annotate usr/src/cmd/audit_warn/audit_warn.sh @ 0:c9caec207d52 b86

Initial porting based on b86
author Koji Uno <koji.uno@sun.com>
date Tue, 02 Jun 2009 18:56:50 +0900
parents
children 1a15d5aaf794
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
1 #! /bin/sh
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
2 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
3 # CDDL HEADER START
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
4 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
5 # The contents of this file are subject to the terms of the
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
6 # Common Development and Distribution License (the "License").
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
7 # You may not use this file except in compliance with the License.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
8 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
10 # or http://www.opensolaris.org/os/licensing.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
11 # See the License for the specific language governing permissions
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
12 # and limitations under the License.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
13 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
14 # When distributing Covered Code, include this CDDL HEADER in each
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
16 # If applicable, add the following below this CDDL HEADER, with the
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
17 # fields enclosed by brackets "[]" replaced with your own identifying
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
18 # information: Portions Copyright [yyyy] [name of copyright owner]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
19 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
20 # CDDL HEADER END
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
21 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
22 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
23 # ident "@(#)audit_warn.sh 1.10 07/09/04 SMI"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
24 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
25 # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
26 # Use is subject to license terms.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
27 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
28
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
29 # This shell script warns the administrator when there are problems or
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
30 # potential problems with the audit daemon. The default script sends
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
31 # a message to the machine console in the case where there
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
32 # is no audit space available. It has comments in a few places where
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
33 # additional actions might be appropriate (eg. clearing some space).
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
34 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
35 #---------------------------------------------------------------------------
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
36 # send mail and generate syslog output
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
37 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
38 # $MESSAGE and $SUBJECT are set by the caller
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
39 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
40 # edit this function to omit syslog or mail output.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
41 #---------------------------------------------------------------------------
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
42 send_msg() {
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
43 MAILER=/usr/bin/mailx
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
44 SED=/usr/bin/sed
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
45 LOGCMD="$LOGGER -p daemon.alert"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
46
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
47 ADDRESS=audit_warn # standard alias for audit alerts
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
48
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
49 # turn off redirect to /dev/null to see sendmail output
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
50 /usr/lib/sendmail -bv $ADDRESS > /dev/null
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
51
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
52 if [ $? -ne 0 ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
53 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
54 $LOGCMD "The $ADDRESS mail alias is not defined"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
55 ADDRESS=root
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
56 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
57
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
58 if [ -z "$COUNT" -o "0$COUNT" -eq 1 ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
59 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
60 echo "$0: $MESSAGE" | $MAILER -s "$SUBJECT" $ADDRESS
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
61 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
62
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
63 STRIPPEDMSG=`echo "$MESSAGE" | $SED -e "s/\n/ /g"`
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
64 $LOGCMD $STRIPPEDMSG
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
65 }
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
66
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
67 # If you change this script, script debug should first be done via the
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
68 # command line, so input errors are output via "echo," but syslog
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
69 # debug messages are better for testing from auditd since the echo
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
70 # output would be lost. For testing with auditd, replace
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
71 # 'DEBUG_OUT="echo"' with 'DEBUG_OUT="$LOGGER -p daemon.debug"'
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
72
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
73 LOGGER="/usr/bin/logger"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
74 DEBUG_OUT="echo"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
75
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
76 # Check usage
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
77 if [ "$#" -lt "1" -o "$#" -gt "5" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
78 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
79 $DEBUG_OUT "Usage: $0 <option> [<args>]"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
80 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
81 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
82
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
83 # Process args
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
84 while [ -n "$1" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
85 do
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
86
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
87 SUBJECT="AUDIT DAEMON WARNING ($1)"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
88
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
89 case "$1" in
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
90
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
91 "soft" ) # Check soft arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
92 # One audit filesystem has filled to the soft limit
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
93 # set up in audit_control.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
94
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
95 if [ ! -n "$2" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
96 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
97 $DEBUG_OUT "$0: Need filename arg with 'soft'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
98 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
99 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
100 FILE=$2
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
101 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
102
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
103 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
104 MESSAGE="Soft limit exceeded in file $FILE."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
105 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
106
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
107 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
108 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
109
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
110 "allsoft" ) # Check all soft arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
111 # All the audit filesystems have filled to the soft
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
112 # limit set up in audit_control.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
113
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
114 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
115 MESSAGE="Soft limit exceeded on all filesystems."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
116 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
117
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
118 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
119 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
120
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
121 "hard" ) # Check hard arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
122 # One audit filesystem has filled completely.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
123
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
124 if [ ! -n "$2" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
125 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
126 $DEBUG_OUT "$0: Need filename arg with 'hard'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
127 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
128 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
129 FILE=$2
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
130 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
131
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
132 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
133 MESSAGE="Hard limit exceeded in file $FILE."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
134 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
135
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
136 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
137 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
138
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
139 "allhard" ) # Check all hard arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
140 # All the audit filesystems have filled completely.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
141 # The audit daemon will remain in a loop sleeping
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
142 # and checking for space until some space is freed.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
143
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
144 if [ ! -n "$2" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
145 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
146 $DEBUG_OUT "$0: Need count arg with 'allhard'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
147 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
148 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
149 COUNT=$2
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
150 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
151
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
152 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
153 MESSAGE="Hard limit exceeded on all filesystems. (count=$COUNT)"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
154
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
155 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
156
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
157 # This might be a place to make space in the
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
158 # audit file systems.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
159
