Skip to content

Commit

Permalink
feat(check_selinux): add two more cmdline options
Browse files Browse the repository at this point in the history
By default, permissive mode raises a warning.
Add two additional options to tune this behavior:

   --permissive-is-allowed: return OK if permissive mode
   --permissive-is-critical: return CRITICAL

Signed-off-by: Davide Madrisan <[email protected]>
  • Loading branch information
madrisan committed Apr 9, 2024
1 parent eacbb3c commit 9712357
Showing 1 changed file with 25 additions and 6 deletions.
31 changes: 25 additions & 6 deletions plugins/check_selinux.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ static const char *program_copyright =
"Copyright (C) 2024 Davide Madrisan <" PACKAGE_BUGREPORT ">\n";

static struct option const longopts[] = {
{(char *) "permissive-is-allowed", no_argument, NULL, 'p'},
{(char *) "permissive-is-critical", no_argument, NULL, 'P'},
{(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR},
{(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR},
{NULL, 0, NULL, 0}
Expand All @@ -50,13 +52,23 @@ usage (FILE * out)
fputs ("This plugin checks if SELinux is enabled.\n", out);
fputs (program_copyright, out);
fputs (USAGE_HEADER, out);
fprintf (out, " %s\n", program_name);
fprintf (out, " %s [--permissive-is-allowed|--permissive-is-critical]\n",
program_name);
fputs (USAGE_OPTIONS, out);
fputs (" -p --permissive-is-allowed permissive mode does not generate "
"a warning\n", out);
fputs (" -P --permissive-is-critical permissive mode is to be considered"
" critical\n", out);
fputs (USAGE_HELP, out);
fputs (USAGE_VERSION, out);
fputs (USAGE_NOTE, out);
fputs (" By default, permissive mode raises a warning.\n", out);
fputs (" Use the option -P to turn it into a critical error\n", out);
fputs (" or -p to consider it a valid configuration.\n", out);
fputs (USAGE_EXAMPLES, out);
fprintf (out, " %s\n",
program_name);
fprintf (out, " %s\n", program_name);
fprintf (out, " %s --permissive-is-allowed\n", program_name);
fprintf (out, " %s --permissive-is-critical\n", program_name);

exit (out == stderr ? STATE_UNKNOWN : STATE_OK);
}
Expand All @@ -75,18 +87,25 @@ int
main (int argc, char **argv)
{
int c, is_enabled;
nagstatus status = STATE_OK;
nagstatus status = STATE_OK,
permissive_status = STATE_WARNING;

set_program_name (argv[0]);

while ((c = getopt_long (argc, argv,
GETOPT_HELP_VERSION_STRING,
"p" GETOPT_HELP_VERSION_STRING,
longopts, NULL)) != -1)
{
switch (c)
{
default:
usage (stderr);
case 'P':
permissive_status = STATE_CRITICAL;
break;
case 'p':
permissive_status = STATE_OK;
break;

case_GETOPT_HELP_CHAR
case_GETOPT_VERSION_CHAR
Expand All @@ -103,7 +122,7 @@ main (int argc, char **argv)
status_str = "disabled";
break;
case 1:
status = STATE_WARNING;
status = permissive_status;
status_str = "disabled (permissive)";
break;
case 2:
Expand Down

0 comments on commit 9712357

Please sign in to comment.