Commit Graph

22 Commits

Author SHA1 Message Date
John Polstra
f5491fc795 Security fix. Strip the encrypted passwords out of the "master.passwd"
diff output, and replace them with "(password)".  The diffs get
mailed to root, which in many cases is forwarded across the
Internet.  A patient sniffer could acquire the entire "master.passwd"
file by saving all the diffs.  With this fix, you still see that the
password changed, but you don't see the details.

Unless somebody talks me out of it, I am going to merge this into -2.2
in 48 hours.
1997-02-08 20:54:38 +00:00
Alexander Langer
b098da0842 If /etc/daily.local is present, run it just before the security check.
Closes PR#1822.

Submitted by:	John-Mark Gurney <jmg@nike.efn.org> (w/some changes)
1996-10-19 21:03:23 +00:00
Wolfram Schneider
c394ce8c64 disable `calendar -a'. it's a bad idea, particular
with networked home directories

submitted by: "Boyd R. Faulkner" <faulkner@asgard.bga.com> and
              GAWollman (long time ago)
1996-08-07 13:35:29 +00:00
Joerg Wunsch
3be34f8291 Add a few hints about the cleaning policy of /tmp, including an example
(commented out) for how to purge it regularly.
1996-06-22 13:05:20 +00:00
Paul Traina
602cb7a629 Eliminate warning message and add big warnings about security holes 1996-05-22 05:43:30 +00:00
Nate Williams
7bd7ca5023 Don't try running ruptime if /var/rwho doesn't exist. 1996-03-05 05:35:48 +00:00
Andrey A. Chernov
615773cb2b Restore broken accounting statistics:
1) It have nothing common to (new)syslog messages
2) acct.* rotating allowed only after "sa -s" run!
1996-01-06 22:19:37 +00:00
Thomas Graichen
7c1caee10f changed /etc/[daily,weekly,monthly] to not rotate the logfiles by
"hand", changed /etc/crontab to call /usr/sbin/newsyslog every hour
(the entry was there before - but we haven't had any newsyslog until
today :-) and changed /etc/inetd.conf to also contain (commentet out)
entries for rpc.rquotad and rpc.sprayd (taken from NetBSD)
1996-01-05 10:09:13 +00:00
Andrey A. Chernov
9b6002ae5a If no passwd.bak/group.bak/aliases.bak exists, put warning and make them,
commands failed in old case
Produce diffs on group and aliases too
1995-09-15 00:31:38 +00:00
Andrey A. Chernov
d55b3b5a2b Use proper PATH in front of monthly
Eliminate Subject duplication for insecure output
1995-05-27 01:31:40 +00:00
David Greenman
5b1ae1f88e Removed daily rm'ing of files in /tmp, /var/tmp, and /scratch. There is no
safe way to do this, and envites very unpleasant results. Removed fsck'ing
of all the disks on the system as it provides output that is almost always
meaningless and only envites bug reports.

Reviewed by:	Jordan Hubbard
1995-01-05 10:15:53 +00:00
Andreas Schulz
fb851cf86c Submitted by: Julian H. Stacey
Changed the echo to match correctly the intended code.
1994-11-20 23:34:51 +00:00
Joerg Wunsch
90c7a938ef daily:
Leave a warning to the sysop if (s)he didn't yet
	enable the /tmp cleanup code.
	Made `core' in the cleanup template look `*.core'.
	Replace `df -k' by `df -k -t local', since the stats
	for kernfs, procfs etc. are not of much interest, and
	the inclusion of nfs systems might  hang the machine (nor is it a
	`disk' statistic as the headline's telling).
weekly:
	Modified the locate.updatedb part to work even if there's no
	database yet; report errors other than `Permission denied' instead
	of silently ignoring all of them.
	Added functionality to rebuild the whatis database once a week.
1994-10-30 18:20:58 +00:00
Geoff Rehmet
aaa3c1f6ba Turn on purging of accounting records in /etc/daily.
(Now that we have sa)
1994-05-19 12:34:48 +00:00
Jordan K. Hubbard
bc5acff790 From: Heikki Suonsivu <hsu@clinet.fi>
FreeBSD release still nukes everything on scratch using a big-hammer
method, even if it is nfs-mounted (and, when it is, the expiration policy
may be different).  Daily script should by default do nothing to remote
filesystems?
1994-05-13 12:41:47 +00:00
Rodney W. Grimes
d17ea1898f Commented out the global clean up that searched all file systems and
added a note that you must decide what is appropriate for your system.

>From: borsburn@mcs.kent.edu (Bret Orsburn)
Date: Wed, 12 Jan 94 01:09:43 -0500
I've finally figured out (one of the reasons) why I can't run MS-Windows
after running FreeBSD 1.0...*sometimes*.

Here's your first clue. This is what your MS-Windows video drivers are called
if you run a Number 9 GXE video card:

    /dos/windows/system/#9gxetc.drv
    /dos/windows/system/#9gxe.drv
1994-01-12 06:23:30 +00:00
Rodney W. Grimes
a577a6588d Redirect standard error onto standard out when call /etc/security so
that the errors from /etc/security are in the mail message from
/etc/security and not the /etc/daily mail message.  Now just to fix
the bug in /etc/security
1993-10-25 06:10:42 +00:00
Rodney W. Grimes
1ff3a1e486 Change uusnap to uustat -a, since we do not have a uusnap installed (some
one did not finish porting uucp/contrib directory)
1993-10-13 16:26:03 +00:00
Rodney W. Grimes
c7e82fb0a5 Reenabled rotation of log files and killing of syslogd now that the
lockup problem is fixed.
1993-08-31 16:29:05 +00:00
Rodney W. Grimes
cd41d9bac8 Due to the bug with the console drivers and kill syslogd I have disabled that
in the daily and weekly scripts so that we don't get bug reports about
something we already know.  There are explanory comments in the files.
1993-08-09 15:18:02 +00:00
Rodney W. Grimes
fb7cd0676b Fixed daily so that it no longer does accounting since FreeBSD does not
yet have the accounting stuff in it.  Disabled ncheck search in security
due to missing ncheck.
1993-08-07 09:58:37 +00:00
Rodney W. Grimes
1bf9d5d951 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00