From cf807acd5606c020e42a8176b4a238f787da3e89 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 15:40:07 +0100 Subject: [PATCH 1/2] added selinux policy for checknrpe --- manifests/params.pp | 5 ++--- manifests/selinux/config.pp | 21 +++++++++++++++++++++ templates/selinux/checknrpe.erb | 1 + 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 templates/selinux/checknrpe.erb diff --git a/manifests/params.pp b/manifests/params.pp index 2492241..3b84230 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -703,7 +703,7 @@ $ng_u_comment = 'Nagios service user', $ng_u_uid = '1004', $ng_user_home = '/var/spool/nagios', $ng_u_groups = undef, -$ng_user_shell = '/sbin/nologin', +$ng_user_shell = '/bin/bash', # cgi settings $ng_context_help = '1', @@ -937,6 +937,7 @@ $ng_htpasswd_head = 'cd_nagios/nagios/htpasswd_head.erb' $ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb' $ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb' $ng_statcgi_erb = 'cd_nagios/selinux/statuscgi.erb' +$ng_checknrpe_erb = 'cd_nagios/selinux/checknrpe.erb' $ng_nagios_conf = '/etc/httpd/conf.d/nagios.conf' $ng_nagios_conf_erb = 'cd_nagios/httpd/nagios_conf.erb' $ng_welcome_conf = '/etc/httpd/conf.d/welcome.conf' @@ -992,8 +993,6 @@ $ng_cntctgrps_rule_erb = 'cd_nagios/nagios/contactgroups_cfg_rule.erb' $ng_target_command = "${ng_conf_d_dir}/nagios_commands_base.cfg" $ng_nagios_service_cmd = 'check_nagios!/var/log/nagios/status.dat!5!/usr/sbin/nagios' -# nrpe -$ng_nrpe_file = "${ng_main_dir}/nrpe.cfg" # includes must be last diff --git a/manifests/selinux/config.pp b/manifests/selinux/config.pp index ffa7381..c69992f 100644 --- a/manifests/selinux/config.pp +++ b/manifests/selinux/config.pp @@ -73,5 +73,26 @@ class cd_nagios::selinux::config ( refreshonly => true, notify => Service[$ng_service], } + + # sealert check_nrpe + + exec { 'create_policy_checknrpe': + command => template($ng_checknrpe_erb), + path => ['/usr/bin','/usr/sbin'], + cwd => $ng_user_home, + creates => "${ng_user_home}/my-checknrpe.pp", + notify => Exec['semodule_checknrpe'], + } + + exec { 'semodule_checknrpe': + command => 'semodule -i my-checknrpe.pp', + path => ['/usr/bin','/usr/sbin'], + cwd => $ng_user_home, + require => Exec['create_policy_checknrpe'], + refreshonly => true, + notify => Service[$ng_service], + } + + } } diff --git a/templates/selinux/checknrpe.erb b/templates/selinux/checknrpe.erb new file mode 100644 index 0000000..9c0670f --- /dev/null +++ b/templates/selinux/checknrpe.erb @@ -0,0 +1 @@ +ausearch -c 'check_nrpe' --raw | audit2allow -M my-checknrpe From 28a1ed3ef9927818754b0dc71c06a5afae43a2e4 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Sun, 30 Jul 2017 16:41:05 +0200 Subject: [PATCH 2/2] recommit for updates in build 149 --- CHANGELOG.md | 60 ++++++++++++------- REPOSTRUCTURE.md | 3 +- doc/_index.html | 2 +- doc/file.README.html | 2 +- doc/index.html | 2 +- doc/puppet_classes/cd_nagios.html | 2 +- .../cd_nagios_3A_3Acertbot_3A_3Acerts.html | 2 +- .../cd_nagios_3A_3Aclient_3A_3Atarget.html | 2 +- ...cd_nagios_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Auser.html | 2 +- ...s_3A_3Aobjects_3A_3Aadd_contact_rules.html | 2 +- ...Aobjects_3A_3Aadd_contactgroups_rules.html | 2 +- ...3A_3Aobjects_3A_3Aadd_hostgroup_rules.html | 2 +- ...3Aobjects_3A_3Aadd_servicegroup_rules.html | 2 +- ...A_3Aobjects_3A_3Aadd_timeperiod_rules.html | 2 +- ...A_3Anagios_3A_3Aobjects_3A_3Acommands.html | 2 +- ..._3A_3Anagios_3A_3Aobjects_3A_3Aconfig.html | 2 +- ...agios_3A_3Aobjects_3A_3Acontactgroups.html | 2 +- ...A_3Anagios_3A_3Aobjects_3A_3Acontacts.html | 2 +- ...3Anagios_3A_3Aobjects_3A_3Ahostgroups.html | 2 +- ...agios_3A_3Aobjects_3A_3Aservicegroups.html | 2 +- ...gios_3A_3Aobjects_3A_3Atemplate_rules.html | 2 +- ...Anagios_3A_3Aobjects_3A_3Atimeperiods.html | 2 +- doc/puppet_classes/cd_nagios_3A_3Aparams.html | 12 ++-- .../cd_nagios_3A_3Aselinux_3A_3Aconfig.html | 46 +++++++++++++- ..._nagios_3A_3Aserver_3A_3Aaccess_rules.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Afiles.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Aservice.html | 2 +- ...Anagios_3A_3Aobjects_3A_3Aadd_contact.html | 2 +- ...s_3A_3Aobjects_3A_3Aadd_contactgroups.html | 2 +- ...gios_3A_3Aobjects_3A_3Aadd_hostgroups.html | 2 +- ...s_3A_3Aobjects_3A_3Aadd_servicegroups.html | 2 +- ...ios_3A_3Aobjects_3A_3Aadd_timeperiods.html | 2 +- ..._3Anagios_3A_3Aobjects_3A_3Atemplates.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Aaccess.html | 2 +- doc/top-level-namespace.html | 2 +- 39 files changed, 126 insertions(+), 65 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e5ac035..ac3e151 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,40 +8,25 @@ Changelog of Git Changelog.

