Doug Barton wrote at 15:55 -0800 on Dec 6, 2006: > Robert Watson wrote: > > > > On Wed, 6 Dec 2006, Doug Barton wrote: > > > >>> Sleep for one second after calling audit -t to give the audit daemon a > >>> chance to actually terminate the audit service and exit. > >>> Otherwise, on > >>> an rc.d/auditd restart, the new audit daemon instance may try to start > >>> auditing while the previous session is still running. Likewise, this > >>> ensures a chance for auditd to terminate the audit trail at system > >>> shutdown. > >>> > >>> Perhaps more ideally, the script would wait synchronously for > >>> auditd to > >>> exit rather than for an arbitrary but short period of time. > >> > >> Perhaps a better change would be: > >> > >> /usr/sbin/audit -t while : ; do). > >> if <something that indicates audit is not dead yet>; then > >> echo 'Waiting for the audit system to terminate' > >> sleep 1 > >> else > >> break > >> fi > >> done > > > > Is there a built-in mechanism in rc.d to wait for a process to exit? > > There is wait_for_pids(), which combined with pgrep could possibly > work for you. Since I wasn't sure what your parameters are, the > mechanism above is generic enough to work with anything. > > > We'd like to wait for auditd to exit, specifically, as a sign that > > auditing really is terminated. > > Then what you probably want (untested) is something like > > /usr/sbin/audit -t > wait_for_pids `pgrep -d' ' auditd` > > hth, > > Doug
Another option is to start auditd behind lockf. To determine whether auditd has exited, check for the lock file (put it in /var/run). _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
