#!/bin/bash

# 6.2.1.8 Action in case of possible audit data loss (FAU_STG.3)
# 6.2.1.9 Prevention of audit data loss (FAU_STG.4)
# does not really specify what the default action should be though

. /usr/lib/common-criteria/scripts/libcc

AUDITD="/etc/audit/auditd.conf"
[ ! -f $AUDITD ] && {
	cc_echo "Audit configuration file $AUDITD does not exist - skipping configuration"
	cc_exit 0
}

trap "cc_exec_log rm -f $AUDITD.$$" 0 1 2 3 15
cc_exec_log cp $AUDITD $AUDITD.$$

sed -i -e 's/^dispatcher/#dispatcher/;s/^space_left_action = .*/space_left_action = SINGLE/;s/^disk_error_action = .*/disk_error_action = SINGLE/;s/^disk_full_action = .*/disk_full_action = SUSPEND/' $AUDITD.$$
cc_replace $AUDITD.$$ $AUDITD
cc_exit 0