No issue

+0679dc56e51747d Jenkins Server 2017-07-30 14:20:09 +

+

recommit for updates in build 148

+ +

bede0046dc27177 Jenkins Server 2017-07-30 14:09:52

recommit for updates in build 147

-

-ebdf85199f0f27d Arne Teuke 2017-07-30 14:09:13 -

-

changed user shell depending on role, on nagios server it requires bash access, else /sbin/nologin

-

e2c90593bb9918c Jenkins Server 2017-07-30 13:59:46

recommit for updates in build 146

-

-8f1c9766d2edf97 Arne Teuke 2017-07-30 13:58:17 -

-

updated user

- -

-303100c01923549 Arne Teuke 2017-07-30 13:56:40 -

-

updated user and README

-

990f0f882a44b37 Jenkins Server 2017-07-28 17:55:13

recommit for updates in build 144

-

-19034c2a5c70f56 Arne Teuke 2017-07-28 17:54:33 -

-

included NRPE on server as well

-

08fd1fcb5ce6c7e Jenkins Server 2017-07-28 13:24:01

@@ -234,6 +219,41 @@ Changelog of Git Changelog.

+

v0.0.1.5

+

No issue

+ + +4154041de6b8563 Arne Teuke 2017-07-30 14:19:36 +

+

reversed user change and made sure it always can login

+ +

+ebdf85199f0f27d Arne Teuke 2017-07-30 14:09:13 +

+

changed user shell depending on role, on nagios server it requires bash access, else /sbin/nologin

