svc-auditd revision 8523fda3525b37e02f4d11efc8cf763bf08204ec
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#! /sbin/sh
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# CDDL HEADER START
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# The contents of this file are subject to the terms of the
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# Common Development and Distribution License (the "License").
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# You may not use this file except in compliance with the License.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# or http://www.opensolaris.org/os/licensing.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# See the License for the specific language governing permissions
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# and limitations under the License.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# When distributing Covered Code, include this CDDL HEADER in each
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# If applicable, add the following below this CDDL HEADER, with the
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# fields enclosed by brackets "[]" replaced with your own identifying
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# information: Portions Copyright [yyyy] [name of copyright owner]
17fbd200b78112bd0d89e89598aa01cea72a74e5Martti Rannanjärvi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# CDDL HEADER END
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# Use is subject to license terms.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi. /lib/svc/share/smf_include.sh
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiAUDITCONFIG=/usr/sbin/auditconfig
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiAUDITD=/usr/sbin/auditd
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiAWK=/usr/bin/awk
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiEGREP=/usr/bin/egrep
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiMV=/usr/bin/mv
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiPKILL=/usr/bin/pkill
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiSLEEP=/usr/bin/sleep
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiSVCADM=/usr/sbin/svcadm
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiSVCCFG=/usr/sbin/svccfg
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiSVCS=/usr/bin/svcs
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiAUDIT_STARTUP=/etc/security/audit_startup
316cbe323513a0f20d1cf519fe9405e231d633e2Aki TuomiAUDITD_FMRI="system/auditd:default"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# main - the execution starts there.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomimain()
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi{
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # Do the basic argument inspection and take the appropriate action.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi case "$SMF_METHOD" in
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi start)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi do_common
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi do_start
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi ;;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi refresh)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi do_common
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi do_refresh
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi ;;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi *)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ -z "$SMF_METHOD" ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: No SMF method defined."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi else
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Unsupported SMF method: $SMF_METHOD."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_ERR_NOSMF
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi ;;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi esac
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi}
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# do_common - executes all the code common to all supported service methods.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomido_common()
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi{
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # If the audit state is "disabled" auditconfig returns non-zero exit
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # status unless the c2audit module is loaded; if c2audit is loaded,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # "disabled" becomes "noaudit" early in the boot cycle and "auditing"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # only after auditd starts.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi AUDITCOND="`$AUDITCONFIG -getcond 2>/dev/null`"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ $? -ne 0 ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # The decision whether to start
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # auditing is driven by bsmconv(1M) / bsmunconv(1M)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Unable to get current kernel auditing condition."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCADM mark maintenance $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_MON_OFFLINE
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # In a non-global zone, auditd is started/refreshed only if the
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # "perzone" audit policy has been set.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if smf_is_nonglobalzone; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $AUDITCONFIG -t -getpolicy | \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $EGREP "perzone|all" 1>/dev/null 2>&1
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ $? -eq 1 ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: auditd is not configured to run in a local"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo " zone, perzone policy not set" \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi "(see auditconfig(1M))."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCADM disable $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SLEEP 5 &
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_OK
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi}
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# do_start - service start method helper.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomido_start()
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi{
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # The transition of the audit_startup(1M) has to be performed.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ -f "$AUDIT_STARTUP" ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ -x "$AUDIT_STARTUP" ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $AUDIT_STARTUP
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi else
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Unable to execute $AUDIT_STARTUP"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCADM mark maintenance $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_MON_OFFLINE
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Transition of audit_startup(1M) started."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $MV $AUDIT_STARTUP $AUDIT_STARTUP._transitioned_
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ $? -ne 0 ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # Unable to perform the backup of $AUDIT_STARTUP
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: The $AUDIT_STARTUP was not moved to"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo " $AUDIT_STARTUP._transitioned_"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # Refreshing service to make the newly created properties
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # available for any other consequent svcprop(1).
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCCFG -s $AUDITD_FMRI refresh
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ $? -ne 0 ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Refresh of $AUDITD_FMRI configuration failed."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCADM mark maintenance $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_ERR_CONFIG
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Transition of audit_startup(1M) finished."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # Daemon forks, parent exits when child says it's ready.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exec $AUDITD
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi}
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# do_refresh - service refresh method helper.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomido_refresh()
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi{
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # The refresh capability is available only for those systems
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # with already transformed audit_startup(1M) into $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # service properties. See do_start() for more information.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ ! -f "$AUDIT_STARTUP" ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # Find the contract_id.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi contract_id=`$SVCS -l $AUDITD_FMRI | \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $AWK '/^contract_id/ {print $2}'`
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ -z "${contract_id}" ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Service $AUDITD_FMRI has no associated" \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi "contract. Service cannot be refreshed."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_ERR_FATAL
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi #
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi # signal to auditd(1M):
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $PKILL -HUP -c ${contract_id}
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi if [ $? -ne 0 ]; then
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: SIGHUP was not successfully delivered to" \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi "the related contract (${contract_id}/err:$?)."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCADM mark maintenance $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_ERR_FATAL
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SLEEP 5 &
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi else
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi echo "$0: Service refresh method not supported on systems" \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi "without converted audit_startup(1M) into auditd service" \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi "SMF configuration. Clear the service (svcadm(1M))."
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi $SVCADM mark maintenance $AUDITD_FMRI
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi exit $SMF_EXIT_ERR_CONFIG
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi fi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi}
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi# Call main() to start the own script execution.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomimain
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi