#!/bin/sh # # oscap-scan: OpenSCAP security scanner # # chkconfig: - 96 99 # description: This service runs OpenSCAP security scanner to check the \ # system settings. The program does not stay resident, \ # but rather runs once. The results of security audit are # stored in /var/log/oscap-scan.xml.log # # processname: /usr/bin/oscap # config: /etc/sysconfig/oscap-scan # # Return values according to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running PATH=/sbin:/bin:/usr/sbin:/usr/bin prog="oscap" # Source function library. . /etc/rc.d/init.d/functions # Allow anyone to run status if [ "$1" = "status" ] ; then exit 3 fi # Check that we are root ... so non-root users stop here test $EUID = 0 || exit 4 # Check config test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan RETVAL=0 start() { test -x /usr/bin/oscap || exit 5 # Now check that the sysconfig is found and has important things # configured test -f /etc/sysconfig/oscap-scan || exit 6 test x"$OPTIONS" != "x" || exit 6 echo -n $"Starting $prog: " $prog $OPTIONS ERR=$? if [ $ERR -eq 0 ] ; then sleep 1 logger "OpenSCAP security scan: PASS" elif [ $ERR -eq 1 ] ; then sleep 1 logger "OpenSCAP security scan: ERROR. Run oscap scan from command line." else sleep 1 logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log" fi [ "$ERR" -eq 0 ] && success $"$prog startup" || failure $"$prog startup" echo } # See how we were called. case "$1" in start) start ;; restart) start ;; stop) RETVAL=0; ;; condrestart) RETVAL=0; ;; try-restart) RETVAL=0; ;; reload) RETVAL=0; ;; *) echo $"Usage: $0 {start}" RETVAL=2 ;; esac exit $RETVAL