From e8683b23f8604d5f21587602c9a59dd89f098aa2 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Tue, 13 Dec 2022 17:54:38 +0100 Subject: [PATCH 1/5] Rename COPYING to LICENSE --- COPYING => LICENSE | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename COPYING => LICENSE (100%) diff --git a/COPYING b/LICENSE similarity index 100% rename from COPYING rename to LICENSE From 7c9e0ab91ef84fe97ff91c3b05a1a70ecb1d5141 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Tue, 13 Dec 2022 18:00:23 +0100 Subject: [PATCH 2/5] Export ignore --- .gitattributes | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index 716db8102..0861c3136 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,5 +1,9 @@ -# Exclude files related to git when generating an archive +test/ export-ignore .git* export-ignore +CONTRIBUTING.md export-ignore +icingaweb2-ruleset.xml export-ignore +phpcs.xml export-ignore +RELEASE.md export-ignore # Include version information on `git archive' /application/VERSION export-subst From d41ebeb6bcbc8e924a5e83846e0357a712247f0e Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 14 Dec 2022 12:12:54 +0100 Subject: [PATCH 3/5] Schema path is now always /usr/share/icingaweb2/schema --- doc/20-Advanced-Topics.md | 4 ++-- doc/80-Upgrading.md | 5 +++-- modules/setup/library/Setup/WebWizard.php | 4 ++-- .../schema => schema}/mysql-upgrades/2.0.0beta3-2.0.0rc1.sql | 0 {etc/schema => schema}/mysql-upgrades/2.11.0.sql | 0 {etc/schema => schema}/mysql-upgrades/2.5.0.sql | 0 {etc/schema => schema}/mysql-upgrades/2.9.0.sql | 0 {etc/schema => schema}/mysql-upgrades/2.9.1.sql | 0 {etc/schema => schema}/mysql.schema.sql | 0 .../schema => schema}/pgsql-upgrades/2.0.0beta3-2.0.0rc1.sql | 0 {etc/schema => schema}/pgsql-upgrades/2.11.0.sql | 0 {etc/schema => schema}/pgsql-upgrades/2.5.0.sql | 0 {etc/schema => schema}/pgsql-upgrades/2.9.0.sql | 0 {etc/schema => schema}/pgsql-upgrades/2.9.1.sql | 0 {etc/schema => schema}/pgsql.schema.sql | 0 15 files changed, 7 insertions(+), 6 deletions(-) rename {etc/schema => schema}/mysql-upgrades/2.0.0beta3-2.0.0rc1.sql (100%) rename {etc/schema => schema}/mysql-upgrades/2.11.0.sql (100%) rename {etc/schema => schema}/mysql-upgrades/2.5.0.sql (100%) rename {etc/schema => schema}/mysql-upgrades/2.9.0.sql (100%) rename {etc/schema => schema}/mysql-upgrades/2.9.1.sql (100%) rename {etc/schema => schema}/mysql.schema.sql (100%) rename {etc/schema => schema}/pgsql-upgrades/2.0.0beta3-2.0.0rc1.sql (100%) rename {etc/schema => schema}/pgsql-upgrades/2.11.0.sql (100%) rename {etc/schema => schema}/pgsql-upgrades/2.5.0.sql (100%) rename {etc/schema => schema}/pgsql-upgrades/2.9.0.sql (100%) rename {etc/schema => schema}/pgsql-upgrades/2.9.1.sql (100%) rename {etc/schema => schema}/pgsql.schema.sql (100%) diff --git a/doc/20-Advanced-Topics.md b/doc/20-Advanced-Topics.md index 2329a623c..4f47e0250 100644 --- a/doc/20-Advanced-Topics.md +++ b/doc/20-Advanced-Topics.md @@ -183,7 +183,7 @@ CREATE DATABASE icingaweb2; GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY 'icingaweb2'; quit -mysql -p icingaweb2 < /usr/share/doc/icingaweb2/schema/mysql.schema.sql +mysql -p icingaweb2 < /usr/share/icingaweb2/schema/mysql.schema.sql ``` @@ -318,7 +318,7 @@ and all the other steps described above first. 1. Install PHP dependencies: `php`, `php-intl`, `php-imagick`, `php-gd`, `php-mysql`, `php-curl`, `php-mbstring` used by Icinga Web 2. 