#!/usr/bin/env python
#
# Author: Marius Pana <mp@spearhead.systems>

factory_settings["selinux_default_levels"] = {
    "modedisabled" : 2,
    "curmodepermissive" : 1,
    "filemodepermissive" : 2,
}

def inventory_selinux(info):
    inventory = []
    for line in info:
        yield None, {}

def check_selinux(item, params, info):
    for line in info:
        state = 0
        if line[0] == 'disabled':
            state = params["modedisabled"]
            return (state, "SELinux is disabled")
        elif line[1] == "enforcing" and line[2] == "enforcing":
            return(state, "SELinux is enabled and enforcing.")
        elif line[1] == "enforcing" and line[2] == "permissive":
            return(state, "SELinux is enforcing but config file is in permissive mode.")
        elif line[1] == "permissive" and line[2] == "enforcing":
            state = params["curmodepermissive"]
            return (state, "SELinux is in permissive mode but config file is enforcing.")
        elif line[2] == "permissive":
            state = params["filemodepermissive"]
            return (state, "SELinux is in permissive mode.")
        else:
            return(3, "SELinux not found in agent output")

check_info["selinux"] = {
    "inventory_function"        : inventory_selinux,
    "check_function"            : check_selinux,
    "has_perfdata"              : False,
    "service_description"       : "SELinux state",
    "default_levels_variable"   : "selinux_default_levels",
    'group':                    'selinux',
}