Commit Graph

3079 Commits

Author SHA1 Message Date
Crist J. Clark
2204f3ce42 Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by:	ru
Approved by:	ru
2001-12-07 23:57:39 +00:00
Robert Watson
67b86547da o Update rc.network to reflect the recent change of default in the
kernel TCP timer code: rather than checking for tcp_keepalive being
  set to "YES", check for "NO" and turn off keepalives if the variable
  is set in that manner.

o Note: eventually, it would make sense to remove this variable from
  rc.conf management, and instead rely on sysctl.conf.  In fact, this
  is probably true of a number of rc.conf variables whose sole aim
  is to drive the setting of sysctls at boot time.
2001-12-07 17:03:14 +00:00
Dag-Erling Smørgrav
9446518a9a Install pam.d files with mode 0644, not 0755. 2001-12-06 23:28:12 +00:00
Nick Sayer
284d8fda4d Add a commented-out defaultrouter entry for 6to4 users. See RFC-3068 2001-12-06 20:44:14 +00:00
Dag-Erling Smørgrav
c26c7886d1 Introduce the variable USE_PAM_D, which, if set, will cause pam.d to be
installed instead of pam.conf.  This is for testing; the conditionals will
be removed once we are confident that pam.d works as intended.

Sponsored by:	DARPA, NAI Labs
2001-12-06 13:18:32 +00:00
Dag-Erling Smørgrav
c5a332f021 Makefile for pam.d configuration files.
Sponsored by:	DARPA, NAI Labs
2001-12-06 13:16:47 +00:00
Crist J. Clark
68f1d5a354 Protect the '*' in pppoed_provider (the default) from metacharacter
expansion in the rc-scripts.

PR:		32552
Submitted by:	Gleb Smirnoff <glebius@rinet.ru>
Approved by:	ru
Obtained from:	ru
MFC after:	1 day
2001-12-06 09:34:44 +00:00
Dag-Erling Smørgrav
426ae370f4 Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
2001-12-05 21:26:00 +00:00
Dag-Erling Smørgrav
722b228aba Oops! Previous commit used tabs instead of spaces. 2001-12-05 21:11:24 +00:00
Dag-Erling Smørgrav
e878ebd0ce Add /etc/pam.d.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:10:01 +00:00
Dag-Erling Smørgrav
23c103b894 pam.d-style configuration, auto-generated from pam.conf.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:06:21 +00:00
Dag-Erling Smørgrav
2191f95faf Short README for /etc/pam.d, mostly extracted from the comments in pam.conf. 2001-12-05 20:59:38 +00:00
Dag-Erling Smørgrav
179281f9bf Perl script that splits pam.conf into separate files suitable for pam.d.
Sponsored by:	DARPA, NAI Labs
2001-12-05 20:58:39 +00:00
Dag-Erling Smørgrav
023fe50302 Bruce says the links are not needed. 2001-12-05 08:50:51 +00:00
Dag-Erling Smørgrav
738859d47e Call the ATAPI tape devices "ast" and "nast", not "rast" and "nrast". Add
backward compatibility symlinks for good measure.
DEVFS already gets this right (except for the symlinks).

PR:		24781
Submitted by:	Christian Weisgerber <naddy@mips.inka.de>
MFC after:	3 days
2001-12-04 00:48:21 +00:00
Dag-Erling Smørgrav
b29a303db7 Create {ad,da,...}s1[a-h].
PR:		19849
Submitted by:	Udo Erdelhoff <ue@nathan.ruhr.de>
MFC after:	3 days
2001-12-04 00:40:38 +00:00
Crist J. Clark
cb46a4618b The named.conf file should refer to named.conf(5) in addition to
named(8) in the comments.