2. Create a database for Icinga Web 2, i.e. `icingaweb2`. -3. Import the database schema: `mysql -D icingaweb2 < /usr/share/icingaweb2/etc/schema/mysql.schema.sql`. +3. Import the database schema: `mysql -D icingaweb2 < /usr/share/icingaweb2/schema/mysql.schema.sql`. 4. Insert administrator user in the `icingaweb2` database: `INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('admin', 1, '')`, where `` is the output of `php -r 'echo password_hash("yourtopsecretpassword", PASSWORD_DEFAULT);'`. diff --git a/doc/80-Upgrading.md b/doc/80-Upgrading.md index a9f13f36f..ee3602d82 100644 --- a/doc/80-Upgrading.md +++ b/doc/80-Upgrading.md @@ -13,8 +13,9 @@ v2.6 to v2.8 requires to follow the instructions for v2.7 too. **Database Schema** * Please apply the `v2.11.0.sql` upgrade script depending on your database vendor. - In package installations this file can be found in `/usr/share/doc/icingaweb2/schema/*-upgrades/` - (Debian/Ubuntu: `/usr/share/icingaweb2/etc/schema/*-upgrades/`). + As of version `2.11.4`, upgrade scripts can be found at `/usr/share/icingaweb2/schema/*-upgrades/`. + Older versions install these files to `/usr/share/doc/icingaweb2/schema/*-upgrades/` for RPM-based systems + and `/usr/share/icingaweb2/etc/schema/*-upgrades/` for Debian or Ubuntu. **Breaking changes** diff --git a/modules/setup/library/Setup/WebWizard.php b/modules/setup/library/Setup/WebWizard.php index bb2cbb90b..f25be555a 100644 --- a/modules/setup/library/Setup/WebWizard.php +++ b/modules/setup/library/Setup/WebWizard.php @@ -445,7 +445,7 @@ class WebWizard extends Wizard implements SetupWizard ? $pageData['setup_auth_db_creation']['password'] : null, 'schemaPath' => Config::module('setup') - ->get('schema', 'path', Icinga::app()->getBaseDir('etc' . DIRECTORY_SEPARATOR . 'schema')) + ->get('schema', 'path', Icinga::app()->getBaseDir('schema')) )) ); } elseif (isset($pageData['setup_config_db_resource']) @@ -466,7 +466,7 @@ class WebWizard extends Wizard implements SetupWizard ? $pageData['setup_config_db_creation']['password'] : null, 'schemaPath' => Config::module('setup') - ->get('schema', 'path', Icinga::app()->getBaseDir('etc' . DIRECTORY_SEPARATOR . 'schema')) + ->get('schema', 'path', Icinga::app()->getBaseDir('schema')) )) ); } diff --git a/etc/schema/mysql-upgrades/2.0.0beta3-2.0.0rc1.sql b/schema/mysql-upgrades/2.0.0beta3-2.0.0rc1.sql similarity index 100% rename from etc/schema/mysql-upgrades/2.0.0beta3-2.0.0rc1.sql rename to schema/mysql-upgrades/2.0.0beta3-2.0.0rc1.sql diff --git a/etc/schema/mysql-upgrades/2.11.0.sql b/schema/mysql-upgrades/2.11.0.sql similarity index 100% rename from etc/schema/mysql-upgrades/2.11.0.sql rename to schema/mysql-upgrades/2.11.0.sql diff --git a/etc/schema/mysql-upgrades/2.5.0.sql b/schema/mysql-upgrades/2.5.0.sql similarity index 100% rename from etc/schema/mysql-upgrades/2.5.0.sql rename to schema/mysql-upgrades/2.5.0.sql diff --git a/etc/schema/mysql-upgrades/2.9.0.sql b/schema/mysql-upgrades/2.9.0.sql similarity index 100% rename from etc/schema/mysql-upgrades/2.9.0.sql rename to schema/mysql-upgrades/2.9.0.sql diff --git a/etc/schema/mysql-upgrades/2.9.1.sql b/schema/mysql-upgrades/2.9.1.sql similarity index 100% rename from etc/schema/mysql-upgrades/2.9.1.sql rename to