Commit Graph

4072 Commits

Author SHA1 Message Date
dougb
93db1b2d6d Whitespace only, tabs -> spaces, per README 2004-09-29 03:33:45 +00:00
trhodes
2bf857d4fd Give users the ability to load a mac_bsdextended(4) ruleset on boot (defaults
to NO of course).  Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.

Discussed with:	rwatson (awhile ago)
2004-09-29 00:12:28 +00:00
dougb
2f4ac8072d Fix some of the more egregious problems with this file:
1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.

2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.

3. The topology configuration is not for the faint of heart, so
remove the commented example.

4. Tighten up some language a bit.

5. s/secondary/slave/

6. No need for the example about a bind-owned directory for slave zones.

7. Change domain.com to example.com in the example, per RFC 2606.

8. Update the path for slave zones in the example.
	- Thanks to Scot Hetzel <swhetzel@gmail.com>

There is more work to do here, but this is an improvement.
2004-09-28 21:22:09 +00:00
dougb
a0c7847c5b Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.
2004-09-28 09:46:00 +00:00
dougb
fc66d174a3 1. Add much finer granularity to the NO_BIND knobs with the addition of:
NO_BIND_DNSSEC, NO_BIND_ETC, NO_BIND_NAMED, and NO_BIND_UTILS.

2. Make creation of directories in /usr/include that are only needed
in the WITH_BIND_LIBS case conditional.

Reviewed by:	ru, des
2004-09-27 08:23:43 +00:00
dougb
d69dcb1c72 Remove the directories that are now only installed when the user
defines WITH_BIND_LIBS.
2004-09-27 08:18:43 +00:00
dougb
540aa4514b Hook the BIND.* files up to the build. 2004-09-27 08:17:51 +00:00
dougb
b3d66f17dc Seperate out the optional parts of the include tree that are
only built and installed when the user defines WITH_BIND_LIBS.
2004-09-27 08:16:29 +00:00
dougb
db8948d7c2 Add a file spec to create a chroot directory structure for
a BIND name server.

This file is not being used yet, but will be soon.
2004-09-27 08:15:34 +00:00
dougb
c08ff0b54f This file is about to get some optional bits, so line up the parts of
the FILES variable one line at a time.

This should be a whitespace change only.

Reviewed by:	ru
2004-09-27 07:00:44 +00:00
dougb
99cc98aa0b It's not necessary to create an rndc.key file if the user already
has an rndc.conf file.

Submitted by:	Sergey Mokryshev <mokr@mokr.net>
2004-09-26 07:01:56 +00:00
des
74080d4757 Create /etc/namedb/bind with owner / group bind and mode 0750. 2004-09-25 15:55:17 +00:00
dougb
45457fa40b Install the documentation for bind9, and remove the /usr/share/doc/bind
directory from mtree while we're at it.

Help, advice, and code from:	ru, des
2004-09-25 00:42:38 +00:00
dougb
fc1ae4d927 Fix two glitches that appear in the non-chroot case. First, if not
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.

Pointed out by:	Sean McNeil <sean@mcneil.com>
2004-09-24 23:49:38 +00:00
dougb
3cd959aedd For the default FreeBSD install, the file path actually is
/var/run/named/pid. This is done so that named can start
with -u bind and still dump a pid file in that directory,
which is chowned to user bind.
2004-09-24 22:47:10 +00:00
des
3fe60073ff It's named.pid, not named/pid.
Pointy hat to:	dougb@
2004-09-24 19:46:18 +00:00
des
8bda6a04d2 Reconnect namedb. While it may not be optimal, our old named.conf from
BIND 8 is quite usable for BIND 9.
2004-09-24 16:13:55 +00:00
cognet
883ad7e1a5 Add ttyu0 as a serial console, as we're using the uart(4) driver on arm. 2004-09-24 12:51:15 +00:00
keramida
909ffdebbf Fix a comment typo: s/neccessary/necessary/ 2004-09-24 11:04:27 +00:00
dougb
cdf79b2b37 Update to reflect BIND 9 in the base:
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.

