This file is indexed.

/etc/checksecurity/check-setuid.conf is in checksecurity 2.0.14ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#
# This is the check-setuid script configuration file contained
# in the checksecurity package.
#
# These configuration variables may be set:
# 
#     CHECKSECURITY_FILTER
#     CHECKSECURITY_NOFINDERRORS
#     CHECKSECURITY_NONFSAFS
#     CHECKSECURITY_DEVICEFILTER
#     CHECKSECURITY_PATHFILTER
#     LOGDIR
# 
# Each is described in its own section below -- search for ####
# as a section divider.
#
####
#
# The CHECKSECURITY_FILTER variable is used as an argument to
# "grep -vE" to filter lines from the output of the "mount" command. 
#
# The default is not check the following file systems:
#
#   type proc
#   type bind
#   type msdos
#   type iso9660
#   type ncpfs
#   type smbfs
#   type nfs
#   type afs
#   type auto (They'll typically be picked up on the nfs branch)
#   type ntfs
#   type coda (similar to afs)
#   type usbdevfs
#   type none (--bind mounts)
#   type fuse
#
#   floppies (i.e. /dev/fd<whatever>)
#   anything on /mnt or /amd
#
# Note that behaviour for nfs/afs has changed as of release -45. We
# no longer run find across nfs/afs disks; instead we simply report
# afs/nfs disks that are mounted insecurely (without -onosuid|noexec,nodev).
# You can disable this report by going setting the CHECKSECURITY_NONFSAFS 
# variable below.
#
# Use temp variables to build up CHECKSECURITY_FILTER, to make it
# a little more readable.
#
CS_NFSAFS='(type (nfs|afs|coda|lustre|mfs|nnpfs|)|^(arla .* type xfs))'
# Uncomment the next line to get the old behaviour.
#CS_NFSAFS='(nfs|afs) \(.*(nosuid|noexec).*nodev.*\)'
#
CS_TYPES='( type (auto|proc|sysfs|bind|msdos|fat|vfat|iso9660|usbdevfs|ncpfs|smbfs|cifs|ntfs|devpts|binfmt_misc|shfs|lufs|none|fuse))|'$CS_NFSAFS
#
CS_OPTS='\(.*(nosuid|noexec).*\)'
#
# Exclude floppy disks 
# NOTE: If you want to exclude all /dev use CHECKSECURITY_DEVICEFILTER
# below
CS_DEVS='^/dev/fd'
#
# Do not traverse /mnt (external mounts) or /vicep (AFS fileserver mounts)
#
CS_DIRS='on (/mnt|/vicep)'
#
CHECKSECURITY_FILTER="$CS_TYPES|$CS_OPTS|$CS_DEVS|$CS_DIRS"
#
# Note: You can also disable the check-setuid check entirely if 
#
# CHECKSECURITY_PATHFILTER="-path /*"

#
# Clear the temporary variables.
#
unset CS_NFSAFS CS_TYPES CS_DIRS CS_OPTS
#
####
#
# The CHECKSECURITY_NOFINDERRORS, if set to "TRUE" (case sensitive),
# redirects any errors from the find command used in checksecurity
# to /dev/null.
#
CHECKSECURITY_NOFINDERRORS="FALSE"
####
#
# The CHECKSECURITY_NONFSAFS, if set to "TRUE" (case sensitive),
# disables the message about insecurely mounted nfs/afs disks.
#
CHECKSECURITY_NONFSAFS="FALSE"
####
#
# The CHECKSECURITY_DEVICEFILTER lets you tell find not to report
# devices in those directories (if you choose the daily Emails,
# devices like /dev/pts/?, /dev/tty?, or /dev/urandom will change
# often and clutter your mailbox). Also, if the system gets rebooted
# often many changes will be reported after a reboot due to differences
# in timestamps for devices under /dev as they get recreated on reboot.
#
# Note that these directories are still searched for suid executables. 
# Also note that *something* must be defined, which is why the default is
# "-false".
# Examples:
#CHECKSECURITY_DEVICEFILTER="-path /dev/*"
#CHECKSECURITY_DEVICEFILTER="-path /dev/* -o -path /home/ftp/dev/*"
CHECKSECURITY_DEVICEFILTER="-false"
####
# The CHECKSECURITY_PATHFILTER variable lets you set a pattern of
# pathnames that you don't want to check at all. You hopefully know
# what you're doing if you do this :-).
# Example:
# CHECKSECURITY_PATHFILTER="-path /dev/rd* -o -path /var/home/ftp*"
CHECKSECURITY_PATHFILTER="-false"
####
#
# Location of setuid file databases. 
#
LOGDIR=/var/log/setuid