Add new Redis cookbook

2021-11-16 13:25:30 -06:00
parent 80ec84782b
commit 18f65c4fc5
66 changed files with 5780 additions and 0 deletions
--- a/cookbooks/selinux/libraries/boolean.rb
+++ b/cookbooks/selinux/libraries/boolean.rb
@@ -0,0 +1,17 @@
+module SELinux
+  module Cookbook
+    module BooleanHelpers
+      def selinux_bool(bool)
+        if ['on', 'true', '1', true, 1].include?(bool)
+          'on'
+        elsif ['off', 'false', '0', false, 0].include?(bool)
+          'off'
+        else
+          raise ArgumentError, "selinux_bool: Invalid selinux boolean value #{bool}"
+        end
+      end
+
+      module_function :selinux_bool
+    end
+  end
+end
--- a/cookbooks/selinux/libraries/install.rb
+++ b/cookbooks/selinux/libraries/install.rb
@@ -0,0 +1,22 @@
+module SELinux
+  module Cookbook
+    module InstallHelpers
+      def default_install_packages
+        case node['platform_family']
+        when 'rhel', 'fedora', 'amazon'
+          %w(make policycoreutils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
+        when 'debian'
+          if node['platform'] == 'ubuntu'
+            if node['platform_version'].to_f == 18.04
+              %w(make policycoreutils selinux selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
+            else
+              %w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
+            end
+          else
+            %w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
+          end
+        end
+      end
+    end
+  end
+end
--- a/cookbooks/selinux/libraries/state.rb
+++ b/cookbooks/selinux/libraries/state.rb
@@ -0,0 +1,43 @@
+module SELinux
+  module Cookbook
+    module StateHelpers
+      def selinux_disabled?
+        selinux_state.eql?(:disabled)
+      end
+
+      def selinux_enforcing?
+        selinux_state.eql?(:enforcing)
+      end
+
+      def selinux_permissive?
+        selinux_state.eql?(:permissive)
+      end
+
+      def state_change_reboot_required?
+        (selinux_disabled? && %i(enforcing permissive).include?(action)) || ((selinux_enforcing? || selinux_permissive?) && action == :disabled)
+      end
+
+      def selinux_state
+        state = shell_out!('getenforce').stdout.strip.downcase.to_sym
+        raise "Got unknown SELinux state #{state}" unless %i(disabled enforcing permissive).include?(state)
+
+        state
+      end
+
+      def selinux_activate_required?
+        return false unless platform_family?('debian')
+
+        !File.read('/etc/default/grub').match?('security=selinux')
+      end
+
+      def default_policy_platform
+        case node['platform_family']
+        when 'rhel', 'fedora', 'amazon'
+          'targeted'
+        when 'debian'
+          'default'
+        end
+      end
+    end
+  end
+end