projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
undo casulana custom roles
[mirror/dsa-puppet.git] / modules / samhain / templates / samhainrc.erb
diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index b737307..069135b 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -435,6 +435,7 @@ file=/etc/cron.d/puppet-nagios-wraps
 file=/etc/cron.weekly/stunnel-ekey-restart
 file=/etc/default/schroot
 file=/etc/schroot/default/nssdatabases
+file=/etc/schroot/setup.d/99builddsourceslist
 file=/etc/schroot/setup.d/99porterbox-extra-sources
 file=/etc/schroot/setup.d/99porterbox-extra-apt-options
 file=/etc/openvswitch/conf.db
@@ -670,9 +671,9 @@ SyslogSeverity=alert
 ## --- Check the filesystem for SUID/SGID binaries
 ## 
 
-## Switch on
+## Switch off
 #
-# SuidCheckActive = yes
+SuidCheckActive = 0
 
 ## Interval for check (seconds)
 #
@@ -684,13 +685,7 @@ SyslogSeverity=alert
  
 ## Directory to exclude 
 #
-<% if scope.lookupvar('site::nodeinfo')['buildd'] -%>
-SuidCheckExclude = /srv/buildd/unpack
-<% elsif scope.lookupvar('site::nodeinfo')['porterbox'] -%>
-SuidCheckExclude = /srv/chroot/schroot-unpack
-<% else -%>
 # SuidCheckExclude = NULL
-<% end -%>
 
 ## Limit on files per second (0 == no limit)
 #
Unnamed repository; edit this file 'description' to name the repository.