cvs commit: src/etc/rc.d auditd
Doug Barton
dougb at FreeBSD.org
Wed Dec 6 15:55:26 PST 2006
Robert Watson wrote:
>
> On Wed, 6 Dec 2006, Doug Barton wrote:
>
>>> Sleep for one second after calling audit -t to give the audit daemon a
>>> chance to actually terminate the audit service and exit.
>>> Otherwise, on
>>> an rc.d/auditd restart, the new audit daemon instance may try to start
>>> auditing while the previous session is still running. Likewise, this
>>> ensures a chance for auditd to terminate the audit trail at system
>>> shutdown.
>>>
>>> Perhaps more ideally, the script would wait synchronously for
>>> auditd to
>>> exit rather than for an arbitrary but short period of time.
>>
>> Perhaps a better change would be:
>>
>> /usr/sbin/audit -t while : ; do).
>> if <something that indicates audit is not dead yet>; then
>> echo 'Waiting for the audit system to terminate'
>> sleep 1
>> else
>> break
>> fi
>> done
>
> Is there a built-in mechanism in rc.d to wait for a process to exit?
There is wait_for_pids(), which combined with pgrep could possibly
work for you. Since I wasn't sure what your parameters are, the
mechanism above is generic enough to work with anything.
> We'd like to wait for auditd to exit, specifically, as a sign that
> auditing really is terminated.
Then what you probably want (untested) is something like
/usr/sbin/audit -t
wait_for_pids `pgrep -d' ' auditd`
hth,
Doug
--
This .signature sanitized for your protection
More information about the cvs-all
mailing list