Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Mar 2005 09:06:08 -0600
From:      Eric Anderson <anderson@centtech.com>
To:        FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Periodic security find pruning
Message-ID:  <42481D60.9050801@centtech.com>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------040505030808020204020903
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

I have a backup server running rsnapshot which has about 10TB of used disk space attached.  When the setuid security check runs, it crawls all the partitions mounted, which takes an insane amount of time, and thrashes the disks while I'm trying to send backups to them.  I didn't see any way to exclude them, so I hacked the script myself.  I've attached a patch to allow exclusion of mount points - please review, replace, hack, etc as needed.

All you need to do is add:
daily_status_security_chksetuid_prunemounts=""
to /etc/defaults/periodic.conf

with a list of mount points to be excluded like this:
daily_status_security_chksetuid_prunemounts="vol backup tmp"

Patch attached.

Eric



-- 
------------------------------------------------------------------------
Eric Anderson        Sr. Systems Administrator        Centaur Technology
I have seen the future and it is just like the present, only longer.
------------------------------------------------------------------------

--------------040505030808020204020903
Content-Type: text/x-patch;
 name="100.chksetuid.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="100.chksetuid.patch"

--- 100.chksetuid-orig	Mon Mar 28 07:39:38 2005
+++ 100.chksetuid	Mon Mar 28 07:52:51 2005
@@ -44,7 +44,16 @@
 	echo ""
 	echo 'Checking setuid files and devices:'
 	# XXX Note that there is the possibility of overrunning the args to ls
-	MP=`mount -t ufs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
+	excludes=" "
+	case X"$daily_status_security_chksetuid_prunemounts" in
+		X) ;;
+		*) for path in $daily_status_security_chksetuid_prunemounts
+			do 
+				excludes="$excludes|$path"
+			done;;
+	esac
+
+	MP=`mount -t ufs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | egrep -v "($excludes)" | sort`
 	if [ -n "${MP}" ]
 	then
 	    set ${MP}


--------------040505030808020204020903--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42481D60.9050801>