## cd_nrpe::selinux::config.pp # Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
#    This file is part of cd_nrpe.
#
#    cd_nrpe is used for providing automatic configuration of NRPE
#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
# @summary  Class manages all aspects of configuring selinux for NRPE.
##############################################################################
class cd_nrpe::selinux::config (

) inherits cd_nrpe::params {

  if $ne_include_selinux == true {

    #  manage allow nagios sudo

    exec { 'nagios_run_sudo':
      command =>  'setsebool -P nagios_run_sudo 1',
      path    =>  ['/usr/bin','/usr/sbin'],
      cwd     =>  '/tmp',
      unless  =>  'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
    }

    # create policy file for sudo selinux policy
    exec { 'create_nrpe_pp':
      command     =>  template($ne_checkmodule_nrpe_erb),
      user        =>  'root',
      creates     =>  $ne_nrpe_pp_file,
      refreshonly =>  true,
      notify      =>  Exec['import_semodule_nrpe'],
    }

    # import semodule
    exec { 'import_semodule_nrpe':
      command     =>  template($ne_semodule_erb),
      user        =>  'root',
      unless      =>  '/sbin/semodule -l | grep nrpe | grep -v nrpe_',
      refreshonly =>  true,
    }
  }
}