kudos/check_health
kudos/check_health
2
1
Fork 0
Code Issues 7 Pull Requests Projects Releases 1 Wiki Activity

Added SELinux fcontexts for logrotate in post-installer script

Browse Source
This commit is contained in:
Patrick Van der Veken 2019-06-07 21:34:01 +02:00
parent f891b1bfea
commit c08d63cb34
3 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
build/linux/ARCH/hc-linux/.install
View File

@ -40,6 +40,34 @@ post_install() {
else
echo "ERROR: could not locate or excute the HC main script (${HC_BIN})"
fi
# set SELinux contexts for logrotate
SESTATUS_BIN=$(command -v sestatus 2>/dev/null)
if [[ -n "${SESTATUS_BIN}" ]]
then
IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null)
if (( IS_ENFORCING > 0 ))
then
SEMANAGE_BIN=$(command -v semanage 2>/dev/null)
if [[ -n "${SEMANAGE_BIN}" ]]
then
${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?"
echo "INFO: SELinux fcontexts configured for log rotation"
if [[ -d ${HC_VAR_DIR} ]]
then
RESTORECON_BIN=$(command -v restorecon 2>/dev/null)
if [[ -n "${RESTORECON_BIN}" ]]
then
${RESTORECON_BIN} -Frv ${HC_VAR_DIR}
echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation"
else
echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation"
fi
fi
else
echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation"
fi
fi
fi
echo "INFO: finished post-install script"
}

28
build/linux/DEBIAN/hc-linux/postinst
View File

@ -43,4 +43,32 @@ then
else
echo "ERROR: could not locate or excute the HC main script (${HC_BIN})"
fi
# set SELinux contexts for logrotate
SESTATUS_BIN=$(command -v sestatus 2>/dev/null)
if [[ -n "${SESTATUS_BIN}" ]]
then
IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null)
if (( IS_ENFORCING > 0 ))
then
SEMANAGE_BIN=$(command -v semanage 2>/dev/null)
if [[ -n "${SEMANAGE_BIN}" ]]
then
${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?"
echo "INFO: SELinux fcontexts configured for log rotation"
if [[ -d ${HC_VAR_DIR} ]]
then
RESTORECON_BIN=$(command -v restorecon 2>/dev/null)
if [[ -n "${RESTORECON_BIN}" ]]
then
${RESTORECON_BIN} -Frv ${HC_VAR_DIR}
echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation"
else
echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation"
fi
fi
else
echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation"
fi
fi
fi
echo "INFO: finished post-install script"

28
build/linux/SPECS/hc-linux.spec
View File

@ -88,6 +88,34 @@ then
else
echo "ERROR: could not locate or excute the HC main script (${HC_BIN})"
fi
# set SELinux contexts for logrotate
SESTATUS_BIN=$(command -v sestatus 2>/dev/null)
if [[ -n "${SESTATUS_BIN}" ]]
then
IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null)
if (( IS_ENFORCING > 0 ))
then
SEMANAGE_BIN=$(command -v semanage 2>/dev/null)
if [[ -n "${SEMANAGE_BIN}" ]]
then
${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?"
echo "INFO: SELinux fcontexts configured for log rotation"
if [[ -d ${HC_VAR_DIR} ]]
then
RESTORECON_BIN=$(command -v restorecon 2>/dev/null)
if [[ -n "${RESTORECON_BIN}" ]]
then
${RESTORECON_BIN} -Frv ${HC_VAR_DIR}
echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation"
else
echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation"
fi
fi
else
echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation"
fi
fi
fi
echo "INFO: finished post-install script"
%postun