Hi Craig,
Craig Skinner wrote on Thu, Feb 01, 2018 at 06:15:02PM +0000:
> This is something I put in /etc/daily.local
>
> SUIDSKIP=$(mount | awk '/nosuid/ { print $3 }')
On your own system, fair enough.
In the official script, i would rather not exclude such file systems
because it seems useful to be alerted if something creates SUID files
in file systems mounted nosuid, like in /var/.
Besides, some people may have a file system mounted nosuid but not
nodev, and your scheme also disables the checks for device nodes.
Yours,
Ingo
No comments:
Post a Comment