[OpenAFS] Tired of sec tools recursively traversing /afs?
Tue, 19 Jun 2018 09:40:29 -0400
df --local shows /afs in the listing.
Many security tools use 'df --local' to determine local filesystems to
If you're like me, you're tired of security tools traversing the
local-but-NOT-LOCAL /afs mountpoint.
I've opened a ticket with the Center for Internet Security (CIS, whose
"benchmark" documents are the basis for myriad security tools' check
scripts) at https://workbench.cisecurity.org/community/17/tickets/6518
but do not personally intend to follow up much on said ticket as our AFS
days are numbered less than 100 or so.
So I got the ball rolling... please consider joining said benchmark
community to add your voice on the ticket if you care about getting this
fixed at the major root of origin.