Commit Graph

93 Commits

Author SHA1 Message Date
rpaulo 7acb962baa RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
    message if the variable is defined.
    * introduce $ip6uniquelocal (defaults to 'NO') that will control the
    behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
    will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.
2005-11-24 17:28:45 +00:00
elad 07a01daf00 Load Veriexec signatures after mountall. Use veriexec_strict and
veriexec_verbose to set strict level and verbose level in rc.conf.
Defaults are 0.
2005-10-15 23:26:30 +00:00
tsarna 9cb3a4de17 Default rwhod to running as _rwhod (but leave disabled by default).
I thought I already comitted this one...
2005-09-15 03:40:34 +00:00
perry 9e84da172c Make max_loginlen and max_grouplen 16.
We've handled 16 character logins for quite some time, and we even
have packages that create >8 character accounts. There is no point in
pretending the limit is 8 any more by default.

Discussed (very lightly -- there was little comment) on tech-userlevel
2005-08-22 14:09:23 +00:00
peter c9c458f33c Add command_args="-D" to the ftpd rc.d script. This flag is always needed
when running ftpd as daemon and it will now automatically be appended to the
command line, even if ftpd_flags doesn't have it.

Suggested by Alan Barrett and Luke Mewburn, thanks.
2005-08-09 14:59:33 +00:00
peter c100ff5b4d Add "-ll" to ftpd_flags to be consistent with the entry in inetd.conf.
Suggested by lukem@.
2005-08-08 00:20:46 +00:00
peter d0b18db569 Allow to change the location of the pf ruleset with the variable $pf_rules. 2005-08-07 01:03:39 +00:00
peter cbc0c4b837 Add defaults for ftpd. 2005-08-04 22:29:01 +00:00
rpaulo aafff09728 Add ptyfs to the file-system types ignored by the find_core check.
Ok'ed by Christos Zoulas and Hubert Feyrer.
2005-06-30 18:23:26 +00:00
christos 3ccdf9a0d7 default swapoff to yes, and explain why. 2005-06-15 03:34:45 +00:00
christos 4aafff6cc5 it makes no sense to check ptyfs for new and gone devices. From Rui Paulo,
many thanks.
2005-05-12 14:02:05 +00:00
jdolecek 8e401e6c31 add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
2005-02-05 15:26:37 +00:00
jwise 5b40cd9b6b With the recent fixes to cpp(1) and calendar(1), it is now safe to turn
on run_calendar by default.  Include a note advising users who replace
/usr/bin/cpp with a non-basesrc version to turn this off.
2004-11-30 02:03:57 +00:00
dsainty 3507ec273f Comment typos: unecessary->unnecessary, accidentaly->accidentally 2004-10-09 02:18:48 +00:00
erh 7da8bb106d PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.
2004-09-28 15:03:58 +00:00
atatat 89fc8be761 Change the default settings for sendmail.
(1) The stock sendmail.cf will only listen on the loopback interface.
(2) The stock submit.cf specifally connects to "localhost." which
    should be less susceptible to being confused or looking confused.
(3) The smtp listener starts by default, if needed.  The setting in
    /etc/default/rc.conf is still "no", but rc.d/sendmail detects the
    default setting and will change it to yes if need is determined.

