#!/bin/bash # # setroubleshoot This starts and stops setroubleshoot daemon # # chkconfig: 345 13 87 # description: This starts the SELinux Troubleshooting Daemon # # processname: /usr/sbin/setroubleshootd # config: /etc/setroubleshoot/setroubleshoot.cfg # pidfile: /var/run/setroubleshoot.pid # ### BEGIN INIT INFO # Provides: lsb-setroubleshootd # Required-Start: $local_fs $syslog $network $named $messagebus # Required-Stop: $local_fs $syslog $network $named $messagebus # Default-Start: 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start and stop SELinux Troubleshooting Daemon # Description: controls operation of the SELinux Troubleshooting Daemon # (setroubleshootd) which listens for SELinux AVC denial messages # analyzes it and provides a friendly interpretation. ### END INIT INFO # Return values according to LSB for all commands but status: # 0 success # 1 generic or unspecified error (current practice) # 2 invalid or excess argument(s) # 3 unimplemented feature (for example, "reload") # 4 user had insufficient privilege # 5 program is not installed # 6 program is not configured # 7 program is not running # Command argument # start start the service # stop stop the service # restart stop and restart the service if the service is already running, otherwise start the service # try-restart restart the service if the service is already running # reload cause the configuration of the service to be reloaded without actually stopping and restarting the service # force-reload cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running # status print the current status of the service # start, stop, restart, force-reload, and status actions must be supported # reload and the try-restart actions are optional. # the init script. PATH=/sbin:/bin:/usr/bin:/usr/sbin # Source function library. . /etc/init.d/functions RETVAL=0 prog="setroubleshootd" usage(){ echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb [test][verbose]}" } command=$1 shift [ $command ] || (usage; exit 3) # look for extra options while [ $# -gt 0 ]; do arg=$1 case "$arg" in test) EXTRAOPTIONS="$EXTRAOPTIONS -c audit.text_protocol_socket_path=/tmp/audispd_events" ;; verbose) EXTRAOPTIONS="$EXTRAOPTIONS -V" ;; *) echo "unknown arg $arg" esac shift done rhstatus(){ status $prog RETVAL=$? return $RETVAL } # Allow status as non-root and also if SELinux is disabled if [ "$command" = status ]; then rhstatus RETVAL=$? exit $RETVAL fi # Silently exit is SELinux is not enabled [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1 # Check that we are root ... so non-root users stop here if test `id -u` != 0; then echo "You must be root" exit 4 fi start(){ echo -n $"Starting $prog: " unset HOME MAIL USER USERNAME daemon $prog "$EXTRAOPTIONS" RETVAL=$? echo if test $RETVAL = 0 ; then touch /var/lock/subsys/$prog fi if test $RETVAL = 3 ; then echo -n $"Cannot start $prog: SELinux not enabled" fi return $RETVAL } stop(){ echo -n $"Stopping $prog: " killproc $prog RETVAL=$? echo rm -f /var/lock/subsys/$prog return $RETVAL } reload(){ echo -n $"Reloading configuration: " killproc $prog -HUP RETVAL=$? echo return $RETVAL } restart(){ stop start RETVAL=$? return $RETVAL } condrestart(){ [ -e /var/lock/subsys/$prog ] && restart RETVAL=0 return $RETVAL } cleardb(){ running=0 [ -e /var/lock/subsys/$prog ] && running=1 [ $running == 1 ] && stop echo $"Clearing database" rm -f /var/lib/setroubleshoot/database.xml rm -f /var/lib/setroubleshoot/audit_listener_database.xml [ $running == 1 ] && start RETVAL=0 return $RETVAL } # See how we were called. case "$command" in start) start RETVAL=$? ;; stop) stop RETVAL=$? ;; status) rhstatus RETVAL=$? ;; restart) restart RETVAL=$? ;; force-reload|reload) reload RETVAL=$? ;; try-restart|condrestart) condrestart RETVAL=$? ;; cleardb) cleardb RETVAL=$? ;; *) usage RETVAL=3 esac exit $RETVAL