2 Added optional excessive login logging.
3) Added login acces control on a per host/tty base.
4) See skey(1) for skey descriptions and src/usr.bin/login/README
for the logging and access control features.
-Guido
2 Added optional excessive login logging.
3) Added login acces control on a per host/tty base.
4) See skey(1) for skey descriptions and src/usr.bin/login/README
for the logging and access control features.
-Guido
----------------------------
revision 1.13.2.1
date: 1994/05/05 03:58:27; author: rgrimes; state: Exp; lines: +15 -25
Upgrade some things that are now different in 1.1.
----------------------------
FreeBSD release still nukes everything on scratch using a big-hammer
method, even if it is nfs-mounted (and, when it is, the expiration policy
may be different). Daily script should by default do nothing to remote
filesystems?
----------------------------
revision 1.8.2.1
date: 1994/04/18 06:37:29; author: rgrimes; state: Exp; lines: +10 -4
Use the hostname.* files created by the installation to reduce the
amount of work one has to do when setting up a system.
----------------------------
----------------------------
revision 1.1.2.1
date: 1994/04/10 20:20:26; author: rgrimes; state: Exp; lines: +11 -5
Use /dev/fd0 instead of /dev/fd0a. Add mounting of mcd1 if mcd0
fails when searching for a cdrom drive.
----------------------------
revision 1.1.2.1
date: 1994/04/10 20:20:25; author: rgrimes; state: Exp; lines: +3 -3
Use /dev/fd0 instead of /dev/fd0a. Add mounting of mcd1 if mcd0
fails when searching for a cdrom drive.
----------------------------
revision 1.53.2.3
date: 1994/04/10 20:19:37; author: rgrimes; state: Exp; lines: +12 -3
Must have etc and usr directories on the cdinstall floppies.
Need to have device files for mcd1.
Create links for usr/libexec and usr/lib on cdinstall floppies so that
shared library code is loaded from cdrom.
----------------------------
revision 1.2.2.3
date: 1994/04/17 19:45:24; author: rgrimes; state: Exp; lines: +13 -2
Eliminate warning messages about /sbin/sh /sbin/init and /etc/termcap
when extracting the bin or des archives. Note this is also the
place I fixed the libc.so.1.0 problem a long time ago by adding
a --exclude libc.so.1.0 to the tar command.
only once an hour instead of every five minutes. This was due to a minute
specification of 0/5 -- which should have been */5. This has been fixed.
Expect your /var/cron/log to grow much faster now.
Used the canonical non-existent file (/nonexistent) instead This should
probably be documented somewhere, but it's unclear where the right
place is (passwd(5)? login(8)? hier(7)? all three?).
installed by default, because then everybody would suddenly start
trying to authenticate themselves in the CS.BERKELEY.EDU realm, which
is really not a very good idea. Maybe the README could get installed.
pair of crunched binaries that are not built by this, but other than
that it is back to an automated procedure. So many changes it is
hard to describe.
>From: chmr@edvz.tu-graz.ac.at (Christoph Robitschko)
Date: Fri, 21 Feb 1992 09:40:35 +0100 (MET)
The last version expected elvis* files in /var/tmp, while elvis puts
elv* files there.
back editor!
Add nvi recovery precedure from man page.
Fix ntpdate echo lines so that it looks pretty (ntpdate spits out 1 line
of output that makes the system boot up look real ugly if you do it
echo -n, so I chaged it to echo, and then added a
echo -n 'starting more network daemons:' so any addition daemon starts
look normal.
>From: "Chris G. Demetriou" <cgd@sun-lamp.cs.berkeley.edu>
Update of /b/source/CVS/src/etc
In directory sun-lamp.cs.berkeley.edu:/usr/src/etc
Modified Files:
master.passwd
Log Message:
disable toor by default
Use freefall.cf as sendmail prototype file, it is more realistic than the
tcpproto.cf file for a FreBSD system. Fix so that obj dir is created in
sendmail/cf/cf as to not polute the source tree and to have the Makefile
in there do the right things.
Remove all the extra /dev/fd0?* entries on the floppies, they where using
up all the inodes and are not needed at this time.
Temporarily remove the floppy target from release: untilit is
fixed.
This file has lots more work coming, but to get the 1.1 BETA out I am
going to hand craft the floppies :-(.
Further it implements crontab -e.
