Initial version of selinux module.

2010-07-02 12:23:10 +03:00 · 2010-07-02 12:23:10 +03:00 · 838f6df62a
commit 838f6df62a
parent f60f848d46
1 changed files with 52 additions and 0 deletions
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@ -0,0 +1,52 @@
+
+# Set SELinux boolean value
+#
+# === Parameters
+#
+#   $name:
+#       SELinux key to set
+#   $value:
+#       Value for given key (on or off)
+#
+# === Sample usage
+#
+# selinux::boolean { "use_nfs_home_dirs":
+#     value => "on",
+# }
+#
+define selinux::boolean($value) {
+
+    selboolean { $name:
+        value      => $value,
+        persistent => true,
+    }
+
+}
+
+
+# Configure SELinux port authorizations
+#
+# === Parameters
+#
+#   $name:
+#       Port range to configure
+#   $type:
+#       SELinux type for port range
+#   $proto:
+#       Protocol for port (tcp or udp)
+#
+# === Sample usage
+#
+# selinux::manage_port { "18140-18143":
+#     type  => "http_port_t",
+#     proto => "tcp",
+# }
+#
+define selinux::manage_port($type, $proto) {
+
+    exec { "semanage port -a -t ${type} -p ${proto} ${name}":
+        path   => "/bin:/usr/bin:/sbin:/usr/sbin",
+        unless => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
+    }
+
+}