check_mk-check-selinux/checks/selinux
2018-06-12 17:12:17 +03:00

42 lines
1.5 KiB
Python

#!/usr/bin/env python
#
# Author: Marius Pana <mp@spearhead.systems>
factory_settings["selinux_default_levels"] = {
"modedisabled" : 2,
"curmodepermissive" : 1,
"filemodepermissive" : 2,
}
def inventory_selinux(info):
inventory = []
for line in info:
yield None, {}
def check_selinux(item, params, info):
for line in info:
state = 0
if line[0] == 'disabled':
state = params["modedisabled"]
return (state, "SELinux is disabled")
elif line[1] == "enforcing" and line[2] == "enforcing":
return(state, "SELinux is enabled and enforcing.")
elif line[1] == "enforcing" and line[2] == "permissive":
return(state, "SELinux is enforcing but config file is in permissive mode.")
elif line[1] == "permissive" and line[2] == "enforcing":
state = params["curmodepermissive"]
return (state, "SELinux is in permissive mode but config file is enforcing.")
elif line[2] == "permissive":
state = params["filemodepermissive"]
return (state, "SELinux is in permissive mode.")
else:
return(3, "SELinux not found in agent output")
check_info["selinux"] = {
"inventory_function" : inventory_selinux,
"check_function" : check_selinux,
"has_perfdata" : False,
"service_description" : "SELinux state",
"default_levels_variable" : "selinux_default_levels",
'group': 'selinux',
}