feat: add selinux check

- add selinux check
slimm609 · Jul 6, 2024 · f0ac0c9 · f0ac0c9
1 parent ba491e3
commit f0ac0c9
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 2 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -4,23 +4,27 @@ builds:
   - id: linux
     binary: checksec
     main: ./main.go
+    flags: -buildmode=pie
+    ldflags: -s -w
     env:
       - CGO_ENABLED=0
     goos:
       - linux
     goarch:
-      #- amd64
+    #  - amd64
       - arm64
 
   - id: darwin
     binary: checksec
     main: ./main.go
+    flags: -buildmode=pie
+    ldflags: -s -w
     env:
       - CGO_ENABLED=0
     goos:
       - darwin
     goarch:
-      #- amd64
+    #  - amd64
       - arm64
 
   # - id: windows

diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.21.4
 require (
 	github.com/fatih/color v1.16.0
 	github.com/lorenzosaino/go-sysctl v0.3.1
+	github.com/opencontainers/selinux v1.11.0
 	github.com/shirou/gopsutil/v3 v3.24.3
 	github.com/spf13/cobra v1.8.0
 	github.com/u-root/u-root v0.14.0

diff --git a/go.sum b/go.sum
@@ -23,6 +23,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
+github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=

diff --git a/pkg/checksec/kernel.go b/pkg/checksec/kernel.go
@@ -8,11 +8,18 @@ import (
 	"log"
 	"os"
 	"strings"
+
+	"github.com/opencontainers/selinux/go-selinux"
 )
 
 func KernelConfig(name string) ([]interface{}, []interface{}) {
 	var Results []interface{}
 	var ColorResults []interface{}
+	var Secolor string
+	var SelinuxStatus string
+	var Seres []interface{}
+	var Secolors []interface{}
+
 	kernelChecks := []map[string]interface{}{
 		{"name": "CONFIG_COMPAT_BRK", "values": map[string]string{"arch": "all", "expect": "y", "desc": "Kernel Heap Randomization"}},
 		{"name": "CONFIG_STACKPROTECTOR", "values": map[string]string{"arch": "all", "expect": "is not set", "desc": "Stack Protector"}},
@@ -91,6 +98,36 @@ func KernelConfig(name string) ([]interface{}, []interface{}) {
 
 		}
 	}
+
+	sestatus := selinux.GetEnabled()
+	if sestatus {
+		Secolor = "green"
+		SelinuxStatus = "Enabled"
+	} else {
+		Secolor = "red"
+		SelinuxStatus = "Disabled"
+	}
+
+	Seres = []interface{}{
+		map[string]interface{}{
+			"name":  "SELinux",
+			"value": SelinuxStatus,
+			"desc":  "SELinux Enabled",
+			"type":  "SELinux",
+		},
+	}
+	Secolors = []interface{}{
+		map[string]interface{}{
+			"name":  "SELinux",
+			"value": SelinuxStatus,
+			"color": Secolor,
+			"desc":  "SELinux Enabled",
+			"type":  "SELinux",
+		},
+	}
+	Results = append(Results, Seres...)
+	ColorResults = append(ColorResults, Secolors...)
+
 	return Results, ColorResults
 }