Class: Inspec::Resources::Selinux

Inherits:
Object
  • Object
show all
Defined in:
lib/inspec/resources/selinux.rb

Instance Method Summary collapse

Constructor Details

#initialize(selinux_path = "/etc/selinux/config") ⇒ Selinux

Returns a new instance of Selinux.



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/inspec/resources/selinux.rb', line 85

def initialize(selinux_path = "/etc/selinux/config")
  @path = selinux_path
  if inspec.os.redhat? && inspec.os.name == "amazon"
    lcmd = "/usr/sbin/sestatus"
  else
    lcmd = "sestatus"
  end

  cmd = inspec.command(lcmd)
  if cmd.exit_status != 0
    # `sestatus` command not found error message comes in stdout so handling both here
    out = cmd.stdout + "\n" + cmd.stderr
    return skip_resource "Skipping resource: #{out}"
  end

  result = cmd.stdout.delete(" ").gsub(/\n/, ",").gsub(/\r/, "").downcase
  @data = Hash[result.scan(/([^:]+):([^,]+)[,$]/)]
end

Instance Method Details

#booleansObject 



128
129
130
 
# File 'lib/inspec/resources/selinux.rb', line 128

def booleans
  SelinuxBooleanFilter.new(parse_booleans)
end

#disabled?Boolean

Returns:

  • (Boolean) 


108
109
110
 
# File 'lib/inspec/resources/selinux.rb', line 108

def disabled?
  @data["selinuxstatus"] == "disabled"
end

#enforcing?Boolean

Returns:

  • (Boolean) 


112
113
114
 
# File 'lib/inspec/resources/selinux.rb', line 112

def enforcing?
  @data["currentmode"] == "enforcing"
end

#installed?Boolean

Returns:

  • (Boolean) 


104
105
106
 
# File 'lib/inspec/resources/selinux.rb', line 104

def installed?
  inspec.file(@path).exist?
end

#modulesObject 



124
125
126
 
# File 'lib/inspec/resources/selinux.rb', line 124

def modules
  SelinuxModuleFilter.new(parse_modules)
end

#permissive?Boolean

Returns:

  • (Boolean) 


116
117
118
 
# File 'lib/inspec/resources/selinux.rb', line 116

def permissive?
  @data["currentmode"] == "permissive"
end

#policyObject 



120
121
122
 
# File 'lib/inspec/resources/selinux.rb', line 120

def policy
  @data["loadedpolicyname"]
end

#to_sObject 



132
133
134
 
# File 'lib/inspec/resources/selinux.rb', line 132

def to_s
  "SELinux"
end