xref: /titanic_50/usr/src/cmd/auditd/svc-auditd (revision af4c679f647cf088543c762e33d41a3ac52cfa14)
1#! /sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26
27
28. /lib/svc/share/smf_include.sh
29
30AUDITCONFIG=/usr/sbin/auditconfig
31AUDITD=/usr/sbin/auditd
32AWK=/usr/bin/awk
33EGREP=/usr/bin/egrep
34MV=/usr/bin/mv
35PKILL=/usr/bin/pkill
36SLEEP=/usr/bin/sleep
37SVCADM=/usr/sbin/svcadm
38SVCCFG=/usr/sbin/svccfg
39SVCS=/usr/bin/svcs
40
41AUDIT_STARTUP=/etc/security/audit_startup
42AUDITD_FMRI="system/auditd:default"
43
44
45#
46# main - the execution starts there.
47main()
48{
49	#
50	# Do the basic argument inspection and take the appropriate action.
51	case "$SMF_METHOD" in
52	start)
53		do_common
54		do_start
55		;;
56	refresh)
57		do_common
58		do_refresh
59		;;
60	*)
61		if [ -z "$SMF_METHOD" ]; then
62			echo "$0:  No SMF method defined."
63		else
64			echo "$0:  Unsupported SMF method: $SMF_METHOD."
65		fi
66		exit $SMF_EXIT_ERR_NOSMF
67		;;
68	esac
69}
70
71
72#
73# do_common - executes all the code common to all supported service methods.
74do_common()
75{
76	#
77	# If the audit state is "disabled" auditconfig returns non-zero exit
78	# status unless the c2audit module is loaded; if c2audit is loaded,
79	# "disabled" becomes "noaudit" early in the boot cycle and "auditing"
80	# only after auditd starts.
81	AUDITCOND="`$AUDITCONFIG -getcond 2>/dev/null`"
82	if [ $? -ne 0 ]; then
83		# The decision whether to start
84		# auditing is driven by bsmconv(1M) / bsmunconv(1M)
85		echo "$0: Unable to get current kernel auditing condition."
86		$SVCADM mark maintenance $AUDITD_FMRI
87		exit $SMF_EXIT_MON_OFFLINE
88	fi
89	#
90	# In a non-global zone, auditd is started/refreshed only if the
91	# "perzone" audit policy has been set.
92	if smf_is_nonglobalzone; then
93		$AUDITCONFIG -t -getpolicy | \
94		    $EGREP "perzone|all" 1>/dev/null 2>&1
95		if [ $? -eq 1 ]; then
96			echo "$0:  auditd is not configured to run in a local"
97			echo "   zone, perzone policy not set" \
98			    "(see auditconfig(1M))."
99			$SVCADM disable $AUDITD_FMRI
100			$SLEEP 5 &
101			exit $SMF_EXIT_OK
102		fi
103	fi
104}
105
106#
107# do_start - service start method helper.
108do_start()
109{
110	#
111	# The transition of the audit_startup(1M) has to be performed.
112	if [ -f "$AUDIT_STARTUP" ]; then
113
114		if [ -x "$AUDIT_STARTUP" ]; then
115			$AUDIT_STARTUP
116		else
117			echo "$0: Unable to execute $AUDIT_STARTUP"
118			$SVCADM mark maintenance $AUDITD_FMRI
119			exit $SMF_EXIT_MON_OFFLINE
120		fi
121
122		echo "$0: Transition of audit_startup(1M) started."
123
124		$MV $AUDIT_STARTUP $AUDIT_STARTUP._transitioned_
125		if [ $? -ne 0 ]; then
126			# Unable to perform the backup of $AUDIT_STARTUP
127			echo "$0: The $AUDIT_STARTUP was not moved to"
128			echo "   $AUDIT_STARTUP._transitioned_"
129		fi
130
131		#
132		# Refreshing service to make the newly created properties
133		# available for any other consequent svcprop(1).
134		$SVCCFG -s $AUDITD_FMRI refresh
135		if [ $? -ne 0 ]; then
136			echo "$0: Refresh of $AUDITD_FMRI configuration failed."
137			$SVCADM mark maintenance $AUDITD_FMRI
138			exit $SMF_EXIT_ERR_CONFIG
139		fi
140
141		echo "$0: Transition of audit_startup(1M) finished."
142	fi
143
144	#
145	# Daemon forks, parent exits when child says it's ready.
146	exec $AUDITD
147}
148
149#
150# do_refresh - service refresh method helper.
151do_refresh()
152{
153	#
154	# The refresh capability is available only for those systems
155	# with already transformed audit_startup(1M) into $AUDITD_FMRI
156	# service properties. See do_start() for more information.
157	if [ ! -f "$AUDIT_STARTUP" ]; then
158		#
159		# Find the contract_id.
160		contract_id=`$SVCS -l $AUDITD_FMRI | \
161		    $AWK '/^contract_id/ {print $2}'`
162		if [ -z "${contract_id}" ]; then
163			echo "$0: Service $AUDITD_FMRI has no associated" \
164			    "contract. Service cannot be refreshed."
165			exit $SMF_EXIT_ERR_FATAL
166		fi
167		#
168		# signal to auditd(1M):
169		$PKILL -HUP -c ${contract_id}
170		if [ $? -ne 0 ]; then
171			echo "$0: SIGHUP was not successfully delivered to" \
172			    "the related contract (${contract_id}/err:$?)."
173			$SVCADM mark maintenance $AUDITD_FMRI
174			exit $SMF_EXIT_ERR_FATAL
175		fi
176		$SLEEP 5 &
177	else
178		echo "$0: Service refresh method not supported on systems" \
179		   "without converted audit_startup(1M) into auditd service" \
180		   "SMF configuration. Clear the service (svcadm(1M))."
181		$SVCADM mark maintenance $AUDITD_FMRI
182		exit $SMF_EXIT_ERR_CONFIG
183	fi
184}
185
186
187#
188# Call main() to start the own script execution.
189main
190