+ +

+ +

v0.0.1.4

+

No issue

+ + +8f1c9766d2edf97 Arne Teuke 2017-07-30 13:58:17 +

+

updated user

+ +

+303100c01923549 Arne Teuke 2017-07-30 13:56:40 +

+

updated user and README

+ +

+19034c2a5c70f56 Arne Teuke 2017-07-28 17:54:33 +

+

included NRPE on server as well

+ +

+

v0.0.1.3

No issue

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index e49ae41..1df97dd 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -120,6 +120,7 @@ | | |-- timeperiods_cfg_head.erb | | `-- timeperiods_cfg_rule.erb | `-- selinux +| |-- checknrpe.erb | |-- statuscgi.erb | `-- taccgi.erb |-- tests @@ -132,4 +133,4 @@ |-- README.md `-- REPOSTRUCTURE.md -20 directories, 112 files +20 directories, 113 files diff --git a/doc/_index.html b/doc/_index.html index 425bea7..b4f8381 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -281,7 +281,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 8df2d54..1619ed7 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -408,7 +408,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 8be2ce5..7176ec8 100644 --- a/doc/index.html +++ b/doc/index.html @@ -408,7 +408,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index 6b1fd87..df33bec 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html index 3be9249..479d773 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html @@ -230,7 +230,7 @@ class cd_nagios::certbot::certs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html index df09ebe..35cebc9 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html @@ -378,7 +378,7 @@ class cd_nagios::client::target ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html index 5e0b247..e76ff79 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html index 1f5bd45..26edef0 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html @@ -195,7 +195,7 @@ class cd_nagios::main::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html index a6d5a5b..b0ba6e3 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html @@ -468,7 +468,7 @@ class cd_nagios::main::dirs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html index abf75e6..e416690 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html @@ -213,7 +213,7 @@ class cd_nagios::main::install ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html index e21807f..41328b6 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html @@ -194,7 +194,7 @@ class cd_nagios::main::user ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact_rules.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact_rules.html index cbf9465..c8bca0e 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact_rules.html @@ -217,7 +217,7 @@ class cd_nagios::nagios::objects::add_contact_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups_rules.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups_rules.html index c1faeeb..4bf914f 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups_rules.html @@ -215,7 +215,7 @@ class cd_nagios::nagios::objects::add_contactgroups_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroup_rules.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroup_rules.html index 87dae6e..36aaba4 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroup_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroup_rules.html @@ -214,7 +214,7 @@ class cd_nagios::nagios::objects::add_hostgroup_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroup_rules.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroup_rules.html index 8dabc5d..f58e9cd 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroup_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroup_rules.html @@ -224,7 +224,7 @@ class cd_nagios::nagios::objects::add_servicegroup_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiod_rules.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiod_rules.html index 9f46fb3..ae220be 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiod_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiod_rules.html @@ -222,7 +222,7 @@ class cd_nagios::nagios::objects::add_timeperiod_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acommands.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acommands.html index d98cc78..16d0574 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acommands.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acommands.html @@ -597,7 +597,7 @@ class cd_nagios::nagios::objects::commands ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aconfig.html index bd68433..84a0dfb 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aconfig.html @@ -182,7 +182,7 @@ class cd_nagios::nagios::objects::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontactgroups.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontactgroups.html index 3e1f41b..26015e0 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontactgroups.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontactgroups.html @@ -237,7 +237,7 @@ class cd_nagios::nagios::objects::contactgroups ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontacts.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontacts.html index eb367ac..7c50c1d 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontacts.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Acontacts.html @@ -280,7 +280,7 @@ class cd_nagios::nagios::objects::contacts ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Ahostgroups.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Ahostgroups.html index 74e60d2..97a47f7 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Ahostgroups.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Ahostgroups.html @@ -551,7 +551,7 @@ class cd_nagios::nagios::objects::hostgroups ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aservicegroups.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aservicegroups.html index cf77714..f1487f6 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aservicegroups.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aservicegroups.html @@ -235,7 +235,7 @@ class cd_nagios::nagios::objects::servicegroups ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplate_rules.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplate_rules.html index ac6b5ef..950f73a 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplate_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplate_rules.html @@ -305,7 +305,7 @@ class cd_nagios::nagios::objects::template_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atimeperiods.html b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atimeperiods.html index 372306b..188390e 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atimeperiods.html +++ b/doc/puppet_classes/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atimeperiods.html @@ -285,7 +285,7 @@ class cd_nagios::nagios::objects::timeperiods ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html index 75ec04c..38a87bf 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html @@ -876,7 +876,7 @@ templates and for firewall (string) - (defaults to: '/sbin/nologin') + (defaults to: '/bin/bash') — @@ -5264,8 +5264,7 @@ configuration file.

998 999 1000 -1001 -1002 +1001 
# File 'manifests/params.pp', line 648
@@ -5328,7 +5327,7 @@ $ng_u_comment               = 'Nagios service user',
 $ng_u_uid                   = '1004',
 $ng_user_home               = '/var/spool/nagios',
 $ng_u_groups                = undef,
-$ng_user_shell              = '/sbin/nologin',
+$ng_user_shell              = '/bin/bash',
 
