endif
-
-auditdir = $(sysconfdir)/audit
-auditrdir = $(auditdir)/rules.d
-dist_audit_DATA = auditd.conf
-dist_auditr_DATA = audit.rules
-sbin_SCRIPTS = augenrules
-
-install-data-hook:
- $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir}
- $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir}
-if ENABLE_SYSTEMD
-else
- $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd
-endif
-
-install-exec-hook:
-if ENABLE_SYSTEMD
- mkdir -p ${DESTDIR}${initdir}
- mkdir -p ${DESTDIR}${legacydir}
- $(INSTALL_SCRIPT) -D -m 640 ${srcdir}/auditd.service ${DESTDIR}${initdir}
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart
- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart
-else
- $(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd
-endif
- chmod 0750 $(DESTDIR)$(sbindir)/augenrules
-
-
-uninstall-hook:
- rm ${DESTDIR}${dispconfigdir}/${dispconfig}
- rm ${DESTDIR}${sysconfdir}/${libconfig}
-if ENABLE_SYSTEMD
- rm ${DESTDIR}${initdir}/auditd.service
- rm ${DESTDIR}${legacydir}/rotate
- rm ${DESTDIR}${legacydir}/resume
- rm ${DESTDIR}${legacydir}/stop
- rm ${DESTDIR}${legacydir}/restart
- rm ${DESTDIR}${legacydir}/condrestart
-else
- rm ${DESTDIR}${sysconfigdir}/auditd
- rm ${DESTDIR}${initdir}/auditd
-endif
-
diff --git a/framework/src/audit/init.d/audispd.conf b/framework/src/audit/init.d/audispd.conf
deleted file mode 100644
index ee50e5b3..00000000
--- a/framework/src/audit/init.d/audispd.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# This file controls the configuration of the audit event
-# dispatcher daemon, audispd.
-#
-
-q_depth = 150
-overflow_action = SYSLOG
-priority_boost = 4
-max_restarts = 10
-name_format = HOSTNAME
-#name = mydomain
-
diff --git a/framework/src/audit/init.d/audit.rules b/framework/src/audit/init.d/audit.rules
deleted file mode 100644
index 479ff470..00000000
--- a/framework/src/audit/init.d/audit.rules
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file contains the auditctl rules that are loaded
-# whenever the audit daemon is started via the initscripts.
-# The rules are simply the parameters that would be passed
-# to auditctl.
-
-# First rule - delete all
--D
-
-# Increase the buffers to survive stress events.
-# Make this bigger for busy systems
--b 320
-
-# Feel free to add below this line. See auditctl man page
-
diff --git a/framework/src/audit/init.d/auditd.condrestart b/framework/src/audit/init.d/auditd.condrestart
deleted file mode 100644
index efbaaa85..00000000
--- a/framework/src/audit/init.d/auditd.condrestart
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-# Helper script to provide legacy auditd service options not
-# directly supported by systemd.
-
-/usr/libexec/initscripts/legacy-actions/auditd/restart
-RETVAL="$?"
-exit $RETVAL
diff --git a/framework/src/audit/init.d/auditd.conf b/framework/src/audit/init.d/auditd.conf
deleted file mode 100644
index fdc93f0e..00000000
--- a/framework/src/audit/init.d/auditd.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# This file controls the configuration of the audit daemon
-#
-
-log_file = /var/log/audit/audit.log
-log_format = RAW
-log_group = root
-priority_boost = 4
-flush = INCREMENTAL
-freq = 20
-num_logs = 5
-disp_qos = lossy
-dispatcher = /sbin/audispd
-name_format = NONE
-##name = mydomain
-max_log_file = 6
-max_log_file_action = ROTATE
-space_left = 75
-space_left_action = SYSLOG
-action_mail_acct = root
-admin_space_left = 50
-admin_space_left_action = SUSPEND
-disk_full_action = SUSPEND
-disk_error_action = SUSPEND
-##tcp_listen_port =
-tcp_listen_queue = 5
-tcp_max_per_addr = 1
-##tcp_client_ports = 1024-65535
-tcp_client_max_idle = 0
-enable_krb5 = no
-krb5_principal = auditd
-##krb5_key_file = /etc/audit/audit.key
diff --git a/framework/src/audit/init.d/auditd.cron b/framework/src/audit/init.d/auditd.cron
deleted file mode 100644
index 7b898697..00000000
--- a/framework/src/audit/init.d/auditd.cron
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-##########
-# This script can be installed to get a daily log rotation
-# based on a cron job.
