Author: gs Date: Tue Sep 2 15:10:43 2008 New Revision: 50572 URL: http://svn.opensuse.org/viewcvs/yast?rev=50572&view=rev Log: call auditctl first, if successful call rcauditd restart Modified: trunk/audit-laf/src/AuditLaf.ycp trunk/audit-laf/src/complex.ycp Modified: trunk/audit-laf/src/AuditLaf.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/AuditLaf.ycp?rev=50572&r1=50571&r2=50572&view=diff ============================================================================== --- trunk/audit-laf/src/AuditLaf.ycp (original) +++ trunk/audit-laf/src/AuditLaf.ycp Tue Sep 2 15:10:43 2008 @@ -414,7 +414,9 @@ * @return true on success */ global boolean Write() { - boolean success = true; + boolean write_success = true; + boolean rules_ok = true; + integer exit_code = 0; /* Auditd read dialog caption */ string caption = _("Saving Audit Configuration"); @@ -429,49 +431,76 @@ // We do not set help text here, because it was set outside Progress::New(caption, " ", steps, [ /* Progress stage 1/2 */ - _("Write the settings"), + _("Write the audit rules"), /* Progress stage 2/2 */ - _("Write the rules") + _("Write the seetings") ], [ /* Progress step 1/2 */ - _("Writing the settings..."), - /* Progress step 2/2 */ _("Writing the rules..."), + /* Progress step 2/2 */ + _("Writing the settings..."), Message::Finished() ], "" ); // write settings - if(PollAbort()) return false; + if ( PollAbort() ) return false; + Progress::NextStage(); - success = WriteAuditdSettings(); - /* Error message */ - if(!success) Report::Error (_("Cannot write settings to auditd.conf.") ); - sleep(sl); + // write rules to /etc/audit/audit.rules + write_success = WriteAuditRules(); - // restart auditd - integer exitCode = Service::RunInitScript( "auditd", "restart" ); + if ( write_success ) + { + // call auditctl -R audit.rules + map output = (map)SCR::Execute( .target.bash_output, "auditctl -R /etc/audit/audit.rules" ); + + if ( output["exit"]:0 != 0 ) + { + Report::Error( sformat( "%1\n%2", + output["stderr"]:"", + _("Please start yast2-audit-laf again and check the rules.\n +In case the lock is (-e 2) change this in the rules editor. +After that a system reboot is required to apply the change.") ) ); + rules_ok = false; + } + } + else + { + Report::Error (_("Cannot write settings to auditd.rules.") ); + } - if(PollAbort()) return false; - Progress::NextStage (); - success = WriteAuditRules(); - /* Error message */ - if(!success) Report::Error (_("Cannot write settings to auditd.rules.") ); sleep(sl); - - // call auditctl -R audit.rules - map output = (map)SCR::Execute( .target.bash_output, "auditctl -R /etc/audit/audit.rules" ); - if ( output["exit"]:0 != 0 ) + // ONLY call 'rcauditd restart' if auditctl hasn't returned an error + if ( rules_ok ) { - Report::Error( sformat( "%1\n%2", - output["stderr"]:"", - _("Please start yast2-audit-laf again and check the rules") ) ); + Progress::NextStage (); + + write_success = WriteAuditdSettings(); + /* Error message */ + if ( write_success ) + { + // restart auditd + integer exitCode = Service::RunInitScript( "auditd", "restart" ); + + if ( exit_code != 0 ) + { + Report::Error (_("Restart of audit daemon failed.") ); + } + } + else + { + Report::Error (_("Cannot write settings to auditd.conf.") ); + } } - + + sleep(sl); + if(PollAbort()) return false; + return true; } Modified: trunk/audit-laf/src/complex.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/audit-laf/src/complex.ycp?rev=50572&r1=50571&r2=50572&view=diff ============================================================================== --- trunk/audit-laf/src/complex.ycp (original) +++ trunk/audit-laf/src/complex.ycp Tue Sep 2 15:10:43 2008 @@ -393,9 +393,10 @@ if ( regexpmatch( rule, "^[ /t]*-e[ /t]*2" ) ) { boolean yes = Popup::AnyQuestion( _("Lock set"), _("The audit configuration is locked (option -e 2). -This means the rules are locked next boot! In this case -the lock option must be the last entry in the rules file. -If you want to check or to change the rules, +This means the rules are locked until next boot! +If you really want this make sure '-e 2' is the last entry +in the rules file. If not, either enable or disable auditing. +To check or to change the rules, please go back to rules editor."), Label::ContinueButton(), Label::BackButton(), -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org