10Sstevel@tonic-gate#! /sbin/sh 20Sstevel@tonic-gate# 30Sstevel@tonic-gate# CDDL HEADER START 40Sstevel@tonic-gate# 50Sstevel@tonic-gate# The contents of this file are subject to the terms of the 61573Sdp# Common Development and Distribution License (the "License"). 71573Sdp# You may not use this file except in compliance with the License. 80Sstevel@tonic-gate# 90Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 100Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 110Sstevel@tonic-gate# See the License for the specific language governing permissions 120Sstevel@tonic-gate# and limitations under the License. 130Sstevel@tonic-gate# 140Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 150Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 160Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 170Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 180Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 190Sstevel@tonic-gate# 200Sstevel@tonic-gate# CDDL HEADER END 210Sstevel@tonic-gate# 22*12918SJan.Friedel@Sun.COM 230Sstevel@tonic-gate# 24*12918SJan.Friedel@Sun.COM# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 250Sstevel@tonic-gate# 260Sstevel@tonic-gate 270Sstevel@tonic-gate. /lib/svc/share/smf_include.sh 280Sstevel@tonic-gate 29*12918SJan.Friedel@Sun.COMAUDIT=/usr/sbin/audit 300Sstevel@tonic-gateAUDITCONFIG=/usr/sbin/auditconfig 3111129SJan.Friedel@Sun.COMAUDITD=/usr/sbin/auditd 3211129SJan.Friedel@Sun.COMAWK=/usr/bin/awk 3311129SJan.Friedel@Sun.COMEGREP=/usr/bin/egrep 3411129SJan.Friedel@Sun.COMMV=/usr/bin/mv 3511129SJan.Friedel@Sun.COMPKILL=/usr/bin/pkill 3611129SJan.Friedel@Sun.COMSLEEP=/usr/bin/sleep 3711129SJan.Friedel@Sun.COMSVCADM=/usr/sbin/svcadm 3811129SJan.Friedel@Sun.COMSVCCFG=/usr/sbin/svccfg 3911129SJan.Friedel@Sun.COMSVCS=/usr/bin/svcs 400Sstevel@tonic-gate 4111129SJan.Friedel@Sun.COMAUDIT_STARTUP=/etc/security/audit_startup 4211129SJan.Friedel@Sun.COMAUDITD_FMRI="system/auditd:default" 4311129SJan.Friedel@Sun.COM 4411129SJan.Friedel@Sun.COM# 4511129SJan.Friedel@Sun.COM# main - the execution starts there. 4611129SJan.Friedel@Sun.COMmain() 4711129SJan.Friedel@Sun.COM{ 4811129SJan.Friedel@Sun.COM # 4911129SJan.Friedel@Sun.COM # Do the basic argument inspection and take the appropriate action. 5011129SJan.Friedel@Sun.COM case "$SMF_METHOD" in 5111129SJan.Friedel@Sun.COM start) 5211129SJan.Friedel@Sun.COM do_common 5311129SJan.Friedel@Sun.COM do_start 5411129SJan.Friedel@Sun.COM ;; 5511129SJan.Friedel@Sun.COM refresh) 5611129SJan.Friedel@Sun.COM do_common 5711129SJan.Friedel@Sun.COM do_refresh 5811129SJan.Friedel@Sun.COM ;; 5911129SJan.Friedel@Sun.COM *) 6011129SJan.Friedel@Sun.COM if [ -z "$SMF_METHOD" ]; then 6111129SJan.Friedel@Sun.COM echo "$0: No SMF method defined." 6211129SJan.Friedel@Sun.COM else 6311129SJan.Friedel@Sun.COM echo "$0: Unsupported SMF method: $SMF_METHOD." 6411129SJan.Friedel@Sun.COM fi 6511129SJan.Friedel@Sun.COM exit $SMF_EXIT_ERR_NOSMF 6611129SJan.Friedel@Sun.COM ;; 6711129SJan.Friedel@Sun.COM esac 6811129SJan.Friedel@Sun.COM} 690Sstevel@tonic-gate 7011129SJan.Friedel@Sun.COM# 7111129SJan.Friedel@Sun.COM# do_common - executes all the code common to all supported service methods. 