Carlos E. R. [01.12.2014 15:08]:
On 2014-12-01 07:59, Werner Flamme wrote:
Hi everyone,
I wonder if it is possible to make seccheck (on SLES 11/12) ignore some directories, like it is with the locate command.
In /etc/sysconfig/locate, there are entries like UPDATEDB_PRUNEPATHS and UPDATEB_PRUNEFS, but I do not see anything like this in /etc/sysconfig/seccheck, neither on SLES 11 SP3 nor on SLES 12.
Reason for my question: seccheck runs here on a host that contains 3 daily backups of 10+ SAP hosts, and the "Local Monthly Security" Mail size is 562 MB. This mail size causes an unfriednly, suspicious grin on the face of my mail admin...
LOL. :-)
Ha, you too ;) [...]
A quick grep for "find" in the scripts locates it, in the weekly script, and a variable:
( nice -n 1 find $MNT -mount \( -perm -04000 -o -per...
So the important thing to look for is that 'MNT'. It is created this way:
Yes, and so on, but I'd like not to modify the scripts themselves, since they are overwritten with every update of the package, even when it's caused by an automatic rebuild, and only the last cipher has increased. [..]
Here it produces:
/dev/ / /usr /boot /home /home_aux /home1 /opt /data/storage_d /data/storage_b /usr/src /usr/local /data/homedvl /data/vmware ...
I wonder about "/dev/" and "/".
I sure want security checks in those places :) The part "/bin/mount | grep -E "^/dev/" | cut -d' ' -f 3" delivers all the mount points for the currently mounted filesystems. / is obviously mounted, 'xargs echo "/dev/"' adds the /dev/ entry :) Regards, Werner --