d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
61ce6eeee3
freebsd-nq/etc
History
Robert Watson f2419a7154 Default to disabling all inetd.conf entries, in particular, telnetd 
and ftpd.  This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production.  Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments.  In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk.  This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.

To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.

While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.

Reviewed by:	imp, chris, jake, nate, -arch, -stable
2001-08-02 02:19:56 +00:00
..
defaults Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5 2001-07-28 19:57:57 +00:00
etc.alpha Add a comment out console line for AlphaServer 8200 and 8400 ("TurboLaser") 2001-04-09 19:35:53 +00:00
etc.amd64 Move the syscons configuration to a machine independent rc.syscons. The 2001-01-09 22:28:17 +00:00
etc.i386 Move the syscons configuration to a machine independent rc.syscons. The 2001-01-09 22:28:17 +00:00
isdn update the sample isdnd.rc file with a firmware keyword example and a real 2001-05-27 08:05:57 +00:00
kerberosIV Fix typo: kereros -> kerberos 2000-10-06 17:36:05 +00:00
mail Revert change to always include _FFR_TLS_O_T as it requires FEATURE(access_db) 2001-08-01 02:12:39 +00:00
mtree Build standard directory for kerberos 5 (Heimdal) database. 2001-07-28 20:00:54 +00:00
namedb Replace old-style "chown foo.bar" with orthodox "chown foo:bar". 2001-05-28 13:43:26 +00:00
periodic Remove $daily_status_named_logs and figure out which /var/log/messages* 2001-07-26 02:37:12 +00:00
ppp Move the interface address setting and default route setting out of 2001-06-21 15:42:26 +00:00
rc.d Merge in patch to automagically decide whether or not a kldload of ipfilter 2001-07-30 23:12:02 +00:00
root Add these key bindings for tcsh users in interactive mode: 2001-01-10 02:37:16 +00:00
sendmail Revert change to always include _FFR_TLS_O_T as it requires FEATURE(access_db) 2001-08-01 02:12:39 +00:00
amd.map
apmd.conf Typofix: Configration -> Configuration. 2000-12-12 22:43:02 +00:00
auth.conf Merge into a single US-exportable libcrypt, which only provides 2000-12-28 10:32:02 +00:00
crontab Move the sendmail -q from cron to periodic, as suggested by a few people. 2001-02-19 02:47:42 +00:00
csh.cshrc
csh.login Remove all mention of LANG and MM_CHARSET. 2000-07-27 11:39:33 +00:00
csh.logout
dhclient.conf
diskcheckd.conf Add older CD types, matcd, mcd, scd. 2001-07-04 18:33:01 +00:00
disktab Added "minimum3": spare room for multilingual installer and driver floppy. 2000-10-26 16:00:27 +00:00
dm.conf
fbtab
ftpusers
gettytab Add if=/etc/issue to the default getty entry. 2000-12-18 20:56:10 +00:00
group
hosts Add nsswitch support. By creating an /etc/nsswitch.conf file, you can 2000-09-06 18:16:48 +00:00
hosts.allow Fix a misleading comment 2001-05-02 09:29:20 +00:00
hosts.equiv
hosts.lpd
inetd.conf Default to disabling all inetd.conf entries, in particular, telnetd 2001-08-02 02:19:56 +00:00
locale.alias New locale names and aliases to old ones 2001-06-10 13:02:52 +00:00
login.access
login.conf Remove duplicate entry. 2001-03-12 06:05:38 +00:00
MAKEDEV Add /dev/hpn? as an alias to /dev/aac? so that the HP version of the CLI 2001-07-25 22:36:17 +00:00
MAKEDEV.local
Makefile Remember to install diskcheckd.conf 2001-06-13 16:39:23 +00:00
man.alias Remove aliases not needed for new man version 2001-06-26 00:41:07 +00:00
master.passwd
minfree
modems