PR:		32459
Submitted by:	"Gary W. Swearingen" <swear@blarg.net>
MFC after:	2 days
2001-12-03 08:05:52 +00:00
David E. O'Brien
ec0f8380d3 Use tabs where possible. 2001-12-01 17:14:34 +00:00
Ruslan Ermilov
fa55add21e GC cvs-1.8.1 import left-overs. 2001-11-28 09:31:56 +00:00
Ruslan Ermilov
9e5b5675b4 Whitespace police.
Submitted by:	cjc, ru
2001-11-28 08:52:35 +00:00
Mike Silbersack
b5c013b6b9 Make sure the security check output includes a To: line in the
same way the daily run output does.
2001-11-28 04:07:03 +00:00
Andrey A. Chernov
414f6d3373 Add hi_IN.ISCII-DEV 2001-11-27 23:24:41 +00:00
Mike Smith
0c8e9b248f Support the 'ciss' device node.
MFC after:	1 week
2001-11-27 23:12:00 +00:00
Robert Watson
0a79e75e5f Remeber to set the permissions on an md-backed /tmp to 01777, rather than
using the default of 0755.
2001-11-27 22:12:27 +00:00
Sheldon Hearn
a86d84351b Catch two extraneous calls to expr(1) that slipped past rev 1.311. 2001-11-27 11:57:47 +00:00
Mike Silbersack
4aa8b109d5 Have security add a To: root@host line; the lack of a To: line is causing
spambouncer to think my security logs are spam.
2001-11-27 01:06:57 +00:00
Maxim Sobolev
0102b6496c Add entries for GDM (GNOME Display Manager).
MFC after:	3 days
2001-11-26 16:55:40 +00:00
Sheldon Hearn
1699365d1a Style clean-up.
Submitted by:	bde
2001-11-25 12:49:32 +00:00
Dima Dorfman
a48060a2f7 Spelling police: sucessful -> successful. 2001-11-24 23:41:32 +00:00
Darren Reed
2129325c09 second part of the patches to complete ipf changes to rc
PR:		multiple
Submitted by:	Arjan de Vet <devet@devet.org>
2001-11-24 15:36:30 +00:00
Darren Reed
c05c122c97 Resolve all the ipfilter startup issues in rc.network with one big patch
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).

PR:		multiple
Submitted by:	Arjan de Vet <devet@devet.org>
Reviewed by:	Giorgos Keramidas <keramida@FreeBSD.org>
2001-11-24 13:48:30 +00:00
Andrey A. Chernov
7ae1b94443 Sync with main 2001-11-22 21:43:43 +00:00
Andrey A. Chernov
56769e5c9b Copy from main termcap 2001-11-22 21:05:57 +00:00
Andrey A. Chernov
6fd6331408 Merge with main variant 2001-11-22 19:39:36 +00:00
Warner Losh
2548a00710 Add Toshiba wireless LAN card
Submitted by: "Mark Sergeant" <msergeant@snsonline.net>
2001-11-21 06:24:44 +00:00
David E. O'Brien
52abff170d 'ircd' is a better service name. Also note '6667' is unoffical
Submitted by:	knu (name change)
2001-11-20 19:52:28 +00:00
David E. O'Brien
8d8c22c7ed There is already an 'irc' service at port 194. However my experience is that
1667 is what is really used.  So name port 1667 'irc-client'.
2001-11-20 19:00:12 +00:00
David E. O'Brien
a0595b2a5c Add IRC 2001-11-20 18:01:10 +00:00
Sheldon Hearn
52055837ae Avoid unnecessary calls to expr(1) by using standard shell arithmetic
expansion instead.

MFC after:	1 week
2001-11-20 17:56:34 +00:00
Sheldon Hearn
ba0d15f2d7 Introduce new shell functions hexdigit, hexprint and zeropad.
Use these new functions instead of printf(1), which is scheduled for
removal as a shell builtin command, and which will not be available as a
standalone utility if MAKEDEV is run prior to mounting /usr.

