source: trunk/server/fedora/config/etc/cron.d/check-filecaps @ 2293

Last change on this file since 2293 was 2293, checked in by ezyang, 12 years ago
File capabilities respect nosuid too (https://github.com/torvalds/linux/blob/v3.5/security/commoncap.c#L434), so omit /var/lib/mock fscap files too.
File size: 257 bytes
Line 
1MAILTO=scripts-root@mit.edu
227 5 * * * root find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list | grep -ve ^/var/lib/mock/ | sed 's/^/Extra file_caps binary: /'
Note: See TracBrowser for help on using the repository browser.