Содержание

Skip to end of metadata
Go to start of metadata

Заменить файл /etc/init.d/parlogd файлом parlogd

После, выставить бит исполнения:

chmod +x /etc/init.d/parlogd

При остановке сервиса parlogd, со всех файлов считываются атрибуты аудита и записываются в файл /root/audit.file

После запуска сервиса, атрибуты аудита восстанавливаются.

 Содержимое файла parlogd
#!/bin/sh
#
# Example init.d script with LSB support.
#
# Please read this init.d carefully and modify the sections to
# adjust it to the program you want to run.
#
# Copyright (c) 2007 Javier Fernandez-Sanguino <jfs@debian.org>
#
# This is free software; you may redistribute it and/or modify
# it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2,
# or (at your option) any later version.
#
# This is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License with
# the Debian operating system, in /usr/share/common-licenses/GPL; if
# not, write to the Free Software Foundation, Inc., 59 Temple Place,
# Suite 330, Boston, MA 02111-1307 USA
#
### BEGIN INIT INFO
# Provides: parlogd
# Required-Start: parsec
# Required-Stop:
# Should-Start: parsec
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: PARSec log daemon
# Description: Daemon to log PARSec events.
# It write log files in binary format.
### END INIT INFO
#set -x
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/parlogd # Introduce the server's location here
NAME=parlogd # Introduce the short server's name here
DESC="PARSec log daemon" # Introduce a short description here
LOGDIR=/var/log/parsec # Log directory to use
PIDFILE=/var/run/$NAME.pid
PARSECFS=/parsecfs/ctl
FILEAUDIT="/root/audit.file"
ROOTDIR="/"
test -x $DAEMON || exit 0
. /lib/lsb/init-functions

LOGFILE=$LOGDIR/$NAME.log # Server logfile
DAEMONUSER=daemon # Users to run the daemons as. If this value
# is set start-stop-daemon will chuid the server
DAEMON_OPTS="--pidfile=$PIDFILE -u daemon" # Additional options given to the server

# Include defaults if available
if [ -f /etc/default/$NAME ] ; then
. /etc/default/$NAME
fi
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
if $0 status > /dev/null ; then
log_progress_msg "already started"
log_end_msg 0
exit 0
fi
if [ ! -e "$PARSECFS" ]; then
log_progress_msg "no parsecfs mounted"
log_end_msg 1
exit 1
fi
# /usr/bin/setaudit.sh
echo -e "\n restore audit flags... \n"
setfaud -B $FILEAUDIT
echo -ne "done \n"
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $DAEMON_OPTS
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
# /usr/bin/getaudit.sh
echo -e "\n save audit flags... \n"
getfaud -R -P -p -s $ROOTDIR > $FILEAUDIT
printf "done. Saved in ${FILEAUDIT} \n"
start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE --name $NAME
log_end_msg $?
;;
restart|force-reload)
$0 stop
$0 start
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
;;
# Use this if the daemon cannot reload
reload)
log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
log_warning_msg "cannot re-read the config file (use restart)."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0