added selinux policy for status.dat

README.md

@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_nagios`| 0.0.1.8 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)|
+|`cd_nagios`| 0.0.1.9 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)|
 
 ### Synopsis
 Nagios is a powerful open source software solution for monitoring your IT environments.

manifests/params.pp

@@ -946,6 +946,7 @@ $ng_htpasswd_head           = 'cd_nagios/nagios/htpasswd_head.erb'
 $ng_htpasswd_rule           = 'cd_nagios/nagios/htpasswd_rule.erb'
 $ng_taccgi_erb              = 'cd_nagios/selinux/taccgi.erb'
 $ng_statcgi_erb             = 'cd_nagios/selinux/statuscgi.erb'
+$ng_statdat_erb             = 'cd_nagios/selinux/statusdat.erb'
 $ng_checknrpe_erb           = 'cd_nagios/selinux/checknrpe.erb'
 $ng_checknagios_erb         = 'cd_nagios/selinux/checknagios.erb'
 $ng_nagios_conf             = '/etc/httpd/conf.d/nagios.conf'

manifests/selinux/config.pp

@@ -110,5 +110,24 @@ class cd_nagios::selinux::config (
       refreshonly =>  true,
       notify      =>  Service[$ng_service],
     }
+
+    # sealert status.dat
+
+    exec { 'create_policy_statusdat':
+      command     =>  template($ng_statdat_erb),
+      path        =>  ['/usr/bin','/usr/sbin'],
+      cwd         =>  $ng_user_home,
+      creates     =>  "${ng_user_home}/my-http.pp",
+      notify      =>  Exec['semodule_statusdat'],
+    }
+
+    exec { 'semodule_statusdat':
+      command     =>  'semodule -i my-http.pp',
+      path        =>  ['/usr/bin','/usr/sbin'],
+      cwd         =>  $ng_user_home,
+      require     =>  Exec['create_policy_statusdat'],
+      refreshonly =>  true,
+      notify      =>  Service[$ng_service],
+    }
   }
 }

templates/selinux/statusdat.erb

@@ -0,0 +1 @@
+ausearch -c 'httpd' --raw | audit2allow -M my-httpd