Update features check

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-06 17:22:49 +01:00 · 2024-01-18 16:06:53 -05:00
parent 65d46ea27d
commit caf4036dbf
1 changed files with 33 additions and 42 deletions
--- a/salt/common/tools/sbin/so-common-status-check
+++ b/salt/common/tools/sbin/so-common-status-check
@@ -38,27 +38,22 @@ def check_needs_restarted():
    f.write(val)

 def check_for_fips():
-    os = __grains__['os']
-    fips = False
-    # Only checking fully supported OS
-    if os == 'OEL':
+    fips = 0
    try:
        result = subprocess.run(['fips-mode-setup', '--is-enabled'], check=True, stdout=subprocess.PIPE)
-            fips = result.returncode == 0
+        fips = int(result.returncode == 0)
    except FileNotFoundError:
        with open('/proc/sys/crypto/fips_enabled', 'r') as f:
            contents = f.read()
            if '1' in contents:
-                    fips = True
+                fips = 1
            else:
-                    fips = False
-        return fips
+                fips = 0
+    with open('/opt/so/log/sostatus/fips_enabled', 'w') as f:
+       f.write(str(fips))

 def check_for_luks():
-    os = __grains__['os']
-    luks = False
-    # Only checking fully supported OS
-    if os == 'OEL':
+    luks = 0
    result = subprocess.run(['lsblk', '-p', '-J'], check=True, stdout=subprocess.PIPE)
    data = json.loads(result.stdout)
    for device in data['blockdevices']:
@@ -67,20 +62,15 @@ def check_for_luks():
                if 'children' in gc:
                    try:
                        result = subprocess.run(['cryptsetup', 'isLuks', gc['name']], check=True, stdout=subprocess.PIPE)
-                            luks = result.returncode == 0
+                        luks = int(result.returncode == 0)
                    except FileNotFoundError:
                        for ggc in gc['children']:
                            if 'crypt' in ggc['type']:
-                                    luks = True
+                                luks = 1
        if luks:
            break
-        return luks
-
-def check_features():
-    fips = check_for_fips()
-    luks = check_for_luks()
-    with open('/opt/so/log/sostatus/features-check.log', 'w') as f:
-       f.write("featuresdetected fips={},luks={}".format(fips,luks))
+    with open('/opt/so/log/sostatus/luks_enabled', 'w') as f:
+       f.write(str(luks))

 def fail(msg):
  print(msg, file=sys.stderr)
@@ -92,7 +82,8 @@ def main():
    fail("This program must be run as root")

  check_needs_restarted()
-  check_features()
+  check_for_fips()
+  check_for_luks()

 if __name__ == "__main__":
  main()