2. named-xfer is not part of the BIND 9 world.

3. BIND 9 needs a /dev/random in the chroot directory if chrooted.

4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.

5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
2004-09-24 04:53:18 +00:00
dougb
4a53309170 Add a note to indicate that the path set in named_pidfile must
also be set in named.conf. Our default named.conf has this already.

Update the note for named_symlink_enable to indicate that ndc is gone.
2004-09-24 04:45:16 +00:00
des
138096672e Re-add namedb. I misunderstood what Doug said about using ISC's
layout: he meant for binaries, not configuration files.
2004-09-23 19:33:54 +00:00
jkoshy
e73862471d Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.

Submitted by:	keramida (script changes)
Reviewed by:	keramida (man page changes)
2004-09-23 02:00:52 +00:00
des
a4c12f8006 Switch from BIND 8 to BIND 9.
Submitted by:	(in part) dougb@, trhodes@
Reviewed by:	dougb@, trhodes@, re@
MFC after:	5 days
2004-09-21 19:01:48 +00:00
des
c93358b0a6 If $dumpdev is set to AUTO, use the first suitable swap partition listed
in /etc/fstab, or print an error message if no suitable device was found.

MFC after:	4 weeks
2004-09-20 17:48:45 +00:00
pjd
566c62aad2 Teach swap1 script how to remove added swap devices on system shutdown.
Without this change, if one had a swap-on-mirror configuration, gmirror
will rebuild mirror component(s) on boot, because they are dirty (they
were open on shutdown).
2004-09-17 17:58:19 +00:00
glebius
595e382626 Change tabs to whitespaces.
Noticed by:	ru
Pointy hat to:	glebius
2004-09-16 21:33:56 +00:00
glebius
1c47cb72bb Install netflow includes.
Approved by:	julian (mentor)
2004-09-16 20:42:03 +00:00
keramida
49dafca9da We don't have any providers of `beforenetlkm' in FreeBSD. Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
2004-09-16 17:04:20 +00:00
keramida
307d72bfbe Fix requirement of network' to NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
2004-09-16 17:03:12 +00:00
seanc
7580811af2 Bring back etc/rc.d/ntpdate as requested by scads of people. This isn't a
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES).  Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).

Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut.  At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).

Requested by:	many
2004-09-15 01:08:33 +00:00
seanc
fe1474f861 Stop using ntpdate(1) in our startup procedure. Replace ntpdate(1) with
calls to ntpd -g.  ntpd is noticeably slower than ntpdate, but is also more
accurate.  This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file).  By default, ntpd *will* sync with its listed time servers.  To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf.  If ntpd is not enabled (the default), then time is
not synced on startup.  ntpdate has been depreciated by the ntpd authors
for quite some time so this change shouldn't be unexpected.

Suggested by:	des
Approved by:	roberto (resident ntp guru)
2004-09-14 03:04:50 +00:00
seanc
dcf0d84fcd Stop using ntpdate(1) in our startup proceedure. Replace ntpdate(1) with
calls to ntpd -g.  ntpd is noticably slower than ntpdate, but is also more
accurate.  This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file).  By default, ntpd *will* sync with its listed time servers.  To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf.  If ntpd is not enabled (the default), then time is
not synced on startup.  ntpdate's use has been depreciated by the ntpd
authors for quite some time so this change shouldn't be unexpected.

Suggested by:	des
Approved by:	roberto (resident ntp guru)
2004-09-14 03:01:38 +00:00
mlaier
61e73d53e0 Bring in some examples (and create space for future work here):
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
  as share/examples is an opaque item there).

