getSELinuxStatus gets SELinux status using file reading
()
| 330 | |
| 331 | // getSELinuxStatus gets SELinux status using file reading |
| 332 | func (d *Detector) getSELinuxStatus() string { |
| 333 | // Windows and FreeBSD don't use SELinux |
| 334 | if runtime.GOOS == "windows" || d.isFreeBSD() { |
| 335 | return constants.SELinuxDisabled |
| 336 | } |
| 337 | |
| 338 | // Try getenforce command first |
| 339 | if cmd := exec.Command("getenforce"); cmd != nil { |
| 340 | if output, err := cmd.Output(); err == nil { |
| 341 | status := strings.ToLower(strings.TrimSpace(string(output))) |
| 342 | // Map "enforcing" to "enabled" for server validation |
| 343 | if status == constants.SELinuxEnforcing { |
| 344 | return constants.SELinuxEnabled |
| 345 | } |
| 346 | if status == constants.SELinuxPermissive { |
| 347 | return constants.SELinuxPermissive |
| 348 | } |
| 349 | return status |
| 350 | } |
| 351 | } |
| 352 | |
| 353 | // Fallback to reading config file |
| 354 | if data, err := os.ReadFile("/etc/selinux/config"); err == nil { |
| 355 | scanner := bufio.NewScanner(strings.NewReader(string(data))) |
| 356 | for scanner.Scan() { |
| 357 | line := strings.TrimSpace(scanner.Text()) |
| 358 | if value, found := strings.CutPrefix(line, "SELINUX="); found { |
| 359 | status := strings.ToLower(strings.Trim(value, "\"'")) |
| 360 | // Map "enforcing" to "enabled" for server validation |
| 361 | if status == constants.SELinuxEnforcing { |
| 362 | return constants.SELinuxEnabled |
| 363 | } |
| 364 | if status == constants.SELinuxPermissive { |
| 365 | return constants.SELinuxPermissive |
| 366 | } |
| 367 | return status |
| 368 | } |
| 369 | } |
| 370 | } |
| 371 | |
| 372 | return constants.SELinuxDisabled |
| 373 | } |
| 374 | |
| 375 | // getSystemUptime gets system uptime |
| 376 | func (d *Detector) getSystemUptime(ctx context.Context) string { |
no test coverage detected