From 50ef991c851a7b9a10d46d694aec6aec3e4a9b11687938f4b104c53bfed411de Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Sat, 1 Aug 2015 19:15:51 +0000 Subject: [PATCH] - add apparmor profiles for the following checks: + check_disk + check_load + check_procs + check_swap + check_users OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=18 --- monitoring-plugins.changes | 10 ++++++++++ monitoring-plugins.spec | 15 +++++++++++++++ usr.lib.nagios.plugins.check_disk | 8 ++++++++ usr.lib.nagios.plugins.check_load | 11 +++++++++++ usr.lib.nagios.plugins.check_procs | 13 +++++++++++++ usr.lib.nagios.plugins.check_swap | 6 ++++++ usr.lib.nagios.plugins.check_users | 8 ++++++++ 7 files changed, 71 insertions(+) create mode 100644 usr.lib.nagios.plugins.check_disk create mode 100644 usr.lib.nagios.plugins.check_load create mode 100644 usr.lib.nagios.plugins.check_procs create mode 100644 usr.lib.nagios.plugins.check_swap create mode 100644 usr.lib.nagios.plugins.check_users diff --git a/monitoring-plugins.changes b/monitoring-plugins.changes index ab6c56f..dcf241f 100644 --- a/monitoring-plugins.changes +++ b/monitoring-plugins.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Aug 1 19:09:11 UTC 2015 - lars@linux-schulserver.de + +- add apparmor profiles for the following checks: + + check_disk + + check_load + + check_procs + + check_swap + + check_users + ------------------------------------------------------------------- Sun Jul 26 10:17:12 UTC 2015 - lars@linux-schulserver.de diff --git a/monitoring-plugins.spec b/monitoring-plugins.spec index 7ea565c..4257188 100644 --- a/monitoring-plugins.spec +++ b/monitoring-plugins.spec @@ -43,6 +43,11 @@ Source26: check_ircd_ssl Source27: %{name}-README-extra-opts Source28: %{name}-README.SUSE-check_ping Source29: %{name}-README.SUSE-check_ntp_time +Source30: usr.lib.nagios.plugins.check_disk +Source31: usr.lib.nagios.plugins.check_load +Source32: usr.lib.nagios.plugins.check_procs +Source33: usr.lib.nagios.plugins.check_swap +Source34: usr.lib.nagios.plugins.check_users # PATCH-MISSING-TAG -- See http://en.opensuse.org/Packaging/Patches Patch1: %{name}-2.1.1-check_logfile.patch # PATCH-MISSING-TAG -- See http://en.opensuse.org/Packaging/Patches @@ -1144,6 +1149,11 @@ install -m 644 %{SOURCE22} %{buildroot}%{_sysconfdir}/apparmor.d/ install -m 644 %{SOURCE23} %{buildroot}%{_sysconfdir}/apparmor.d/ install -m 644 %{SOURCE24} %{buildroot}%{_sysconfdir}/apparmor.d/ install -m 644 %{SOURCE25} %{buildroot}%{_sysconfdir}/apparmor.d/ +install -m 644 %{SOURCE30} %{buildroot}%{_sysconfdir}/apparmor.d/ +install -m 644 %{SOURCE31} %{buildroot}%{_sysconfdir}/apparmor.d/ +install -m 644 %{SOURCE32} %{buildroot}%{_sysconfdir}/apparmor.d/ +install -m 644 %{SOURCE33} %{buildroot}%{_sysconfdir}/apparmor.d/ +install -m 644 %{SOURCE34} %{buildroot}%{_sysconfdir}/apparmor.d/ # inform the users about the deprecated monitoring-plugins-extras package cat >> README.SUSE-deprecated << EOF @@ -1285,6 +1295,7 @@ fi %defattr(0755,root,root) %dir %{nagios_plugindir} %{nagios_plugindir}/check_disk +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_disk %files disk_smb %defattr(0755,root,root) @@ -1377,6 +1388,7 @@ fi %defattr(0755,root,root) %dir %{nagios_plugindir} %{nagios_plugindir}/check_load +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_load %files log %defattr(0755,root,root) @@ -1455,6 +1467,7 @@ fi %dir %{nagios_plugindir} %{nagios_plugindir}/check_procs %{nagios_plugindir}/check_procs_perf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_procs %files radius %defattr(0755,root,root) @@ -1497,6 +1510,7 @@ fi %defattr(0755,root,root) %dir %{nagios_plugindir} %{nagios_plugindir}/check_swap +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_swap %files tcp %defattr(0755,root,root) @@ -1528,6 +1542,7 @@ fi %defattr(0755,root,root) %dir %{nagios_plugindir} %{nagios_plugindir}/check_users +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_users %files wave %defattr(0755,root,root) diff --git a/usr.lib.nagios.plugins.check_disk b/usr.lib.nagios.plugins.check_disk new file mode 100644 index 0000000..bf02818 --- /dev/null +++ b/usr.lib.nagios.plugins.check_disk @@ -0,0 +1,8 @@ +#include +/usr/lib/nagios/plugins/check_disk { + #include + #include + /etc/mtab r, + @{PROC}/[0-9]*/mounts r, + /usr/lib/nagios/plugins/check_disk rm, +} diff --git a/usr.lib.nagios.plugins.check_load b/usr.lib.nagios.plugins.check_load new file mode 100644 index 0000000..40a8998 --- /dev/null +++ b/usr.lib.nagios.plugins.check_load @@ -0,0 +1,11 @@ +#include +/usr/lib/nagios/plugins/check_load { + #include + #include + #include + /usr/lib/nagios/plugins/check_load rm, + /usr/bin/uptime rmix, + /proc/uptime r, + /proc/meminfo r, + /proc/loadavg r, +} diff --git a/usr.lib.nagios.plugins.check_procs b/usr.lib.nagios.plugins.check_procs new file mode 100644 index 0000000..d0bd880 --- /dev/null +++ b/usr.lib.nagios.plugins.check_procs @@ -0,0 +1,13 @@ +#include +/usr/lib/nagios/plugins/check_procs { + #include + #include + #include + + capability sys_ptrace, + + /bin/ps rix, + /proc/ r, + /proc/** r, + /usr/lib/nagios/plugins/check_procs mr, +} diff --git a/usr.lib.nagios.plugins.check_swap b/usr.lib.nagios.plugins.check_swap new file mode 100644 index 0000000..7d60e92 --- /dev/null +++ b/usr.lib.nagios.plugins.check_swap @@ -0,0 +1,6 @@ +#include +/usr/lib/nagios/plugins/check_swap { + #include + #include + /usr/lib/nagios/plugins/check_swap rm, +} diff --git a/usr.lib.nagios.plugins.check_users b/usr.lib.nagios.plugins.check_users new file mode 100644 index 0000000..66b322c --- /dev/null +++ b/usr.lib.nagios.plugins.check_users @@ -0,0 +1,8 @@ +#include +/usr/lib/nagios/plugins/check_users { + #include + #include + #include + /usr/lib/nagios/plugins/check_users rm, +} +