aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xcron-sh/security.sh15
1 files changed, 8 insertions, 7 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 6105286..257bd63 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -72,14 +72,15 @@ CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
export EXCLUDE_REGEXP
# Modified filters coming from debian security scripts.
-CS_NFSAFS='(nfs|afs|coda)'
-CS_TYPES=' type (devpts|sysfs|usbfs|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|hfs|'$CS_NFSAFS')'
-CS_DEVS='^/dev/fd'
-CS_DIRS='on /mnt'
-FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS"
-DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3`
+# rootfs is not listed among excluded types, because
+# / is mounted twice, and filtering it would mess with excluded dir list
+TYPE_FILTER='(devpts|sysfs|usbfs|tmpfs|binfmt_misc|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|hfs|nfs|afs|coda)'
+MOUNTPOINT_FILTER='^\/mnt'
+DIR=`awk '$3 !~ /'$TYPE_FILTER'/ && $2 !~ /'$MOUNTPOINT_FILTER'/ \
+ {print $2}' /proc/mounts | uniq`
PRINT="%h/%f\n"
-EXCLUDEDIR=`mount | grep -E "$FILTERS" | cut -d ' ' -f3`
+EXCLUDEDIR=`awk '$3 ~ /'$TYPE_FILTER'/ || $2 ~ /'$MOUNTPOINT_FILTER'/ \
+ {print $2}' /proc/mounts | uniq`
export EXCLUDEDIR
if [[ ! -d /var/log/security ]]; then