42 lines
1.5 KiB
Python
42 lines
1.5 KiB
Python
#!/usr/bin/env python
|
|
#
|
|
# Author: Marius Pana <mp@spearhead.systems>
|
|
|
|
factory_settings["selinux_default_levels"] = {
|
|
"modedisabled" : 2,
|
|
"curmodepermissive" : 1,
|
|
"filemodepermissive" : 2,
|
|
}
|
|
|
|
def inventory_selinux(info):
|
|
inventory = []
|
|
for line in info:
|
|
yield None, {}
|
|
|
|
def check_selinux(item, params, info):
|
|
for line in info:
|
|
state = 0
|
|
if line[0] == 'disabled':
|
|
state = params["modedisabled"]
|
|
return (state, "SELinux is disabled")
|
|
elif line[1] == "enforcing" and line[2] == "enforcing":
|
|
return(state, "SELinux is enabled and enforcing.")
|
|
elif line[1] == "enforcing" and line[2] == "permissive":
|
|
return(state, "SELinux is enforcing but config file is in permissive mode.")
|
|
elif line[1] == "permissive" and line[2] == "enforcing":
|
|
state = params["curmodepermissive"]
|
|
return (state, "SELinux is in permissive mode but config file is enforcing.")
|
|
elif line[2] == "permissive":
|
|
state = params["filemodepermissive"]
|
|
return (state, "SELinux is in permissive mode.")
|
|
else:
|
|
return(3, "SELinux not found in agent output")
|
|
|
|
check_info["selinux"] = {
|
|
"inventory_function" : inventory_selinux,
|
|
"check_function" : check_selinux,
|
|
"has_perfdata" : False,
|
|
"service_description" : "SELinux state",
|
|
"default_levels_variable" : "selinux_default_levels",
|
|
'group': 'selinux',
|
|
} |