Last change
on this file since 1957 was
1956,
checked in by achernya, 13 years ago
|
Create check-filecaps cronjob and and yum post-actions override
This cronjob and yum post-action are complements of the set[ug]id
tasks. Some binaries are no longer set[ug]id, but instead use file
capabilities. We still need to be able to find them and disable them.
|
File size:
220 bytes
|
Line | |
---|
1 | MAILTO=scripts-root@mit.edu |
---|
2 | 27 5 * * * root find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list | sed 's/^/Extra file_caps binary: /' |
---|
Note: See
TracBrowser
for help on using the repository browser.