 # cgi settings
 $ng_context_help            = '1',
@@ -5562,6 +5561,7 @@ $ng_htpasswd_head           = 'cd_nagios/nagios/htpasswd_head.erb'
 $ng_htpasswd_rule           = 'cd_nagios/nagios/htpasswd_rule.erb'
 $ng_taccgi_erb              = 'cd_nagios/selinux/taccgi.erb'
 $ng_statcgi_erb             = 'cd_nagios/selinux/statuscgi.erb'
+$ng_checknrpe_erb           = 'cd_nagios/selinux/checknrpe.erb'
 $ng_nagios_conf             = '/etc/httpd/conf.d/nagios.conf'
 $ng_nagios_conf_erb         = 'cd_nagios/httpd/nagios_conf.erb'
 $ng_welcome_conf            = '/etc/httpd/conf.d/welcome.conf'
@@ -5617,8 +5617,6 @@ $ng_cntctgrps_rule_erb      = 'cd_nagios/nagios/contactgroups_cfg_rule.erb&#
 $ng_target_command          = "${ng_conf_d_dir}/nagios_commands_base.cfg"
 $ng_nagios_service_cmd      = 'check_nagios!/var/log/nagios/status.dat!5!/usr/sbin/nagios'
 
-# nrpe
-$ng_nrpe_file               = "${ng_main_dir}/nrpe.cfg"
 
 # includes must be last
 
@@ -5632,7 +5630,7 @@ $ng_nrpe_file               = "${ng_main_dir}/nrpe.cfg"
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index 961cdf1..218707d 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -183,7 +183,28 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

 74
 75
 76
-77
+77 +78 +79 +80 +81 +82 +83 +84 +85 +86 +87 +88 +89 +90 +91 +92 +93 +94 +95 +96 +97 +98 
# File 'manifests/selinux/config.pp', line 24
@@ -240,6 +261,27 @@ class cd_nagios::selinux::config (
       refreshonly =>  true,
       notify      =>  Service[$ng_service],
     }
+
+    # sealert check_nrpe
+
+    exec { 'create_policy_checknrpe':
+      command     =>  template($ng_checknrpe_erb),
+      path        =>  ['/usr/bin','/usr/sbin'],
+      cwd         =>  $ng_user_home,
+      creates     =>  "${ng_user_home}/my-checknrpe.pp",
+      notify      =>  Exec['semodule_checknrpe'],
+    }
+
+    exec { 'semodule_checknrpe':
+      command     =>  'semodule -i my-checknrpe.pp',
+      path        =>  ['/usr/bin','/usr/sbin'],
+      cwd         =>  $ng_user_home,
+      require     =>  Exec['create_policy_checknrpe'],
+      refreshonly =>  true,
+      notify      =>  Service[$ng_service],
+    }
+
+
   }
 }
@@ -249,7 +291,7 @@ class cd_nagios::selinux::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html index 98b0936..3b20f26 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html @@ -195,7 +195,7 @@ class cd_nagios::server::access_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html index 70a0c4c..6958627 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html @@ -334,7 +334,7 @@ class cd_nagios::server::files ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html index ab6ada0..9b0987a 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html @@ -310,7 +310,7 @@ class cd_nagios::server::service ( diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact.html b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact.html index 2281bdb..6d3484b 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contact.html @@ -285,7 +285,7 @@ $ng_contacts_rule_erb = $::cd_nagios::params::ng_contacts_rule_erb diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups.html b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups.html index 23c31b2..d054746 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_contactgroups.html @@ -237,7 +237,7 @@ $ng_cntctgrps_rule_erb = $::cd_nagios::params::ng_cntctgrps_rule_erb diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroups.html b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroups.html index b5bcda4..f3e6824 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroups.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_hostgroups.html @@ -245,7 +245,7 @@ $ng_tgt_hostgrp_rule_erb = $::cd_nagios::params::ng_tgt_hostgrp_rule_erb diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroups.html b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroups.html index 6ab74d3..3591812 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroups.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_servicegroups.html @@ -245,7 +245,7 @@ $ng_tgt_svcgrp_rule_erb = $::cd_nagios::params::ng_tgt_svcgrp_rule_erb diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiods.html b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiods.html index e6bfa51..3060f30 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiods.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Aadd_timeperiods.html @@ -370,7 +370,7 @@ $ng_tgt_timep_rule_erb = $::cd_nagios::params::ng_tgt_timep_rule_erb diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplates.html b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplates.html index abc16e6..7eae3a1 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplates.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Anagios_3A_3Aobjects_3A_3Atemplates.html @@ -906,7 +906,7 @@ $ng_templates_rule_erb = $::cd_nagios::params::ng_templates_rule_erb diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html index 74f6fad..a51a4a6 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html @@ -220,7 +220,7 @@ $ng_service = $::cd_nagios::params::ng_service diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index 0bdab9f..4d36b03 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@