From 96cedd70a93059d9f97e84d526f245d373ab1421 Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Mon, 26 Jan 2009 15:36:34 +0000 Subject: Running expensive msec_find only when required. --- cron-sh/security.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'cron-sh') diff --git a/cron-sh/security.sh b/cron-sh/security.sh index acf3327..982c4e3 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -19,11 +19,6 @@ echo -n $$ > $LCK trap cleanup 0 -if [[ ! -f /var/lib/msec/security.conf ]]; then - echo "Can't access /var/lib/msec/security.conf." - exit 1 -fi - if [[ -f /etc/security/msec/security.conf ]]; then . /etc/security/msec/security.conf else @@ -138,8 +133,12 @@ netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY}; ionice -c3 -p $$ -# Hard disk related file check; the less priority the better... -nice --adjustment=+19 /usr/bin/msec_find ${DIR} +# only running this check when really required +if [[ ${CHECK_SUID_MD5} == yes || ${CHECK_SUID_ROOT} == yes || ${CHECK_SGID} == yes || ${CHECK_WRITABLE} == yes || ${CHECK_UNOWNED} == yes ]]; then + + # Hard disk related file check; the less priority the better... + nice --adjustment=+19 /usr/bin/msec_find ${DIR} +fi if [[ -f ${SUID_ROOT_TODAY} ]]; then sort < ${SUID_ROOT_TODAY} > ${SUID_ROOT_TODAY}.tmp -- cgit v1.2.1