I moved cron from /usr/libexec to /usr/sbin where most daemons are
that are run from rc. That also gets rid of the ugly path crond
used to have in ps(1) outputs. Further I renamed it to cron, as
Paul Vixie likes it and is done by NetBSD.
NOTE VERY WELL THE FOLLOWING:
1) Systems crontab changed. Every users crontab resides in /var/cron
*EXCEPT* root's. This is a special crontab as it resides in
/etc. Further it is the *ONLY* crontab file in which you specify
usernames. See /usr/src/etc/crontab. This is also done by BSDI's
BSD/386 as far as I know (they provided the patches for it anyway)
2) So you *must* delete root's crontab and reinstall the copy
in /etc from /usr/src/etc.
'Must' is to much: the old installed crontab will work but cron
will also try to 'run' /etc/crontab.
3) Last but not least: cron's logging is now done via syslog. Note
that logging by cron is done lowercase when it logs about itsself
and uppercase when it logs user events, like installing a new crontab.
The default logfile file is the same as before:
syslog.conf:cron.* /var/cron/log
-Guido
Subject: Re: daily insecurity output (fwd)
|From: rgrimes@agora.rain.com (Rodney Grimes)
|
|This is from the new /etc/security script. I no longer get the segmentation
|violation, but now the arg list is too long, some /bin/sh program want to
|fix the current /etc/security ls command so that it is a pipe insteal of
|a back quoted arg?
|
|> checking setuid files and devices:
|> /etc/security: ls: argument list too long
This uses xargs instead. My slip line's down so I can't check it in
at the moment. Rich
added a note that you must decide what is appropriate for your system.
>From: borsburn@mcs.kent.edu (Bret Orsburn)
Date: Wed, 12 Jan 94 01:09:43 -0500
I've finally figured out (one of the reasons) why I can't run MS-Windows
after running FreeBSD 1.0...*sometimes*.
Here's your first clue. This is what your MS-Windows video drivers are called
if you run a Number 9 GXE video card:
/dos/windows/system/#9gxetc.drv
/dos/windows/system/#9gxe.drv
Now minor looks like UU DDDDDD, UU - unit, DDDDDD - density.
If density == 0, CMOS-detect format assumed.
For old users/pgms use fake partitions now, i.e.
ln fd0 fd0[a-h]
No new floppy names added (expect fd? and rfd?),
because don't have agreement yet, so make devices
only for CMOS-detected formats.
E-mail: <sir@kiae.su>, <vak@zebub.msk.su>
added new /dev/wt entries for wt.c version 1.3
8) Some controllers support only 1024 block length.
Setting WT_BSIZE bit in device minor number turns on this mode.
Minor number structure:
0bfffuuu
Fields:
uuu - Unit number. It's possible to install
up to three tape controllers on the same machine,
using DRQs 1..3. Hence, unit number can lie
in range 0..2.
fff - Tape format number:
0 - /dev/rwt0 - default density (auto select)
1 - /dev/rwt0a - QIC 11 (obsolete)
2 - /dev/rwt0b - QIC 24 (60 megabytes)
3 - /dev/rwt0c - QIC 120 (120 megabytes)
4 - /dev/rwt0d - QIC 150 (150 megabytes)
5 - /dev/rwt0e - QIC 300 (300 megabytes?)
6 - /dev/rwt0f - QIC 600 (600 megabytes?)
b - Long block size flag. With this bit set,
the driver will perform all i/o operations
with the controller using 1024-byte
blocks, instead of 512 ones.
Some controllers need it (CMS for example).
If you Wangtek controller does not stream well,
you can try to use /dev/rWt0 device instead
of /dev/rwt0 (uncomment needed lines in /dev/MAKEDEV
to create it).
Block interface (writing blocks less than 2048 bytes) is not functioning
pwoperly. Use raw interface instead.
Thanks to all who helped to test it on the following hardware:
Controller Drive Volume Interface Thanks to
---------------------------------------------------------------------------
Archive SC-499 Archive 2150L 150 Meg QIC-02 KIAE
CMS? ? 150 Meg QIC-02 KIAE
Everex EV 831/833 ? ? QIC-36 Joergen Haegg
Wangtek ASSY Wangtek 60 Meg QIC-02 Ken Whedbee
Tecmar QT150i? Wangtek 5150EQ ? QIC-02? Marko Teiste
? Wangtek 5099EK 60 Meg QIC-36 Robert Shien
Archive SC400S ? 60 Meg ? Warren Toomey
Subject: Bug & Fix for etc/Makefile cpio-floppy: re /tmp creation.
