summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2012-11-27 15:43:21 +0100
committermh <mh@immerda.ch>2012-11-27 15:43:21 +0100
commitd43c6ae0fcf45411524d093d21f5cb5c01f7c830 (patch)
treeabb46ad745799fec59b4982cda82a1137573b53a
parenta33995ad702c6203314d1b9b68000ae931a35dc4 (diff)
there are now official selinux plugins
-rwxr-xr-xfiles/plugins/selinux_avcstats111
-rwxr-xr-xfiles/plugins/selinuxenforced30
-rw-r--r--manifests/plugins/selinux.pp2
3 files changed, 1 insertions, 142 deletions
diff --git a/files/plugins/selinux_avcstats b/files/plugins/selinux_avcstats
deleted file mode 100755
index b7d2dbb..0000000
--- a/files/plugins/selinux_avcstats
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/sh
-#
-# Plugin to monitor SELinux's Access Vector Cache (AVC).
-#
-# config (required)
-# autoconf (optional - used by munin-config)
-#
-# Lars Strand, 2007
-#
-#
-# Magic markers (used by munin-config and some installation scripts (i.e.
-# optional)):
-#%# family=auto
-#%# capabilities=autoconf
-
-
-AVCSTATS="/selinux/avc/cache_stats"
-
-if [ "$1" = "autoconf" ]; then
- if [ -r $AVCSTATS ]; then
- echo yes
- exit 0
- else
- echo no
- exit 1
- fi
-fi
-
-if [ "$1" = "config" ]; then
-
- echo "graph_title SELinux's Access Vector Cache"
- echo 'graph_args -l 0 --base 1000'
- echo 'graph_vlabel AVC operations'
- echo 'graph_category selinux'
-
- echo 'lookups.label lookups'
- echo 'lookups.type DERIVE'
- echo 'lookups.min 0'
- echo 'lookups.max 1000000000'
- echo 'lookups.draw AREA'
- echo 'lookups.colour ff0000' # Red
- echo 'lookups.info Number of access vector lookups. This number is a good indicator of the load beeing placed on the AVC.'
-
- echo 'hits.label hits'
- echo 'hits.type DERIVE'
- echo 'hits.min 0'
- echo 'hits.max 1000000000'
- echo 'hits.draw STACK'
- echo 'hits.colour 0022ff' # Blue
- echo 'hits.info Number of access vector hits.'
-
- echo 'misses.label misses'
- echo 'misses.type DERIVE'
- echo 'misses.min 0'
- echo 'misses.max 1000000000'
- echo 'misses.draw STACK'
- echo 'misses.colour 990000' # Darker red
- echo 'misses.info Number of cache misses.'
-
- echo 'allocations.label allocations'
- echo 'allocations.type DERIVE'
- echo 'allocations.min 0'
- echo 'allocations.max 100000000'
- echo 'allocations.draw STACK'
- echo 'allocations.colour ffa500' # Orange
- echo 'allocations.info Number of AVC entries allocated.'
-
- echo 'reclaims.label reclaims'
- echo 'reclaims.type DERIVE'
- echo 'reclaims.min 0'
- echo 'reclaims.max 1000000000'
- echo 'reclaims.draw STACK'
- echo 'reclaims.colour 00aaaa' # Darker turquoise
- echo 'reclaims.info Number of current total reclaimed AVC entries. If this keeps changing, you may need to increase the cache size (/selinux/avc/cache_threshold).'
-
- echo 'frees.label frees'
- echo 'frees.type DERIVE'
- echo 'frees.min 0'
- echo 'frees.max 1000000000'
- echo 'frees.draw STACK'
- echo 'frees.colour 00ff7f' # Spring green
- echo 'frees.info Number of free AVC entries.'
-
- exit 0
-fi
-
-if [ -r $AVCSTATS ]; then
- awk ' NR > 1 {
- lookups += $1;
- hits += $2;
- misses += $3;
- allocations += $4;
- reclaims += $5;
- frees += $6;
- } END {
- print "lookups.value " lookups;
- print "hits.value " hits;
- print "misses.value " misses;
- print "allocations.value " allocations;
- print "reclaims.value " reclaims;
- print "frees.value " frees;
- } ' < $AVCSTATS
-else
- echo "lookups.value U"
- echo "hits.value U"
- echo "misses.value U"
- echo "allocations.value U"
- echo "reclaims.value U"
- echo "frees.value U"
-fi
-
diff --git a/files/plugins/selinuxenforced b/files/plugins/selinuxenforced
deleted file mode 100755
index e157e3d..0000000
--- a/files/plugins/selinuxenforced
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/sh
-# -*- sh -*-
-#
-# Plugin to monitor the status of selinux
-#
-# Contributed by admin(at)immerda.ch
-
-if [ "$1" = "autoconf" ]; then
- echo yes
- exit 0
-fi
-
-if [ "$1" = "config" ]; then
- echo 'graph_title enforced amount'
- echo 'graph_args --upper-limit 1 -l 0 '
- echo 'graph_vlabel Is the system selinux enforced?'
- echo 'graph_scale no\n';
- echo 'graph_category selinux'
- echo 'enforced.label IsEnforced'
- #echo 'enforced.draw AREA'
- echo 'enforced.draw LINE2'
-
- exit 0
-fi
-
-if [ -r /selinux/enforce ]; then
- echo -n "enforced.value " && cat /selinux/enforce
-else
- echo "enforced.value 0"
-fi
diff --git a/manifests/plugins/selinux.pp b/manifests/plugins/selinux.pp
index faf610a..d094f35 100644
--- a/manifests/plugins/selinux.pp
+++ b/manifests/plugins/selinux.pp
@@ -1,3 +1,3 @@
class munin::plugins::selinux {
- munin::plugin::deploy { [ 'selinuxenforced', 'selinux_avcstats' ]: }
+ munin::plugin{ [ 'selinux_avcstat' ]: }
}