schema/mysql-upgrades/2.9.1.sql diff --git a/etc/schema/mysql.schema.sql b/schema/mysql.schema.sql similarity index 100% rename from etc/schema/mysql.schema.sql rename to schema/mysql.schema.sql diff --git a/etc/schema/pgsql-upgrades/2.0.0beta3-2.0.0rc1.sql b/schema/pgsql-upgrades/2.0.0beta3-2.0.0rc1.sql similarity index 100% rename from etc/schema/pgsql-upgrades/2.0.0beta3-2.0.0rc1.sql rename to schema/pgsql-upgrades/2.0.0beta3-2.0.0rc1.sql diff --git a/etc/schema/pgsql-upgrades/2.11.0.sql b/schema/pgsql-upgrades/2.11.0.sql similarity index 100% rename from etc/schema/pgsql-upgrades/2.11.0.sql rename to schema/pgsql-upgrades/2.11.0.sql diff --git a/etc/schema/pgsql-upgrades/2.5.0.sql b/schema/pgsql-upgrades/2.5.0.sql similarity index 100% rename from etc/schema/pgsql-upgrades/2.5.0.sql rename to schema/pgsql-upgrades/2.5.0.sql diff --git a/etc/schema/pgsql-upgrades/2.9.0.sql b/schema/pgsql-upgrades/2.9.0.sql similarity index 100% rename from etc/schema/pgsql-upgrades/2.9.0.sql rename to schema/pgsql-upgrades/2.9.0.sql diff --git a/etc/schema/pgsql-upgrades/2.9.1.sql b/schema/pgsql-upgrades/2.9.1.sql similarity index 100% rename from etc/schema/pgsql-upgrades/2.9.1.sql rename to schema/pgsql-upgrades/2.9.1.sql diff --git a/etc/schema/pgsql.schema.sql b/schema/pgsql.schema.sql similarity index 100% rename from etc/schema/pgsql.schema.sql rename to schema/pgsql.schema.sql From 03e3cf9c829d8b00aca99077bd9ed5489e98f572 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 14 Dec 2022 12:20:30 +0100 Subject: [PATCH 4/5] doc: No longer offer manual steps to install SELinux policy The policy will be moved to the packaging repository and all RPM-based distributions will provide the policy package. --- doc/90-SELinux.md | 58 +++-------------------------------------------- 1 file changed, 3 insertions(+), 55 deletions(-) diff --git a/doc/90-SELinux.md b/doc/90-SELinux.md index 7a55a2a81..d19ca82fd 100644 --- a/doc/90-SELinux.md +++ b/doc/90-SELinux.md @@ -13,65 +13,13 @@ For a simplified (and funny) introduction download the [SELinux Coloring Book](h ## Policy -Icinga Web 2 is providing its own SELinux policy for Red Hat Enterprise Linux 7 and its derivates running the targeted -policy which confines Icinga Web 2 with support for all its modules. All other distributions will require some tweaks. -It is not upstreamed to the reference policies yet. +Icinga Web 2 is providing its own SELinux policy for RPM-based systems running the targeted policy +which confines Icinga Web 2 with support for all its modules. The policy for Icinga Web 2 will also require the policy for Icinga 2 which provides access to its interfaces. It covers only the scenario running Icinga Web 2 in Apache HTTP Server with mod_php. -## Installation - -There are two ways to install the SELinux Policy for Icinga Web 2 on Enterprise Linux 7. -Either install it from the provided package which is the preferred option or intall the policy manually, if you need -fixes which are not yet released. - -Verify that the system runs in enforcing mode. - - sestatus - # SELinux status: enabled - # SELinuxfs mount: /sys/fs/selinux - # SELinux root directory: /etc/selinux - # Loaded policy name: targeted - # Current mode: enforcing - # Mode from config file: enforcing - # Policy MLS status: enabled - # Policy deny_unknown status: allowed - # Max kernel policy