## cd_nrpe::selinux::config.pp # Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# @summary  Class manages all aspects of configuring selinux for NRPE.
##############################################################################
class cd_nrpe::selinux::config (

) inherits cd_nrpe::params {
  if $ne_include_selinux == true {
    #  manage allow nagios sudo

    exec { 'nagios_run_sudo':
      command => 'setsebool -P nagios_run_sudo 1',
      path    => ['/usr/bin','/usr/sbin'],
      cwd     => '/tmp',
      unless  => 'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
    }

    # create policy file for sudo selinux policy
    exec { 'create_nrpe_pp':
      command     => template($ne_checkmodule_nrpe_erb),
      user        => 'root',
      creates     => $ne_nrpe_pp_file,
      refreshonly => true,
      notify      => Exec['import_semodule_nrpe'],
    }

    # import semodule
    exec { 'import_semodule_nrpe':
      command     => template($ne_semodule_erb),
      user        => 'root',
      unless      => '/sbin/semodule -l | grep nrpe | grep -v nrpe_',
      refreshonly => true,
    }
  }
}