#!/bin/bash

#

# setroubleshoot       This starts and stops setroubleshoot daemon

#

# chkconfig: 345 13 87

# description: This starts the SELinux Troubleshooting Daemon

#

# processname: /usr/sbin/setroubleshootd

# config: /etc/setroubleshoot/setroubleshoot.cfg

# pidfile: /var/run/setroubleshoot.pid

#

### BEGIN INIT INFO

# Provides: lsb-setroubleshootd

# Required-Start: $local_fs $syslog $network $named $messagebus

# Required-Stop: $local_fs $syslog $network $named $messagebus

# Default-Start:  3 4 5

# Default-Stop: 0 1 6

# Short-Description: start and stop SELinux Troubleshooting Daemon

# Description: controls operation of the SELinux Troubleshooting Daemon

#	(setroubleshootd) which listens for SELinux AVC denial messages

#	analyzes it and provides a friendly interpretation.

### END INIT INFO

# Return values according to LSB for all commands but status:

# 0	success

# 1	generic or unspecified error (current practice)

# 2	invalid or excess argument(s)

# 3	unimplemented feature (for example, "reload")

# 4	user had insufficient privilege

# 5	program is not installed

# 6	program is not configured

# 7	program is not running

# Command argument

# start		start the service

# stop		stop the service

# restart	stop and restart the service if the service is already running, otherwise start the service

# try-restart	restart the service if the service is already running

# reload	cause the configuration of the service to be reloaded without actually stopping and restarting the service

# force-reload	cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running

# status	print the current status of the service

# start, stop, restart, force-reload, and status actions must be supported

# reload and the try-restart actions are optional.

# the init script.

PATH=/sbin:/bin:/usr/bin:/usr/sbin

# Source function library.

. /etc/init.d/functions

RETVAL=0

prog="setroubleshootd"

usage(){

    echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb [test][verbose]}"

}

command=$1

shift

[ $command ] || (usage; exit 3)

# look for extra options

while [ $# -gt 0 ]; do

    arg=$1

    case "$arg" in

	test)

	    EXTRAOPTIONS="$EXTRAOPTIONS -c audit.text_protocol_socket_path=/tmp/audispd_events"

	    ;;

	verbose)

	    EXTRAOPTIONS="$EXTRAOPTIONS -V"

	    ;;

	*)

	    echo "unknown arg $arg"

    esac

    shift

done

rhstatus(){

    status $prog

    RETVAL=$?

    return $RETVAL

}

# Allow status as non-root and also if SELinux is disabled

if [ "$command" = status ]; then

	rhstatus

	RETVAL=$?

	exit $RETVAL

fi

# Silently exit is SELinux is not enabled

[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1

# Check that we are root ... so non-root users stop here

if test `id -u` != 0; then

	echo "You must be root"

	exit 4

fi

start(){

    echo -n $"Starting $prog: "

    unset HOME MAIL USER USERNAME

    daemon $prog "$EXTRAOPTIONS"

    RETVAL=$?

    echo

    if test $RETVAL = 0 ; then

        touch /var/lock/subsys/$prog

    fi

    if test $RETVAL = 3 ; then

	echo -n $"Cannot start $prog: SELinux not enabled"

    fi

    return $RETVAL

}

stop(){

    echo -n $"Stopping $prog: "

    killproc $prog

    RETVAL=$?

    echo

    rm -f /var/lock/subsys/$prog

    return $RETVAL

}

reload(){

    echo -n $"Reloading configuration: "	

    killproc $prog -HUP

    RETVAL=$?

    echo

    return $RETVAL

}

restart(){

    stop

    start

    RETVAL=$?

    return $RETVAL

}

condrestart(){

    [ -e /var/lock/subsys/$prog ] && restart

    RETVAL=0

    return $RETVAL

}

cleardb(){

    running=0

    [ -e /var/lock/subsys/$prog ] && running=1

    [ $running == 1 ] && stop

    echo $"Clearing database"

    rm -f /var/lib/setroubleshoot/database.xml

    rm -f /var/lib/setroubleshoot/audit_listener_database.xml

    [ $running == 1 ] && start

    RETVAL=0

    return $RETVAL

}

# See how we were called.

case "$command" in

    start)

	start

	RETVAL=$?

	;;

    stop)

	stop

	RETVAL=$?

	;;

    status)

	rhstatus

	RETVAL=$?

	;;

    restart)

	restart

	RETVAL=$?

	;;

    force-reload|reload)

	reload

	RETVAL=$?

	;;

    try-restart|condrestart)

	condrestart

	RETVAL=$?

	;;

    cleardb)

	cleardb

	RETVAL=$?

	;;

    *)

	usage

	RETVAL=3

esac

exit $RETVAL