196 lines
4.2 KiB
Bash
Executable File
196 lines
4.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# setroubleshoot This starts and stops setroubleshoot daemon
|
|
#
|
|
# chkconfig: 345 13 87
|
|
# description: This starts the SELinux Troubleshooting Daemon
|
|
#
|
|
# processname: /usr/sbin/setroubleshootd
|
|
# config: /etc/setroubleshoot/setroubleshoot.cfg
|
|
# pidfile: /var/run/setroubleshoot.pid
|
|
#
|
|
|
|
### BEGIN INIT INFO
|
|
# Provides: lsb-setroubleshootd
|
|
# Required-Start: $local_fs $syslog $network $named $messagebus
|
|
# Required-Stop: $local_fs $syslog $network $named $messagebus
|
|
# Default-Start: 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: start and stop SELinux Troubleshooting Daemon
|
|
# Description: controls operation of the SELinux Troubleshooting Daemon
|
|
# (setroubleshootd) which listens for SELinux AVC denial messages
|
|
# analyzes it and provides a friendly interpretation.
|
|
### END INIT INFO
|
|
|
|
# Return values according to LSB for all commands but status:
|
|
# 0 success
|
|
# 1 generic or unspecified error (current practice)
|
|
# 2 invalid or excess argument(s)
|
|
# 3 unimplemented feature (for example, "reload")
|
|
# 4 user had insufficient privilege
|
|
# 5 program is not installed
|
|
# 6 program is not configured
|
|
# 7 program is not running
|
|
|
|
# Command argument
|
|
# start start the service
|
|
# stop stop the service
|
|
# restart stop and restart the service if the service is already running, otherwise start the service
|
|
# try-restart restart the service if the service is already running
|
|
# reload cause the configuration of the service to be reloaded without actually stopping and restarting the service
|
|
# force-reload cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running
|
|
# status print the current status of the service
|
|
|
|
# start, stop, restart, force-reload, and status actions must be supported
|
|
# reload and the try-restart actions are optional.
|
|
# the init script.
|
|
|
|
PATH=/sbin:/bin:/usr/bin:/usr/sbin
|
|
|
|
# Source function library.
|
|
. /etc/init.d/functions
|
|
|
|
RETVAL=0
|
|
prog="setroubleshootd"
|
|
|
|
usage(){
|
|
echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb [test][verbose]}"
|
|
}
|
|
|
|
command=$1
|
|
shift
|
|
|
|
[ $command ] || (usage; exit 3)
|
|
|
|
# look for extra options
|
|
while [ $# -gt 0 ]; do
|
|
arg=$1
|
|
case "$arg" in
|
|
test)
|
|
EXTRAOPTIONS="$EXTRAOPTIONS -c audit.text_protocol_socket_path=/tmp/audispd_events"
|
|
;;
|
|
verbose)
|
|
EXTRAOPTIONS="$EXTRAOPTIONS -V"
|
|
;;
|
|
*)
|
|
echo "unknown arg $arg"
|
|
esac
|
|
shift
|
|
done
|
|
|
|
rhstatus(){
|
|
status $prog
|
|
RETVAL=$?
|
|
return $RETVAL
|
|
}
|
|
|
|
# Allow status as non-root and also if SELinux is disabled
|
|
if [ "$command" = status ]; then
|
|
rhstatus
|
|
RETVAL=$?
|
|
exit $RETVAL
|
|
fi
|
|
|
|
# Silently exit is SELinux is not enabled
|
|
[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1
|
|
|
|
# Check that we are root ... so non-root users stop here
|
|
if test `id -u` != 0; then
|
|
echo "You must be root"
|
|
exit 4
|
|
fi
|
|
|
|
start(){
|
|
echo -n $"Starting $prog: "
|
|
unset HOME MAIL USER USERNAME
|
|
daemon $prog "$EXTRAOPTIONS"
|
|
RETVAL=$?
|
|
echo
|
|
if test $RETVAL = 0 ; then
|
|
touch /var/lock/subsys/$prog
|
|
fi
|
|
if test $RETVAL = 3 ; then
|
|
echo -n $"Cannot start $prog: SELinux not enabled"
|
|
fi
|
|
return $RETVAL
|
|
}
|
|
|
|
stop(){
|
|
echo -n $"Stopping $prog: "
|
|
killproc $prog
|
|
RETVAL=$?
|
|
echo
|
|
rm -f /var/lock/subsys/$prog
|
|
return $RETVAL
|
|
}
|
|
|
|
reload(){
|
|
echo -n $"Reloading configuration: "
|
|
killproc $prog -HUP
|
|
RETVAL=$?
|
|
echo
|
|
return $RETVAL
|
|
}
|
|
|
|
restart(){
|
|
stop
|
|
start
|
|
RETVAL=$?
|
|
return $RETVAL
|
|
}
|
|
|
|
condrestart(){
|
|
[ -e /var/lock/subsys/$prog ] && restart
|
|
RETVAL=0
|
|
return $RETVAL
|
|
}
|
|
|
|
cleardb(){
|
|
running=0
|
|
[ -e /var/lock/subsys/$prog ] && running=1
|
|
[ $running == 1 ] && stop
|
|
echo $"Clearing database"
|
|
rm -f /var/lib/setroubleshoot/database.xml
|
|
rm -f /var/lib/setroubleshoot/audit_listener_database.xml
|
|
[ $running == 1 ] && start
|
|
RETVAL=0
|
|
return $RETVAL
|
|
}
|
|
|
|
# See how we were called.
|
|
case "$command" in
|
|
start)
|
|
start
|
|
RETVAL=$?
|
|
;;
|
|
stop)
|
|
stop
|
|
RETVAL=$?
|
|
;;
|
|
status)
|
|
rhstatus
|
|
RETVAL=$?
|
|
;;
|
|
restart)
|
|
restart
|
|
RETVAL=$?
|
|
;;
|
|
force-reload|reload)
|
|
reload
|
|
RETVAL=$?
|
|
;;
|
|
try-restart|condrestart)
|
|
condrestart
|
|
RETVAL=$?
|
|
;;
|
|
cleardb)
|
|
cleardb
|
|
RETVAL=$?
|
|
;;
|
|
*)
|
|
usage
|
|
RETVAL=3
|
|
esac
|
|
|
|
exit $RETVAL
|