Table of Contents
Check SE Troubleshoot
Script: check_se_troubleshoot
This checks the commands left by setroubleshoot service in the journallog. It shows a condensed list with found different commands.
Responses are
- OK - no hint was found
- Warning - min. 1 hint was found in journallog
- Unknown - no access to journallog
Requirements
-
journalctlbinary - sudo permissions to
journalctl
icingaclient ALL=(ALL) NOPASSWD: /bin/journalctl
Standalone installation
From this repository you need next to this script:
-
inc_pluginfunctionsshared function for all IML checks written in bash
Syntax
______________________________________________________________________
CHECK_SE_TROUBLESHOOT
v0.1
(c) Institute for Medical Education - University of Bern
Licence: GNU GPL 3
https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_se_troubleshoot.html
______________________________________________________________________
Check suggested commands of setroubleshoot in the journallog. If found it
shows the number of different hints and number of messages.
The output contains a list of messages that you maybe want to apply.
This plugin sends performancedata.
SYNTAX:
check_se_troubleshoot [OPTIONS]
OPTIONS:
-h, --help show this help.
-s, --since <time> value for --since param of journalctl
default: '15 min ago'
PARAMETERS:
none
EXAMPLES:
check_se_troubleshoot
Check journallog and show found commands
check_se_troubleshoot -s "60 min ago"
Check entries in a custom time range
Examples
././check_se_troubleshoot returns
OK: No hints from SE Troubleshooter
since 15 min ago
|sebool-hints=0;;;0;0 sebool-messages=0;;;0;0
If a hint was found the status switches to warning and shows the commands to apply
WARNING: SE Troubleshooter has 2 hints (reporting them 12 times)
setsebool -P httpd_can_network_connect 1
setsebool -P nis_enabled 1
since 15 min ago
|sebool-hints=2;;;0;0 sebool-messages=12;;;0;0