PREUN
/bin/sh
## For some unknow reason "systemctl stop" doesn't work so use "systemctl kill" instead:
## Failed to stop auditd.service: Operation refused, unit auditd.service may be requested
## by dependency only.
systemctl kill -q auditd.service
systemctl disable -q auditd.service
POSTIN
/bin/sh
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
# FESCO asked for audit to be off by default. #1117953
if [ -e /usr/share/doc/audit/rules/10-no-audit.rules ] ; then
cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
else
touch /etc/audit/rules.d/audit.rules
fi
chmod 0600 /etc/audit/rules.d/audit.rules
fi
/usr/bin/systemd-tmpfiles --create audit.conf
## This hack is because the auditd.service needs to be started before sysinit.target. So let's just enable and start
## the service manually after installation. This needs to be revisited after our %_post_service has been adjusted
systemctl enable -q auditd.service
systemctl start -q auditd.service
# %_post_service auditd.service