From owner-freebsd-current@FreeBSD.ORG Mon Mar 28 15:06:35 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8262816A4CF for ; Mon, 28 Mar 2005 15:06:35 +0000 (GMT) Received: from mh1.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id F16BE43D39 for ; Mon, 28 Mar 2005 15:06:33 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh1.centtech.com (8.13.1/8.13.1) with ESMTP id j2SF6WBS033914 for ; Mon, 28 Mar 2005 09:06:32 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <42481D60.9050801@centtech.com> Date: Mon, 28 Mar 2005 09:06:08 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050325 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Current Content-Type: multipart/mixed; boundary="------------040505030808020204020903" X-Virus-Scanned: ClamAV 0.82/791/Sat Mar 26 16:26:49 2005 on mh1.centtech.com X-Virus-Status: Clean Subject: Periodic security find pruning X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2005 15:06:35 -0000 This is a multi-part message in MIME format. --------------040505030808020204020903 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit I have a backup server running rsnapshot which has about 10TB of used disk space attached. When the setuid security check runs, it crawls all the partitions mounted, which takes an insane amount of time, and thrashes the disks while I'm trying to send backups to them. I didn't see any way to exclude them, so I hacked the script myself. I've attached a patch to allow exclusion of mount points - please review, replace, hack, etc as needed. All you need to do is add: daily_status_security_chksetuid_prunemounts="" to /etc/defaults/periodic.conf with a list of mount points to be excluded like this: daily_status_security_chksetuid_prunemounts="vol backup tmp" Patch attached. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology I have seen the future and it is just like the present, only longer. ------------------------------------------------------------------------ --------------040505030808020204020903 Content-Type: text/x-patch; name="100.chksetuid.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="100.chksetuid.patch" --- 100.chksetuid-orig Mon Mar 28 07:39:38 2005 +++ 100.chksetuid Mon Mar 28 07:52:51 2005 @@ -44,7 +44,16 @@ echo "" echo 'Checking setuid files and devices:' # XXX Note that there is the possibility of overrunning the args to ls - MP=`mount -t ufs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort` + excludes=" " + case X"$daily_status_security_chksetuid_prunemounts" in + X) ;; + *) for path in $daily_status_security_chksetuid_prunemounts + do + excludes="$excludes|$path" + done;; + esac + + MP=`mount -t ufs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | egrep -v "($excludes)" | sort` if [ -n "${MP}" ] then set ${MP} --------------040505030808020204020903--