Skip to content

Commit

Permalink
Merge pull request #80 from banjoh/em/check-selinux
Browse files Browse the repository at this point in the history 
Analyser to check if SELinux is exabled
  • Loading branch information
@diamonwiggins
diamonwiggins authored Sep 29, 2023
2 parents 361a530 + c16a077 commit 2bd7764
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions host/default.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ spec:
collectorName: "iostat"
command: "iostat"
args: ["-x"]
# SELinux status
- run:
collectorName: "sestatus"
command: "sestatus"
Expand Down Expand Up @@ -739,3 +740,15 @@ spec:
- pass:
when: "true"
message: "'localhost' resolves to 127.0.0.1 ip address"
- textAnalyze:
checkName: Check if SELinux is enabled
fileName: host-collectors/run-host/sestatus.txt
regex: '(?m)^Current mode:\s+enforcing'
ignoreIfNoFiles: true
outcomes:
- fail:
when: "true"
message: "SELinux is enabled when it should be disabled for kubernetes to work properly"
- pass:
when: "false"
message: "SELinux is disabled as expected"

0 comments on commit 2bd7764

Please sign in to comment.