version: 28 - -If problems occur, you can set icinga2 or httpd to run to run its domain in permissive mode. -You can change the configured mode by editing `/etc/selinux/config` and the current mode by executing `setenforce 0`. - -### Package installation - -Simply add the `selinux` subpackage to your installation. - - yum install icingaweb2-selinux - -### Manual installation - -This section describes the manual installation to support development and testing. - -As a prerequisite install the `git`, `selinux-policy-devel` and `audit` package. Enable and start the audit daemon -afterwards. - - yum install git selinux-policy-devel audit - systemctl enable auditd.service - systemctl start auditd.service - -To create and install the policy package run the installation script from the Icinga Web 2 source which also labels the -resources. - - cd packages/selinux/ - ./icingaweb2.sh - -Verify that Apache runs in its own domain `httpd_t` and the Icinga Web 2 configuration has its own context -`icingaweb2_config_t`. - - ps -eZ | grep http - # system_u:system_r:httpd_t:s0 9785 ? 00:00:00 httpd - ls -ldZ /etc/icingaweb2/ - # drwxrws---. root icingaweb2 system_u:object_r:icingaweb2_config_t:s0 /etc/icingaweb2/ +Use your distribution's package manager to install the `icingaweb2-selinux` package. ## General From 78552933024366c86872b3de8f8b1887f76d1285 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 14 Dec 2022 12:23:25 +0100 Subject: [PATCH 5/5] Remove packages/ Moved to the packaging repository. --- packages/RPM.md | 110 ------------------ packages/files/apache/icingaweb2.conf | 60 ---------- packages/files/apache/icingaweb2.fpm.conf | 57 --------- packages/files/bin/icingacli | 7 -- packages/files/config/modules/doc/config.ini | 3 - .../files/config/modules/setup/config.ini | 2 - .../config/modules/translation/config.ini | 4 - packages/files/public/index.php | 4 - packages/selinux/icingaweb2.fc | 7 -- packages/selinux/icingaweb2.if | 45 ------- packages/selinux/icingaweb2.sh | 52 --------- packages/selinux/icingaweb2.te | 29 ----- 12 files changed, 380 deletions(-) delete mode 100644 packages/RPM.md delete mode 100644 packages/files/apache/icingaweb2.conf delete mode 100644 packages/files/apache/icingaweb2.fpm.conf delete mode 100755 packages/files/bin/icingacli delete mode 100644 packages/files/config/modules/doc/config.ini delete mode 100644 packages/files/config/modules/setup/config.ini delete mode 100644 packages/files/config/modules/translation/config.ini delete mode 100644 packages/files/public/index.php delete mode 100644 packages/selinux/icingaweb2.fc delete mode 100644 packages/selinux/icingaweb2.if delete mode 100755 packages/selinux/icingaweb2.sh delete mode 100644 packages/selinux/icingaweb2.te diff --git a/packages/RPM.md b/packages/RPM.md deleted file mode 100644 index c93b60170..000000000 --- a/packages/RPM.md +++ /dev/null @@ -1,110 +0,0 @@ -# Icinga Web 2 README for RPM Packages - -This file will describe how to install Icinga Web 2 from an RPM -package (RHEL/CentOS/Fedora, SLES/OpenSUSE). - -## Requirements - -* EPEL/OBS Repository for Zend Framework -* Apache 2.2+ -* PHP 5.3+, Zend Framework, PHP PDO MySQL/PostgreSQL, PHP LDAP (optional) -* MySQL or PostgreSQL for internal DB -* Icinga 1.x or 2.x providing an IDO database (default: `icinga`) -* Icinga 1.x or 2.x providing