#!/bin/sh
#
# oscap-scan:		OpenSCAP security scanner
#
# chkconfig: - 96 99
# description:  This service runs OpenSCAP security scanner to check the \
#		system settings. The program does not stay resident, \
#		but rather runs once. The results of security audit are 
#		stored in /var/log/oscap-scan.xml.log
#
# processname: /usr/bin/oscap
# config: /etc/sysconfig/oscap-scan
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

PATH=/sbin:/bin:/usr/sbin:/usr/bin
prog="oscap"

# Source function library.
. /etc/rc.d/init.d/functions

# Allow anyone to run status
if [ "$1" = "status" ] ; then
	exit 3
fi

# Check that we are root ... so non-root users stop here
test $EUID = 0  ||  exit 4

# Check config
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan

RETVAL=0

start() {
	test -x /usr/bin/oscap  || exit 5
	# Now check that the sysconfig is found and has important things
	# configured
	test -f /etc/sysconfig/oscap-scan || exit 6
	test x"$OPTIONS" != "x" || exit 6
	echo  -n $"Starting $prog: "
	$prog $OPTIONS
	ERR=$?
	if [ $ERR -eq 0 ] ; then
		sleep 1
		logger "OpenSCAP security scan: PASS"
	elif [ $ERR -eq 1 ] ; then
		sleep 1
		logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
	else
		sleep 1
		logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
	fi
	[ "$ERR" -eq 0 ] && success $"$prog startup" || failure $"$prog startup"
	echo
}


# See how we were called.
case "$1" in
    start)
	start
	;;
    restart)
	start
	;;
    stop)
	RETVAL=0;
	;;
    condrestart)
	RETVAL=0;
	;;
    try-restart)
	RETVAL=0;
	;;
    reload)
	RETVAL=0;
	;;
    *)
	echo $"Usage: $0 {start}"
	RETVAL=2
	;;
esac
exit $RETVAL