cvs commit: src/etc/rc.d Makefile auditd

Tom Rhodes trhodes at FreeBSD.org
Thu Feb 2 16:54:05 PST 2006 

On Thu, 02 Feb 2006 16:15:05 -0800
Doug Barton <dougb at freebsd.org> wrote:

> Robert Watson wrote:
> > rwatson     2006-02-02 10:02:56 UTC
> > 
> >   FreeBSD src repository
> > 
> >   Modified files:
> >     etc/rc.d             Makefile 
> >   Added files:
> >     etc/rc.d             auditd 
> >   Log:
> >   Add auditd rc.d script.
> >   
> >   Submitted by:   trhodes
> >   Obtained from:  TrustedBSD Project
> >   
> >   Revision  Changes    Path
> >   1.64      +1 -1      src/etc/rc.d/Makefile
> >   1.1       +34 -0     src/etc/rc.d/auditd (new)
> > 
> > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/Makefile.diff?&r1=1.63&r2=1.64&f=h
> > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/auditd
> 
> I have a couple concerns about this. First the more general, I'm not sure
> that /etc/security is a reasonable place for your config files. That's a
> very general name, and the audit stuff is a very specific project. That
> said, I'm not sure that we need yet another directory under /etc, but I'm
> curious about what others think about this issue.
> 
> My more specific concern is about some aspects of the rc.d script. First,
> it's not clear why you need BEFORE:  DAEMON, generally services like this
> would REQUIRE: DAEMON instead. Is there a good reason that this has to start
> earlier than that? It's also generally a bad thing to use BEFORE when it's
> not absolutely necessary. Is there something else that could REQUIRE auditd
> that would get you the same or similar ordering? Next, I'm pretty sure you
> don't need the test for the pid file in auditd_stop, rc.subr should handle
> that for you. Please test that, and if it doesn't work properly let
> freebsd-rc@ know about it. You should probably also add the shutdown KEYWORD
> so that this gets killed off properly on system shutdown. Finally, I'm
> pretty sure that command_args="${auditd_flags}" is not needed. If you find
> that it is, that's worth mentioning on freebsd-rc@ as well.

I'll test for the PID check.

-- 
Tom Rhodes

More information about the cvs-src mailing list