#
# This is the checksecurity script configuration file
#
# These configuration variables mabye set:
# 
#     CHECKSECURITY_FILTER
#     CHECKSECURITY_NOFINDERRORS
#     CHECKSECURITY_DISABLE
#     CHECKSECURITY_NONFSAFS
#
# Each is described in it's own section below -- search for ####
# as a section divider.
#
####
#
# The CHECKSECURITY_FILTER variable is used as an argument to
# "grep -vE" to filter lines from the output of the "mount"
# command. 
#
# The default is not check the following file systems:
#
#   type proc
#   type msdos
#   type iso9660
#   type ncpfs
#   type smbfs
#   type nfs
#   type afs
#   type auto (They'll typically be picked up on the nfs branch)
#   type ntfs
#   type coda (similar to afs)
#
#   floppies (i.e. /dev/fd<whatever>)
#   anything on /mnt
#
# Note that behaviour for nfs/afs has changed as of release -45. We
# no longer run find across nfs/afs disks; instead we simply report
# afs/nfs disks that are mounted insecurely (without -onosuid|noexec,nodev).
# You can disable this report by going setting the CHECKSECURITY_NONFSAFS 
# variable below.
#
# Use temp variables to build up CHECKSECURITY_FILTER, to make it
# a little more readable.
#
CS_NFSAFS='(nfs|afs|xfs|coda)'
# Uncomment the next line to get the old behaviour.
#CS_NFSAFS='(nfs|afs) \(.*(nosuid|noexec).*nodev.*\)'
#
CS_TYPES=' type (auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|ntfs|'$CS_NFSAFS')'
#
CS_DEVS='^/dev/fd'
#
CS_DIRS='on /mnt'
#
CHECKSECURITY_FILTER="$CS_TYPES|$CS_DEVS|$CS_DIRS"
#
# Clear the temporary variables
#
unset CS_NFSAFS CS_TYPES CS_DIRS
#
####
#
# The CHECKSECURITY_NOFINDERRORS, if set to "TRUE" (case sensitive),
# redirects any errors from the find command used in checksecurity
# to /dev/null.
#
CHECKSECURITY_NOFINDERRORS="FALSE"
####
#
# The CHECKSECURITY_DISABLE, if set to "TRUE" (case sensitive),
# disables the running of checksecurity
#
CHECKSECURITY_DISABLE="FALSE"
####
#
# The CHECKSECURITY_NONFSAFS, if set to "TRUE" (case sensitive),
# disables the message about insecurely mounted nfs/afs disks
#
CHECKSECURITY_NONFSAFS="FALSE"
####
#
# Location of setuid file databases. Probably should
# be in /var/lib/cron, but I don't want to move them now. After
# the release, maybe.
#
LOGDIR=/var/log