Date: Thu, 02 Feb 2006 16:15:05 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, trhodes@freebsd.org Subject: Re: cvs commit: src/etc/rc.d Makefile auditd Message-ID: <43E2A089.7020202@FreeBSD.org> In-Reply-To: <200602021002.k12A2u0u067172@repoman.freebsd.org> References: <200602021002.k12A2u0u067172@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > rwatson 2006-02-02 10:02:56 UTC > > FreeBSD src repository > > Modified files: > etc/rc.d Makefile > Added files: > etc/rc.d auditd > Log: > Add auditd rc.d script. > > Submitted by: trhodes > Obtained from: TrustedBSD Project > > Revision Changes Path > 1.64 +1 -1 src/etc/rc.d/Makefile > 1.1 +34 -0 src/etc/rc.d/auditd (new) > > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/Makefile.diff?&r1=1.63&r2=1.64&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/auditd I have a couple concerns about this. First the more general, I'm not sure that /etc/security is a reasonable place for your config files. That's a very general name, and the audit stuff is a very specific project. That said, I'm not sure that we need yet another directory under /etc, but I'm curious about what others think about this issue. My more specific concern is about some aspects of the rc.d script. First, it's not clear why you need BEFORE: DAEMON, generally services like this would REQUIRE: DAEMON instead. Is there a good reason that this has to start earlier than that? It's also generally a bad thing to use BEFORE when it's not absolutely necessary. Is there something else that could REQUIRE auditd that would get you the same or similar ordering? Next, I'm pretty sure you don't need the test for the pid file in auditd_stop, rc.subr should handle that for you. Please test that, and if it doesn't work properly let freebsd-rc@ know about it. You should probably also add the shutdown KEYWORD so that this gets killed off properly on system shutdown. Finally, I'm pretty sure that command_args="${auditd_flags}" is not needed. If you find that it is, that's worth mentioning on freebsd-rc@ as well. hth, Doug -- This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43E2A089.7020202>