From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0B8A213800E for ; Mon, 23 Jul 2012 14:50:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 65091E06EE; Mon, 23 Jul 2012 14:50:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 1DDA7E06EE for ; Mon, 23 Jul 2012 14:50:42 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 036AF1B432F for ; Mon, 23 Jul 2012 14:50:41 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id B9D00E5436 for ; Mon, 23 Jul 2012 14:50:39 +0000 (UTC) From: "Jory Pratt" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jory Pratt" Message-ID: <1343054977.912a8f03efe89c761f920312b3d193ae127a32c0.anarchy@gentoo> Subject: [gentoo-commits] dev/anarchy:master commit in: sys-process/audit/files/, sys-process/audit/ X-VCS-Repository: dev/anarchy X-VCS-Files: sys-process/audit/Manifest sys-process/audit/audit-2.2.1.ebuild sys-process/audit/files/audit-2.1.3-python.patch sys-process/audit/files/audit.rules-2.1.3 sys-process/audit/files/audit.rules.stop.post sys-process/audit/files/audit.rules.stop.pre sys-process/audit/files/auditd-conf.d-2.1.3 sys-process/audit/files/auditd-init.d-2.2.1 X-VCS-Directories: sys-process/audit/files/ sys-process/audit/ X-VCS-Committer: anarchy X-VCS-Committer-Name: Jory Pratt X-VCS-Revision: 912a8f03efe89c761f920312b3d193ae127a32c0 X-VCS-Branch: master Date: Mon, 23 Jul 2012 14:50:39 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: e799b7f0-f9a8-4d81-bfeb-29ede6b10a03 X-Archives-Hash: 628a845e3cb088b9d7c7a05159f201d1 commit: 912a8f03efe89c761f920312b3d193ae127a32c0 Author: Jory A. Pratt gentoo org> AuthorDate: Mon Jul 23 14:49:37 2012 +0000 Commit: Jory Pratt gentoo org> CommitDate: Mon Jul 23 14:49:37 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=dev/anarchy.git;a=commit;h=912a8f03 Add sys-process/audit-2.2.1 support --- sys-process/audit/Manifest | 8 + sys-process/audit/audit-2.2.1.ebuild | 164 ++++++++++++++++++++++ sys-process/audit/files/audit-2.1.3-python.patch | 24 +++ sys-process/audit/files/audit.rules-2.1.3 | 26 ++++ sys-process/audit/files/audit.rules.stop.post | 13 ++ sys-process/audit/files/audit.rules.stop.pre | 16 ++ sys-process/audit/files/auditd-conf.d-2.1.3 | 23 +++ sys-process/audit/files/auditd-init.d-2.2.1 | 100 +++++++++++++ 8 files changed, 374 insertions(+), 0 deletions(-) diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest new file mode 100644 index 0000000..f088356 --- /dev/null +++ b/sys-process/audit/Manifest @@ -0,0 +1,8 @@ +AUX audit-2.1.3-python.patch 1353 SHA256 de214516fc107d8bfb19fcaf39d87776d9655a153e8e8b993a725f34dbe91ce5 SHA512 01e071c4219e1ea186207be883e08811021465cf18cdc2d18dcd1c61be372f2061b7f18f104dfb21ae94d363153f81133e768ddac8953703198bcda257f827eb WHIRLPOOL 4555e5b2f00a7470bb52a0813fcadf85e334f181f68414011629e95b7143bc07c83e94aa814bd4b6fc91a3add1b18444d97b24ecb7590e1884d663cf9bcf6203 +AUX audit.rules-2.1.3 1126 SHA256 8bf7f9cac7d2a47d3ff51d2a2b227588820831b5ef7c2e3d058b097d4d65eeb0 SHA512 be4a064ab9b9edfc02df3c2d3a29c4e8ffd031ce10adcf274a548ecd414b95b2aeebc54cf5aef9c04dcc121adea7b8fe63b7d153cd80f552e5f0605459a83901 WHIRLPOOL 7295ba3bc78394f4882f24fa8f3acd62fbd08543e618a260a308b2b8b350ced41d7fa9ce19a791fb0bb879a09dd4153a6e869f64ab927c7d4e2683e5f47b36d5 +AUX audit.rules.stop.post 573 SHA256 4c2e0be1a63b6800396e31153a899d4e3f2db1cee41b4dd271064dc97521edfe SHA512 