#! /sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident	"%Z%%M%	%I%	%E% SMI"

# if the audit state is "disabled" auditconfig returns
# non-zero exit status unless the c2audit module is loaded;
# if c2audit is loaded, "disabled" becomes "noaudit" early
# in the boot cycle and "auditing" only after auditd starts.

. /lib/svc/share/smf_include.sh

AUDITCONFIG=/usr/sbin/auditconfig

AUDITCOND=`$AUDITCONFIG -getcond 2> /dev/null`

if [ $? -ne 0 ]; then
	# The decision whether to start
	# auditing is driven by bsmconv / bsmunconv
	/usr/sbin/svcadm mark maintenance system/auditd
	exit $SMF_EXIT_MON_OFFLINE;
fi
	
# In a non-global zone, auditd is started only if the "perzone"
# audit policy has been set.
if smf_is_nonglobalzone; then
	echo `$AUDITCONFIG -getpolicy` | grep perzone > /dev/null

	if [ $? -eq 1 ]; then
		echo "$0:  auditd is not configured to run in a local"
		echo "   zone, perzone policy not set (see auditconfig(1M))"
		/usr/sbin/svcadm disable svc:/system/auditd:default 
		sleep 5 &
		exit $SMF_EXIT_OK;
	fi		
fi

/etc/security/audit_startup
# daemon forks, parent exits when child says it's ready
exec /usr/sbin/auditd