check_mk-check-selinux/lib/python3/cmk/base/plugins/agent_based/selinux.py

35 lines
1.5 KiB
Python
Raw Normal View History

2024-01-12 15:32:52 +02:00
#!/usr/bin/env python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# 2024 Marius Pana <mp@spearhead.systems>
from .agent_based_api.v1 import *
def discover_selinux(section):
#for line in info:
# yield None, {}
#print(Service)
yield Service()
def check_selinux(params, section):
for line in section:
if line[0] == 'disabled':
yield Result(state=State(params["modedisabled"]), summary="SELinux is disabled")
elif line[1] == "enforcing" and line[2] == "enforcing":
yield Result(state=State.OK, summary="SELinux is enabled and enforcing")
elif line[1] == "enforcing" and line[2] == "permissive":
yield Result(state=State.WARN, summary="SELinux is enforcing but config file is in permissive mode.")
elif line[1] == "permissive" and line[2] == "enforcing":
yield Result(state=State(params["curmodepermissive"]), summary="SELinux is in permissive mode but config file is enforcing.")
elif line[2] == "permissive":
yield Result(state=State(params["curmodepermissive"]), summary="SELinux is in permissive mode.")
else:
yield Result(state=State.WARN, summary="SELinux not found in agent output")
register.check_plugin(
name="selinux",
service_name="SELinux state",
discovery_function=discover_selinux,
check_function=check_selinux,
check_ruleset_name="selinux",
check_default_parameters = {"modedisabled": 2, "curmodepermissive" : 1, "filemodepermissive" : 2}
)