adds grep c[Fheck

manifests/params.pp

@@ -906,9 +906,6 @@ $ng_loadctl_options         = 'jobs_max=100;backoff_limit=10;rampup_change=5',
 # single nagios checks
 $ng_enable_swap_check       = true,
 
-# resource.cfg
-$ng_user_arg1               = '/usr/lib64/nagios/plugins',
-$ng_user_arg2               = '/usr/lib64/nagios/plugins/eventhandlers',
 
 ) {
 
@@ -970,6 +967,7 @@ $ng_ssl_vhost_erb           = 'cd_nagios/httpd/nagios_ssl_vhost.erb'
 $ng_nagios_cfg_file         = "${ng_main_dir}/nagios.cfg"
 $ng_nagios_cfg_erb          = 'cd_nagios/nagios/nagios_cfg.erb'
 $ng_resource_erb            = 'cd_nagios/nagios/resource_cfg.erb'
+$ng_grep_erb                = 'cd_nagios/selinux/grep.erb'
 
 # certbot
 $ng_certbot_main_dir        = '/etc/letsencrypt'

manifests/selinux/config.pp

@@ -129,5 +129,24 @@ class cd_nagios::selinux::config (
       refreshonly =>  true,
       notify      =>  Service[$ng_service],
     }
+
+    # sealert grep
+
+    exec { 'create_policy_grep':
+      command     =>  template($ng_grep_erb),
+      path        =>  ['/usr/bin','/usr/sbin'],
+      cwd         =>  $ng_user_home,
+      creates     =>  "${ng_user_home}/my-grep.pp",
+      notify      =>  Exec['semodule_statusdat'],
+    }
+
+    exec { 'semodule_grep':
+      command     =>  "semodule -i ${ng_user_home}/my-grep.pp",
+      path        =>  ['/usr/bin','/usr/sbin'],
+      cwd         =>  $ng_user_home,
+      require     =>  Exec['create_policy_grep'],
+      refreshonly =>  true,
+      notify      =>  Service[$ng_service],
+    }
   }
 }

templates/selinux/grep.erb

@@ -0,0 +1 @@
+ausearch -c 'grep' --raw | audit2allow -M my-grep