#!/bin/sh
# chkconfig: 2345 29 71
### BEGIN INIT INFO
# Provides:          audit
# Required-Start:    modules $local_fs network
# Required-Stop:     modules $local_fs network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start audit system
# Description:       Enable audit daemon that collects security related events
# X-Start-Before:    
# X-Stop-After:      
# X-Timesys-Start-Number:  29
# X-Timesys-Stop-Number:  71
### END INIT INFO

case "$1" in
  start)
    if [ ! -d /var/log/audit ]; then
      mkdir -p /var/log/audit
    fi
    chmod 0750 $(which audispd) >/dev/null 2>&1

    printf "Starting auditd: "
    auditd
    if [ $? == 0 ]; then
      echo "[OK]"
      if test -e /etc/audit/audit.rules ; then
        auditctl -R /etc/audit/audit.rules >/dev/null
      fi
    else
      echo "[FAIL]"
      exit 1
    fi
  ;;
  stop)
    PID=$(pidof auditd)
    if [ -z "$PID" ]; then
      echo "auditd is not running"
      exit 1
    fi
    printf "Stopping auditd: "
    for pid in $PID; do kill $pid >/dev/null 2>&1; done
    auditctl -D >/dev/null
    auditctl -e 0 >/dev/null
    echo '[OK]'
  ;;
  restart)
    $0 stop
    $0 start
  ;;
  *)
    echo "Usage: $0 [start|stop|restart]"
  ;;
esac