From 8d204947db73672b6312e357ea7cff30f115ada8 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Thu, 20 Jul 2017 16:15:51 +0100 Subject: [PATCH] added statuscgi_pol --- manifests/params.pp | 1 + manifests/selinux/config.pp | 20 +++++++++++++++++++- templates/selinux/statuscgi.erb | 0 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 templates/selinux/statuscgi.erb diff --git a/manifests/params.pp b/manifests/params.pp index f2c742f..79bf349 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -339,6 +339,7 @@ $ng_htpasswd_file = "${ng_main_dir}/passwd" $ng_htpasswd_head = 'cd_nagios/nagios/htpasswd_head.erb' $ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb' $ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb' +$ng_statcgi_erb = 'cd_nagios/selinux/statuscgi.erb' # includes must be last diff --git a/manifests/selinux/config.pp b/manifests/selinux/config.pp index b2516a3..39336b1 100644 --- a/manifests/selinux/config.pp +++ b/manifests/selinux/config.pp @@ -27,7 +27,7 @@ class cd_nagios::selinux::config ( if $ng_use_selinux_tools == true { - # sealert 093d6a07-03f5-4457-abaa-e6592fb01e05 + # sealert tac-cgi exec { 'create_policy_taccgi': command => template($ng_taccgi_erb), path => ['/usr/bin','/usr/sbin'], @@ -43,5 +43,23 @@ class cd_nagios::selinux::config ( require => Exec['create_policy_taccgi'], refreshonly => true, } + + # sealert status.cgi + + exec { 'create_policy_statuscgi': + command => template($ng_statcgi_erb), + path => ['/usr/bin','/usr/sbin'], + cwd => '/tmp', + creates => '/tmp/my-statuscgi.pp', + notify => Exec['semodule_taccgi'], + } + + exec { 'semodule_statuscgi': + command => 'semodule -i my-statuscgi.pp', + path => ['/usr/bin','/usr/sbin'], + cwd => '/tmp', + require => Exec['create_policy_statuscgi'], + refreshonly => true, + } } } diff --git a/templates/selinux/statuscgi.erb b/templates/selinux/statuscgi.erb new file mode 100644 index 0000000..e69de29