Re: Bug#3368: cron's checksecurity still scans NFS servers

[Steve Greenland <stevegr@Starbase.NeoSoft.COM>]

Dominik Kubla wrote:
> [checksecurity still descends down NFS links]
> And while we are at it: The same goes for AFS, ALEX and AMD filesystems,
> so please make the script ignore the AFS filetype and the following
> directories:
> 
>   /a
>   /afs
>   /alex
>   /amd
>   /n
>   /net
> 
> These directories have a special meaning to the named software products.

They're also perfectly legitimate directory names having nothing
to do with the named software products. I'll try to trap the afs
type (not having access to that, will the nfs filter work by
replacing 'nfs' with 'afs'?). However, it is my opinion that
filtering by name is something best left to the individual
administrator.

Maybe some sort of config file is needed here? '/etc/checksecurity.conf'?
Any objections? I'm thinking that checksecurity could source
checksecurity.conf, which at present would define the single
envirnoment variable FILTER, which would in turn be the argument
to 'grep -vE'. If later additions were needed, it would be pretty
straight forward.

In fact, I should probably build FILTER up out of FILTER_TYPES,
FILTER_OPTIONS, and FILTER_DIRS.  Other ideas?

SteveG


-- 
The Mole - I think, therefore I scream 

			"MR. DeGUZMAN, YOUR DAYS ARE
			 NUMBERED!"
						"That's Harris.	 DeGuzman is
						 math."
			"BAH!  They're ALL
			 scoundrels..."
[Zack, looking desperately for evil, from ZOT!]