selinux: Added email support to setroubleshoot

2013-06-17 22:36:04 +03:00 · 2013-06-17 22:36:04 +03:00 · c19bffd3ec
commit c19bffd3ec
parent 1c3422e0e1
2 changed files with 29 additions and 1 deletions
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@ -60,7 +60,13 @@ class selinux {

 # Install setroubleshoot
 #
-class selinux::setroubleshoot {
+# === Parameters
+#
+#   $mailto:
+#       Array of email addresses where to send SELinux alerts.
+#       Disabled by default.
+#
+class selinux::setroubleshoot($mailto=undef) {

    if $::selinux == "true" {
        package { "setroubleshoot":
@ -74,6 +80,25 @@ class selinux::setroubleshoot {
                require   => Package["setroubleshoot"],
            }
        }
+        if $mailto {
+            if !$mail_server {
+                $mail_server = "127.0.0.1"
+            }
+            augeas { "set-setroubleshoot-smtp_host":
+                changes => "set email/smtp_host '${mail_server}'",
+                incl    => "/etc/setroubleshoot/setroubleshoot.conf",
+                lens    => "Puppet.lns",
+                require => Package["setroubleshoot"],
+            }
+            file { "/var/lib/setroubleshoot/email_alert_recipients":
+                ensure  => present,
+                mode    => "0600",
+                owner   => "root",
+                group   => "root",
+                content => template("selinux/email_alert_recipients.erb"),
+                require => Augeas["set-setroubleshoot-smtp_host"],
+            }
+        }
    }

 }
--- a/selinux/templates/email_alert_recipients.erb
+++ b/selinux/templates/email_alert_recipients.erb
@ -0,0 +1,3 @@
+<% @mailto.each do |email| -%>
+<%= email %> filter_type=after_first
+<% end -%>