cvs commit: src/etc/rc.d auditd
John E Hein
jhein at timing.com
Thu Dec 7 09:05:31 PST 2006
Doug Barton wrote at 15:55 -0800 on Dec 6, 2006:
> Robert Watson wrote:
> >
> > On Wed, 6 Dec 2006, Doug Barton wrote:
> >
> >>> Sleep for one second after calling audit -t to give the audit daemon a
> >>> chance to actually terminate the audit service and exit.
> >>> Otherwise, on
> >>> an rc.d/auditd restart, the new audit daemon instance may try to start
> >>> auditing while the previous session is still running. Likewise, this
> >>> ensures a chance for auditd to terminate the audit trail at system
> >>> shutdown.
> >>>
> >>> Perhaps more ideally, the script would wait synchronously for
> >>> auditd to
> >>> exit rather than for an arbitrary but short period of time.
> >>
> >> Perhaps a better change would be:
> >>
> >> /usr/sbin/audit -t while : ; do).
> >> if <something that indicates audit is not dead yet>; then
> >> echo 'Waiting for the audit system to terminate'
> >> sleep 1
> >> else
> >> break
> >> fi
> >> done
> >
> > Is there a built-in mechanism in rc.d to wait for a process to exit?
>
> There is wait_for_pids(), which combined with pgrep could possibly
> work for you. Since I wasn't sure what your parameters are, the
> mechanism above is generic enough to work with anything.
>
> > We'd like to wait for auditd to exit, specifically, as a sign that
> > auditing really is terminated.
>
> Then what you probably want (untested) is something like
>
> /usr/sbin/audit -t
> wait_for_pids `pgrep -d' ' auditd`
>
> hth,
>
> Doug
Another option is to start auditd behind lockf. To determine whether
auditd has exited, check for the lock file (put it in /var/run).
More information about the cvs-all
mailing list