1 #! /sbin/sh 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 # 23 # Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 # Use is subject to license terms. 25 # 26 27 28 . /lib/svc/share/smf_include.sh 29 30 AUDITCONFIG=/usr/sbin/auditconfig 31 AUDITD=/usr/sbin/auditd 32 AWK=/usr/bin/awk 33 EGREP=/usr/bin/egrep 34 MV=/usr/bin/mv 35 PKILL=/usr/bin/pkill 36 SLEEP=/usr/bin/sleep 37 SVCADM=/usr/sbin/svcadm 38 SVCCFG=/usr/sbin/svccfg 39 SVCS=/usr/bin/svcs 40 41 AUDIT_STARTUP=/etc/security/audit_startup 42 AUDITD_FMRI="system/auditd:default" 43 44 45 # 46 # main - the execution starts there. 47 main() 48 { 49 # 50 # Do the basic argument inspection and take the appropriate action. 51 case "$SMF_METHOD" in 52 start) 53 do_common 54 do_start 55 ;; 56 refresh) 57 do_common 58 do_refresh 59 ;; 60 *) 61 if [ -z "$SMF_METHOD" ]; then 62 echo "$0: No SMF method defined." 63 else 64 echo "$0: Unsupported SMF method: $SMF_METHOD." 65 fi 66 exit $SMF_EXIT_ERR_NOSMF 67 ;; 68 esac 69 } 70 71 72 # 73 # do_common - executes all the code common to all supported service methods. 74 do_common() 75 { 76 # 77 # If the audit state is "disabled" auditconfig returns non-zero exit 78 # status unless the c2audit module is loaded; if c2audit is loaded, 79 # "disabled" becomes "noaudit" early in the boot cycle and "auditing" 80 # only after auditd starts. 81 AUDITCOND="`$AUDITCONFIG -getcond 2>/dev/null`" 82 if [ $? -ne 0 ]; then 83 # The decision whether to start 84 # auditing is driven by bsmconv(1M) / bsmunconv(1M) 85 echo "$0: Unable to get current kernel auditing condition." 86 $SVCADM mark maintenance $AUDITD_FMRI 87 exit $SMF_EXIT_MON_OFFLINE 88 fi 89 # 90 # In a non-global zone, auditd is started/refreshed only if the 91 # "perzone" audit policy has been set. 92 if smf_is_nonglobalzone; then 93 $AUDITCONFIG -t -getpolicy | \ 94 $EGREP "perzone|all" 1>/dev/null 2>&1 95 if [ $? -eq 1 ]; then 96 echo "$0: auditd is not configured to run in a local" 97 echo " zone, perzone policy not set" \ 98 "(see auditconfig(1M))." 99 $SVCADM disable $AUDITD_FMRI 100 $SLEEP 5 & 101 exit $SMF_EXIT_OK 102 fi 103 fi 104 } 105 106 # 107 # do_start - service start method helper. 108 do_start() 109 { 110 # 111 # The transition of the audit_startup(1M) has to be performed. 112 if [ -f "$AUDIT_STARTUP" ]; then 113 114 if [ -x "$AUDIT_STARTUP" ]; then 115 $AUDIT_STARTUP 116 else 117 echo "$0: Unable to execute $AUDIT_STARTUP" 118 $SVCADM mark maintenance $AUDITD_FMRI 119 exit $SMF_EXIT_MON_OFFLINE 120 fi 121 122 echo "$0: Transition of audit_startup(1M) started." 123 124 $MV $AUDIT_STARTUP $AUDIT_STARTUP._transitioned_ 125 if [ $? -ne 0 ]; then 126 # Unable to perform the backup of $AUDIT_STARTUP 127 echo "$0: The $AUDIT_STARTUP was not moved to" 128 echo " $AUDIT_STARTUP._transitioned_" 129 fi 130 131 # 132 # Refreshing service to make the newly created properties 133 # available for any other consequent svcprop(1). 134 $SVCCFG -s $AUDITD_FMRI refresh 135 if [ $? -ne 0 ]; then 136 echo "$0: Refresh of $AUDITD_FMRI configuration failed." 137 $SVCADM mark maintenance $AUDITD_FMRI 138 exit $SMF_EXIT_ERR_CONFIG 139 fi 140 141 echo "$0: Transition of audit_startup(1M) finished." 142 fi 143 144 # 145 # Daemon forks, parent exits when child says it's ready. 146 exec $AUDITD 147 } 148 149 # 150 # do_refresh - service refresh method helper. 151 do_refresh() 152 { 153 # 154 # The refresh capability is available only for those systems 155 # with already transformed audit_startup(1M) into $AUDITD_FMRI 156 # service properties. See do_start() for more information. 157 if [ ! -f "$AUDIT_STARTUP" ]; then 158 # 159 # Find the contract_id. 160 contract_id=`$SVCS -l $AUDITD_FMRI | \ 161 $AWK '/^contract_id/ {print $2}'` 162 if [ -z "${contract_id}" ]; then 163 echo "$0: Service $AUDITD_FMRI has no associated" \ 164 "contract. Service cannot be refreshed." 165 exit $SMF_EXIT_ERR_FATAL 166 fi 167 # 168 # signal to auditd(1M): 169 $PKILL -HUP -c ${contract_id} 170 if [ $? -ne 0 ]; then 171 echo "$0: SIGHUP was not successfully delivered to" \ 172 "the related contract (${contract_id}/err:$?)." 173 $SVCADM mark maintenance $AUDITD_FMRI 174 exit $SMF_EXIT_ERR_FATAL 175 fi 176 $SLEEP 5 & 177 else 178 echo "$0: Service refresh method not supported on systems" \ 179 "without converted audit_startup(1M) into auditd service" \ 180 "SMF configuration. Clear the service (svcadm(1M))." 181 $SVCADM mark maintenance $AUDITD_FMRI 182 exit $SMF_EXIT_ERR_CONFIG 183 fi 184 } 185 186 187 # 188 # Call main() to start the own script execution. 189 main 190
Indexes created Sat Nov 28 01:19:25 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.