an external command pipe (default: `icinga2.cmd`) - -### SELinux - -Disabled SELinux for sending commands via external command pipe -provided by Icinga (2) Core. - - setenforce 0 - -## Webserver Configuration - -Can be generated using the following local icingacli command: - - /usr/share/icingaweb2/bin/icingacli setup config webserver apache - -Pipe the output into `/etc/httpd/conf.d/icingaweb2.conf` or similar, -if not already existing. - -## Setup Wizard - -Navigate to `/icingaweb/setup` and follow the on-screen instructions. - - -## Support - -Please use one of the listed support channels at https://support.icinga.com - - -## Manual Setup - -### Internal DB Setup - -Decide whether to use MySQL or PostgreSQL. - -#### MySQL - - mysql -u root -p - CREATE USER `icingaweb`@`localhost` IDENTIFIED BY 'icingaweb'; - CREATE DATABASE `icingaweb`; - GRANT ALL PRIVILEGES ON `icingaweb`.* TO `icingaweb`@`localhost`; - FLUSH PRIVILEGES; - quit - - mysql -u root -p icingaweb < /usr/share/doc/icingaweb2*/schema/mysql.schema..sql - -#### PostgreSQL - - sudo su postgres - psql - postgres=# CREATE USER icingaweb WITH PASSWORD 'icingaweb'; - postgres=# CREATE DATABASE icingaweb; - postgres=# \q - -Add the `icingaweb` user for trusted authentication to your `pg_hba.conf` file -in `/var/lib/pgsql/data/pg_hba.conf` and restart the PostgreSQL server. - - local icingaweb icingaweb trust - host icingaweb icingaweb 127.0.0.1/32 trust - host icingaweb icingaweb ::1/128 trust - -Now install the `icingaweb` schema - - bash$ psql -U icingaweb -a -f /usr/share/doc/icingaweb2*/schema/pgsql.schema.sql - - -### Configuration - -#### Module Configuration - -The monitoring module is enabled by default. - -#### Backend configuration - -`/etc/icingaweb2/resources.ini` contains the database backend information. -By default the Icinga 2 DB IDO is used by the monitoring module in -`/etc/icingaweb2/modules/monitoring/backends.ini` - -The external command pipe is required for sending commands -and configured for Icinga 2 in -`/etc/icingaweb2/modules/monitoring/commandtransports.ini` - -#### Authentication configuration - -The `/etc/icingaweb2/authentication.ini` file uses the internal database as -default. This requires the database being installed properly before -allowing users to login via web console. - -#### Default User - -When not using the default setup wizard, you can generate a secure password hash with openssl -and insert that manually like so: - - openssl passwd -1 "yoursecurepassword" - - mysql -uicingaweb -p icingaweb - - mysql> INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '$yoursecurepassword_hash'); - diff --git a/packages/files/apache/icingaweb2.conf b/packages/files/apache/icingaweb2.conf deleted file mode 100644 index da8c56572..000000000 --- a/packages/files/apache/icingaweb2.conf +++ /dev/null @@ -1,60 +0,0 @@ -Alias /icingaweb2 "/usr/share/icingaweb2/public" - -# Remove comments if you want to use PHP FPM and your Apache version is older than 2.4 -# -# # Forward PHP requests to FPM -# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 -# -# ProxyPassMatch "fcgi://127.0.0.1:9000/{documentRoot}/$1" -# -# - - - Options SymLinksIfOwnerMatch - AllowOverride None - - DirectoryIndex index.php - - - # Apache 2.4 - - Require all granted - - - - - # Apache 2.2 - Order allow,deny - Allow from all - - - SetEnv ICINGAWEB_CONFIGDIR "/etc/icingaweb2" - - EnableSendfile Off - - - RewriteEngine on - RewriteBase /icingaweb2/ - RewriteCond %{REQUEST_FILENAME} -s [OR] - RewriteCond %{REQUEST_FILENAME} -l [OR] - RewriteCond %{REQUEST_FILENAME} -d - RewriteRule ^.