#!/bin/bash
#
# auditd        This starts and stops auditd
#
# chkconfig: - 18 87
# description: This starts the Linux Auditing System Daemon
#
# processname: /sbin/auditd
# config: /etc/sysconfig/auditd
# config: /etc/auditd.conf
# pidfile: /var/run/auditd.pid
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

PATH=/sbin:/bin:/usr/bin:/usr/sbin

# Source function library.
. /etc/init.d/functions

# Check that we are root ... so non-root users stop here
test `id -u` = 0  || exit 4

# Check config
test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd

test -x /sbin/auditd  || exit 5
test -f /etc/auditd.conf  || exit 6

RETVAL=0

prog="auditd"

start(){
    echo -n $"Starting $prog: "

# Localization for auditd is controlled in /etc/synconfig/auditd
    if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
        unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
    else
        LANG="$AUDITD_LANG"
        LC_TIME="$AUDITD_LANG"
        LC_ALL="$AUDITD_LANG"
        LC_MESSAGES="$AUDITD_LANG"
        LC_NUMERIC="$AUDITD_LANG"
        LC_MONETARY="$AUDITD_LANG"
        LC_COLLATE="$AUDITD_LANG"
        export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
    fi
    unset HOME MAIL USER USERNAME
    daemon $prog "$EXTRAOPTIONS"
    RETVAL=$?
    echo
    if test $RETVAL = 0 ; then
        touch /var/lock/subsys/auditd
    fi
    # Load the default rules
    test -f /etc/audit.rules && /sbin/auditctl -R /etc/audit.rules >/dev/null
    return $RETVAL
}

stop(){
    echo -n $"Stopping $prog: "
    killproc $prog
    RETVAL=$?
    echo
    rm -f /var/lock/subsys/auditd
    # Remove watches so shutdown works cleanly
    if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ; then
	    /sbin/auditctl -D >/dev/null
    fi
    return $RETVAL
}

reload(){
    echo -n $"Reloading configuration: "	
    killproc $prog -HUP
    RETVAL=$?
    echo
    return $RETVAL
}

rotate(){
    echo -n $"Rotating logs: "	
    killproc $prog -USR1
    RETVAL=$?
    echo
    return $RETVAL
}

restart(){
    stop
    start
}

condrestart(){
    [ -e /var/lock/subsys/auditd ] && restart
    return 0
}


# See how we were called.
case "$1" in
    start)
	start
	;;
    stop)
	stop
	;;
    status)
	status $prog
	;;
    restart)
	restart
	;;
    reload)
	reload
	;;
    rotate)
	rotate
	;;
    condrestart)
	condrestart
	;;
    *)
	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|rotate}"
	RETVAL=3
esac

exit $RETVAL
