samhain: disable SUID/SGID checks
The SUID/SGID checks have been enabled in our configuration file
since the beginning, but have been actually active only for stretch
hosts as the jessie version of samhain is built without SUID/SGID
check support.
These checks are not very flexible, as it's only possible to specify a
single excluded directory, while we want to avoid walking both /srv and
/home. However they are also not very useful in our use case, as files
which get a SUID/SGID bit flipped will appear as changed.
Therefore simply disable the SUID/SGID checks.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
projects / mirror / dsa-puppet.git / commit