#!/bin/sh # # oscap-scan: OpenSCAP security scanner # # chkconfig: - 96 99 # description: This service runs OpenSCAP security scanner to check the \ # system settings. The program does not stay resident, \ # but rather runs once. The results of security audit are # stored in /var/log/oscap-scan.xml.log # # processname: /usr/bin/oscap # config: /etc/sysconfig/oscap-scan # # Return values according to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running ### BEGIN INIT INFO # Provides: oscap-scan # Required-Start: $syslog $local_fs $network $remote_fs # Required-Stop: $syslog $local_fs $network $remote_fs # Should-Start: # Should-Stop: # Default-Start: 3 5 # Default-Stop: 0 1 6 # Short-Description: OpenSCAP security scanner # Description: This service runs OpenSCAP security scanner to check the # system settings. The program does not stay resident, # but rather runs once. The results of security audit are # stored in /var/log/oscap-scan.xml.log ### END INIT INFO PATH=/sbin:/bin:/usr/sbin:/usr/bin prog="oscap" # Source function library. . /etc/rc.status # Allow anyone to run status if [ "$1" = "status" ] ; then exit 3 fi # Check that we are root ... so non-root users stop here test $EUID = 0 || exit 4 # Check config test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan RETVAL=0 start() { test -x /usr/bin/oscap || exit 5 # Now check that the sysconfig is found and has important things # configured test -f /etc/sysconfig/oscap-scan || exit 6 test x"$OPTIONS" != "x" || exit 6 echo -n $"Starting $prog: " $prog $OPTIONS rc_status -v ERR=$? if [ $ERR -eq 0 ] ; then sleep 1 logger "OpenSCAP security scan: PASS" elif [ $ERR -eq 1 ] ; then sleep 1 logger "OpenSCAP security scan: ERROR. Run oscap scan from command line." else sleep 1 logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log" fi } # See how we were called. case "$1" in start) start ;; restart) start ;; stop) RETVAL=0; ;; condrestart) RETVAL=0; ;; try-restart) RETVAL=0; ;; reload) RETVAL=0; ;; *) echo $"Usage: $0 {start}" RETVAL=2 ;; esac exit $RETVAL