[OpenAFS] Tired of sec tools recursively traversing /afs?
Jeff Blaine
jblaine@kickflop.net
Tue, 19 Jun 2018 09:40:29 -0400
Hello,
df --local shows /afs in the listing.
Many security tools use 'df --local' to determine local filesystems to
traverse recursively.
If you're like me, you're tired of security tools traversing the
local-but-NOT-LOCAL /afs mountpoint.
I've opened a ticket with the Center for Internet Security (CIS, whose
"benchmark" documents are the basis for myriad security tools' check
scripts) at https://workbench.cisecurity.org/community/17/tickets/6518
but do not personally intend to follow up much on said ticket as our AFS
days are numbered less than 100 or so.
So I got the ball rolling... please consider joining said benchmark
community to add your voice on the ticket if you care about getting this
fixed at the major root of origin.
Jeff