samhain: disable SUID/SGID checks

[mirror/dsa-puppet.git] / modules / samhain / templates / samhainrc.erb

diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index 2889636..069135b 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -671,9 +671,9 @@ SyslogSeverity=alert
 ## --- Check the filesystem for SUID/SGID binaries
 ## 
 
-## Switch on
+## Switch off
 #
-# SuidCheckActive = yes
+SuidCheckActive = 0
 
 ## Interval for check (seconds)
 #
@@ -685,13 +685,7 @@ SyslogSeverity=alert
  
 ## Directory to exclude 
 #
-<% if scope.lookupvar('site::nodeinfo')['buildd'] -%>
-SuidCheckExclude = /srv/buildd/unpack
-<% elsif scope.lookupvar('site::nodeinfo')['porterbox'] -%>
-SuidCheckExclude = /srv/chroot/schroot-unpack
-<% else -%>
 # SuidCheckExclude = NULL
-<% end -%>
 
 ## Limit on files per second (0 == no limit)
 #