#!/bin/sh

. ./check_function.sh

AUDIT_CONFIG=/etc/audit/audit.rules

check_config $AUDIT_CONFIG '^-f'  1 
if [ $rtn -eq 1 ]; then
	sed -i '/-f/s@[0-9]@1@' $AUDIT_CONFIG
elif [ $rtn -eq 2 ]; then
	line=$(grep -n ^-b  $AUDIT_CONFIG | cut -d: -f1)
	num=`expr ${line} + 2`
	sed -i "${num}a\-f 1" /etc/audit/audit.rules
fi
DATE=$(date +%Y%m%d)
sed -i.bak_$DATE '/kill/d'  $AUDIT_CONFIG
echo "#trace kill">> $AUDIT_CONFIG
echo "#-a entry,always -F arch=b32 -F a1>0 -S kill">> $AUDIT_CONFIG
echo "#-a entry,always -F arch=b64 -F a1>0 -S kill">> $AUDIT_CONFIG
USER_NAME=$1
USER_HOME=$2
#if [ -z $1 ];then
#	UNIT_NAME=guodiao
#else
#	UNIT_NAME=$1
#fi
# copy new script 
cp auditd.conf  /etc/audit
cp audit.rules  /etc/audit/audit.rules.${USER_NAME}
#sed -i "s#fujian#${UNIT_NAME}#g" /etc/audit/audit.rules.${USER_NAME}
sed -i "s#/home/d5000/fujian#${USER_HOME}#g" /etc/audit/audit.rules.${USER_NAME}