freebsd-nq/etc/rc.d/auditd
Robert Watson 9b2b93002d Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit.  Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running.  Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.

Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 17:31:04 +00:00

33 lines
514 B
Bash

#!/bin/sh
#
# $FreeBSD$
#
# Start up for the Audit daemon.
#
# PROVIDE: auditd
# REQUIRE: syslogd
# BEFORE: DAEMON
# KEYWORD: shutdown
. /etc/rc.subr
name="auditd"
stop_cmd="auditd_stop"
command="/usr/sbin/${name}"
rcvar="auditd_enable"
command_args="${auditd_flags}"
required_files="/etc/security/audit_class /etc/security/audit_control
/etc/security/audit_event /etc/security/audit_user
/etc/security/audit_warn"
auditd_stop()
{
/usr/sbin/audit -t
sleep 1
}
load_rc_config $name
run_rc_command "$1"