a2cb699892aef006b102613b3b96ea24533437cd0927933f5520cccf28a088beef74a0ffcc74d402d4a4882fac2e59714ff537e310990956a6f56aacacaf13fd WHIRLPOOL bc13f844437980cd7d0ee4e8a1f0ad6a5e1ec1be8cd5159adb761c1f64c99f73dff6541a265e1b06fbce53988714ffbb2b0b61f91eb1fcbf081fbdeb30e8148d +AUX audit.rules.stop.pre 547 SHA256 ec2c402d3d2b886c680259145696ad46c451dd1aed533906fdac69e30123c35f SHA512 8f0746b215a6ef1207beea2f3f73d536cfc0df58bfa55362c27c8b7ba56bf23eba2ebcf897f68b65b998c9fb090ea5d21b1d5dabc05cf0ac6e07c83f8459792d WHIRLPOOL a0563754ab170d22e78a2148afb006c55a243c809e8349a84cdafc7120446c4659bb5525338c5765a95f565ec61802cd91c308686cef3707a098bf78ab3f7ac9 +AUX auditd-conf.d-2.1.3 853 SHA256 f64186229238dd589b1fa5f72503000628b8f4f6655bdc3105b2fdbb17f6458f SHA512 3a47f7e091dc60f563d9be0027a4d1723485e7235178ffef544d39dd69de98a6283537a5649f9e2e5703a43202f77c7ff26608a653ad9d283f04bb2058fe1f45 WHIRLPOOL 29d16ead845aff5f9aac396697af2d7dd80ab39fa70fa35cc41187e9a9b43dddc0c0fdd469ffdf66a72ec1602b4faedde8158d911e95025701514c024fc6e3d9 +AUX auditd-init.d-2.2.1 2349 SHA256 2bb5bdab536d7a0e7741fc9c9ca75d12ab1f884c20ad9bbf544371ea63ee6a7f SHA512 dbb856f9d1e3ff0686e0f37613cbbfc980637afa8057db233ea4d13938ac03d71083dbaf04addab44669b7b452bc9561287cb815e2a21f83af13e2c9235dc148 WHIRLPOOL 3fb2ff0a7777ed147e0ae6c63fca074b0037a3cab6f4b3334b4a953eff2470676b9b876f0cb967666173a21edbe8327e8fe0826909c70aac2991623ee213fd84 +DIST audit-2.2.1.tar.gz 877202 SHA256 9865ca89f5b975ccf25441ddf45a874448f2bba944005aa8cd5e3c3148713a63 SHA512 e9a368529e28c87a37bfb16244a9e5c420c3e6830b47077465856a59069a26dc2d2cb77b63c9b3101d6c15a4906ca96b4f41300d6deaf4f5b02bc360c044168c WHIRLPOOL 93afdb2c846589731289321f38cc7b4027d138009fe5dbcbf77dcfbc25821400114168b1e72f735a2f2df1ab4fd7b04e58eab2529ca7596501c1b9551b558b38 +EBUILD audit-2.2.1.ebuild 4093 SHA256 bf7a8463c050728f62d05b9995a152155dabb0d090c9d15c2195a8fbdac185bd SHA512 0ffe4d7a7bad6f0654c7c6302faff5fd25131a10389f6c180de54bbcad087b367896aa83f2be1ede887f2b6bb56f1b3a83bfe2cd1d91fdf36ef2bf8d7e2a42ec WHIRLPOOL 70d142d629423f6bb367be5584c190e96a41f493e7309971e8395664afcf74f074453fe99e270de953d2140609f8de489a84a4fc749b19a622c5093f1c139987 diff --git a/sys-process/audit/audit-2.2.1.ebuild b/sys-process/audit/audit-2.2.1.ebuild new file mode 100644 index 0000000..b2e406d --- /dev/null +++ b/sys-process/audit/audit-2.2.1.ebuild @@ -0,0 +1,164 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3-r1.ebuild,v 1.8 2012/07/03 19:48:08 jer Exp $ + +EAPI="3" +PYTHON_DEPEND="python? 2" +SUPPORT_PYTHON_ABIS="1" +RESTRICT_PYTHON_ABIS="3.* *-jython 2.7-pypy-*" + +inherit autotools multilib toolchain-funcs python linux-info eutils + +DESCRIPTION="Userspace utilities for storing and processing auditing records" +HOMEPAGE="http://people.redhat.com/sgrubb/audit/" +SRC_URI="http://people.redhat.com/sgrubb/audit/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 hppa ~ia64 ~mips ppc ~ppc64 ~sparc x86" +IUSE="ldap prelude python" +# Testcases are pretty useless as they are built for RedHat users/groups and +# kernels. +RESTRICT="test" + +RDEPEND="ldap? ( net-nds/openldap ) + prelude? ( dev-libs/libprelude ) + sys-libs/libcap-ng" +DEPEND="${RDEPEND} + python? ( dev-lang/swig ) + >=sys-kernel/linux-headers-2.6.34" +# Do not use os-headers as this is linux specific + +CONFIG_CHECK="~AUDIT" +PYTHON_DIRS="bindings/python swig" + +pkg_setup() { + linux-info_pkg_setup + use python && python_pkg_setup +} + +src_prepare() { + # Do