Date: Fri, 26 Nov 1993 11:35:04 +0100
Editors Note: tmp was listed in the CPIO_FILES section and thus the
entire contents of ${DESTDIR}/tmp would end up on the cpio floppy. This fix
moves tmp to CPIO_DIRS so that no longer happens.
determines when and how this file will be consulted. Added comment to
the effect that (1) zero is not a vaild network number and (2) please
get a valid network number assigned by your provider or by the Internet
Registry.
gives the flags to be passed to sendmail when it is started. (If it is
"NO", sendmail is not started.) Also, always start the portmapper regardless
of the value of $nfs_server; this should prevent the inetd complaints we
have seen from recurring.
that the errors from /etc/security are in the mail message from
/etc/security and not the /etc/daily mail message. Now just to fix
the bug in /etc/security
(see changes to getty which this patch is part of)
Basically, a few of the tty flags were changed to work better with
'CRT's, and the flags are better documented (documentation from Bruce
Evans).
Clean up some stuff so that it reads a little better (some one please
review this for me!)
Adaptec controllers are 154x and 174x series. Add Buslogic 545S.
the RELEASE NOTES.
Adaptec controllers are now 154x and 174x series, no more reference
to specific models. Revamp the CSI hard disk controller section in
general to be more user readable.
Add the fact that the Mitsumi CDROM controller and drive are now
supported.
Add a note that the Intel 82501 serial chip is NOT supported.
Floppy controller is fd0, not fdc0, same for wd disk controller.
running portmapper. These are site specific functionality and should only
be enabled for sites that want them, not by default.
These services REQUIRE portmapper to be running
with a Makefile override. The default is floppy5 since all distribution
floppies must be <= 1.2Mb so that every one can use them.
If you want to make 1.44MB floppies with more space on them do a
setenv FLOPPY floppy3
before running make.
>From: "Jordan K. Hubbard" <jkh%whisker.lotus.ie@dec4ie.ieunet.ie>
Date: Sun, 10 Oct 1993 05:11:51 -0700
I went to make myself some boot floppies straight off the dist
today and ran into the fact that I'm using a 3.5" floppy as my drive A,
so I did the following (you can still use floppy5 as your default -
I just have it set to floppy3 for my machine).
files from a MS-DOS partition.
Minor cleanup:
fixed spelling error in inst1.install
capitalized sentences in kc.profile
reworded initial load_fd options
partition of the boot disk. So we have yet another medium via
which to load the FreeBSD distribution files. load_fd() has
options for listing and (if reading from the C: drive) changing
directories.
load_fd's notation assumes that the first Primary partition on
disk is the DOS drive C: (since this and only this one is mounted
by install). Otherwise, the notation may be a bit confusing.
We'll know the assumption is bad if people complain about
not finding files on their "C:" drive...
Added a device file existence check to kc.profile.
first) Primary (un-Extended) DOS partition, providing /dev/xx0h
is available. It is mounted on /dos by default. The /etc/fstab
entry omits the dump and fsck fields, i.e.:
/dev/xx0h /dos pcfs rw
The Secondary DOS partition is not used (System ID 0xF2), because I don't
know what that is.
2) Fixed default sizes so that if someone attempts to install BSD on a 24 Mb
partition by accepting defaults, they don't end up with a 1 Mb /usr
partition (up to USRMIN Mb's). In this case, all space is split between
swap and root.
TODO:
1) Extend load_fd() to support loading distribution files directly from
the DOS partition of the hard disk.
2) Provide translated parameters to the install program (maybe
add an option to fdisk). Currently, the true geometry is used as
default, which is inappropriate for coexistence with DOS.
3) Support installing on multiple or secondary disks.
>Date: Thu, 16 Sep 1993 23:35:48 -0700 (PDT)
There is a typo in disktab in the NetBSD-0.9 distribution. This may be
already fixed in NetBSD-current, but it's not in any of the source that I've
sup'ed.
line 9 reads:
# sc #sectors/cylinder, nc*nt default
should read:
# sc #sectors/cylinder, ns*nt default
Before starting, it is important to know your hard disk's geometry
(i.e., number of cylinders, heads and sectors/track). If installing
FreeBSD on the same disk as another operating system, then the
two systems should use the same geometry. In particular, FreeBSD's
default geometry is inappropriate for MS-DOS. So in this case, the
DOS geometry should be used instead.