7211129SJan.Friedel@Sun.COMdo_common() 7311129SJan.Friedel@Sun.COM{ 7411129SJan.Friedel@Sun.COM # 7511129SJan.Friedel@Sun.COM # If the audit state is "disabled" auditconfig returns non-zero exit 7611129SJan.Friedel@Sun.COM # status unless the c2audit module is loaded; if c2audit is loaded, 7711129SJan.Friedel@Sun.COM # "disabled" becomes "noaudit" early in the boot cycle and "auditing" 7811129SJan.Friedel@Sun.COM # only after auditd starts. 7911129SJan.Friedel@Sun.COM AUDITCOND="`$AUDITCONFIG -getcond 2>/dev/null`" 8011129SJan.Friedel@Sun.COM if [ $? -ne 0 ]; then 8111129SJan.Friedel@Sun.COM # The decision whether to start 8211129SJan.Friedel@Sun.COM # auditing is driven by bsmconv(1M) / bsmunconv(1M) 8311129SJan.Friedel@Sun.COM echo "$0: Unable to get current kernel auditing condition." 8411129SJan.Friedel@Sun.COM $SVCADM mark maintenance $AUDITD_FMRI 8511129SJan.Friedel@Sun.COM exit $SMF_EXIT_MON_OFFLINE 8611129SJan.Friedel@Sun.COM fi 8711129SJan.Friedel@Sun.COM # 8811129SJan.Friedel@Sun.COM # In a non-global zone, auditd is started/refreshed only if the 8911129SJan.Friedel@Sun.COM # "perzone" audit policy has been set. 9011129SJan.Friedel@Sun.COM if smf_is_nonglobalzone; then 9111129SJan.Friedel@Sun.COM $AUDITCONFIG -t -getpolicy | \ 9211129SJan.Friedel@Sun.COM $EGREP "perzone|all" 1>/dev/null 2>&1 9311129SJan.Friedel@Sun.COM if [ $? -eq 1 ]; then 94*12918SJan.Friedel@Sun.COM echo "$0: auditd(1M) is not configured to run in" 95*12918SJan.Friedel@Sun.COM echo " a local zone, perzone policy not set" \ 9611129SJan.Friedel@Sun.COM "(see auditconfig(1M))." 9711129SJan.Friedel@Sun.COM $SVCADM disable $AUDITD_FMRI 9811129SJan.Friedel@Sun.COM $SLEEP 5 & 9911129SJan.Friedel@Sun.COM exit $SMF_EXIT_OK 10011129SJan.Friedel@Sun.COM fi 10111129SJan.Friedel@Sun.COM fi 102*12918SJan.Friedel@Sun.COM # 103*12918SJan.Friedel@Sun.COM # Validate the audit service configuration 104*12918SJan.Friedel@Sun.COM val_err="`$AUDIT -v 2>&1`" 105*12918SJan.Friedel@Sun.COM if [ $? -ne 0 ]; then 106*12918SJan.Friedel@Sun.COM echo "$0: audit service misconfiguration detected (${val_err})" 107*12918SJan.Friedel@Sun.COM $SVCADM mark maintenance $AUDITD_FMRI 108*12918SJan.Friedel@Sun.COM exit $SMF_EXIT_MON_OFFLINE 109*12918SJan.Friedel@Sun.COM fi 11011129SJan.Friedel@Sun.COM} 11111129SJan.Friedel@Sun.COM 11211129SJan.Friedel@Sun.COM# 11311129SJan.Friedel@Sun.COM# do_start - service start method helper. 11411129SJan.Friedel@Sun.COMdo_start() 11511129SJan.Friedel@Sun.COM{ 11611129SJan.Friedel@Sun.COM # 11711129SJan.Friedel@Sun.COM # The transition of the audit_startup(1M) has to be performed. 11811129SJan.Friedel@Sun.COM if [ -f "$AUDIT_STARTUP" ]; then 11911129SJan.Friedel@Sun.COM 12011129SJan.Friedel@Sun.COM if [ -x "$AUDIT_STARTUP" ]; then 12111129SJan.Friedel@Sun.COM $AUDIT_STARTUP 12211129SJan.Friedel@Sun.COM else 12311129SJan.Friedel@Sun.COM echo "$0: Unable to execute $AUDIT_STARTUP" 12411129SJan.Friedel@Sun.COM $SVCADM mark maintenance $AUDITD_FMRI 12511129SJan.Friedel@Sun.COM exit $SMF_EXIT_MON_OFFLINE 12611129SJan.Friedel@Sun.COM fi 12711129SJan.Friedel@Sun.COM 12811129SJan.Friedel@Sun.COM echo "$0: Transition of audit_startup(1M) started." 