motd Be consistent about how we quote commands that could be entered by the 2001-07-27 12:25:55 +00:00
netconfig Add cvs tag 2001-03-24 07:20:36 +00:00
netstart Run network6_pass1 if ipv6_enable is YES 2001-05-18 09:14:39 +00:00
network.subr Merge in patch to automagically decide whether or not a kldload of ipfilter 2001-07-30 23:12:02 +00:00
networks
newsyslog.conf Document Bzip2's flag. 2001-07-30 15:18:15 +00:00
nls.alias Back out *.US-ASCII compactification - application should decide 2001-06-10 22:32:39 +00:00
pam.conf Add OPIE examples. 2001-07-14 08:46:56 +00:00
pccard_ether Avoid flushing IPv6 routes. `route flush' removes necessary 2001-05-09 20:30:55 +00:00
phones
primes Add /etc/primes for OpenSSH SSH2 DH exchange. 2001-03-24 00:28:43 +00:00
printcap fixes: 2000-11-01 13:30:24 +00:00
profile Remove all mention of LANG and MM_CHARSET. 2000-07-27 11:39:33 +00:00
protocols Do IANA update maintenance: list synched up to the latest version. 2000-09-24 11:20:27 +00:00
rc Add a script_name_sep rc.conf knob to specify the IFS character 2001-07-17 14:33:52 +00:00
rc.atm Apply a more consistent style to the echo statements in /etc/ scripts. 2000-12-17 08:16:06 +00:00
rc.devfs Add copyright notices. Other systems have been barrowing our /etc files 2000-10-08 19:20:36 +00:00
rc.diskless1 * Simplify the population of the /etc memory filesystem. To avoid 2001-05-09 15:13:51 +00:00
rc.diskless2 Remove vestiges of MFS. 2001-06-01 10:07:28 +00:00
rc.firewall style nit 2001-03-06 02:15:38 +00:00
rc.firewall6 pass any NS/NA/toobig. 2001-07-24 13:37:06 +00:00
rc.initdiskless * Simplify the population of the /etc memory filesystem. To avoid 2001-05-09 15:13:51 +00:00
rc.isdn Anti-foot-shooting for pcvt users: ignore isdn_screenflags which is 2001-05-19 08:17:35 +00:00
rc.network Merge in patch to automagically decide whether or not a kldload of ipfilter 2001-07-30 23:12:02 +00:00
rc.network6 Do more strict checking for an interface. 2001-07-20 18:08:17 +00:00
rc.pccard Alter the pccard setup a bit so that it looks prettier by redirecting 2001-03-04 17:34:37 +00:00
rc.resume Apply a more consistent style to the echo statements in /etc/ scripts. 2000-12-17 08:16:06 +00:00
rc.serial Add copyright notices. Other systems have been barrowing our /etc files 2000-10-08 19:20:36 +00:00
rc.shutdown Add a script_name_sep rc.conf knob to specify the IFS character 2001-07-17 14:33:52 +00:00
rc.subr Import the NetBSD 1.5 RC system. 2001-06-16 07:16:14 +00:00
rc.suspend Add copyright notices. Other systems have been barrowing our /etc files 2000-10-08 19:20:36 +00:00
rc.syscons Add an allscreens_kbdflags option. Same thing as allscreens_flags, 2001-04-28 20:56:53 +00:00
rc.sysctl sysctl(8) doesn't need '-w' to write to sysctl variables anymore. 2001-07-17 22:03:19 +00:00
remote Add com1-4 as finger friendly shortcuts for /dev/cuaa0-3. Specify a default 2001-02-21 19:45:47 +00:00
rpc Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and 2001-03-19 12:50:13 +00:00
security Show IPv6 denied packets. 2001-07-04 12:49:17 +00:00
services Scratch an itch of long standing by adding entries for the most 2001-08-01 20:13:49 +00:00
shells remove last empty line 2000-04-27 21:58:46 +00:00
sysctl.conf sysctl(8) doesn't need '-w' to write to sysctl variables anymore. 2001-07-17 22:03:19 +00:00
syslog.conf Note in the comments that it is possible, but not recommended to use 2001-03-31 04:41:24 +00:00
termcap.small Sync with main v1.105 2001-04-21 13:27:05 +00:00
usbd.conf Kill the correct dhclient on detach of the ethernet device. 2000-10-20 00:42:05 +00:00