not build GUI tools + sed -i \ + -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \ + "${S}"/configure.ac || die + sed -i \ + -e 's,system-config-audit,,g' \ + "${S}"/Makefile.am || die + rm -rf "${S}"/system-config-audit + + if ! use ldap; then + sed -i \ + -e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \ + "${S}"/configure.ac || die + sed -i \ + -e '/^SUBDIRS/s,zos-remote,,g' \ + "${S}"/audisp/plugins/Makefile.am || die + fi + + # Don't build static version of Python module. + epatch "${FILESDIR}"/${PN}-2.1.3-python.patch + + # Python bindings are built/installed manually. + sed -e "/^SUBDIRS =/s/ python//" -i bindings/Makefile.am + sed -e "/^SUBDIRS =/s/ swig//" -i Makefile.am + + # Regenerate autotooling + eautoreconf + + # Disable byte-compilation of Python modules. + echo "#!/bin/sh" > py-compile + + # Bug 352198: Avoid parallel build fail + cd "${S}"/src/mt + [[ ! -s private.h ]] && ln -s ../../lib/private.h . +} + +src_configure() { + #append-flags -D'__attribute__(x)=' + econf --sbindir=/sbin $(use_with prelude) +} + +src_compile_python() { + python_copy_sources ${PYTHON_DIRS} + + building() { + emake \ + PYTHON_VERSION="$(python_get_version)" \ + pyexecdir="$(python_get_sitedir)" + } + local dir + for dir in ${PYTHON_DIRS}; do + python_execute_function -s --source-dir ${dir} building + done +} + +src_compile() { + default + use python && src_compile_python +} + +src_install_python() { + installation() { + emake \ + DESTDIR="${D}" \ + PYTHON_VERSION="$(python_get_version)" \ + pyexecdir="$(python_get_sitedir)" \ + install + } + local dir + for dir in ${PYTHON_DIRS}; do + python_execute_function -s --source-dir ${dir} installation + done +} + +src_install() { + emake DESTDIR="${D}" install || die + use python && src_install_python + + dodoc AUTHORS ChangeLog README* THANKS TODO + docinto contrib + dodoc contrib/{*.rules,avc_snap,skeleton.c} + docinto contrib/plugin + dodoc contrib/plugin/* + + newinitd "${FILESDIR}"/auditd-init.d-2.2.1 auditd + newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd + + # things like shadow use this so we need to be in / + gen_usr_ldscript -a audit auparse + + # remove RedHat garbage + rm -r "${D}"/etc/{rc.d,sysconfig} || die + + # Gentoo rules + insinto /etc/audit/ + newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules + doins "${FILESDIR}"/audit.rules.stop* + + # audit logs go here + keepdir /var/log/audit/ + + # Security + lockdown_perms "${D}" + + # Don't install .la files in Python directories. + use python && python_clean_installation_image +} + +pkg_postinst() { + lockdown_perms "${ROOT}" + use python && python_mod_optimize audit.py +} + +pkg_postrm() { + use python && python_mod_cleanup audit.py +} + +lockdown_perms() { + # upstream wants these to have restrictive perms + basedir="$1" + chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null + chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null + chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null +} diff --git a/sys-process/audit/files/audit-2.1.3-python.patch b/sys-process/audit/files/audit-2.1.3-python.patch new file mode 100644 index 0000000..a9feec1 --- /dev/null +++ b/sys-process/audit/files/audit-2.1.3-python.patch @@ -0,0 +1,24 @@ +diff -Nuar --exclude '*.orig' audit-2.1.3.orig/bindings/python/Makefile.am audit-2.1.3/bindings/python/Makefile.am +--- audit-2.1.3.orig/bindings/python/Makefile.am 2011-08-15 17:31:01.000000000 +0000 ++++ audit-2.1.3/bindings/python/Makefile.am 2011-09-10 19:01:36.974983756 +0000 +@@ -27,5 +27,6 @@ + + auparse_la_SOURCES = auparse_python.c + auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS) -I/usr/include/python$(PYTHON_VERSION) -fno-strict-aliasing +-auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro ++auparse_la_CFLAGS = -shared ++auparse_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro + auparse_la_LIBADD = ../../auparse/libauparse.la ../../lib/libaudit.la +diff -Nuar --exclude '*.orig' audit-2.1.3.orig/swig/Makefile.am audit-2.1.3/swig/Makefile.am +--- audit-2.1.3.orig/swig/Makefile.am 2011-08-15 17:31:03.000000000 +0000 ++++ audit-2.1.3/swig/Makefile.am 2011-09-10 19:02:14.095067690 +0000 +@@ -28,7 +28,8 @@ + pyexec_PYTHON = audit.py + pyexec_LTLIBRARIES = _audit.la + pyexec_SOLIBRARIES = _audit.so +-_audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro ++_audit_la_CFLAGS = -shared ++_audit_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro + _audit_la_HEADERS: $(top_builddir)/config.h + _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la + nodist__audit_la_SOURCES = audit_wrap.c diff --git a/sys-process/audit/files/audit.rules-2.1.3 b/sys-process/audit/files/audit.rules-2.1.3 new file mode 100644 index 0000000..b2b4f02 --- /dev/null +++ b/sys-process/audit/files/audit.rules-2.1.3 @@ -0,0 +1,26 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $ +# +# This file contains the auditctl rules that are loaded +# whenever the audit daemon is started via the initscripts. +# The rules are simply the parameters that would be passed +# to auditctl. + +# First rule - delete all +# This is to clear out old rules, so we don't append to them. +-D + +# Feel free to add below this line. See auditctl man page + +# The following rule would cause all of the syscalls listed to be ignored in logging. +-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat +-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat + +# The following rule would cause the capture of all systems not caught above. +# -a exit,always -S all + +# Increase the buffers to survive stress events +-b 8192 + +# vim:ft=conf: diff --git a/sys-process/audit/files/audit.rules.stop.post b/sys-process/audit/files/audit.rules.stop.post new file mode 100644 index 0000000..34db08c --- /dev/null +++ b/sys-process/audit/files/audit.rules.stop.post @@ -0,0 +1,13 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.post,v 1.1 2006/06/22 07:41:46 robbat2 Exp $ +# +# This file contains the auditctl rules that are loaded immediately after the +# audit deamon is stopped via the initscripts. +# The rules are simply the parameters that would be passed +# to auditctl. + +# Not used for the default Gentoo configuration as of v1.2.3 +# Paranoid security types might wish to reconfigure kauditd here. + +# vim:ft=conf: diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre new file mode 100644 index 0000000..c5fb4f9 --- /dev/null +++ b/sys-process/audit/files/audit.rules.stop.pre @@ -0,0 +1,16 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.2 2011/09/11 02:58:55 robbat2 Exp $ +# +# This file contains the auditctl rules that are loaded immediately before the +# audit deamon is stopped via the initscripts. +# The rules are simply the parameters that would be passed +# to auditctl. + +# auditd