#!/bin/bash
#
# Installs a local SELinux policy for farsync or fshcx25
#

if [ $(id -u) != "0" ]; then
	echo "You must be root to run this script"
	exit 1
fi

if semodule -lfull | grep farsite >/dev/null; then
	echo "There is already a farsite SELinux module"
	echo "Please use sudo semodule -X300 -r farsite to remove the module and"
	echo "backup and delete any farsite.te or farsite.pp files in this directory"
	echo "before running this script again"
	exit 1
fi

if [ -e /etc/init.d/farsync ] || [ -e /etc/init.d/fshcx25 ] || [ -e /etc/systemd/system/farsync.service ]; then
	echo "Checking audit log"
	if ausearch -c 'insmod' --raw | egrep 'farsync|fsx25|fsflex|x25tap' > /dev/null; then
		echo "Entries for FarSite software found in SELinux audit log"
		echo "Generating local policy module"
		ausearch -c 'insmod' --raw | egrep 'farsync|fsx25|fsflex|x25tap' | audit2allow -M farsite > /dev/null
		echo "Applying local policy module"
		semodule -X 300 -i farsite.pp
	else
		echo "There are no entries found for FarSite software in SELinux audit log"
		echo "You may need to stop/start your FarSite software to generate entries in the SELinux audit log"
		exit 1
	fi
else
	echo "There does not appear to be any farsite software installed"
	exit 1
fi

exit 0