12911129SJan.Friedel@Sun.COM 13011129SJan.Friedel@Sun.COM $MV $AUDIT_STARTUP $AUDIT_STARTUP._transitioned_ 13111129SJan.Friedel@Sun.COM if [ $? -ne 0 ]; then 13211129SJan.Friedel@Sun.COM # Unable to perform the backup of $AUDIT_STARTUP 13311129SJan.Friedel@Sun.COM echo "$0: The $AUDIT_STARTUP was not moved to" 13411129SJan.Friedel@Sun.COM echo " $AUDIT_STARTUP._transitioned_" 13511129SJan.Friedel@Sun.COM fi 1360Sstevel@tonic-gate 13711129SJan.Friedel@Sun.COM # 13811129SJan.Friedel@Sun.COM # Refreshing service to make the newly created properties 13911129SJan.Friedel@Sun.COM # available for any other consequent svcprop(1). 14011129SJan.Friedel@Sun.COM $SVCCFG -s $AUDITD_FMRI refresh 14111129SJan.Friedel@Sun.COM if [ $? -ne 0 ]; then 14211129SJan.Friedel@Sun.COM echo "$0: Refresh of $AUDITD_FMRI configuration failed." 14311129SJan.Friedel@Sun.COM $SVCADM mark maintenance $AUDITD_FMRI 14411129SJan.Friedel@Sun.COM exit $SMF_EXIT_ERR_CONFIG 14511129SJan.Friedel@Sun.COM fi 14611129SJan.Friedel@Sun.COM 14711129SJan.Friedel@Sun.COM echo "$0: Transition of audit_startup(1M) finished." 14811129SJan.Friedel@Sun.COM fi 14911129SJan.Friedel@Sun.COM 15011129SJan.Friedel@Sun.COM # 15111129SJan.Friedel@Sun.COM # Daemon forks, parent exits when child says it's ready. 15211129SJan.Friedel@Sun.COM exec $AUDITD 15311129SJan.Friedel@Sun.COM} 1540Sstevel@tonic-gate 15511129SJan.Friedel@Sun.COM# 15611129SJan.Friedel@Sun.COM# do_refresh - service refresh method helper. 15711129SJan.Friedel@Sun.COMdo_refresh() 15811129SJan.Friedel@Sun.COM{ 15911129SJan.Friedel@Sun.COM # 16011129SJan.Friedel@Sun.COM # The refresh capability is available only for those systems 16111129SJan.Friedel@Sun.COM # with already transformed audit_startup(1M) into $AUDITD_FMRI 16211129SJan.Friedel@Sun.COM # service properties. See do_start() for more information. 16311129SJan.Friedel@Sun.COM if [ ! -f "$AUDIT_STARTUP" ]; then 16411129SJan.Friedel@Sun.COM # 16511129SJan.Friedel@Sun.COM # Find the contract_id. 16611129SJan.Friedel@Sun.COM contract_id=`$SVCS -l $AUDITD_FMRI | \ 16711129SJan.Friedel@Sun.COM $AWK '/^contract_id/ {print $2}'` 16811129SJan.Friedel@Sun.COM if [ -z "${contract_id}" ]; then 16911129SJan.Friedel@Sun.COM echo "$0: Service $AUDITD_FMRI has no associated" \ 17011129SJan.Friedel@Sun.COM "contract. Service cannot be refreshed." 17111129SJan.Friedel@Sun.COM exit $SMF_EXIT_ERR_FATAL 17211129SJan.Friedel@Sun.COM fi 17311129SJan.Friedel@Sun.COM # 17411129SJan.Friedel@Sun.COM # signal to auditd(1M): 17511129SJan.Friedel@Sun.COM $PKILL -HUP -c ${contract_id} 17611129SJan.Friedel@Sun.COM if [ $? -ne 0 ]; then 17711129SJan.Friedel@Sun.COM echo "$0: SIGHUP was not successfully delivered to" \ 17811129SJan.Friedel@Sun.COM "the related contract (${contract_id}/err:$?)." 17911129SJan.Friedel@Sun.COM $SVCADM mark maintenance $AUDITD_FMRI 18011129SJan.Friedel@Sun.COM exit $SMF_EXIT_ERR_FATAL 18111129SJan.Friedel@Sun.COM fi 18211129SJan.Friedel@Sun.COM $SLEEP 5 & 18311129SJan.Friedel@Sun.COM else 18411129SJan.Friedel@Sun.COM echo "$0: Service refresh method not supported on systems" \ 18511129SJan.Friedel@Sun.COM "without converted audit_startup(1M) into auditd service" \ 18611129SJan.Friedel@Sun.COM "SMF configuration. Clear the service (svcadm(1M))." 18711129SJan.Friedel@Sun.COM $SVCADM mark maintenance $AUDITD_FMRI 18811129SJan.Friedel@Sun.COM exit $SMF_EXIT_ERR_CONFIG 18911129SJan.Friedel@Sun.COM fi 19011129SJan.Friedel@Sun.COM} 1910Sstevel@tonic-gate 19211129SJan.Friedel@Sun.COM# 19311129SJan.Friedel@Sun.COM# Call main() to start the own script execution. 19411129SJan.Friedel@Sun.COMmain 195