*$ - [NC,L] - RewriteRule ^.*$ index.php [NC,L] - - - - DirectoryIndex error_norewrite.html - ErrorDocument 404 /icingaweb2/error_norewrite.html - - -# Remove comments if you want to use PHP FPM and your Apache version -# is greater than or equal to 2.4 -# = 2.4> -# # Forward PHP requests to FPM -# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 -# -# SetHandler "proxy:fcgi://127.0.0.1:9000" -# ErrorDocument 503 {urlPath}/error_unavailable.html -# -# - diff --git a/packages/files/apache/icingaweb2.fpm.conf b/packages/files/apache/icingaweb2.fpm.conf deleted file mode 100644 index 8d5b9db71..000000000 --- a/packages/files/apache/icingaweb2.fpm.conf +++ /dev/null @@ -1,57 +0,0 @@ -Alias /icingaweb2 "/usr/share/icingaweb2/public" - - - # Forward PHP requests to FPM - SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - - ProxyPassMatch "fcgi://127.0.0.1:9000/usr/share/icingaweb2/public/$1" - - - - - Options SymLinksIfOwnerMatch - AllowOverride None - - DirectoryIndex index.php - - - # Apache 2.4 - - Require all granted - - - - - # Apache 2.2 - Order allow,deny - Allow from all - - - SetEnv ICINGAWEB_CONFIGDIR "/etc/icingaweb2" - - EnableSendfile Off - - - RewriteEngine on - RewriteBase /icingaweb2/ - RewriteCond %{REQUEST_FILENAME} -s [OR] - RewriteCond %{REQUEST_FILENAME} -l [OR] - RewriteCond %{REQUEST_FILENAME} -d - RewriteRule ^.*$ - [NC,L] - RewriteRule ^.*$ index.php [NC,L] - - - - DirectoryIndex error_norewrite.html - ErrorDocument 404 /icingaweb2/error_norewrite.html - - - = 2.4> - # Forward PHP requests to FPM - SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - - SetHandler "proxy:fcgi://127.0.0.1:9000" - ErrorDocument 503 /icingaweb2/error_unavailable.html - - - diff --git a/packages/files/bin/icingacli b/packages/files/bin/icingacli deleted file mode 100755 index 4b51e3384..000000000 --- a/packages/files/bin/icingacli +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/php -dispatch(); diff --git a/packages/files/config/modules/doc/config.ini b/packages/files/config/modules/doc/config.ini deleted file mode 100644 index 80df20784..000000000 --- a/packages/files/config/modules/doc/config.ini +++ /dev/null @@ -1,3 +0,0 @@ -[documentation] -icingaweb2 = /usr/share/doc/icingaweb2/markdown -modules = /usr/share/doc/icingaweb2/modules/{module}/markdown diff --git a/packages/files/config/modules/setup/config.ini b/packages/files/config/modules/setup/config.ini deleted file mode 100644 index 5158aae99..000000000 --- a/packages/files/config/modules/setup/config.ini +++ /dev/null @@ -1,2 +0,0 @@ -[schema] -path = /usr/share/doc/icingaweb2/schema diff --git a/packages/files/config/modules/translation/config.ini b/packages/files/config/modules/translation/config.ini deleted file mode 100644 index 5bdf37b0c..000000000 --- a/packages/files/config/modules/translation/config.ini +++ /dev/null @@ -1,4 +0,0 @@ -[translation] -msgmerge = /usr/bin/msgmerge -xgettext = /usr/bin/xgettext -msgfmt = /usr/bin/msgfmt diff --git a/packages/files/public/index.php b/packages/files/public/index.php deleted file mode 100644 index 8ea9e80d1..000000000 --- a/packages/files/public/index.php +++ /dev/null @@ -1,4 +0,0 @@ - -## Allow the specified domain to read -## icingaweb2 configuration files. