trying to work my way again through selinux
This commit is contained in:
Arne Teuke
@@ -27,11 +27,22 @@ class cd_nagios::selinux::config (
|
|||||||
|
|
||||||
if $ng_use_selinux_tools == true {
|
if $ng_use_selinux_tools == true {
|
||||||
|
|
||||||
# sealert tac-cgi
|
# it appears that selinux hehaves differently accross different nodes,
|
||||||
|
# so all we can do for now is to create a list of the AVC alerts and come up
|
||||||
|
# with a solution on that later.
|
||||||
|
|
||||||
|
exec { 'create_avc_list':
|
||||||
|
command => 'sealert -a /var/log/audit/audit.log > avc_alerts',
|
||||||
|
cwd => $ng_user_home,
|
||||||
|
path => ['/usr/bin'],
|
||||||
|
creates -> 'avc_alerts',
|
||||||
|
}
|
||||||
|
|
||||||
|
# sealert tac-cgi
|
||||||
exec { 'create_policy_taccgi':
|
exec { 'create_policy_taccgi':
|
||||||
command => template($ng_taccgi_erb),
|
command => template($ng_taccgi_erb),
|
||||||
path => ['/usr/bin','/usr/sbin'],
|
path => ['/usr/bin','/usr/sbin'],
|
||||||
cwd => '/tmp',
|
cwd => $ng_user_home,
|
||||||
creates => '/tmp/my-taccgi.pp',
|
creates => '/tmp/my-taccgi.pp',
|
||||||
notify => Exec['semodule_taccgi'],
|
notify => Exec['semodule_taccgi'],
|
||||||
}
|
}
|
||||||
@@ -39,7 +50,7 @@ class cd_nagios::selinux::config (
|
|||||||
exec { 'semodule_taccgi':
|
exec { 'semodule_taccgi':
|
||||||
command => 'semodule -i my-taccgi.pp',
|
command => 'semodule -i my-taccgi.pp',
|
||||||
path => ['/usr/bin','/usr/sbin'],
|
path => ['/usr/bin','/usr/sbin'],
|
||||||
cwd => '/tmp',
|
cwd => $ng_user_home,
|
||||||
require => Exec['create_policy_taccgi'],
|
require => Exec['create_policy_taccgi'],
|
||||||
refreshonly => true,
|
refreshonly => true,
|
||||||
}
|
}
|
||||||
@@ -49,7 +60,7 @@ class cd_nagios::selinux::config (
|
|||||||
exec { 'create_policy_statuscgi':
|
exec { 'create_policy_statuscgi':
|
||||||
command => template($ng_statcgi_erb),
|
command => template($ng_statcgi_erb),
|
||||||
path => ['/usr/bin','/usr/sbin'],
|
path => ['/usr/bin','/usr/sbin'],
|
||||||
cwd => '/tmp',
|
cwd => $ng_user_home,
|
||||||
creates => '/tmp/my-statuscgi.pp',
|
creates => '/tmp/my-statuscgi.pp',
|
||||||
notify => Exec['semodule_taccgi'],
|
notify => Exec['semodule_taccgi'],
|
||||||
}
|
}
|
||||||
@@ -57,9 +68,10 @@ class cd_nagios::selinux::config (
|
|||||||
exec { 'semodule_statuscgi':
|
exec { 'semodule_statuscgi':
|
||||||
command => 'semodule -i my-statuscgi.pp',
|
command => 'semodule -i my-statuscgi.pp',
|
||||||
path => ['/usr/bin','/usr/sbin'],
|
path => ['/usr/bin','/usr/sbin'],
|
||||||
cwd => '/tmp',
|
cwd => $ng_user_home,
|
||||||
require => Exec['create_policy_statuscgi'],
|
require => Exec['create_policy_statuscgi'],
|
||||||
refreshonly => true,
|
refreshonly => true,
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,11 +45,5 @@ class cd_nagios::server::access_rules (
|
|||||||
seluser => system_u,
|
seluser => system_u,
|
||||||
notify => Service[$ng_service],
|
notify => Service[$ng_service],
|
||||||
}
|
}
|
||||||
|
|
||||||
concat::fragment { 'create_header':
|
|
||||||
target => $ng_htpasswd_file,
|
|
||||||
content => template($ng_htpasswd_head),
|
|
||||||
notify => Service[$ng_service],
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user