Requested by:	knu
2001-11-20 17:24:35 +00:00
Brian Somers
6eb9bd2d1f Handle wtmp.0 being compressed
PR:		32113
Submitted by:	Yar Tikhiy <yar@comp.chem.msu.su>
MFC after:	1 week
2001-11-20 15:01:24 +00:00
Hajimu UMEMOTO
12b3cd1783 The rtsol must be done before the alias processing.
PR:		conf/31366
Submitted by:	gshapiro
MFC after:	1 week
2001-11-20 12:51:12 +00:00
Gregory Neil Shapiro
c8e968571f Since buildworld builds cf files specified in SENDMAIL_ADDITIONAL_MC,
installworld should install them.

PR:		29928
Submitted by:	wollman
MFC after:	3 days
2001-11-20 03:41:05 +00:00
Gregory Neil Shapiro
74cc11c2df Handle the sendmail_outbound_enable knob in the start target.
PR:		32033
MFC after:	3 days
2001-11-20 03:31:54 +00:00
Sheldon Hearn
b695d548a3 Use shell functions for printing hex instead of printf(1) so that
printf(1) can be dropped from the system shell as a shell builtin.
2001-11-19 11:41:51 +00:00
Ruslan Ermilov
633621512e Apply README style guidelines (this time checked). 2001-11-19 10:10:27 +00:00
Warner Losh
84f453281c Avaya Wireless PCCARD
Submitted by: Ants Aader <ants@kernel.ee>
2001-11-19 01:51:40 +00:00
Warner Losh
3033a4df0e Add Xircom wireless card from pir@pir.net 2001-11-18 06:01:09 +00:00
Ian Dowse
2e40803106 Add support for making the Coda /dev/cfsN devices.
PR:		conf/22695
Submitted by:	Kenneth Ingham <ingham@i-pi.com>
2001-11-18 00:20:08 +00:00
Gregory Neil Shapiro
ca8b9ed373 Add two new accounts/groups for sendmail:
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID).  This new user/group will be used for command line
submissions.  UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid.  If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1.  Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull.  UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after:	1 week
2001-11-17 21:24:45 +00:00
Guido van Rooij
42ea95e63e Change mode for var/db/ipf to 0700 2001-11-17 12:21:29 +00:00
Warner Losh
d1b4e2cca1 GVC 10Mbps Ethernet Card
PR:		30329
Submitted by:	David Xu <davidx@viasoft.com.cn>
2001-11-15 05:54:25 +00:00
Warner Losh
90626c5dd4 Add Compaq WL110 PC Card to the list.
PR:		31023
Submitted by:	wilko
2001-11-15 05:49:18 +00:00
Crist J. Clark
6d852b5bdb After further discussion on -CURRENT, some people (jhb) do not like
the idea of not masking passwords on comments in case the
administrator comments out an entry without clearing the
password. Instead completely ignore comments (since they have no
security impact) when doing the diff of the old and new passwd file.

Suggested by:	rwatson
2001-11-14 09:30:01 +00:00
Sheldon Hearn
ce76d9c108 Avoid unnecessary calls to expr(1) by using standard shell arithmetic
expansion instead.
2001-11-14 06:35:43 +00:00
Makoto Matsushita
3e7b2f7461 sysinstall complains about creating acd0t* devices while all dists are
extracted and recreating device files.

Without this, you'll see following messages when 'MAKEDEV all':
	[:  : out of range
	[:  : out of range
	acd0t is invalid -- can't have more than 32 devices or 169 tracks

Reported by: David Syphers <dsyphers@uchicago.edu> (at current@FreeBSD.org)
2001-11-13 18:07:14 +00:00
Crist J. Clark
c2f9738fda No need to hide stuff in the $FreeBSD$ tag or in other comments like,
Backup passwd and group files:
  1c1
  < # $FreeBSD:(password):09:07 peter Exp $
  ---
  > # $FreeBSD:(password):27:16 ache Exp $

MFC after:	1 week
2001-11-11 07:15:19 +00:00
Mark Murray
92678c2908 Make rsh(d) more secure (Hah!) by not defaulting PAM to promiscuously
accepting connections.