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`icingaweb2_read_config',` - gen_require(` - type icingaweb2_config_t; - ') - - files_search_etc($1) - list_dirs_pattern($1, icingaweb2_config_t, icingaweb2_config_t) - read_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t) - read_lnk_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t) -') - -######################################## -## -## Allow the specified domain to read -## and write icingaweb2 configuration files. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`icingaweb2_manage_config',` - gen_require(` - type icingaweb2_config_t; - ') - - files_search_etc($1) - manage_dirs_pattern($1, icingaweb2_config_t, icingaweb2_config_t) - manage_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t) - manage_lnk_files_pattern($1, icingaweb2_config_t, icingaweb2_config_t) -') diff --git a/packages/selinux/icingaweb2.sh b/packages/selinux/icingaweb2.sh deleted file mode 100755 index bbe2a2e74..000000000 --- a/packages/selinux/icingaweb2.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -e - -DIRNAME=`dirname $0` -cd $DIRNAME -USAGE="$0 [ --update ]" -if [ `id -u` != 0 ]; then -echo 'You must be root to run this script' -exit 1 -fi - -if [ $# -eq 1 ]; then - if [ "$1" = "--update" ] ; then - time=`ls -l --time-style="+%x %X" icingaweb2.te | awk '{ printf "%s %s", $6, $7 }'` - rules=`ausearch --start $time -m avc --raw -se icinga2` - if [ x"$rules" != "x" ] ; then - echo "Found avc's to update policy with" - echo -e "$rules" | audit2allow -R - echo "Do you want these changes added to policy [y/n]?" - read ANS - if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then - echo "Updating policy" - echo -e "$rules" | audit2allow -R >> icingaweb2.te - # Fall though and rebuild policy - else - exit 0 - fi - else - echo "No new avcs found" - exit 0 - fi - else - echo -e $USAGE - exit 1 - fi -elif [ $# -ge 2 ] ; then - echo -e $USAGE - exit 1 -fi - -echo "Building and Loading Policy" -set -x -make -f /usr/share/selinux/devel/Makefile icingaweb2.pp || exit -/usr/sbin/semodule -i icingaweb2.pp - -# Generate a man page off the installed module -#sepolicy manpage -p . -d icingaweb2_t -# Fixing the file context on /etc/icingaweb2 -/sbin/restorecon -F -R -v /etc/icingaweb2 -# Fixing the file context on /var/log/icingaweb2 -/sbin/restorecon -F -R -v /var/log/icingaweb2 -# Fixing the file context on /usr/share/icingaweb2 -/sbin/restorecon -F -R -v /usr/share/icingaweb2 diff --git a/packages/selinux/icingaweb2.te b/packages/selinux/icingaweb2.te deleted file mode 100644 index e7c8f9df7..000000000 --- a/packages/selinux/icingaweb2.te +++ /dev/null @@ -1,29 +0,0 @@ -policy_module(icingaweb2, 0.0.1) - -######################################## -# -# Declarations -# - -require { - type httpd_t; -} - -## -##

-## Allow Apache to manage icingaweb2 configuration -##

-##
-gen_tunable(httpd_can_manage_icingaweb2_config, true) - -type icingaweb2_config_t; -files_config_file(icingaweb2_config_t) - -optional_policy(` - apache_content_template(icingaweb2) - icingaweb2_read_config(httpd_t) - tunable_policy(`httpd_can_manage_icingaweb2_config',` - icingaweb2_manage_config(httpd_t) - ') -') -