-##########
-
-/sbin/service auditd rotate
-EXITVALUE=$?
-if [ $EXITVALUE != 0 ]; then
- /usr/bin/logger -t auditd "ALERT exited abnormally with [$EXITVALUE]"
-fi
-exit 0
-
diff --git a/framework/src/audit/init.d/auditd.init b/framework/src/audit/init.d/auditd.init
deleted file mode 100755
index ccf8afb1..00000000
--- a/framework/src/audit/init.d/auditd.init
+++ /dev/null
@@ -1,175 +0,0 @@
-#!/bin/bash
-#
-# auditd This starts and stops auditd
-#
-# chkconfig: 2345 11 88
-# description: This starts the Linux Auditing System Daemon, \
-# which collects security related events in a dedicated \
-# audit log. If this daemon is turned off, audit events \
-# will be sent to syslog.
-#
-# processname: /sbin/auditd
-# config: /etc/sysconfig/auditd
-# config: /etc/audit/auditd.conf
-# pidfile: /var/run/auditd.pid
-#
-# Return values according to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-#
-
-
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-
-# Source function library.
-. /etc/init.d/functions
-
-# Allow anyone to run status
-if [ "$1" = "status" ] ; then
- status $prog
- RETVAL=$?
- exit $RETVAL
-fi
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0 || exit 4
-
-# Check config
-test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd
-
-RETVAL=0
-
-start(){
- test -x /sbin/auditd || exit 5
- test -f /etc/audit/auditd.conf || exit 6
-
- echo -n $"Starting $prog: "
-
-# Localization for auditd is controlled in /etc/synconfig/auditd
- if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
- unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
- else
- LANG="$AUDITD_LANG"
- LC_TIME="$AUDITD_LANG"
- LC_ALL="$AUDITD_LANG"
- LC_MESSAGES="$AUDITD_LANG"
- LC_NUMERIC="$AUDITD_LANG"
- LC_MONETARY="$AUDITD_LANG"
- LC_COLLATE="$AUDITD_LANG"
- export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
- fi
- unset HOME MAIL USER USERNAME
- daemon $prog "$EXTRAOPTIONS"
- RETVAL=$?
- echo
- if test $RETVAL = 0 ; then
- touch /var/lock/subsys/auditd
- # Prepare the default rules
- if test x"$USE_AUGENRULES" != "x" ; then
- if test "`echo $USE_AUGENRULES | tr 'NO' 'no'`" != "no"
- then
- test -d /etc/audit/rules.d && /sbin/augenrules
- fi
- fi
- # Load the default rules
- test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
- fi
- return $RETVAL
-}
-
-stop(){
- echo -n $"Stopping $prog: "
- killproc $prog
- RETVAL=$?
- echo
- rm -f /var/lock/subsys/auditd
- # Remove watches so shutdown works cleanly
- if test x"$AUDITD_CLEAN_STOP" != "x" ; then
- if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"
- then
- /sbin/auditctl -D >/dev/null
- fi
- fi
- if test x"$AUDITD_STOP_DISABLE" != "x" ; then
- if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no"
- then
- /sbin/auditctl -e 0 >/dev/null
- fi
- fi
- return $RETVAL
-}
-
-reload(){
- test -f /etc/audit/auditd.conf || exit 6
- echo -n $"Reloading configuration: "
- killproc $prog -HUP
- RETVAL=$?
- echo
- return $RETVAL
-}
-
-rotate(){
- echo -n $"Rotating logs: "
- killproc $prog -USR1
- RETVAL=$?
- echo
- return $RETVAL
-}
-
-resume(){
- echo -n $"Resuming logging: "
- killproc $prog -USR2
- RETVAL=$?
- echo
- return $RETVAL
-}
-
-restart(){
- test -f /etc/audit/auditd.conf || exit 6
- stop
- start
-}
-
-condrestart(){
- [ -e /var/lock/subsys/auditd ] && restart
- return 0
-}
-
-
-# See how we were called.
-case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- restart
- ;;
- reload|force-reload)
- reload
- ;;
- rotate)
- rotate
- ;;
- resume)
- resume
- ;;
- condrestart|try-restart)
- condrestart
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}"
- RETVAL=3
-esac
-
-exit $RETVAL
-
diff --git a/framework/src/audit/init.d/auditd.restart b/framework/src/audit/init.d/auditd.restart
deleted file mode 100755
index 42669ff1..00000000
--- a/framework/src/audit/init.d/auditd.restart
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-# Helper script to provide legacy auditd service options not
-# directly supported by systemd.