Add KDE entries.

Committed From:	BSDConEU Terminal Room
2001-11-10 14:23:07 +00:00
Garrett Wollman
e7df26079b Add share/zoneinfo/North_Dakota in preparation for tzdata update. 2001-11-09 18:58:07 +00:00
Bill Fenner
85c9d676b5 Update the nsswitch.conf -> host.conf generator to handle criteria,
continuation lines, extra whitespace, and to use the last matching
 line in the file.  This syncs the host.conf generation with how
 the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
 happens on every boot.
2001-11-07 00:33:56 +00:00
Andrey A. Chernov
4e0f37c806 Add bg_BG.CP1251
PR:		25472
Submitted by:	Peter Pentchev <roam@ringlet.net>
2001-11-05 06:49:44 +00:00
Crist J. Clark
7cd99d0ae0 Fix a bug I introduced yesterday. People who built world since the
previous commit yesterday may wish to check /var/run for junk.
2001-11-02 22:00:17 +00:00
Crist J. Clark
7558c91f77 Add a directory in /var/run to store ppp(8) command sockets.
PR:		bin/29966
Approved by:	brian
MFC after:	4
2001-11-01 23:44:12 +00:00
Dag-Erling Smørgrav
bd0a2a3f93 Modify the way host.conf and nsswitch.conf are treated at boot time:
- if nsswitch.conf exists, host.conf is auto-generated for compatibility
   with legacy applications and libraries.

 - if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
   generated as usual.
2001-11-01 12:39:01 +00:00
Jeroen Ruigrok van der Werven
03b7b65a08 Explain that /var/log/all.log needs to be touched and chmod'd 'ere it
can be used.

PR:		17022
Submitted by:	Niels Christian Bank-Pedersen <ncbp@bank-pedersen.dk>
MFC after:	1 week
2001-10-28 13:41:30 +00:00
Robert Watson
3005fded4a o Spelling error s/suffient/sufficient/
PR:		31524
Submitted by:	Dan Langille <dan@freebsddiary.org>
2001-10-27 03:14:37 +00:00
Andrey A. Chernov
bdd263de3f Remove /var/spool/uucp subtree, not needed for 'cu' 2001-10-26 09:40:28 +00:00
Andrey A. Chernov
5a5f6965ba The same unbreakage (0755 -> 0775) for /var/games and subdirs 2001-10-25 23:18:41 +00:00
Andrey A. Chernov
3ea034b005 Fix /var/mail, /var/rwho and /var/spool/lock back to 0775
Not sure about other dirs with the same damage (0755) by recent commit.
2001-10-25 23:13:11 +00:00
Ruslan Ermilov
6df68c6102 Style these once again. 2001-10-25 12:16:51 +00:00
Ruslan Ermilov
9261e27a5b Finish the removal of uucp scripts.
Forgotten by:	kris
2001-10-25 11:27:55 +00:00
Andrey A. Chernov
92277380c8 Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by:	arch discussion from Oct 20
MFC after:	3 days
2001-10-25 03:27:16 +00:00
David E. O'Brien
b1f2952a35 Chroot to /tftpboot for tftp.
Reviewed by:	mdodd, peter
2001-10-22 01:46:53 +00:00
Darren Reed
f645349388 Do an ipf -y after bringing up ppp to ensure rules which mention ppp get
matched.  Moification on PR to handle ipnat not being dependant on
ipfilter_enable

PR:	22859
2001-10-20 04:46:32 +00:00
Darren Reed
9645656d2c Allow ipnat_enable to be set to "yes" without requiring ipfiltre_enable to
be set to "yes"

PR:		25223
2001-10-20 04:41:47 +00:00
Darren Reed
7b60aacc90 Create /var/db/ipf
PR:		27070
2001-10-20 04:33:12 +00:00
Darren Reed
639e6db6e7 Put in place for using ipfs use on shutdown and startup.
PR:		27070
2001-10-20 04:33:02 +00:00
Darren Reed
45e22a3d1c Add the ipfilter directory in share/examples
PR:		26763
2001-10-20 04:18:41 +00:00
Doug Barton
74e07b9e48 Handle the lack of nfs server or client support in the kernel by
kldload'ing the appropriate modules before enabling the service.
2001-10-19 06:50:52 +00:00
Alfred Perlstein
a1580c53a7 Update to note that rpc.statd and rpc.lockd are now needed for
client side NFS mounts.