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
160 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
161 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
162
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
163 "ebusy" ) # Check ebusy arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
164 # The audit daemon is already running and can not
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
165 # be started more than once.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
166
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
167 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
168 MESSAGE="The audit daemon is already running on this system."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
169 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
170
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
171 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
172 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
173
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
174 "tmpfile" ) # Check tempfile arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
175 # The tempfile used by the audit daemon could not
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
176 # be opened even though it was unlinked.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
177 # This error will cause the audit daemon to exit.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
178
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
179 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
180 MESSAGE="The audit daemon can not open audit_tmp.\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
181 This implies a serious problem. The audit daemon has exited!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
182
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
183 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
184
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
185 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
186 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
187
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
188 "nostart" ) # Check no start arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
189
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
190 # auditd attempts to set the audit state; if
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
191 # it fails, it exits with a "nostart" code.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
192 # The most likely cause is that the kernel
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
193 # audit module did not load due to a
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
194 # configuration error. auditd is not running.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
195 #
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
196 # The audit daemon can not be started until
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
197 # the error is corrected and the system is
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
198 # rebooted.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
199
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
200 MESSAGE="audit failed to start because it cannot read or\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
201 write the system's audit state. This may be due to a configuration error.\n\n\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
202 Must reboot to start auditing!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
203
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
204 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
205
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
206 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
207 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
208
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
209 "auditoff" ) # Check audit off arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
210 # Someone besides the audit daemon called the
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
211 # system call auditon to "turn auditing off"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
212 # by setting the state to AUC_NOAUDIT. This
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
213 # will cause the audit daemon to exit.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
214
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
215 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
216 MESSAGE="Auditing has been turned off unexpectedly."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
217 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
218
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
219 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
220 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
221
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
222 "postsigterm" ) # Check post sigterm arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
223 # While the audit daemon was trying to shutdown
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
224 # in an orderly fashion (corresponding to audit -t)
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
225 # it got another signal or an error. Some records
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
226 # may not have been written.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
227
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
228 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
229 MESSAGE="Received some signal or error while writing\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
230 audit records after SIGTERM. Some audit records may have been lost."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
231 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
232
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
233 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
234 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
235
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
236 "getacdir" ) # Check getacdir arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
237 # There is a problem getting the directory list from
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
238 # /etc/security/audit_control. Auditd is
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
239 # going to hang in a sleep loop until the file is
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
240 # fixed.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
241
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
242 if [ ! -n "$2" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
243 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
244 $DEBUG_OUT "$0: Need count arg with 'getacdir'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
245 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
246 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
247 COUNT=$2
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
248 if [ $COUNT -eq 1 ]; then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
249 S=""
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
250 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
251 S="s"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
252 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
253 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
254
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
255 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
256 MESSAGE="There is a problem getting the directory\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
257 list or plugin list from audit_control(4). The audit daemon will hang
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
258 until this file is fixed. This message has been displayed $COUNT time$S."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
259 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
260 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
261 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
262
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
263 "plugin" ) # Check plugin arg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
264
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
265 # There is a problem loading a plugin or a plugin
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
266 # has reported a serious error.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
267 # Output from the plugin is either blocked or halted.
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
268
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
269 if [ ! -n "$2" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
270 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
271 $DEBUG_OUT "$0: Need plugin name arg with 'plugin'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
272 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
273 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
274 PLUGNAME=$2
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
275 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
276
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
277 if [ ! -n "$3" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
278 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
279 $DEBUG_OUT "$0: Need error arg with 'plugin'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
280 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
281 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
282 ERROR=$3
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
283 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
284
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
285 if [ ! -n "$4" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
286 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
287 $DEBUG_OUT "$0: Need text arg with 'plugin'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
288 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
289 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
290 TEXT=$4
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
291 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
292
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
293 if [ ! -n "$5" ]
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
294 then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
295 $DEBUG_OUT "$0: Need count arg with 'plugin'!"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
296 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
297 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
298 COUNT=$5
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
299 if [ $COUNT -eq 1 ]; then
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
300 S=""
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
301 else
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
302 S="s"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
303 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
304 fi
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
305
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
306 # Set message
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
307 MESSAGE="The audit daemon has experienced the\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
308 following problem with loading or executing plugins:\n\n\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
309 $PLUGNAME: $ERROR\n\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
310 $TEXT\n\
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
311 This message has been displayed $COUNT time$S."
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
312 send_msg
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
313 break
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
314 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
315
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
316 * ) # Check other args
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
317 $DEBUG_OUT "$0: Arg not recognized: $1"
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
318 exit 1
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
319 ;;
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
320
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
321 esac
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
322
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
323 shift
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
324 done
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
325
c9caec207d52 Initial porting based on b86
Koji Uno <koji.uno@sun.com>
parents:
diff changeset
326 exit 0