[OpenAFS] Tired of sec tools recursively traversing /afs?

Jeff Blaine jblaine@kickflop.net
Tue, 19 Jun 2018 09:40:29 -0400


df --local shows /afs in the listing.

Many security tools use 'df --local' to determine local filesystems to
traverse recursively.

If you're like me, you're tired of security tools traversing the
local-but-NOT-LOCAL /afs mountpoint.

I've opened a ticket with the Center for Internet Security (CIS, whose
"benchmark" documents are the basis for myriad security tools' check
scripts) at https://workbench.cisecurity.org/community/17/tickets/6518
but do not personally intend to follow up much on said ticket as our AFS
days are numbered less than 100 or so.

So I got the ball rolling... please consider joining said benchmark
community to add your voice on the ticket if you care about getting this
fixed at the major root of origin.