Ask Your Question
0

Find status of selinux on nodes using facter

asked 2018-02-05 09:52:28 -0600

bblackmoor gravatar image

Is it possible to use facter to find the status of selinux on nodes (permissive, warn, enforce)? Are there examples of facter scripts of this sort, or even just to see if a certain package is installed?

Thank you.

edit retag flag offensive close merge delete

Comments

I have accepted DarylW's answer as the "answer", because they included more details, but I am also grateful to ffalor for their contribution. I would have given you both credit, if I could.

bblackmoor gravatar imagebblackmoor ( 2018-02-20 14:24:03 -0600 )edit

3 Answers

Sort by ยป oldest newest most voted
1

answered 2018-02-05 11:39:57 -0600

DarylW gravatar image

updated 2018-02-05 11:42:48 -0600

For the following, I am assuming you are 'checking' as a part of setting the state of the system. Generaly, you don't 'check' to see if a package is installed, you 'make it so' via declarative puppet configuration.

I haven't checked with a modern version of puppet, but in 3.8.6 there is a 'selinux' fact that is true or false, I would assume with modern puppet you could access facts['selinux'] and check it's value.

As for examples of custom facter facts, there is the basic documentation on puppet's site at https://puppet.com/docs/facter/3.9/fact_overview.html

For seeing if packages are already installed, I think you would need to create a custom fact that can determine the appropriate package manager, and look that way... not sure if there is a way to utilize the puppet resource package command as part of a fact or not, but that would only tell you the information at the time facter ran - it would NOT get updated throughout your puppet run. ...

i.e...: If you make a custom fact that creates a list of all installed packages on your system, and you query it to see if a package is installed, use a package resource to make it install, and then query the fact again to see if it is in the list, the list will not show anything different from the first time you ran it.

For more information, see https://puppet.com/docs/puppet/5.3/subsystem_agent_master_comm.html - There is a nice diagram that shows how the agent and server interact, and there is a fixed point in the flow where facts are gathered

However.... If you are intending to run a bunch of commands across your machines to extract information (from facter, puppet resource commands, etc), you may be looking for puppet tasks ( https://puppet.com/products/puppet-bo... )

edit flag offensive delete link more
1

answered 2018-02-05 13:08:42 -0600

ffalor gravatar image

I would simply make a custom fact that executes sestatus. This will give you permissive, warn, enforce. Something like.

Facter.add(:sestatus) do
 setcode 'sestatus'                                                                                     end

Don't have access to my Lab so Idk if that is the correct format. I am assuming it is. This will give you the full text instead of true or false.

edit flag offensive delete link more
1

answered 2018-02-05 11:48:51 -0600

bblackmoor gravatar image

Thanks! That should get me started.

edit flag offensive delete link more

Comments

If this helps, please feel free to 'accept' my answer (click on the checkmark to the left of my post) to help future searchers find a 'solved' question! If you have any additional questions, feel free to ask them here or start a new question!

DarylW gravatar imageDarylW ( 2018-02-05 15:03:13 -0600 )edit

If you don't mind, I'll leave it open for a couple of days, in case someone knows of a more specific answer.

bblackmoor gravatar imagebblackmoor ( 2018-02-05 15:35:33 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-02-05 09:52:28 -0600

Seen: 28 times

Last updated: Feb 05