Add additional status checks to so-common-status-check for telegraf

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-06 09:12:45 +01:00 · 2024-01-17 15:37:52 -05:00
parent 6cf0b365e6
commit 4e6924610d
1 changed files with 47 additions and 1 deletions
--- a/salt/common/tools/sbin/so-common-status-check
+++ b/salt/common/tools/sbin/so-common-status-check
@@ -8,6 +8,7 @@
 import sys
 import subprocess
 import os
+import json

 sys.path.append('/opt/saltstack/salt/lib/python3.10/site-packages/')
 import salt.config
@@ -36,17 +37,62 @@ def check_needs_restarted():
  with open(outfile, 'w') as f:
    f.write(val)

+def check_for_fips():
+    os = __grains__['os']
+    fips = False
+    # Only checking fully supported OS
+    if os == 'OEL':
+        try:
+            result = subprocess.run(['fips-mode-setup', '--is-enabled'], check=True, stdout=subprocess.PIPE)
+            fips = result.returncode == 0
+        except FileNotFoundError:
+            with open('/proc/sys/crypto/fips_enabled', 'r') as f:
+                contents = f.read()
+                if '1' in contents:
+                    fips = True
+                else:
+                    fips = False
+        return fips
+
+def check_for_luks():
+    os = __grains__['os']
+    luks = False
+    # Only checking fully supported OS
+    if os == 'OEL':
+        result = subprocess.run(['lsblk', '-p', '-J'], check=True, stdout=subprocess.PIPE)
+        data = json.loads(result.stdout)
+        for device in data['blockdevices']:
+            if 'children' in device:
+                for gc in device['children']:
+                    if 'children' in gc:
+                        try:
+                            result = subprocess.run(['cryptsetup', 'isLuks', gc['name']], check=True, stdout=subprocess.PIPE)
+                            luks = result.returncode == 0
+                        except FileNotFoundError:
+                            for ggc in gc['children']:
+                                if 'crypt' in ggc['type']:
+                                    luks = True
+            if luks:
+                break
+        return luks
+
+def check_features():
+    fips = check_for_fips()
+    luks = check_for_luks()
+    with open('/opt/so/log/sostatus/features-check.log', 'w') as f:
+       f.write("featuresdetected: fips={},luks={}".format(fips,luks))
+
 def fail(msg):
  print(msg, file=sys.stderr)
  sys.exit(1)

-
 def main():
  proc = subprocess.run(['id', '-u'], stdout=subprocess.PIPE, encoding="utf-8")
  if proc.stdout.strip() != "0":
    fail("This program must be run as root")

  check_needs_restarted()
+  check_features()

 if __name__ == "__main__":
  main()