Commit Graph

275 Commits

Author SHA1 Message Date
Robert Watson
0ec9497e58 Clean up logging of security information a bit:
o Introduce /var/log/authentication.log, which will be the target for
  auth.info and authpriv.info by default.  Rotate on the same schedule
  as most other logs.  Create at installation.

o Remove logging of auth.info from /var/log/security.log, which will
  return to being only for security feature subsystems (such as ipfw,
  and so on).

This creates a special authentication log, which can now be searched
by scripts for authentication events.
2002-03-11 19:26:29 +00:00
Hajimu UMEMOTO
9785aaf1b3 Install PROTO.localhost-v6.rev. Umm, it seems namedb/Makefile
is not used.
2002-02-06 04:57:25 +00:00
Crist J. Clark
76f10508d4 Put a complete set of pppd(8) sample configuration files in
/usr/share/examples/pppd.

Update pppd(8) documentation to reflect this, usr.sbin/pppd/pppd.8.

Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.

Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.

The files from etc/ppp, ppp.shells.sample and ppp.deny, were moved
with a repo copy. Note it in the logs with a forced commit to these
two.

Submitted by:	Maxim Konovalov <maxim@macomnet.ru> provided the new samples.
2002-01-29 00:23:35 +00:00
Dag-Erling Smørgrav
a5f5cfdaf2 Everybody (for suitable values of "everybody") seems to think pam.conf should
be removed outright.

Sponsored by:	DARPA, NAI Labs
2002-01-14 17:15:53 +00:00
Dag-Erling Smørgrav
56ad504867 Re-add pam.conf so it will get installed so people who don't know about
pam.d will find out about it by reading pam.conf.

Sponsored by:	DARPA, NAI Labs
2002-01-14 16:30:22 +00:00
Dag-Erling Smørgrav
0703287104 Switch over to /etc/pam.d/.
Sponsored by:	DARPA / NAI Labs
2002-01-12 14:03:12 +00:00
Alexey Zelkin
688a6139bd Correctly handle cases of deprecated locales which are supposed
to have backward compatibility symbolic links.

This code should check existence of deprecated locales and
fix them using following scheme:

. if new locale directory exisists and is a symlink -- remove it
. if old locale directory exists and not a symlink -- rename it to
  its new name

This should allow to mtree(1) and existing locale aliases make(1)
rules to setup locale dirs correctly (avoid self-referenced symlinks)

BTW, this commit brings in backward compatibility support for ru_SU
locales (aliased to appropriate ru_RU ones).
2002-01-08 13:42:52 +00:00
Sheldon Hearn
b50e990dde Install nsmb.conf with mode 0600, since it may be modified to include
passwords for remote shares.

Reported by:	Andre Albsmeier <andre@albsmeier.net>
2002-01-04 13:02:51 +00:00
Alexey Zelkin
0388ec7cac Back out recent replacement of LC_MESSAGES file with directory.
Requested by:   ache
2001-12-24 11:49:49 +00:00
Alexey Zelkin
709eed76bd Slightly re-work locale messages storage scheme. Before this commit
LC_MESSAGES related data was installed to <locale>/LC_MESSAGES file.
Now it go to <locale>/LC_MESSAGES/SYS_LC_MESSAGES file. LC_MESSAGES
directory is supposed to be storage of message catalogs of userland tools.
This should allow us to avoid many potential problems with future
libintl related functionality introduction.

Thanks for useful suggestions about correct way how to replace plain
files with directories at installworld stage to: Ruslan Ermilov <ru>
2001-12-21 13:14:02 +00:00
Sheldon Hearn
85519b003a Add bmake glue for src/contrib/smbfs and connect userland smbfs
support to the build.

The MFC reminder below is subject to <re@FreeBSD.org> approval
prior to 4.5-RELEASE.

Reviewed by:	bp, fjoe
MFC:	1 week
2001-12-14 11:41:22 +00:00
Crist J. Clark
2204f3ce42 Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by:	ru
Approved by:	ru
2001-12-07 23:57:39 +00:00
Dag-Erling Smørgrav
c26c7886d1 Introduce the variable USE_PAM_D, which, if set, will cause pam.d to be
installed instead of pam.conf.  This is for testing; the conditionals will
be removed once we are confident that pam.d works as intended.