-
-test -f /etc/audit/auditd.conf || exit 6
-
-/usr/libexec/initscripts/legacy-actions/auditd/stop
-sleep 1
-echo "Redirecting start to /bin/systemctl start auditd.service"
-/bin/systemctl start auditd.service
-RETVAL="$?"
-
-exit $RETVAL
diff --git a/framework/src/audit/init.d/auditd.resume b/framework/src/audit/init.d/auditd.resume
deleted file mode 100644
index 55c71a4b..00000000
--- a/framework/src/audit/init.d/auditd.resume
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-# Helper script to provide legacy auditd service options not
-# directly supported by systemd
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0 || exit 4
-
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-source /etc/init.d/functions
-
-echo -n $"Resuming logging: "
-killproc $prog -USR2
-RETVAL=$?
-echo
-exit $RETVAL
diff --git a/framework/src/audit/init.d/auditd.rotate b/framework/src/audit/init.d/auditd.rotate
deleted file mode 100644
index e89850a6..00000000
--- a/framework/src/audit/init.d/auditd.rotate
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-# Helper script to provide legacy auditd service options not
-# directly supported by systemd
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0 || exit 4
-
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-source /etc/init.d/functions
-
-echo -n $"Rotating logs: "
-killproc $prog -USR1
-RETVAL=$?
-echo
-exit $RETVAL
diff --git a/framework/src/audit/init.d/auditd.service b/framework/src/audit/init.d/auditd.service
deleted file mode 100644
index 5921c1cd..00000000
--- a/framework/src/audit/init.d/auditd.service
+++ /dev/null
@@ -1,22 +0,0 @@
-[Unit]
-Description=Security Auditing Service
-DefaultDependencies=no
-After=local-fs.target systemd-tmpfiles-setup.service
-Conflicts=shutdown.target
-Before=sysinit.target shutdown.target
-RefuseManualStop=yes
-ConditionKernelCommandLine=!audit=0
-
-[Service]
-ExecStart=/sbin/auditd -n
-## To use augenrules, copy this file to /etc/systemd/system/auditd.service
-## and uncomment the next line and delete/comment out the auditctl line.
-## Then copy existing rules to /etc/audit/rules.d/
-## Not doing this last step can cause loss of existing rules
-#ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/framework/src/audit/init.d/auditd.stop b/framework/src/audit/init.d/auditd.stop
deleted file mode 100644
index 009da23c..00000000
--- a/framework/src/audit/init.d/auditd.stop
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-# Helper script to provide legacy auditd service options not
-# directly supported by systemd
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0 || exit 4
-
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="auditd"
-source /etc/init.d/functions
-
-echo -n $"Stopping logging: "
-killproc $prog -TERM
-RETVAL=$?
-echo
-exit $RETVAL
diff --git a/framework/src/audit/init.d/auditd.sysconfig b/framework/src/audit/init.d/auditd.sysconfig
deleted file mode 100644
index 1485539a..00000000
--- a/framework/src/audit/init.d/auditd.sysconfig
+++ /dev/null
@@ -1,24 +0,0 @@
-# Add extra options here
-EXTRAOPTIONS=""
-#
-# This is the locale information that audit uses. Its defaulted to en_US.
-# To remove all locale information from audit's environment, set
-# AUDITD_LANG to the empty string or the string "none".
-AUDITD_LANG="en_US"
-#
-# This option is used to determine if rules & watches should be deleted on
-# shutdown. This is beneficial in most cases so that a watch doesn't linger
-# on a drive that is being unmounted. If set to no, it will NOT be cleaned up.
-AUDITD_CLEAN_STOP="yes"
-#
-# This option determines whether the audit system should be disabled when
-# the audit daemon is shutdown
-AUDITD_STOP_DISABLE="yes"
-#
-# This option determines whether or not to call augenrules to compile the
-# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing
-# happens to existing rules. When setting this up, any existing rules need to
-# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets
-# overwritten.
-USE_AUGENRULES="no"
-
diff --git a/framework/src/audit/init.d/augenrules b/framework/src/audit/init.d/augenrules
deleted file mode 100644
index aa0758f6..00000000
--- a/framework/src/audit/init.d/augenrules
+++ /dev/null
@@ -1,130 +0,0 @@
-#!/bin/bash
-
-# Script to concatenate rules files found in a base audit rules directory
-# to form a single /etc/audit/audit.rules file suitable for loading into
-# the Linux audit system
-
-# When forming the interim rules file, both empty lines and comment
-# lines (starting with # or <whitespace>#) are stripped as the source files
-# are processed.
