manifests/selinux/config.pp

## confdroid_nrpe::selinux::config.pp # Module name: confdroid_nrpe
# Author: 12ww1160 (12ww1160@ConfDroid.com)
# @summary  Class manages all aspects of configuring selinux for NRPE.
##############################################################################
class confdroid_nrpe::selinux::config (

) inherits confdroid_nrpe::params {
  if $ne_include_selinux == true {
    #  manage allow nagios sudo

    exec { 'nagios_run_sudo':
      command => 'setsebool -P nagios_run_sudo 1',
      path    => ['/usr/bin','/usr/sbin'],
      cwd     => '/tmp',
      unless  => 'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
    }

    # create policy file for sudo selinux policy
    exec { 'create_nrpe_pp':
      command     => template($ne_checkmodule_nrpe_erb),
      user        => 'root',
      creates     => $ne_nrpe_pp_file,
      refreshonly => true,
      notify      => Exec['import_semodule_nrpe'],
    }

    # import semodule
    exec { 'import_semodule_nrpe':
      command     => template($ne_semodule_erb),
      user        => 'root',
      unless      => '/sbin/semodule -l | grep nrpe | grep -v nrpe_',
      refreshonly => true,
    }
  }
}
OP#429 initial commit after fork 2026-02-10 17:43:42 +01:00			`## confdroid_nrpe::selinux::config.pp # Module name: confdroid_nrpe`
			`# Author: 12ww1160 (12ww1160@ConfDroid.com)`
added details to sudo rule 2017-07-30 17:51:22 +01:00			`# @summary Class manages all aspects of configuring selinux for NRPE.`
			`##############################################################################`
OP#429 initial commit after fork 2026-02-10 17:43:42 +01:00			`class confdroid_nrpe::selinux::config (`
added details to sudo rule 2017-07-30 17:51:22 +01:00
OP#429 initial commit after fork 2026-02-10 17:43:42 +01:00			`) inherits confdroid_nrpe::params {`
added selinux boolean 2017-07-30 17:55:59 +01:00			`if $ne_include_selinux == true {`
added details to sudo rule 2017-07-30 17:51:22 +01:00			`# manage allow nagios sudo`

			`exec { 'nagios_run_sudo':`
adjusted for puppet-lint compliance 2025-05-12 16:58:52 +02:00			`command => 'setsebool -P nagios_run_sudo 1',`
			`path => ['/usr/bin','/usr/sbin'],`
			`cwd => '/tmp',`
			`unless => 'getsebool nagios_run_sudo \| awk \'{print$3}\' \| grep -ic "on"'`
added details to sudo rule 2017-07-30 17:51:22 +01:00			`}`
moves execs to selinux 2019-04-23 21:29:11 +02:00
			`# create policy file for sudo selinux policy`
			`exec { 'create_nrpe_pp':`
adjusted for puppet-lint compliance 2025-05-12 16:58:52 +02:00			`command => template($ne_checkmodule_nrpe_erb),`
			`user => 'root',`
			`creates => $ne_nrpe_pp_file,`
			`refreshonly => true,`
			`notify => Exec['import_semodule_nrpe'],`
moves execs to selinux 2019-04-23 21:29:11 +02:00			`}`

			`# import semodule`
			`exec { 'import_semodule_nrpe':`
adjusted for puppet-lint compliance 2025-05-12 16:58:52 +02:00			`command => template($ne_semodule_erb),`
			`user => 'root',`
			`unless => '/sbin/semodule -l \| grep nrpe \| grep -v nrpe_',`
			`refreshonly => true,`
moves execs to selinux 2019-04-23 21:29:11 +02:00			`}`
added details to sudo rule 2017-07-30 17:51:22 +01:00			`}`
			`}`