Sponsored by:	DARPA, NAI Labs
2001-12-06 13:18:32 +00:00
Kris Kennaway
7080a34335 UUCP removal Phase III. 2001-10-01 06:27:44 +00:00
Jonathan Lemon
7032f49f4d Change permissions for initial install of maillog file to 640. (from 644)
Pointed out by: rwatson
2001-09-17 02:04:20 +00:00
Brian Somers
32706fb26f Allow group network to read ppp.log & slip.log.
Suggested by: Jesper Skriver <jesper@FreeBSD.org>
2001-09-03 11:35:17 +00:00
Alexander Langer
d33a962d07 Move /etc/defaults/make.conf to /usr/share/examples/etc/make.conf as
discussed on the arch@ mailinglist (after repo-copy).

sys.mk will .error if it finds /etc/defaults/make.conf but include
it anyways (this is the same behaviour as with the make.conf.local
removal).

/usr/share/examples/etc/make.conf has BDEFLAGS commented out now,
since it's only an example file.

Adjust all textes that talk about make.conf or defaults/make.conf to
match the new situation.
2001-08-30 22:44:51 +00:00
Alexander Langer
466df28c52 chown syntax is user:group now. 2001-08-29 19:59:30 +00:00
Brian Somers
15ed67d861 Remove diskcheckd.conf 2001-08-29 04:03:41 +00:00
Andrey A. Chernov
e01dfc9c69 Add/install /etc/opieaccess skeleton
Approved by:	markm
2001-08-14 23:38:31 +00:00
Poul-Henning Kamp
88627d6b19 Remember to install diskcheckd.conf 2001-06-13 16:39:23 +00:00
Andrey A. Chernov
f3573821ba Deal properly with *.US-ASCII family 2001-06-10 18:44:01 +00:00
Andrey A. Chernov
5d392cddf6 Fix Latin1 man directories for new locale names 2001-06-10 16:36:09 +00:00
Andrey A. Chernov
b5ebdd9c03 New locale names and aliases to old ones 2001-06-10 13:02:52 +00:00
Hajimu UMEMOTO
9a75ebb245 Remove configuration file for pim6[ds]d.
Submitted by:	sumikawa
2001-06-04 14:53:52 +00:00
Ruslan Ermilov
f3bb47cca0 Add NO_I4B to avoid building/installing isdn4bsd package.
Prompted by:	Alexandr Listopad <laa@laa.zp.ua>
MFC after:	3 days
2001-05-23 13:32:32 +00:00
Maxim Sobolev
1dd8bcf144 o Install sysctl.conf with all other *.conf files;
o put a note into sysctl.conf describing vfs.vmiodirenable knob.

OK'ed by:	alfred
2001-04-19 13:47:53 +00:00
Jeroen Ruigrok van der Werven
d8edf8110a Change NO_MAKEDEV to a finer granularity method:
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN.  The former implying the latter.
The names imply what they do.  The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV.  This should satisfy both parties on the MAKEDEV
challenge.
2001-03-29 14:03:07 +00:00
Brian Feldman
df99bf760c At least install primes to the right place, for now. I suppose.
Reminded by:	everyone
2001-03-27 03:58:12 +00:00
Brian Feldman
b8edd5f97d Install /etc/primes. 2001-03-24 00:33:05 +00:00
Alfred Perlstein
8360efbd6c Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
Dag-Erling Smørgrav
62f0b82715 Don't install MAKEDEV or MAKEDEV.local if NO_MAKEDEV is set.
PR:		25596
Submitted by:	Jonathan Perkin <sketchy@bsdcode.net>
2001-03-13 03:05:42 +00:00
Gregory Neil Shapiro
193f471d33 Don't build/install sendmail related items if NO_SENDMAIL is set.
Submitted by:	ru
2001-03-01 03:51:18 +00:00
Gregory Neil Shapiro
e4e1027a2e Move creation of the sendmail statistics file from the usr.sbin/sendmail
Makefile to the etc/sendmail Makefile to be consistent with all of the
other /var file creations.  In doing so, change the Makefile target from
etc-sendmail.cf to distribution as it installs more than just the sendmail.cf.
2001-02-22 03:55:08 +00:00
Ruslan Ermilov
54ecfa0813 Create directory infrastructure required to format, display
and store preformatted /usr/share/man manual pages in 8-bit
iso-8859-1 charset for all *_*.ISO_8859-1 locales.