[This seems to be true for SCSI disks. What about IDE? With the new
boot blocks, can we ignore the disks true geometry??]
offsets and sizes in units of cylinders. This will help
those who want to install FreeBSD between two existing
partitions.
Faked notes on installing via Kermit
any way I can. Converted all echo "" to be just echo
Removed sync call that seems to hang due to fd/wd driver interaction..
Now rm /.profile before the cpio floppy is copied in, this should fix
a bugger I was having with an open shell script that gets over written.
after all. Removed it from DOS floppy.
Added COPYRIGHT to DOS floppy since it does have *BSD binaries on it!
Fixed missing ; \ when creating dev entries on filesystem floppy
Fixed rm in wrong directory, please don't rm in the DESTDIR area!!
Subject: Install.notes for FreeBSD-1.0-G
Here is the hacked install notes file for FreeBSD-1.0-GAMMA.
Please get someone to check the few points marked <<please check>>.
From: rgrimes
Checked the <<please check>>, and cleaned up some details.
and miscellaneous programs which get installed into /usr/distbin.
Install now recognizes existing DOS partitions and attempts to install
after them. Theoretically, it also remaps badblocks.
N.B.: The fourth install floppy must have a clean DOS FAT.
Building the new distribution floppies is untested
TODO: Build a disktab entry for existing DOS partitions (except extended
partitions). This would allow loading and/or extracting the distribution
files directly from the DOS hard disk partition.
The following additional changes are needed for the new install disks:
1) Remove from filesystem disk's /filelist: bin/cat, dev/MAKEDEV.local.
2) Remove from the filesystem disk: /bin/cat, /COPYRIGHT and /dev/MAKEDEV.local.
3) Add to the filesystem disk: /sbin/fdisk, /dev/fd1a and /dev/rfd1a.
4) Build a fourth DOS disk containing at least: os-bs, rz/sz
Outstanding problems:
1) If there are >1024 cylinders, then FreeBSD cannot boot unless installed
at cylinder 0 (and since neither can DOS evidently, the two can't share
a disk in this case).
2) If FreeBSD is installed at cylinder 0, subsequent installs tend to fail.
3) If a DOS partition exists, disklabel doesn't seem to update the disk
geometry in the FreeBSD disklabel correctly (so reinstalling FreeBSD with
a new geometry requires installing it at cylinder 0). Rod suggested
invoking disklabel on the raw c-partition. This makes sense, but it
doesn't seem to work (newfs, for instance, can't find the new label).
other tools really want.
Targets sio*) and com*) now create entry named ttyxx, default setup with
a sh MAKEDEV all is to use the sio major numbers, com is all but depreicated
now.
these are not part of the standard distribution and do not belong
in here, this was carry over from earlier work.
Added src-tarball: ssrc-tarball: targets to build the 2 source tar balls,
still have to manually copy/chmod/chown the src tree into the destination
directory and clean out all the obj, and CVS files/dirs, plus run a
make cleandist in it before running these targets, but atleast things are
getting easier to do!
release: now uses fixed floppies target.
is not really needed until we can go multiuser.
Changed name of list from CRYPT_FILES to CRYPT_SRCS, since that is
really what they point to. Added list CRYPT_DIRS, that is the directories
that are in the des distribution.
Fixed kc-xx-floppy dependencies on kc-floppy since it would not do
the right thing with the new target floppies:
Now user ${RELEASEDIR} for dd'ing the floppy images and other stuff having
to do with building the release.
Added new target bin-tarball that builds the bin.tar.gz.?? split archives for
release.
Added new target des-tarball that builds the des.tar.gz.?? split archives for
release.
Added building of /usr/local directories for the CDROMDIST.
New target floppies: that builds all 4 floppies.
New target release: that should completely populate a release tree, except
that the src-tarball target is not yet written.
after the cpio floppy has been installed. This fixes the corrupt disk
problem during the install. Still need to add some echo's about expecting
disk corruption at this point in time.
Upgraded release statement to say 1.0 GAMMA. Added a dummy read before
the instuctions so the user does not get confused by the rapid output
and thinks something scrolled off the screen.
that now takes a directory argument. These files are now built from the
master.passwd file.
Fixed typo on NOOBJ=, was oobj, now noobj.
