#!/bin/bash
#
# setroubleshoot This starts and stops setroubleshoot daemon
#
# chkconfig: 345 13 87
# description: This starts the SELinux Troubleshooting Daemon
#
# processname: /usr/sbin/setroubleshootd
# config: /etc/setroubleshoot/setroubleshoot.cfg
# pidfile: /var/run/setroubleshoot.pid
#
### BEGIN INIT INFO
# Provides: lsb-setroubleshootd
# Required-Start: $local_fs $syslog $network $named $messagebus
# Required-Stop: $local_fs $syslog $network $named $messagebus
# Default-Start: 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop SELinux Troubleshooting Daemon
# Description: controls operation of the SELinux Troubleshooting Daemon
# (setroubleshootd) which listens for SELinux AVC denial messages
# analyzes it and provides a friendly interpretation.
### END INIT INFO
# Return values according to LSB for all commands but status:
# 0 success
# 1 generic or unspecified error (current practice)
# 2 invalid or excess argument(s)
# 3 unimplemented feature (for example, "reload")
# 4 user had insufficient privilege
# 5 program is not installed
# 6 program is not configured
# 7 program is not running
# Command argument
# start start the service
# stop stop the service
# restart stop and restart the service if the service is already running, otherwise start the service
# try-restart restart the service if the service is already running
# reload cause the configuration of the service to be reloaded without actually stopping and restarting the service
# force-reload cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running
# status print the current status of the service
# start, stop, restart, force-reload, and status actions must be supported
# reload and the try-restart actions are optional.
# the init script.
PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library.
. /etc/init.d/functions
RETVAL=0
prog="setroubleshootd"
usage(){
echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb [test][verbose]}"
}
command=$1
shift
[ $command ] || (usage; exit 3)
# look for extra options
while [ $# -gt 0 ]; do
arg=$1
case "$arg" in
test)
EXTRAOPTIONS="$EXTRAOPTIONS -c audit.text_protocol_socket_path=/tmp/audispd_events"
;;
verbose)
EXTRAOPTIONS="$EXTRAOPTIONS -V"
;;
*)
echo "unknown arg $arg"
esac
shift
done
rhstatus(){
status $prog
RETVAL=$?
return $RETVAL
}
# Allow status as non-root and also if SELinux is disabled
if [ "$command" = status ]; then
rhstatus
RETVAL=$?
exit $RETVAL
fi
# Silently exit is SELinux is not enabled
[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1
# Check that we are root ... so non-root users stop here
if test `id -u` != 0; then
echo "You must be root"
exit 4
fi
start(){
echo -n $"Starting $prog: "
unset HOME MAIL USER USERNAME
daemon $prog "$EXTRAOPTIONS"
RETVAL=$?
echo
if test $RETVAL = 0 ; then
touch /var/lock/subsys/$prog
fi
if test $RETVAL = 3 ; then
echo -n $"Cannot start $prog: SELinux not enabled"
fi
return $RETVAL
}
stop(){
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
rm -f /var/lock/subsys/$prog
return $RETVAL
}
reload(){
echo -n $"Reloading configuration: "
killproc $prog -HUP
RETVAL=$?
echo
return $RETVAL
}
restart(){
stop
start
RETVAL=$?
return $RETVAL
}
condrestart(){
[ -e /var/lock/subsys/$prog ] && restart
RETVAL=0
return $RETVAL
}
cleardb(){
running=0
[ -e /var/lock/subsys/$prog ] && running=1
[ $running == 1 ] && stop
echo $"Clearing database"
rm -f /var/lib/setroubleshoot/database.xml
rm -f /var/lib/setroubleshoot/audit_listener_database.xml
[ $running == 1 ] && start
RETVAL=0
return $RETVAL
}
# See how we were called.
case "$command" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
status)
rhstatus
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
force-reload|reload)
reload
RETVAL=$?
;;
try-restart|condrestart)
condrestart
RETVAL=$?
;;
cleardb)
cleardb
RETVAL=$?
;;
*)
usage
RETVAL=3
esac
exit $RETVAL