buildroot/package/audit/S02auditd
José Pekkarinen e47832c860 package/audit: Fix type output on log folder creation
Testing buildroot 2021.05 I observed that after first
boot I was having the following folders:

/context:
/system_u:object_r:auditd_log_t

The root of this problem turned to be a difference in the
output of $(selabel_lookup -b file -k /var/log/audit) called
by S02auditd that from this version on looks like:

$ selabel_lookup -b file -k /var/log/audit
Default context: system_u:object_r:auditd_log_t

This patch will cut it to retrieve the type piece only. Unfortunately,
audit has no options to create machine-readable output that is
guaranteed not to change, so that's the best we can do.

Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-10-11 23:03:55 +02:00

81 lines
1.6 KiB
Bash

#!/bin/sh
#
# auditd This starts and stops auditd
#
# description: This starts the Linux Auditing System Daemon,
# which collects security related events in a dedicated
# audit log. If this daemon is turned off, audit events
# will be sent to syslog.
#
NAME=auditd
DAEMON=/usr/sbin/${NAME}
CONFIG=/etc/audit/auditd.conf
PIDFILE=/var/run/${NAME}.pid
start(){
printf "Starting ${NAME}: "
# Create dir to store log files in if one doesn't exist. Create
# the directory with SELinux permissions if possible
command -v selabel_lookup >/dev/null 2>&1
if [ $? = 0 ]; then
mkdir -p /var/log/audit -Z `selabel_lookup -b file -k /var/log/audit | cut -d ' ' -f 3`
else
mkdir -p /var/log/audit
fi
# Run audit daemon executable
start-stop-daemon -S -q -p ${PIDFILE} --exec ${DAEMON}
if [ $? = 0 ]; then
# Load the default rules
test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules >/dev/null
echo "OK"
else
echo "FAIL"
fi
}
stop(){
printf "Stopping ${NAME}: "
start-stop-daemon -K -q -p ${PIDFILE}
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
reload(){
printf "Reloading ${NAME} configuration: "
start-stop-daemon --stop -s 1 -p ${PIDFILE} 1>/dev/null
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
rotate(){
printf "Rotating ${NAME} logs: "
start-stop-daemon --stop -s 10 -p ${PIDFILE} 1>/dev/null
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
rotate)
rotate
;;
*)
echo "Usage: $0 {start|stop|restart|reload|rotate}"
exit 1
;;
esac