Obtained from:	OpenBSD
Reminded by:	Thomas T. Veldhouse
PR:		docs/71691
MFC after:	2 days
2004-09-14 01:07:19 +00:00
mlaier
0dd68a174a Update the passive OS fingerprint database from OpenBSD.
Obtained from:	lcamtuf.coredump.cx (via OpenBSD)
2004-09-14 00:30:14 +00:00
ru
12835c964a A power failure left the temporary /var/.diskless directory
on my system, and since then my /var was always created as
MFS which was very surprising.  Fix this for /tmp and /var.
2004-09-13 17:40:14 +00:00
wpaul
a2f7a53a34 Add device driver support for the VIA Networking Technologies
VT6122 gigabit ethernet chip and integrated 10/100/1000 copper PHY.
The vge driver has been added to GENERIC for i386, pc98 and amd64,
but not to sparc or ia64 since I don't have the ability to test
it there. The vge(4) driver supports VLANs, checksum offload and
jumbo frames.

Also added the lge(4) and nge(4) drivers to GENERIC for i386 and
pc98 since I was in the neighborhood. There's no reason to leave them
out anymore.
2004-09-10 20:57:46 +00:00
obrien
e4d8d65565 Restore NetBSD SCM ID.
Submitted by:	delphij@beastie.frontfree.net
2004-09-09 16:41:55 +00:00
glebius
97fb6113f0 Add axe(4) to ethernet-nic-regex.
PR:		conf/71410
Submitted by:	Andrew Thompson <thompsa AT thingy.tbd.co.nz>
Approved by:	julian (mentor)
MFC after:	3 days
2004-09-06 20:09:00 +00:00
alfred
ffce5199dd Hook autofs to the build. 2004-09-02 20:44:56 +00:00
brooks
77972e1ec2 When an USB keyboard is plugged in to a machine with a builtin keyboard,
cause the USB keyboard to take over from the builtin one.  This means my
laptop just works when I'm using it as a desktop.

Reviewed by:	imp
2004-09-01 00:08:15 +00:00
mlaier
07c612deee Don't rely on properly setup linker.hints to figure out that pflog is now
part of the pf module.
While here fix a comment that was c'n'ped from rc.d/pf

PR:		bin/71096 (partly)
Submitted by:	Ville-Pertti Keinonen
MFC after:	2 days
2004-08-31 14:23:51 +00:00
kensmith
0da56f8f1e Protect the command flags set in the rc.conf files in case they're
more than one word, adding some quotes.

Advice from:	mtm (my first attempt wasn't quite right)
Reviewed by:	mtm
MFC after:	3 days
2004-08-29 15:02:43 +00:00
tjr
73afa7d781 Add Basque (Spain) locales: eu_ES.ISO8859-1, eu_ES.ISO8859-15, eu_ES.UTF-8.
(This differs somewhat from the version originally submitted - any mistakes
are my own.)

PR:		68524
Submitted by:	J. Vicente Carrasco -Bixen-
2004-08-28 12:52:31 +00:00
yar
2032b765e7 Avoid double appearing of cloned interfaces in the output
from list_net_interfaces() when network_interfaces=auto.

Rationale: Since the auto case is special, the lesser evil
had to be chosen among not adding cloned interfaces to
_tmplist or removing duplicates from _tmplist after adding
cloned interfaces.  Since list_net_interfaces() must not use
/usr/bin tools, the former "evil" appeared clearer and much
more efficient.  (See the PR audit trail for discussion.)

PR:		conf/63700
Reviewed by:	brooks
MFC after:	5 days
2004-08-28 07:58:02 +00:00
yar
42e5c7d376 Fix a typo in a variable name. 2004-08-27 12:11:47 +00:00
ru
8b2104d07b share/examples/worm is dead. 2004-08-24 19:03:55 +00:00
des
aedf82c640 Always quote variables in tests, to ensure correct evaluation even when
they are empty or undefined.

MFC after:	3 days
2004-08-19 08:55:24 +00:00
thomas
78808e1a5d Skip entries for GBDE swap devices if they are commented out in /etc/fstab.
Reviewed by:	des
2004-08-18 21:54:40 +00:00
nectar
455e6a1652 Create temporary files safely.
Submitted by:	Jon Passki <cykyc@yahoo.com>
2004-08-16 16:37:06 +00:00