Date: Thu, 2 Feb 2006 16:36:34 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Doug Barton <dougb@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org>, cvs-all@FreeBSD.org, trhodes@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d Makefile auditd Message-ID: <20060203003634.GA10492@odin.ac.hmc.edu> In-Reply-To: <43E2A089.7020202@FreeBSD.org> References: <200602021002.k12A2u0u067172@repoman.freebsd.org> <43E2A089.7020202@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 02, 2006 at 04:15:05PM -0800, Doug Barton wrote: > Robert Watson wrote: > > rwatson 2006-02-02 10:02:56 UTC > >=20 > > FreeBSD src repository > >=20 > > Modified files: > > etc/rc.d Makefile=20 > > Added files: > > etc/rc.d auditd=20 > > Log: > > Add auditd rc.d script. > > =20 > > Submitted by: trhodes > > Obtained from: TrustedBSD Project > > =20 > > Revision Changes Path > > 1.64 +1 -1 src/etc/rc.d/Makefile > > 1.1 +34 -0 src/etc/rc.d/auditd (new) > >=20 > > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/Makefile.diff?&r1=3D= 1.63&r2=3D1.64&f=3Dh > > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/auditd >=20 > I have a couple concerns about this. First the more general, I'm not sure > that /etc/security is a reasonable place for your config files. That's a > very general name, and the audit stuff is a very specific project. That > said, I'm not sure that we need yet another directory under /etc, but I'm > curious about what others think about this issue. >=20 > My more specific concern is about some aspects of the rc.d script. First, > it's not clear why you need BEFORE: DAEMON, generally services like this > would REQUIRE: DAEMON instead. Is there a good reason that this has to st= art > earlier than that? It's also generally a bad thing to use BEFORE when it's > not absolutely necessary. Is there something else that could REQUIRE audi= td > that would get you the same or similar ordering? Next, I'm pretty sure you > don't need the test for the pid file in auditd_stop, rc.subr should handle > that for you. Please test that, and if it doesn't work properly let > freebsd-rc@ know about it. You should probably also add the shutdown KEYW= ORD > so that this gets killed off properly on system shutdown. Finally, I'm > pretty sure that command_args=3D"${auditd_flags}" is not needed. If you f= ind > that it is, that's worth mentioning on freebsd-rc@ as well. In this case, I believe the placement of the script is correct. auditd is on the order of syslog. If you're going to run it, you want it early so you know what your daemons did. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFD4qWQXY6L6fI4GtQRAhSBAJ0TtD3ajgEBZYpkHi8l7YCnhUZh0ACg0odJ 9ssdRt45JrwYSUMvNP7OAS0= =aFEd -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060203003634.GA10492>