Rename of targes and variables. INST1 -> FILESYSTEM, INST2 -> CPIO,
kc -> kcopy.
Floppy targets now dd and gzip the image back onto the hard disk so
that less manual work is required when building a release.
Removed reboot from FILESYSTEM floppy and put df back on, and added
mount_isofs. Changed scripts to use halt instead of reboot.
distributions.
Now only populates $DESTDIR/dev if we are building the cdrom distribution,
since this directory is populated by the install tools it was a conflict
to have the dev entries in the full distribution as well.
share/zoneinfo and was just duplicated here.
Fixed the directory owner ships on the inst1 floppy by adding all of the
directories that get created on the floppy to INST1_DIR, since cpio was
not picking up the source dir protections, but instead using the current
process uid, gid, and umask values.
Removed /bin/df from inst1 to make room for mount_pcfs. Also removed
/etc/disktab since it just got overwritten by the install tools.
Removed zcat from INST2_CPIO since it is now installed from the
INST2_FILES files on the floppy. This fixes things so that all
of the gzip tools get linked to the same image.
Much of the .if machine i386 stuff moved to be system independent
since it really was.
Added sd1 support to the inst1 and kc floppies. No room for wd1 support,
oh well.
Fix permissions on top level of floppy, it was not getting set.
extract can be over writen. This is done by coping them to /tmp
before the extract begins, running them from /tmp, then removing them
after the extract has completed.
Removed all section about setting up sendmail.cf, since this was for the
old sendmail stuff and should not be required by the new sendmail.cf file
that is shipped with the system.
file left by inst1.install.
Fixed cpio command so that it works with the new cpio that does not
ignore extra options.
Added echo's about building /dev files so the user knows it is doing something.
has been asked once. Disabled the ability to have different blocking
factors on different partitions since this is known to trash the vm system.
Removed many extranious echo's of the users answers. This was probably put
in for debugging and never removed. It was quite confusing to my test users.
Added autoscan of disk for bad blocks for bad144 type disks using the new
bad144 -s option.
Renabled the asking for verbose installation. Why was this disabled??
Added creation of etc/disktab.install on the hard disk that is a copy
of the disktab used to create the disk with.
Added a mount -at ufs to the .profile so that all the diskpartitions get
mounted on first boot from hard disk, this is so commands that may have been
loaded into a seperate usr partition can be found.
Added kc-floppy that does the common part of building the kc floppies.
Added kc-bt-floppy to build GENERICBT kernel floppy.
Fixed kc-ah-floppy to use kc-floppy.
The problem with having it enable is that lastlog grows big, none
of the current scripts deal with rotation of /var/log/lastlog,
so it shouldn't necessary be installed at first. This has traditionally
been something the sysadmin has had to touch after system installations.
Nate:
(Besides, you're forced to learn more about the system by reading the man
pages if it doesn't exist. :-)
3 of the 4 needed floppies for FreeBSD.
Still need to do kc-bt-floppy for the Bustek/Ultrastore controllers.
Fixed installation of boot blocks in distribution:, now use a variable
(${MDEC}) instead of a find so that my zzz files don't end up in
the distribution!
left intact.
Simplified variables for drivename, drivetype, and sect_fwd.
Added rotdelay to newfs commands (defaults to newfs default except
for scsi disks where it defaults to 0).
Made the disk geometry questions more like what PC users are use to
reading (cylinders/heads/sectors).
Added minswap requirement of 8MB, recomendation of 2 x physical memory.
Added messages about what the blocking factor does.
Added message for mount point to NOT include the leading /
How to change disklabel to /sbin/disklabel due to bug in our /bin/sh,
I thought this has been fixed, but it has not!
Changed to use cpio instead of tar, since tar seems so brain dead.
Removed kernfs reference from /etc/fstab creation since FreeBSD does not
have the kernfs. Made /etc/fstab tabbed so it looks pretty :-).
Added default of floppy drive 0 after we boot from hard disk.
Fixed path in inst1.profile, removed /usr/local/bin, /usr/contrib/bin and .
Made it clean up in /sys/i386/boot after building and installing the
boot blocks.
Moved the cd ..; make install to be after the special case stuff for
sendmail.
Added the installation of tcpproto.cf as /etc/sendmail.cf
spwd.db that are created from the template master.passwd to src/etc so
that a build distribution can populate /etc correctly. This is a work
around until a better solution can be found.