#!/usr/bin/env python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# 2024 Marius Pana <mp@spearhead.systems>

from .agent_based_api.v1 import *

def discover_selinux(section):
    #for line in info:
    #    yield None, {}
    #print(Service)
    yield Service()

def check_selinux(params, section):
    for line in section:
        if line[0] == 'disabled':
            yield  Result(state=State(params["modedisabled"]), summary="SELinux is disabled")
        elif line[1] == "enforcing" and line[2] == "enforcing":
            yield Result(state=State.OK, summary="SELinux is enabled and enforcing")
        elif line[1] == "enforcing" and line[2] == "permissive":
            yield Result(state=State.WARN, summary="SELinux is enforcing but config file is in permissive mode.")
        elif line[1] == "permissive" and line[2] == "enforcing":
            yield Result(state=State(params["curmodepermissive"]), summary="SELinux is in permissive mode but config file is enforcing.")
        elif line[2] == "permissive":
            yield Result(state=State(params["curmodepermissive"]), summary="SELinux is in permissive mode.")
        else:
            yield Result(state=State.WARN, summary="SELinux not found in agent output")

register.check_plugin(
    name="selinux",
    service_name="SELinux state",
    discovery_function=discover_selinux,
    check_function=check_selinux,
    check_ruleset_name="selinux",
    check_default_parameters = {"modedisabled": 2, "curmodepermissive" : 1, "filemodepermissive" : 2}
)