aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh/security.sh
diff options
context:
space:
mode:
authorGuillaume Rousse <guillomovitch@mandriva.org>2007-03-05 10:10:12 +0000
committerGuillaume Rousse <guillomovitch@mandriva.org>2007-03-05 10:10:12 +0000
commite6479bd656b6a89e502cdb22b7e226df977e8e31 (patch)
treef4171f98b7bb96ca5b244b365a73ff7bdf608eac /cron-sh/security.sh
parente3e2a22103d0f8cddf71b055f9af1c4d1c12f235 (diff)
downloadmsec-e6479bd656b6a89e502cdb22b7e226df977e8e31.tar
msec-e6479bd656b6a89e502cdb22b7e226df977e8e31.tar.gz
msec-e6479bd656b6a89e502cdb22b7e226df977e8e31.tar.bz2
msec-e6479bd656b6a89e502cdb22b7e226df977e8e31.tar.xz
msec-e6479bd656b6a89e502cdb22b7e226df977e8e31.zip
use /proc/mounts instead of mount output for filtering filesystem, because of autofs v5 (fix #27284)
Diffstat (limited to 'cron-sh/security.sh')
-rwxr-xr-xcron-sh/security.sh15
1 files changed, 8 insertions, 7 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 6105286..257bd63 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -72,14 +72,15 @@ CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
export EXCLUDE_REGEXP
# Modified filters coming from debian security scripts.
-CS_NFSAFS='(nfs|afs|coda)'
-CS_TYPES=' type (devpts|sysfs|usbfs|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|hfs|'$CS_NFSAFS')'
-CS_DEVS='^/dev/fd'
-CS_DIRS='on /mnt'
-FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS"
-DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3`
+# rootfs is not listed among excluded types, because
+# / is mounted twice, and filtering it would mess with excluded dir list
+TYPE_FILTER='(devpts|sysfs|usbfs|tmpfs|binfmt_misc|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|hfs|nfs|afs|coda)'
+MOUNTPOINT_FILTER='^\/mnt'
+DIR=`awk '$3 !~ /'$TYPE_FILTER'/ && $2 !~ /'$MOUNTPOINT_FILTER'/ \
+ {print $2}' /proc/mounts | uniq`
PRINT="%h/%f\n"
-EXCLUDEDIR=`mount | grep -E "$FILTERS" | cut -d ' ' -f3`
+EXCLUDEDIR=`awk '$3 ~ /'$TYPE_FILTER'/ || $2 ~ /'$MOUNTPOINT_FILTER'/ \
+ {print $2}' /proc/mounts | uniq`
export EXCLUDEDIR
if [[ ! -d /var/log/security ]]; then