#!/sbin/sh
# @(#) $Revision: 72.11 $
#
# NOTE:    This script is not configurable!  Any changes made to this
#          scipt will be overwritten when you upgrade to the next
#          release of HP-UX.
#
# WARNING: Changing this script in any way may lead to a system that
#          is unbootable.  Do not modify this script.
#

#
# Control the auditing system
#

PATH=/usr/sbin:/usr/bin:/sbin
export PATH

rval=0
set_return() {
	x=$?
	if [ $x -ne 0 ]; then
		echo "ERROR CODE $x"
		rval=1
	fi
}

case $1 in
start_msg)
	echo "Start auditing subsystem"
	;;

stop_msg)
	echo "Stop auditing subsystem"
	;;

'start')
	if [ -f /etc/rc.config.d/auditing ] ; then
		. /etc/rc.config.d/auditing
	else
		echo "ERROR: /etc/rc.config.d/auditing defaults file MISSING"
	fi
	
	if [ "$AUDITING" -ne 1 ]; then
		exit 2
	fi

	if [ ! -x /usr/sbin/audsys ]; then  #simple precautionary check
		echo "Audit subsystem either not present or not fully installed.  Can't activate."
		exit 2
	fi

	if [ -s /.secure/etc/audnames ]; then
	#--------------------------------------------------------------
	# TURN ON AUDITING:
	# The command "audsys -n" utilizes the audit log
	# names and sizes from the /.secure/etc/audnames file.  This file
	# is created on the very first execution of audsys.
	#--------------------------------------------------------------
		if [ "$AUDITING" -eq 1 ]; then
   			/usr/sbin/audsys -n
			set_return
		fi
	else
	#----------------------------------------------------------------
	# INITIALIZE AUDIT SUBSYSTEM:
	# If /.secure/etc/audnames doesn't exist,  then this is the very 
	# first execution of audsys on this system and the log file names and 
	# sizes must be specified.  See manual entry on "audsys(1M)" for
	# details.
	#----------------------------------------------------------------
		/usr/sbin/audsys -n -c $PRI_AUDFILE -s $PRI_SWITCH \
			 	 -x $SEC_AUDFILE -z $SEC_SWITCH
		set_return
	fi

	#----------------------------------------------------------------
	# SPECIFY EVENTS TO BE AUDITED: 
	# WARNING:  If everything is turned on, the system may quickly run out
	#           of free disk space due to excessive audit logging.
	#----------------------------------------------------------------
	if [ "$AUDITING" -eq 1 ]; then
             if [ "$AUDEVENT_ARGS1" ]; then
		eval `echo /usr/sbin/audevent $AUDEVENT_ARGS1`
                set_return
	     fi

             if [ "$AUDEVENT_ARGS2"  ]; then
		eval `echo /usr/sbin/audevent $AUDEVENT_ARGS2`
                set_return
             fi 

             if [ "$AUDEVENT_ARGS3" ]; then
		eval `echo /usr/sbin/audevent $AUDEVENT_ARGS3`
                set_return
             fi
	fi

	#-----------------------------------------------------------------
	# START AUDOMON DAEMON:
	#-----------------------------------------------------------------

	trap '' 1		# ignore SIGHUP.
	eval `echo /usr/sbin/audomon $AUDOMON_ARGS` > /dev/console 2>&1  &
	set_return
	;;

'stop')
	# Turn off auditing
	if [ "$AUDITING" -eq 1 ]; then
   		/usr/sbin/audsys -f
		set_return
	fi

	#
	# Determine PID of process(es) to stop
	#
	pid=`ps -e | awk '$NF~/audomon/ {print $1}'`
	if [ "X$pid" != "X" ]; then
		if kill $pid; then
			echo "audomon stopped"
		else
			set_return
			echo "Unable to stop audomon"
		fi
	fi
	;;

*)
	echo "usage: $0 {start|stop}"
	;;
esac

exit $rval
