Re: Periodic security find pruning

From: Don Lewis <truckman_at_FreeBSD.org>
Date: Mon, 28 Mar 2005 12:06:53 -0800 (PST)
On 28 Mar, Eric Anderson wrote:
> I have a backup server running rsnapshot which has about 10TB of used disk space attached.  When the setuid security check runs, it crawls all the partitions mounted, which takes an insane amount of time, and thrashes the disks while I'm trying to send backups to them.  I didn't see any way to exclude them, so I hacked the script myself.  I've attached a patch to allow exclusion of mount points - please review, replace, hack, etc as needed.
> 
> All you need to do is add:
> daily_status_security_chksetuid_prunemounts=""
> to /etc/defaults/periodic.conf
> 
> with a list of mount points to be excluded like this:
> daily_status_security_chksetuid_prunemounts="vol backup tmp"
> 
> Patch attached.

Why not just mount these partitions nosuid?   That will cause them to be
automagically be skipped by the setuid security scan, and will prevent
the setuid bit of any executables that happen to be backed up there from
being honored.
Received on Mon Mar 28 2005 - 18:07:09 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:30 UTC