diff options
| author | Marek Pospisil <Marek.Pospisil@Sun.COM> | 2010-04-14 04:05:14 -0700 |
|---|---|---|
| committer | Marek Pospisil <Marek.Pospisil@Sun.COM> | 2010-04-14 04:05:14 -0700 |
| commit | 1b2d1c944935c64d6eeb28c8054864f4bdf20e9f (patch) | |
| tree | 2b4ef829e2bad47411cee1392aa28662c0b162e7 /usr/src/cmd/audit | |
| parent | 8462591d361143a8f5259ffd31a3917c146e5404 (diff) | |
| download | illumos-joyent-1b2d1c944935c64d6eeb28c8054864f4bdf20e9f.tar.gz | |
6940699 no reboot audit leaves auditd disabled across reboot.
Diffstat (limited to 'usr/src/cmd/audit')
| -rw-r--r-- | usr/src/cmd/audit/audit.c | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/usr/src/cmd/audit/audit.c b/usr/src/cmd/audit/audit.c index 8616fe4a92..e296ad58c2 100644 --- a/usr/src/cmd/audit/audit.c +++ b/usr/src/cmd/audit/audit.c @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <fcntl.h> @@ -50,6 +50,7 @@ /* GLOBALS */ static char *progname = "audit"; static char *usage = "audit [-n] | [-s] | [-t] | [-v filepath]"; +static int silent = 0; static void display_smf_error(); @@ -69,7 +70,10 @@ static int sig_auditd(int); /* send signal to auditd */ * audit -n * - signal audit daemon to use next audit_control audit directory. * audit -t - * - signal audit daemon to permanently disable auditing. + * - signal audit daemon to disable auditing. + * audit -T + * - signal audit daemon to temporarily disable auditing reporting + * no errors. * audit -v filepath * - validate audit_control parameters but use filepath for * the name. Emit errors or "syntax ok" @@ -92,13 +96,13 @@ main(int argc, char *argv[]) (void) textdomain(TEXT_DOMAIN); /* first option required */ - if ((c = getopt(argc, argv, "nstv:")) == -1) { + if ((c = getopt(argc, argv, "nstTv:")) == -1) { (void) fprintf(stderr, gettext("usage: %s\n"), usage); exit(3); } first_option = optarg; /* second or more options not allowed; please pick one */ - if (getopt(argc, argv, "nstv:") != -1) { + if (getopt(argc, argv, "nstTv:") != -1) { (void) fprintf(stderr, gettext("usage: %s\n"), usage); exit(5); } @@ -125,6 +129,15 @@ main(int argc, char *argv[]) exit(11); } break; + case 'T': + silent = 1; + if (!is_valid_zone(0)) /* 0 == no error message display */ + exit(10); + + if (smf_disable_instance(AUDITD_FMRI, SMF_TEMPORARY) != 0) { + exit(11); + } + break; case 'v': if (is_audit_control_ok(first_option)) { (void) fprintf(stderr, gettext("syntax ok\n")); @@ -289,6 +302,11 @@ is_audit_control_ok(char *filename) { /* * The operations that call this function are only valid in the global * zone unless the perzone audit policy is set. + * + * "!silent" and "show_err" are slightly different; silent is from + * -T for which no error messages should be displayed and show_err + * applies to more options (including -T) + * */ static boolean_t @@ -297,9 +315,11 @@ is_valid_zone(boolean_t show_err) uint32_t policy; if (auditon(A_GETPOLICY, (char *)&policy, 0) == -1) { - (void) fprintf(stderr, gettext( - "%s: Cannot read audit policy: %s\n"), - progname, strerror(errno)); + if (!silent) { + (void) fprintf(stderr, gettext( + "%s: Cannot read audit policy: %s\n"), + progname, strerror(errno)); + } return (0); } if (policy & AUDIT_PERZONE) |