Ideas - have an inspection level only check system and no changes to it cap_dac_read_search - maybe add disclaimer for running cleanup commands - likely remove all possibility to run command to cleanup or change something - …
Ideas