-#
-# Having formed the interim rules file, the script checks if the file is empty
-# or is identical to the existing /etc/audit/audit.rules and if either of
-# these cases are true, it does not replace the existing file
-#
-
-# Variables
-#
-# DestinationFile:
-# Destination rules file
-# SourceRulesDir:
-# Directory location to find component rule files
-# TmpRules:
-# Temporary interim rules file
-# ASuffix:
-# Suffix for previous audit.rules file if this script replaces it.
-# The file is left in the destination directory with suffix with $ASuffix
-
-DestinationFile=/etc/audit/audit.rules
-SourceRulesDir=/etc/audit/rules.d
-TmpRules=`mktemp /tmp/aurules.XXXXXXXX`
-ASuffix="prev"
-OnlyCheck=0
-LoadRules=0
-RETVAL=0
-usage="Usage: $0 [--check|--load]"
-
-# Delete the interim file on faults
-trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15
-
-try_load() {
- if [ $LoadRules -eq 1 ] ; then
- auditctl -R ${DestinationFile}
- RETVAL=$?
- fi
-}
-
-while [ $# -ge 1 ]
-do
- if [ "$1" = "--check" ] ; then
- OnlyCheck=1
- elif [ "$1" = "--load" ] ; then
- LoadRules=1
- else
- echo "$usage"
- exit 1
- fi
- shift
-done
-
-# Check environment
-if [ ! -d ${SourceRulesDir} ]; then
- echo "$0: No rules directory - ${SourceRulesDir}"
- rm -f ${TmpRules}
- try_load
- exit 1
-fi
-
-# Create the interim rules file ensuring its access modes protect it
-# from normal users and strip empty lines and comment lines. We also ensure
-# - the last processed -D directive without an option is emitted as the first
-# line. -D directives with options are left in place
-# - the last processed -b directory is emitted as the second line
-# - the last processed -f directory is emitted as the third line
-# - the last processed -e directive is emitted as the last line
-umask 0137
-echo "## This file is automatically generated from $SourceRulesDir" >> ${TmpRules}
-for rules in $(/bin/ls -1v ${SourceRulesDir} | grep ".rules$") ; do
- cat ${SourceRulesDir}/${rules}
-done | awk '\
-BEGIN {
- minus_e = "";
- minus_D = "";
- minus_f = "";
- minus_b = "";
- rest = 0;
-} {
- if (length($0) < 1) { next; }
- if (match($0, "^\\s*#")) { next; }
- if (match($0, "^\\s*-e")) { minus_e = $0; next; }
- if (match($0, "^\\s*-D\\s*$")) { minus_D = $0; next; }
- if (match($0, "^\\s*-f")) { minus_f = $0; next; }
- if (match($0, "^\\s*-b")) { minus_b = $0; next; }
- rules[rest++] = $0;
-}
-END {
- printf "%s\n%s\n%s\n", minus_D, minus_b, minus_f;
- for (i = 0; i < rest; i++) { printf "%s\n", rules[i]; }
- printf "%s\n", minus_e;
-}' >> ${TmpRules}
-
-# If empty then quit
-if [ ! -s ${TmpRules} ]; then
- echo "$0: No rules"
- rm -f ${TmpRules}
- try_load
- exit $RETVAL
-fi
-
-# If the same then quit
-cmp -s ${TmpRules} ${DestinationFile} > /dev/null 2>&1
-if [ $? -eq 0 ]; then
- echo "$0: No change"
- rm -f ${TmpRules}
- try_load
- exit $RETVAL
-elif [ $OnlyCheck -eq 1 ] ; then
- echo "$0: Rules have changed and should be updated"
- exit 0
-fi
-
-# Otherwise we install the new file
-if [ -f ${DestinationFile} ]; then
- cp ${DestinationFile} ${DestinationFile}.prev
-fi
-# We copy the file so that it gets the right selinux lable
-cp ${TmpRules} ${DestinationFile}
-rm -f ${TmpRules}
-
-try_load
-exit $RETVAL
diff --git a/framework/src/audit/init.d/libaudit.conf b/framework/src/audit/init.d/libaudit.conf
deleted file mode 100644
index 90855d72..00000000
--- a/framework/src/audit/init.d/libaudit.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# This is the configuration file for libaudit tunables.
-# It is currently only used for the failure_action tunable.
-
-# failure_action can be: log, ignore, terminate
-failure_action = ignore
-
-