initial version

This commit is contained in:
Marius Pana 2018-06-12 09:35:31 +03:00
parent a9a924cdb8
commit 223e92b076
3 changed files with 75 additions and 4 deletions

View File

@ -35,10 +35,11 @@
if command sestatus > /dev/null ; then
# Selinux status
echo '<<<selinux>>>'
sestatus | grep "SELinux status:" | awk '{print $3}'
status=`sestatus | grep "SELinux status:" | awk '{print $3}'`
# the current mode
sestatus | grep "Current mode:" | awk '{print $3}'
curmode=`sestatus | grep "Current mode:" | awk '{print $3}'`
# the mode from file
sestatus | grep "Mode from config file:" | awk '{print $5}'
filemode=`sestatus | grep "Mode from config file:" | awk '{print $5}'`
echo '<<<selinux>>>'
echo $status $curmode $filemode
fi

40
checks/selinux Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env python
#
# Author: Marius Pana <mp@spearhead.systems>
factory_settings["selinux_default_levels"] = {
"modedisabled" : 0,
"curmodepermissive" : 1,
"filemodepermissive" : 2,
}
def inventory_selinux(info):
inventory = []
for line in info:
# inventory.append( (line[0], "selinux_default_levels") )
yield line[0], selinux_default_levels
# return inventory
def check_selinux(item, params, info):
for line in info:
state = 0
if line[0] == 'disabled':
state = params["modedisabled"]
return (state, "SELinux is disabled")
elif line[0] == 'enabled' and line[1] == "permissive" and line[2] == "enforcing":
state = params["curmodepermissive"]
return (state, "SELinux is in permissive mode but config file is enfocring.")
elif line[2] == "permissive":
state = params["filemodepermissive"]
return (state, "SELinux is in permissive mode.")
else:
return(3, "SELinux not found in agent output")
check_info["selinux"] = {
"inventory_function" : inventory_selinux,
"check_function" : check_selinux,
"has_perfdata" : False,
"service_description" : "SELinux status",
"default_levels_variable" : "selinux_default_levels",
'group': 'selinux',
}

View File

@ -0,0 +1,30 @@
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# 2018 Marius Pana <mp@spearhead.systems>
register_check_parameters(
subgroup_os,
"selinux",
_("SELinux"),
Dictionary(
elements = [
( "modedisabled",
MonitoringState(
title = _("State when SELinux is disabled"),
default_value = 2,
)),
( "curmodepermissive",
MonitoringState(
title = _("State when SELinux current mode is permissive"),
default_value = 1,
)),
( "filemodepermissive",
MonitoringState(
title = _("State when SELinux file mode is permissive"),
default_value = 2,
)),
]
),
None,
match_type = "dict",
)