From fc05564e89863605160b0bb2f286e719b83e0795 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 16:00:13 +0100 Subject: [PATCH] added checknagios selinux exception --- manifests/params.pp | 1 + manifests/selinux/config.pp | 19 +++++++++++++++++++ templates/selinux/checknagios.erb | 1 + 3 files changed, 21 insertions(+) create mode 100644 templates/selinux/checknagios.erb diff --git a/manifests/params.pp b/manifests/params.pp index 3b84230..9f441fa 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -938,6 +938,7 @@ $ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb' $ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb' $ng_statcgi_erb = 'cd_nagios/selinux/statuscgi.erb' $ng_checknrpe_erb = 'cd_nagios/selinux/checknrpe.erb' +$ng_checknagios_erb = 'cd_nagios/selinux/checknagios.erb' $ng_nagios_conf = '/etc/httpd/conf.d/nagios.conf' $ng_nagios_conf_erb = 'cd_nagios/httpd/nagios_conf.erb' $ng_welcome_conf = '/etc/httpd/conf.d/welcome.conf' diff --git a/manifests/selinux/config.pp b/manifests/selinux/config.pp index c69992f..cf3234a 100644 --- a/manifests/selinux/config.pp +++ b/manifests/selinux/config.pp @@ -93,6 +93,25 @@ class cd_nagios::selinux::config ( notify => Service[$ng_service], } + # selart check_nagios + + exec { 'create_policy_checknagios': + command => template($ng_checknagios_erb), + path => ['/usr/bin','/usr/sbin'], + cwd => $ng_user_home, + creates => "${ng_user_home}/my-checknagios.pp", + notify => Exec['semodule_checknagios'], + } + + exec { 'semodule_checknagios': + command => 'semodule -i my-checknagios.pp', + path => ['/usr/bin','/usr/sbin'], + cwd => $ng_user_home, + require => Exec['create_policy_checknagios'], + refreshonly => true, + notify => Service[$ng_service], + } + } } diff --git a/templates/selinux/checknagios.erb b/templates/selinux/checknagios.erb new file mode 100644 index 0000000..d974f95 --- /dev/null +++ b/templates/selinux/checknagios.erb @@ -0,0 +1 @@ +ausearch -c 'check_nagios' --raw | audit2allow -M my-checknagios