blob: 33f1a3a9e408ee395636d1c274bdb776d54fed39 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
### This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
import sos.plugintools
import commands
class selinux(sos.plugintools.PluginBase):
"""selinux related information
"""
def setup(self):
self.addCopySpec("/etc/selinux")
self.collectExtOutput("/usr/bin/selinuxconfig")
self.collectExtOutput("/usr/sbin/sestatus", root_symlink = "sestatus")
self.eta_weight += 120 # this plugins takes 120x longer (for ETA)
self.collectExtOutput("/sbin/fixfiles check")
return
def checkenabled(self):
# is selinux enabled ?
try:
if commands.getoutput("/usr/sbin/sestatus").split(":")[1].strip() == "disabled":
return False
except:
pass
return True
def analyze(self):
# Check for SELinux denials and capture raw output from sealert
if self.cInfo["policy"].runlevelDefault() in self.cInfo["policy"].runlevelByService("setroubleshoot"):
# TODO: fixup regex for more precise matching
sealert=doRegexFindAll(r"^.*setroubleshoot:.*(sealert\s-l\s.*)","/var/log/messages")
if sealert:
for i in sealert:
self.collectExtOutput("%s" % i)
self.addAlert("There are numerous selinux errors present and "+
"possible fixes stated in the sealert output.")
|
