On Wed, 6 Dec 2006, Doug Barton wrote:
Sleep for one second after calling audit -t to give the audit daemon a chance to actually terminate the audit service and exit. Otherwise, on an rc.d/auditd restart, the new audit daemon instance may try to start auditing while the previous session is still running. Likewise, this ensures a chance for auditd to terminate the audit trail at system shutdown. Perhaps more ideally, the script would wait synchronously for auditd to exit rather than for an arbitrary but short period of time.Perhaps a better change would be: /usr/sbin/audit -t while : ; do). if <something that indicates audit is not dead yet>; then echo 'Waiting for the audit system to terminate' sleep 1 else break fi done
Is there a built-in mechanism in rc.d to wait for a process to exit? We'd like to wait for auditd to exit, specifically, as a sign that auditing really is terminated. For a variety of reasons, it's complicated to modify the "audit -t" notification mechanism to wait synchronously for audit to terminate. I have loose plans to work on it, but it will probably be a couple of months before that happens (6.3, definitely not 6.2
Robert N M Watson Computer Laboratory University of Cambridge _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
