Date: Sun, 6 May 2012 13:04:25 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: Daniel Kalchev <daniel@digsys.bg> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: Make filesystem type configurable for periodic(8)? Message-ID: <20120506170425.GA24117@DataIX.net> In-Reply-To: <995A1779-9983-4AB9-8618-9227C1B491E5@digsys.bg> References: <CAOjFWZ4VxyMLSzzWsUMj21HccZkzwPUtM5PWAS-oaaocCLN8Dw@mail.gmail.com> <995A1779-9983-4AB9-8618-9227C1B491E5@digsys.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, May 06, 2012 at 11:20:42AM +0300, Daniel Kalchev wrote:
>=20
> On May 4, 2012, at 7:05 PM, Freddie Cash wrote:
>=20
> > A few of the periodic(8) scripts in FreeBSD have constructs similar to
> > the following to get which filesystems to scan for various things:
> > MP=3D`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
> >=20
> > For systems with large ZFS pools, and many ZFS filesystems, these
> > periodic scripts can grind it to its knees, and then some. For
> > backups servers where we don't really care about the
> > ownership/permissions of files from the FreeBSD perspective, we really
> > don't want the ZFS filesytems to be scanned;=20
> [=E2=80=A6]
>=20
> The script already accommodates this scenario. Just mount your storage fi=
lesystems with 'nosuidexec' and they won't be scanned.=20
>=20
You all may be interested in this [1] but I have not touched it in a
while and backed it out of a working source tree about a month ago so I
am no longer tracking it. But last I used it, it was working cleanly.
Configuration was like so...
daily_status_security_chknoid_enable=3D"YES"
daily_status_security_chknoid_dirs=3D"/ /home /tmp /var /usr/local"
The same thing should also be done for anything that traverses multiple
filesystems by default configuration and reporting output should remain
consistent. The current reporting format of these scripts is nearly
rediculous in its current use of diff(1).
1).
http://code.google.com/p/jhell/source/browse/340.noid.patch?repo=3Dpatches
--=20
- (2^(N-1))
--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJPpq8YAAoJEBSh2Dr1DU7WALQH/3mrT2vAs6r+W03Hary8QOhl
84NnaTHiThfzY8UogJm+uCouCStUN3WDrdbMeG4NN1warL35M+TWZwJ9x1J66Kpq
c0LxZvT+AKTbTwsv6Z3XzzlqB6dEF1tu0Zb+oOCCo95tHnzJhdHyiWkZbNmp1e+T
LE39fq/xP2XAx++iW8+9mhpj628DfDOiKzpzYwQ6c/V8xCKteVhXhNJTqAVV+KmE
391WpDwo+rWlQeAGhCCR1ij2RYzO1q63LTWDjJ62AIgheQ8ScgmdXrruJlUVKpkl
3qGUkh8M23L1UimpAoUL+rCABaB1h4Lvi3Db+r37KrnXlAqlfgAVkdRtlM+cMX8=
=neRG
-----END PGP SIGNATURE-----
--XsQoSWH+UP9D9v3l--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120506170425.GA24117>