how to change the start command of an rc.d script

patpro

patpro

Hello,

I'm running FreeBSD 8.x. I would like to change the behavior of the start command of an rc.d script. The purpose is to start Apache 2.2 using this command:

[cmd=]/usr/local/sbin/setaudit -a www -m fc,fd,ex /usr/local/sbin/httpd[/cmd]
instead of just:
[cmd=]/usr/local/sbin/httpd[/cmd]

If I put
Code: 
apache22_program="/usr/local/sbin/setaudit -a www -m fc,fd,ex /usr/local/sbin/httpd"
into /etc/rc.conf to override the value of "command", it breaks ("start" works but complains, and "restart" breaks).
 
Modify the rc.d script directly, obviously. :)

Just be sure to add a comment as to what/why you are making the change.
 
Well, I though about doing this, but the problem remains the same. What would I put in the /usr/local/etc/rc.d/apache22 file? Replacing the value of "command" is not an option, because it breaks. Recreating the start command is complex (see rc.subr for details)

I'll try to replace /usr/local/etc/rc.d/apache22 with a wrapper containing:

Code: 
/usr/local/sbin/setaudit -a www -m fc,fd,ex /usr/local/etc/rc.d/apache22.origin $1

but I'm not sure it's "best practice" ;)
I would have loved being able to tune everything in /etc/rc.conf.
 
Finally, I've done that:

1- edit /usr/local/etc/rc.d/apache22 to change the default start command, and to provide a new start command.
around line 32 I've added:

Code: 
start_cmd="apache22_auditstart"

around line 164 I've added:

Code: 
apache22_auditstart() {
	echo "Starting apache22 with audit"
	eval /usr/local/sbin/setaudit ${apache22_auditflags} ${command} ${apache22_flags} -k start 
}

2- edit /etc/rc.conf to add a value for apache22_auditflags:

Code: 
apache22_auditflags="-a www -m ex,lo,ad,-pc,fd,-fc,-fm,-fw"

Now, when I (re)start Apache by using the command:

Code: 
/usr/local/etc/rc.d/apache22 start

Apache is launched as if I've used:

Code: 
/usr/local/sbin/setaudit -a www -m ex,lo,ad,-pc,fd,-fc,-fm,-fw httpd -k start

and auditing for user www and httpd processes is activated. Changing auditd flags requires only to edit /etc/rc.conf and restarting Apache, and modification of /usr/local/etc/rc.d/apache22 is kept at its minimum.
 
You must log in or register to reply here.
Back
Top