- add apparmor profiles for the following checks:

+ check_disk + check_load + check_procs + check_swap + check_users OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=18
2015-08-01 19:15:51 +00:00 · 2015-08-01 19:15:51 +00:00 · 50ef991c85
commit 50ef991c85
parent ace882d0bf
7 changed files with 71 additions and 0 deletions
--- a/monitoring-plugins.changes
+++ b/monitoring-plugins.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Sat Aug  1 19:09:11 UTC 2015 - lars@linux-schulserver.de
+
+- add apparmor profiles for the following checks:
+  + check_disk
+  + check_load
+  + check_procs
+  + check_swap
+  + check_users
+
 -------------------------------------------------------------------
 Sun Jul 26 10:17:12 UTC 2015 - lars@linux-schulserver.de

--- a/monitoring-plugins.spec
+++ b/monitoring-plugins.spec
@ -43,6 +43,11 @@ Source26:       check_ircd_ssl
 Source27:       %{name}-README-extra-opts
 Source28:       %{name}-README.SUSE-check_ping
 Source29:       %{name}-README.SUSE-check_ntp_time
+Source30:       usr.lib.nagios.plugins.check_disk
+Source31:       usr.lib.nagios.plugins.check_load
+Source32:       usr.lib.nagios.plugins.check_procs
+Source33:       usr.lib.nagios.plugins.check_swap
+Source34:       usr.lib.nagios.plugins.check_users
 # PATCH-MISSING-TAG -- See http://en.opensuse.org/Packaging/Patches
 Patch1:         %{name}-2.1.1-check_logfile.patch
 # PATCH-MISSING-TAG -- See http://en.opensuse.org/Packaging/Patches
@ -1144,6 +1149,11 @@ install -m 644 %{SOURCE22} %{buildroot}%{_sysconfdir}/apparmor.d/
 install -m 644 %{SOURCE23} %{buildroot}%{_sysconfdir}/apparmor.d/
 install -m 644 %{SOURCE24} %{buildroot}%{_sysconfdir}/apparmor.d/
 install -m 644 %{SOURCE25} %{buildroot}%{_sysconfdir}/apparmor.d/
+install -m 644 %{SOURCE30} %{buildroot}%{_sysconfdir}/apparmor.d/
+install -m 644 %{SOURCE31} %{buildroot}%{_sysconfdir}/apparmor.d/
+install -m 644 %{SOURCE32} %{buildroot}%{_sysconfdir}/apparmor.d/
+install -m 644 %{SOURCE33} %{buildroot}%{_sysconfdir}/apparmor.d/
+install -m 644 %{SOURCE34} %{buildroot}%{_sysconfdir}/apparmor.d/

 # inform the users about the deprecated monitoring-plugins-extras package
 cat >> README.SUSE-deprecated << EOF
@ -1285,6 +1295,7 @@ fi
 %defattr(0755,root,root)
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_disk
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_disk

 %files disk_smb
 %defattr(0755,root,root)
@ -1377,6 +1388,7 @@ fi
 %defattr(0755,root,root)
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_load
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_load

 %files log
 %defattr(0755,root,root)
@ -1455,6 +1467,7 @@ fi
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_procs
 %{nagios_plugindir}/check_procs_perf
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_procs

 %files radius
 %defattr(0755,root,root)
@ -1497,6 +1510,7 @@ fi
 %defattr(0755,root,root)
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_swap
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_swap

 %files tcp
 %defattr(0755,root,root)
@ -1528,6 +1542,7 @@ fi
 %defattr(0755,root,root)
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_users
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_users

 %files wave
 %defattr(0755,root,root)
--- a/usr.lib.nagios.plugins.check_disk
+++ b/usr.lib.nagios.plugins.check_disk
@ -0,0 +1,8 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_disk {
+   #include <abstractions/base>
+   #include <abstractions/consoles>
+   /etc/mtab                        r,
+   @{PROC}/[0-9]*/mounts            r,
+   /usr/lib/nagios/plugins/check_disk rm,
+}
--- a/usr.lib.nagios.plugins.check_load
+++ b/usr.lib.nagios.plugins.check_load
@ -0,0 +1,11 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_load {
+   #include <abstractions/base>
+   #include <abstractions/consoles>
+   #include <abstractions/wutmp>
+   /usr/lib/nagios/plugins/check_load rm,
+   /usr/bin/uptime rmix,
+   /proc/uptime r,
+   /proc/meminfo r,
+   /proc/loadavg r,
+}
--- a/usr.lib.nagios.plugins.check_procs
+++ b/usr.lib.nagios.plugins.check_procs
@ -0,0 +1,13 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_procs {
+  #include <abstractions/nameservice>
+  #include <abstractions/base>
+  #include <abstractions/consoles>
+
+  capability sys_ptrace,
+
+  /bin/ps rix,
+  /proc/ r,
+  /proc/** r,
+  /usr/lib/nagios/plugins/check_procs mr,
+}
--- a/usr.lib.nagios.plugins.check_swap
+++ b/usr.lib.nagios.plugins.check_swap
@ -0,0 +1,6 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_swap {
+  #include <abstractions/base> 
+  #include <abstractions/consoles>
+  /usr/lib/nagios/plugins/check_swap rm,
+}
--- a/usr.lib.nagios.plugins.check_users
+++ b/usr.lib.nagios.plugins.check_users
@ -0,0 +1,8 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_users {
+  #include <abstractions/base> 
+  #include <abstractions/consoles>
+  #include <abstractions/wutmp>
+  /usr/lib/nagios/plugins/check_users rm,
+}
+