Hi Steve,
When auditd is stoped, "auditctl -s" will show "pid=0". I think it's not
correct information. It's better to tell users "auditd not started".
Signed-off-by: Chu Li <[EMAIL PROTECTED]>
---
diff --git a/src/auditctl.c b/src/auditctl.c
index 10894f9..b26dd82 100755
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1411,12 +1411,15 @@ static int audit_print_reply(struct audit_reply *rep)
printed = 1;
return 0;
case AUDIT_GET:
- printf("AUDIT_STATUS: enabled=%d flag=%d pid=%d"
- " rate_limit=%d backlog_limit=%d lost=%d backlog=%u\n",
+ printf("AUDIT_STATUS: enabled=%d flag=%d"
+ " rate_limit=%d backlog_limit=%d lost=%d backlog=%u ",
rep->status->enabled, rep->status->failure,
- rep->status->pid, rep->status->rate_limit,
- rep->status->backlog_limit, rep->status->lost,
- rep->status->backlog);
+ rep->status->rate_limit, rep->status->backlog_limit,
+ rep->status->lost, rep->status->backlog);
+ if(rep->status->pid != 0)
+ printf("pid=%d\n", rep->status->pid);
+ else
+ printf("auditd_not_started\n");
printed = 1;
return 0;
case AUDIT_LIST:
Regards
Chu Li
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
