35 lines
1.5 KiB
Python
35 lines
1.5 KiB
Python
|
#!/usr/bin/env python
|
||
|
# -*- encoding: utf-8; py-indent-offset: 4 -*-
|
||
|
# 2024 Marius Pana <mp@spearhead.systems>
|
||
|
|
||
|
from .agent_based_api.v1 import *
|
||
|
|
||
|
def discover_selinux(section):
|
||
|
#for line in info:
|
||
|
# yield None, {}
|
||
|
#print(Service)
|
||
|
yield Service()
|
||
|
|
||
|
def check_selinux(params, section):
|
||
|
for line in section:
|
||
|
if line[0] == 'disabled':
|
||
|
yield Result(state=State(params["modedisabled"]), summary="SELinux is disabled")
|
||
|
elif line[1] == "enforcing" and line[2] == "enforcing":
|
||
|
yield Result(state=State.OK, summary="SELinux is enabled and enforcing")
|
||
|
elif line[1] == "enforcing" and line[2] == "permissive":
|
||
|
yield Result(state=State.WARN, summary="SELinux is enforcing but config file is in permissive mode.")
|
||
|
elif line[1] == "permissive" and line[2] == "enforcing":
|
||
|
yield Result(state=State(params["curmodepermissive"]), summary="SELinux is in permissive mode but config file is enforcing.")
|
||
|
elif line[2] == "permissive":
|
||
|
yield Result(state=State(params["curmodepermissive"]), summary="SELinux is in permissive mode.")
|
||
|
else:
|
||
|
yield Result(state=State.WARN, summary="SELinux not found in agent output")
|
||
|
|
||
|
register.check_plugin(
|
||
|
name="selinux",
|
||
|
service_name="SELinux state",
|
||
|
discovery_function=discover_selinux,
|
||
|
check_function=check_selinux,
|
||
|
check_ruleset_name="selinux",
|
||
|
check_default_parameters = {"modedisabled": 2, "curmodepermissive" : 1, "filemodepermissive" : 2}
|
||
|
)
|