From owner-cvs-src@FreeBSD.ORG Fri Feb 3 00:15:12 2006 Return-Path: X-Original-To: cvs-src@freebsd.org Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A50916A420; Fri, 3 Feb 2006 00:15:12 +0000 (GMT) (envelope-from dougb@freebsd.org) Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.200.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id 913D643D45; Fri, 3 Feb 2006 00:15:11 +0000 (GMT) (envelope-from dougb@freebsd.org) Received: from [192.168.0.3] (c-24-130-213-251.hsd1.ca.comcast.net[24.130.213.251]) by comcast.net (sccrmhc14) with ESMTP id <2006020300150701400lfrc6e>; Fri, 3 Feb 2006 00:15:09 +0000 Message-ID: <43E2A089.7020202@FreeBSD.org> Date: Thu, 02 Feb 2006 16:15:05 -0800 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5 (X11/20060112) MIME-Version: 1.0 To: Robert Watson References: <200602021002.k12A2u0u067172@repoman.freebsd.org> In-Reply-To: <200602021002.k12A2u0u067172@repoman.freebsd.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, trhodes@freebsd.org Subject: Re: cvs commit: src/etc/rc.d Makefile auditd X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2006 00:15:12 -0000 Robert Watson wrote: > rwatson 2006-02-02 10:02:56 UTC > > FreeBSD src repository > > Modified files: > etc/rc.d Makefile > Added files: > etc/rc.d auditd > Log: > Add auditd rc.d script. > > Submitted by: trhodes > Obtained from: TrustedBSD Project > > Revision Changes Path > 1.64 +1 -1 src/etc/rc.d/Makefile > 1.1 +34 -0 src/etc/rc.d/auditd (new) > > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/Makefile.diff?&r1=1.63&r2=1.64&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.d/auditd I have a couple concerns about this. First the more general, I'm not sure that /etc/security is a reasonable place for your config files. That's a very general name, and the audit stuff is a very specific project. That said, I'm not sure that we need yet another directory under /etc, but I'm curious about what others think about this issue. My more specific concern is about some aspects of the rc.d script. First, it's not clear why you need BEFORE: DAEMON, generally services like this would REQUIRE: DAEMON instead. Is there a good reason that this has to start earlier than that? It's also generally a bad thing to use BEFORE when it's not absolutely necessary. Is there something else that could REQUIRE auditd that would get you the same or similar ordering? Next, I'm pretty sure you don't need the test for the pid file in auditd_stop, rc.subr should handle that for you. Please test that, and if it doesn't work properly let freebsd-rc@ know about it. You should probably also add the shutdown KEYWORD so that this gets killed off properly on system shutdown. Finally, I'm pretty sure that command_args="${auditd_flags}" is not needed. If you find that it is, that's worth mentioning on freebsd-rc@ as well. hth, Doug -- This .signature sanitized for your protection