Stumbled upon by: rwatson
2001-10-18 19:37:57 +00:00
Sheldon Hearn
19aa5cdc3d Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
2001-10-18 16:53:20 +00:00
Sheldon Hearn
99225c5d10 Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
2001-10-18 16:41:58 +00:00
Brian S. Dean
cd218bbaed Ensure that /var/log/lastlog exists so that login doesn't complain.
Submitted by:	Harti Brandt <brandt@fokus.gmd.de>
MFC after:	2 weeks
2001-10-17 14:30:19 +00:00
Andrey A. Chernov
913b0e4e95 Add www:www (80:80) for upcoming Apache changes 2001-10-17 13:21:53 +00:00
John Baldwin
19d1491b60 Remove references to nfsiod and nfs_client_flags now that they are
obsolete.

Submitted by:	Gordon Tetlow <gordont@gnf.org>
2001-10-10 20:36:51 +00:00
Archie Cobbs
f3ca697239 Update reference URL.
MFC after:	3 days
2001-10-10 18:34:28 +00:00
David E. O'Brien
260a117141 Fix tabbing damage in last commit. 2001-10-10 17:26:27 +00:00
Doug Barton
f8bb49cd4f Follow existing style a little better 2001-10-10 04:25:44 +00:00
Dag-Erling Smørgrav
4f18601a76 Add a dumpdir variable that determines where savecore stores crash dumps.
I've had this on my development box for ages...
2001-10-09 18:40:00 +00:00
Gregory Neil Shapiro
741741c2ae Do not clobber users hostname.mc file if freebsd.mc changes (likely after an
installworld).

Submitted by:	Steve Watt <steve@Watt.COM>
MFC after:	2 days
2001-10-08 22:35:24 +00:00
Doug Rabson
c99cf22fab Add /etc files for ia64. 2001-10-06 12:55:50 +00:00
Sheldon Hearn
1e58a712d9 Quote the value of pccard_ether_delay, the only unquoted value in the
entire file.
2001-10-05 09:01:42 +00:00
Hajimu UMEMOTO
861defc8e9 We don't ship pim6dd/pim6sd any more.
MFC after:	1 week
2001-10-03 16:15:59 +00:00
Jordan K. Hubbard
803d3eb188 Add commented-out/prototype entries for samba's swat configuration tool.
Requested by:	"William Wong" <willwong@samurai.com>
MFC after:	1 week
2001-10-03 05:30:56 +00:00
Ruslan Ermilov
c88bd8a742 Sigh, fix the unfixed typo: s/-l/-L/. 2001-10-02 12:00:39 +00:00
Akinori MUSHA
73a9c61338 Fix a typo: s/-or/-o/. 2001-10-02 11:50:14 +00:00
David E. O'Brien
db27ecf570 Add ()'s around the warning message when skipping a startup script.
Also don't give the whole path, just the script name.

Submitted by:	des
Requested by:	jhb
2001-10-01 22:52:32 +00:00
David E. O'Brien
488289d40d Tweak the Skipping ${script} logic to also handle symlinks.
Also echo with "-n".
2001-10-01 21:30:27 +00:00
Mark Murray
9858c058b9 Remove (commented out) use of pam_ssh where it won't work. 2001-10-01 17:05:32 +00:00
Kris Kennaway
a06da08de5 Move the uucpd entry down a bit to live with other optional services
and correct the path to /usr/local as an example.

Submitted by:	ru
2001-10-01 09:16:42 +00:00