openscap/oscap-scan.init

#!/bin/sh
#
# oscap-scan:		OpenSCAP security scanner
#
# chkconfig: - 96 99
# description:  This service runs OpenSCAP security scanner to check the \
#		system settings. The program does not stay resident, \
#		but rather runs once. The results of security audit are 
#		stored in /var/log/oscap-scan.xml.log
#
# processname: /usr/bin/oscap
# config: /etc/sysconfig/oscap-scan
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
### BEGIN INIT INFO
# Provides: oscap-scan
# Required-Start: $syslog $local_fs $network $remote_fs
# Required-Stop: $syslog $local_fs $network $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start:  3 5
# Default-Stop: 0 1 6
# Short-Description: OpenSCAP security scanner
# Description:       This service runs OpenSCAP security scanner to check the
#	system settings. The program does not stay resident,
#	but rather runs once. The results of security audit are
#	stored in /var/log/oscap-scan.xml.log
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin
prog="oscap"

# Source function library.
. /etc/rc.status

# Allow anyone to run status
if [ "$1" = "status" ] ; then
	exit 3
fi

# Check that we are root ... so non-root users stop here
test $EUID = 0  ||  exit 4

# Check config
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan

RETVAL=0

start() {
	test -x /usr/bin/oscap  || exit 5
	# Now check that the sysconfig is found and has important things
	# configured
	test -f /etc/sysconfig/oscap-scan || exit 6
	test x"$OPTIONS" != "x" || exit 6
	echo  -n $"Starting $prog: "
	$prog $OPTIONS
	rc_status -v
	ERR=$?
	if [ $ERR -eq 0 ] ; then
		sleep 1
		logger "OpenSCAP security scan: PASS"
	elif [ $ERR -eq 1 ] ; then
		sleep 1
		logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
	else
		sleep 1
		logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
	fi
}


# See how we were called.
case "$1" in
    start)
	start
	;;
    restart)
	start
	;;
    stop)
	RETVAL=0;
	;;
    condrestart)
	RETVAL=0;
	;;
    try-restart)
	RETVAL=0;
	;;
    reload)
	RETVAL=0;
	;;
    *)
	echo $"Usage: $0 {start}"
	RETVAL=2
	;;
esac
exit $RETVAL
Accepting request 107462 from home:mcalmer:branches:security - Update to 0.8.1 - introduce Script Check Engine - Added an OVAL Directives schema to allow for a tool to supply a set of directives to more easily specify desired results content. - Enhanced OVAL Results directives to allow for more flexibility in allowed results content - added new OVAL objects(all OVAL 5.8 objects are covered now) - update dpkgprobe - all issues reported by coverity are fixed - add capability to export OVAL Variables from XCCDF - added cvss score calculator from vector OBS-URL: https://build.opensuse.org/request/show/107462 OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=21 2012-02-28 23:36:15 +01:00			`#!/bin/sh`
			`#`
			`# oscap-scan: OpenSCAP security scanner`
			`#`
			`# chkconfig: - 96 99`
			`# description: This service runs OpenSCAP security scanner to check the \`
			`# system settings. The program does not stay resident, \`
			`# but rather runs once. The results of security audit are`
			`# stored in /var/log/oscap-scan.xml.log`
			`#`
			`# processname: /usr/bin/oscap`
			`# config: /etc/sysconfig/oscap-scan`
			`#`
			`# Return values according to LSB for all commands but status:`
			`# 0 - success`
			`# 1 - generic or unspecified error`
			`# 2 - invalid or excess argument(s)`
			`# 3 - unimplemented feature (e.g. "reload")`
			`# 4 - insufficient privilege`
			`# 5 - program is not installed`
			`# 6 - program is not configured`
			`# 7 - program is not running`
			`### BEGIN INIT INFO`
			`# Provides: oscap-scan`
			`# Required-Start: $syslog $local_fs $network $remote_fs`
			`# Required-Stop: $syslog $local_fs $network $remote_fs`
			`# Should-Start:`
			`# Should-Stop:`
			`# Default-Start: 3 5`
			`# Default-Stop: 0 1 6`
			`# Short-Description: OpenSCAP security scanner`
			`# Description: This service runs OpenSCAP security scanner to check the`
			`# system settings. The program does not stay resident,`
			`# but rather runs once. The results of security audit are`
			`# stored in /var/log/oscap-scan.xml.log`
			`### END INIT INFO`

			`PATH=/sbin:/bin:/usr/sbin:/usr/bin`
			`prog="oscap"`

			`# Source function library.`
			`. /etc/rc.status`

			`# Allow anyone to run status`
			`if [ "$1" = "status" ] ; then`
			`exit 3`
			`fi`

			`# Check that we are root ... so non-root users stop here`
			`test $EUID = 0 \|\| exit 4`

			`# Check config`
			`test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan`

			`RETVAL=0`

			`start() {`
			`test -x /usr/bin/oscap \|\| exit 5`
			`# Now check that the sysconfig is found and has important things`
			`# configured`
			`test -f /etc/sysconfig/oscap-scan \|\| exit 6`
			`test x"$OPTIONS" != "x" \|\| exit 6`
			`echo -n $"Starting $prog: "`
			`$prog $OPTIONS`
			`rc_status -v`
			`ERR=$?`
			`if [ $ERR -eq 0 ] ; then`
			`sleep 1`
			`logger "OpenSCAP security scan: PASS"`
			`elif [ $ERR -eq 1 ] ; then`
			`sleep 1`
			`logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."`
			`else`
			`sleep 1`
			`logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"`
			`fi`
			`}`


			`# See how we were called.`
			`case "$1" in`
			`start)`
			`start`
			`;;`
			`restart)`
			`start`
			`;;`
			`stop)`
			`RETVAL=0;`
			`;;`
			`condrestart)`
			`RETVAL=0;`
			`;;`
			`try-restart)`
			`RETVAL=0;`
			`;;`
			`reload)`
			`RETVAL=0;`
			`;;`
			`*)`
			`echo $"Usage: $0 {start}"`
			`RETVAL=2`
			`;;`
			`esac`
			`exit $RETVAL`