Requested by:	des
Input from:	ache
2001-02-19 13:08:14 +00:00
John Baldwin
dbbd9a3121 Move the syscons configuration to a machine independent rc.syscons. The
syscons sh code was identical on both platforms except for whitespace
differences.
2001-01-09 22:28:17 +00:00
Hajimu UMEMOTO
24fdf62c36 install rc.firewall6. 2000-10-30 07:12:21 +00:00
Doug Barton
9fc9ecb643 Finish the job of conditionalizing UUCP by preventing files in /etc/uucp
from being installed, and make rmail conditional on neither of
NO_SENDMAIL and NOUUCP.

PR:		bin/21321
Submitted by:	Me
2000-10-29 06:57:59 +00:00
Andrey A. Chernov
a938a1fcf8 Add/use MTREE_FOLLOWS_SYMLINKS make.conf option
This is part of whole subsystem fixing

Reviewed by:	imp
2000-09-15 08:07:05 +00:00
Jacques Vidrine
248aee623c Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
  functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
    . getgrent, getgrnam, getgrgid
    . getpwent, getpwnam, getpwuid
    . getusershell
    . getaddrinfo
    . gethostbyname, gethostbyname2, gethostbyaddr
    . getnetbyname, getnetbyaddr
    . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc.  rc.network has been modified
  to warn that host.conf is no longer used at boot time.  In addition, if
  there is a host.conf but no nsswitch.conf, the latter is created at boot
  time from the former.

Obtained from:	NetBSD
2000-09-06 18:16:48 +00:00
Satoshi Asami
b7823d1fde Add BSD.x11-4.dist to list of mtree files to install (d'oh!).
Submitted by:	Nathan Ahlstrom <nrahlstr@winternet.com>
2000-08-28 20:22:25 +00:00
Kris Kennaway
11447e2ce6 Install /var/crash/minfree mode 644 instead of 664 - group wheel shouldn't
have special write permissions to things.
2000-08-15 09:42:12 +00:00
Gregory Neil Shapiro
4bcefa9655 Upon installation, create a symbolic link for /etc/aliases pointing to
/etc/mail/aliases.  This should both help users as well as other MTAs which
still use a default aliases path of /etc/aliases.
2000-08-14 02:49:39 +00:00
Gregory Neil Shapiro
2216e2a2cd Complete migration of aliases file to /etc/mail/aliases.
The maintainers of share/examples/diskless/README.TEMPLATING and mergemaster
have been contacted so those may be updated as well.
2000-08-13 18:38:58 +00:00
Gregory Neil Shapiro
85aeb700f5 Add alaises as another file to install into /etc/mail/.
Rename the variable from NOSPAM to ETCMAIL as the list of files actually
only contains one antispam related file.
2000-08-13 09:01:12 +00:00
Marcel Moolenaar
11017a687b Backout addition of -L switch to mtree. Using -L breaks the
build process in too many cases. Adding mtree to bootstrap-tools
to solve this breaks the upgrade path because mtree needs a
libc that has strtofflags and fflagstostr.
2000-07-23 16:33:00 +00:00
Andrey A. Chernov
106beffea3 Add -L to mtree calls since defaults changed back 2000-07-16 07:58:25 +00:00
Peter Wemm
4944b91311 Change various log file modes from mode 664 to 644. Allowing group
wheel to trash logfiles is not exactly good security policy.  There have
been several gid wheel holes in ports.  Various other files were changed
as well (eg: the locate database were set to more restrictive modes (444)
by their generation scripts) so this should be safe for them.  utmp and
wtmp are mode 644 already on all the systems we checked.

Submitted by:  jkb
Reviewed by:   kris
2000-07-14 01:12:50 +00:00
Mark Murray
0c6094e49b Follow-up commit to today's gnu/usr.bin/perl commit; serial number
brought inline with Perl standards.
2000-07-02 15:55:25 +00:00
Mark Murray
39919d580b Version number and directory changes for Perl 5.006. 2000-06-25 14:58:57 +00:00