Commit Graph

82 Commits

Author SHA1 Message Date
jdolecek
8e401e6c31 add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
2005-02-05 15:26:37 +00:00
jwise
5b40cd9b6b With the recent fixes to cpp(1) and calendar(1), it is now safe to turn
on run_calendar by default.  Include a note advising users who replace
/usr/bin/cpp with a non-basesrc version to turn this off.
2004-11-30 02:03:57 +00:00
dsainty
3507ec273f Comment typos: unecessary->unnecessary, accidentaly->accidentally 2004-10-09 02:18:48 +00:00
erh
7da8bb106d PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.
2004-09-28 15:03:58 +00:00
atatat
89fc8be761 Change the default settings for sendmail.
(1) The stock sendmail.cf will only listen on the loopback interface.
(2) The stock submit.cf specifally connects to "localhost." which
    should be less susceptible to being confused or looking confused.
(3) The smtp listener starts by default, if needed.  The setting in
    /etc/default/rc.conf is still "no", but rc.d/sendmail detects the
    default setting and will change it to yes if need is determined.

Need is defined as "nothing else seems to have been changed about the
mail configuration but we'd like locally originated and locally
destined mail to be delivered".  If you change, eg, mailer.conf to
point to postfix or some other MTA, sendmail will not start.
2004-07-15 03:47:18 +00:00
atatat
5f89bdd921 Make the directory into which crash dumps are saved into something
that can be controlled via rc.conf.  The default is, of course,
/var/crash.
2004-07-15 03:29:55 +00:00
martin
81b4ff7c8b PR bin/26142: add defaults for $pf and $pflogd. 2004-07-04 13:59:34 +00:00
abs
050f98e610 Add quota=YES and ldconfig=YES 2004-06-03 16:30:44 +00:00
lukem
ee04d88971 Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.
2004-05-16 09:53:09 +00:00
dbj
1195d38f2f add support for turning off fixsb in rc.conf
default is fixsb=YES
2004-04-18 03:49:43 +00:00
mrg
f79db8d04e move ipmon's "-D" argument from "command_args" to "ipmon_flags" so that
passing an (optional) filename argument (that must come last) works fine
from $ipmon_flags.  from PR#25006.
2004-04-04 13:59:36 +00:00
jonb
c384cda06a Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.
2004-02-18 17:36:34 +00:00
christos
2a8f4efd20 add line for standalone identd invocation. 2004-01-31 21:49:52 +00:00
blymn
af8c26254d Add veriexec to defaults. 2004-01-14 06:54:48 +00:00
uebayasi
79ca61d5d8 Define an rcvar "virecover" so that this can be configurable. The default
is YES.
2004-01-11 14:21:43 +00:00
martin
448491ee86 Add a new /etc/rc.conf option: rtclocaltime=YES adapts the RTC offset
at boot automatically, so a machine dual booting another OS that uses
the RTC at localtime and NetBSD agree on the current time even if daylight
saving started/ended (without recompiling a kernel twice per year).
Awk code by Matt Thomas.
2003-12-27 00:23:22 +00:00
perry
08f64583cc add show_remote_fs
Triggers showing nfs mounted file systems in the nightly report.
2003-12-08 01:14:08 +00:00
perry
f9f0805e4c add full_netstat=NO 2003-12-07 22:17:54 +00:00
jhawk
4828bcfb5b check_homes_permit_usergroups=NO 2003-11-18 03:21:40 +00:00
christos
b5aee30a01 set fsck_flags=-p in /etc/defaults/rc.conf instead of checking if it is
empty in /etc/rc.d/fsck. From Bernd Ernesti.
2003-10-20 15:02:15 +00:00
christos
f32195ffa6 turn off calendar -a by default and mention why. 2003-09-30 00:23:23 +00:00
wiz
ea949da1c7 Add a knob to turn off automatic configuration (via rc.d) of
non-auto-configured (via kernel) raid devices. oster says ok.
2003-09-10 14:50:19 +00:00
thorpej
7fcb5daedb Add defaults for powerd(8). 2003-04-18 05:21:20 +00:00
atatat
4beb2262be Capitalize the word "if". 2003-04-02 18:17:27 +00:00
atatat
d47616429d Expand the sendmail settings section (from two to five) and elaborate
(in brief) on what it's all about.
2003-03-24 15:20:36 +00:00
wiz
4f30393de2 Allow ccd autoconfiguration to be turned off (by setting ccd=NO in
/etc/rc.conf; default is YES.)
Suggested by elric, ok'ed by lukem.
2003-03-19 08:54:00 +00:00
wiz
4c74ff3fdd Allow cgd configuration to be skipped (by setting cgd=NO, defaults to YES).
Closes my PR/20766.  Based on a suggestion by lukem.
2003-03-19 06:06:47 +00:00
lukem
b307261961 clarify that lkm needs /usr 2003-03-10 18:21:00 +00:00
jhawk
1d79603c81 Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.

Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:47:51 +00:00
jhawk
3b390ffb5f Suppress emailing the daily security report if it is empty, unless
send_empty_security=YES. Implements change-request PR security/17249
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:35:46 +00:00
jhawk
687107d3c0 Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set.
Apparently mtree -L is imperfect, but it is far better than the lack thereof
if symlinks are involved reaching files mtree verifies.
2003-02-13 02:42:06 +00:00
jhawk
1a4c8c0295 Add some flexibility to /etc/security, by way of security.conf options:
check_passwd_nowarn_shells	Don't warn about these non-/etc/shells shells
  check_passwd_nowarn_users	Don't warn about these users
  check_passwd_permit_star	Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
  /usr/libexec/uucp/uucico, so that it will not warn about the default
  master.passwd.
The rationale here is that an administrator who chooses to permit these
  warnable conditions should not be warned about them day after day, yet
  should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
  entries for Kerberos or ssh logins, despite the fact that we permit
  "*ssh" (etc.) for this purpose (legacy).
2003-02-13 01:55:10 +00:00
kent
ba5fd9b3f8 /etc/rc.d/mixerctl: Add capability to save and restore mixer settings.
Thanks to Julio Merino.
2002-10-12 11:29:28 +00:00
takemura
b8ce6e8201 Added touch panel calibration utility. 2002-08-27 14:12:09 +00:00
thorpej
afbf483286 Add a wdogctl startup/shutdown script. 2002-07-30 05:58:42 +00:00
christos
e2eb1d43c0 add a line about wsmoused commented out. 2002-06-27 15:10:32 +00:00
lukem
56dc20a9f6 ntpd_chrootdir needs /dev/clockctl as well 2002-06-17 06:47:58 +00:00
lukem
3da8227a70 $ntpd_chroot requires "pseudo-device clockctl" in the kernel 2002-06-15 01:55:44 +00:00
lukem
96e2ff62c8 Add two new rc.conf(5) variables:
rc_rcorder_flags		extra flags to rcorder(8) in /etc/rc
    rcshutdown_rcorder_flags	extra flags to rcorder(8) in /etc/rc.shutdown

This can be used to specify extra directories to search for rc.d scripts in.
For example, adding the following to rc.conf(5):
	rc_rcorder_flags="/usr/pkg/etc/rc.d/*"
	rcshutdown_rcorder_flags="/usr/pkg/etc/rc.d/*"
will add the files in /usr/pkg/etc/rc.d to the list of files that rcorder(8)
uses to build the list of scripts to start or stop.

I proposed this functionality on tech-userlevel@ over one month ago.
Closes the recent [misc/16888], which asked for a similar feature.
2002-05-19 01:01:32 +00:00
lukem
b3cffe8cbf deprecate $sshd_conf_dir and hardcode /etc/ssh.
$sshd_conf_dir wasn't as flexible as liked (it didn't work for ssh(1),
host keys or known_hosts).
2002-04-29 05:55:05 +00:00
lukem
2c1cfc8e8c - in <bsd.files.mk>, don't clear FILES after using it, as that prevents
make -V FILES
  from being useful (and given that every other variable can be
  extracted using make -V, the behaviour was unusually inconsistent
  given that the original reason for clearing it doesn't seem to be
  relevant anymore)
- use <bsd.prog.mk> instead of directly including <bsd.files.mk>
  (and possibly <bsd.man.mk> or <bsd.own.mk>)
- remove obsolete NOPROG
2002-04-24 08:18:45 +00:00
martin
c095b10bc5 Now that isdnd does auto-UP/DOWN itself, remove it from the rc.d script.
Remove all related rc.conf options as well, we now have fine-grained
controll in /etc/isdn/isdnd.rc.
2002-04-10 23:37:12 +00:00
lukem
5ee7ac8886 Replace $critical_filesystems_beforenet with $critical_filesystems_local .
Replace  $critical_filesystems            with  $critical_filesystems_remote .

The new names are now consistent with the type argument that
mount_critical_filesystems() is called with, and allows for other types to
be easily supported by that function.

For backwards compatibility purposes, if the now obsolete variable is defined
(even empty), it takes precedence over the new form, and you will be warned.
If you want to stop the warnings, update your rc.conf(5) settings!
2002-03-27 08:53:39 +00:00
lukem
3c3d3219ff Implement rc.conf(5) variable `` $swapoff ''.
If set to yes, block-type swap partitions will be deleted upon shutdown.
This can be useful if swapping onto a RAIDframe device, but may cause
unnecessary delays during shutdown for the general case, so it's
disabled by default.
Should resolve [bin/14433] and [kern/14769].
2002-03-21 23:08:35 +00:00
itojun
0a2445c3b6 move sshd config files to /etc/ssh 2002-03-11 04:57:55 +00:00
lukem
c5a625870b ipmon: set -D via command_args rather than the default ipmon_flags.
resolves [install/15753]
2002-02-28 01:06:13 +00:00
lukem
7d6824228d Support alternate config dir for sshd conf file and keys (defaults to "/etc").
Based on [misc/12473] from Jim Bernard.
2002-02-24 12:50:08 +00:00
garbled
120f0525b3 add a note requesting people edit share/sushi/system/rcconf/form when editing
this file to keep it in sync.
2002-02-21 19:59:09 +00:00
martti
d7bcd10a27 ipfs allows state information created for NAT entries and rules using
keep state to be locked (modification prevented) and then saved to disk,
allowing for the system to experience a reboot, followed by the restoration
of that information, resulting in connections not being interrupted.

To activate this feature, set ipfs=YES in /etc/rc.conf
2002-02-11 10:19:55 +00:00
lukem
6405cef9be minor cosmetic changes (no functional change) 2002-01-21 14:33:25 +00:00