is stopping, don't capture events anymore +-D + +# Disable kernel generating audit events +-e 0 + +# vim:ft=conf: diff --git a/sys-process/audit/files/auditd-conf.d-2.1.3 b/sys-process/audit/files/auditd-conf.d-2.1.3 new file mode 100644 index 0000000..b5f389e --- /dev/null +++ b/sys-process/audit/files/auditd-conf.d-2.1.3 @@ -0,0 +1,23 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $ + +# Configuration options for auditd +# -f for foreground mode +# There are some other options as well, but you'll have to look in the source +# code to find them as they aren't ready for use yet. +EXTRAOPTIONS='' + +# Audit rules file to run after starting auditd +RULEFILE_STARTUP=/etc/audit/audit.rules + +# Audit rules file to run before and after stopping auditd +RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre +RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post + +# If you want to enforce a certain locale for auditd, +# uncomment one of the next lines: +#AUDITD_LANG=none +AUDITD_LANG=C +#AUDITD_LANG=en_US +#AUDITD_LANG=en_US.UTF-8 diff --git a/sys-process/audit/files/auditd-init.d-2.2.1 b/sys-process/audit/files/auditd-init.d-2.2.1 new file mode 100644 index 0000000..5823181 --- /dev/null +++ b/sys-process/audit/files/auditd-init.d-2.2.1 @@ -0,0 +1,100 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $ + +extra_started_commands='reload reload_auditd reload_rules' +description='Linux Auditing System' +description_reload='Reload daemon configuration and rules' +description_reload_rules='Reload daemon rules' +description_reload_auditd='Reload daemon configuration' + +name='auditd' +pidfile='/var/run/auditd.pid' +command='/sbin/auditd' + +start_auditd() { + # Env handling taken from the upstream init script + if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + else + LANG="$AUDITD_LANG" + LC_TIME="$AUDITD_LANG" + LC_ALL="$AUDITD_LANG" + LC_MESSAGES="$AUDITD_LANG" + LC_NUMERIC="$AUDITD_LANG" + LC_MONETARY="$AUDITD_LANG" + LC_COLLATE="$AUDITD_LANG" + export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + fi + unset HOME MAIL USER USERNAME + + ebegin "Starting ${name}" + start-stop-daemon \ + --start --quiet --pidfile ${pidfile} \ + --exec ${command} -- ${EXTRAOPTIONS} + local ret=$? + eend $ret + return $ret +} + +stop_auditd() { + ebegin "Stopping ${name}" + start-stop-daemon --stop --quiet --pidfile ${pidfile} + local ret=$? + eend $ret + return $ret +} + + +loadfile() { + local rules="$1" + if [ -n "${rules}" -a -f "${rules}" ]; then + einfo "Loading audit rules from ${rules}" + /sbin/auditctl -R "${rules}" 1>/dev/null + return $? + else + return 0 + fi +} + +start() { + start_auditd + local ret=$? + if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then + if [ ! -d "/run/lock/subsys" ]; then + mkdir -p /run/lock/subsys + fi + touch /run/lock/subsys/${name} + loadfile "${RULEFILE_STARTUP}" + fi + return $ret +} + +reload_rules() { + loadfile "${RULEFILE_STARTUP}" +} + +reload_auditd() { + [ -f ${pidfile} ] && kill -HUP `cat ${pidfile}` +} + +reload() { + reload_auditd + reload_rules +} + +stop() { + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}" + stop_auditd + rm -f /var/lock/subsys/${name} + local ret=$? + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}" + return $ret +} + +# This is a special case, we do not want to touch the rules at all +restart() { + stop_auditd + start_auditd +}