Date: Wed, 06 Dec 2006 15:55:22 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d auditd Message-ID: <4577586A.2010009@FreeBSD.org> In-Reply-To: <20061206233112.X65418@fledge.watson.org> References: <200609241731.k8OHV5mZ053132@repoman.freebsd.org> <45775157.4030900@FreeBSD.org> <20061206233112.X65418@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote:
>
> On Wed, 6 Dec 2006, Doug Barton wrote:
>
>>> Sleep for one second after calling audit -t to give the audit daemon a
>>> chance to actually terminate the audit service and exit.
>>> Otherwise, on
>>> an rc.d/auditd restart, the new audit daemon instance may try to start
>>> auditing while the previous session is still running. Likewise, this
>>> ensures a chance for auditd to terminate the audit trail at system
>>> shutdown.
>>>
>>> Perhaps more ideally, the script would wait synchronously for
>>> auditd to
>>> exit rather than for an arbitrary but short period of time.
>>
>> Perhaps a better change would be:
>>
>> /usr/sbin/audit -t while : ; do).
>> if <something that indicates audit is not dead yet>; then
>> echo 'Waiting for the audit system to terminate'
>> sleep 1
>> else
>> break
>> fi
>> done
>
> Is there a built-in mechanism in rc.d to wait for a process to exit?
There is wait_for_pids(), which combined with pgrep could possibly
work for you. Since I wasn't sure what your parameters are, the
mechanism above is generic enough to work with anything.
> We'd like to wait for auditd to exit, specifically, as a sign that
> auditing really is terminated.
Then what you probably want (untested) is something like
/usr/sbin/audit -t
wait_for_pids `pgrep -d' ' auditd`
hth,
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4577586A.2010009>