Need is defined as "nothing else seems to have been changed about the
mail configuration but we'd like locally originated and locally
destined mail to be delivered".  If you change, eg, mailer.conf to
point to postfix or some other MTA, sendmail will not start.
2004-07-15 03:47:18 +00:00
atatat 5f89bdd921 Make the directory into which crash dumps are saved into something
that can be controlled via rc.conf.  The default is, of course,
/var/crash.
2004-07-15 03:29:55 +00:00
martin 81b4ff7c8b PR bin/26142: add defaults for $pf and $pflogd. 2004-07-04 13:59:34 +00:00
abs 050f98e610 Add quota=YES and ldconfig=YES 2004-06-03 16:30:44 +00:00
lukem ee04d88971 Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.
2004-05-16 09:53:09 +00:00
dbj 1195d38f2f add support for turning off fixsb in rc.conf
default is fixsb=YES
2004-04-18 03:49:43 +00:00
mrg f79db8d04e move ipmon's "-D" argument from "command_args" to "ipmon_flags" so that
passing an (optional) filename argument (that must come last) works fine
from $ipmon_flags.  from PR#25006.
2004-04-04 13:59:36 +00:00
jonb c384cda06a Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.
2004-02-18 17:36:34 +00:00
christos 2a8f4efd20 add line for standalone identd invocation. 2004-01-31 21:49:52 +00:00
blymn af8c26254d Add veriexec to defaults. 2004-01-14 06:54:48 +00:00
uebayasi 79ca61d5d8 Define an rcvar "virecover" so that this can be configurable. The default
is YES.
2004-01-11 14:21:43 +00:00
martin 448491ee86 Add a new /etc/rc.conf option: rtclocaltime=YES adapts the RTC offset
at boot automatically, so a machine dual booting another OS that uses
the RTC at localtime and NetBSD agree on the current time even if daylight
saving started/ended (without recompiling a kernel twice per year).
Awk code by Matt Thomas.
2003-12-27 00:23:22 +00:00
perry 08f64583cc add show_remote_fs
Triggers showing nfs mounted file systems in the nightly report.
2003-12-08 01:14:08 +00:00
perry f9f0805e4c add full_netstat=NO 2003-12-07 22:17:54 +00:00
jhawk 4828bcfb5b check_homes_permit_usergroups=NO 2003-11-18 03:21:40 +00:00
christos b5aee30a01 set fsck_flags=-p in /etc/defaults/rc.conf instead of checking if it is
empty in /etc/rc.d/fsck. From Bernd Ernesti.
2003-10-20 15:02:15 +00:00
christos f32195ffa6 turn off calendar -a by default and mention why. 2003-09-30 00:23:23 +00:00
wiz ea949da1c7 Add a knob to turn off automatic configuration (via rc.d) of
non-auto-configured (via kernel) raid devices. oster says ok.
2003-09-10 14:50:19 +00:00
thorpej 7fcb5daedb Add defaults for powerd(8). 2003-04-18 05:21:20 +00:00
atatat 4beb2262be Capitalize the word "if". 2003-04-02 18:17:27 +00:00
atatat d47616429d Expand the sendmail settings section (from two to five) and elaborate
(in brief) on what it's all about.
2003-03-24 15:20:36 +00:00
wiz 4f30393de2 Allow ccd autoconfiguration to be turned off (by setting ccd=NO in
/etc/rc.conf; default is YES.)
Suggested by elric, ok'ed by lukem.
2003-03-19 08:54:00 +00:00
wiz 4c74ff3fdd Allow cgd configuration to be skipped (by setting cgd=NO, defaults to YES).
Closes my PR/20766.  Based on a suggestion by lukem.
2003-03-19 06:06:47 +00:00
lukem b307261961 clarify that lkm needs /usr 2003-03-10 18:21:00 +00:00
jhawk 1d79603c81 Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.

Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:47:51 +00:00
jhawk 3b390ffb5f Suppress emailing the daily security report if it is empty, unless
send_empty_security=YES. Implements change-request PR security/17249
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:35:46 +00:00
jhawk 687107d3c0 Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set.
Apparently mtree -L is imperfect, but it is far better than the lack thereof
if symlinks are involved reaching files mtree verifies.
2003-02-13 02:42:06 +00:00
jhawk 1a4c8c0295 Add some flexibility to /etc/security, by way of security.conf options:
check_passwd_nowarn_shells	Don't warn about these non-/etc/shells shells
  check_passwd_nowarn_users	Don't warn about these users
  check_passwd_permit_star	Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
  /usr/libexec/uucp/uucico, so that it will not warn about the default
  master.passwd.
The rationale here is that an administrator who chooses to permit these
  warnable conditions should not be warned about them day after day, yet
  should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
  entries for Kerberos or ssh logins, despite the fact that we permit
  "*ssh" (etc.) for this purpose (legacy).
2003-02-13 01:55:10 +00:00
kent ba5fd9b3f8 /etc/rc.d/mixerctl: Add capability to save and restore mixer settings.
Thanks to Julio Merino.
2002-10-12 11:29:28 +00:00
takemura b8ce6e8201 Added touch panel calibration utility. 2002-08-27 14:12:09 +00:00
thorpej afbf483286 Add a wdogctl startup/shutdown script. 2002-07-30 05:58:42 +00:00
christos e2eb1d43c0 add a line about wsmoused commented out. 2002-06-27 15:10:32 +00:00
lukem 56dc20a9f6 ntpd_chrootdir needs /dev/clockctl as well 2002-06-17 06:47:58 +00:00
lukem 3da8227a70 $ntpd_chroot requires "pseudo-device clockctl" in the kernel 2002-06-15 01:55:44 +00:00
lukem 96e2ff62c8 Add two new rc.conf(5) variables:
rc_rcorder_flags		extra flags to rcorder(8) in /etc/rc
    rcshutdown_rcorder_flags	extra flags to rcorder(8) in /etc/rc.shutdown

This can be used to specify extra directories to search for rc.d scripts in.
For example, adding the following to rc.conf(5):
	rc_rcorder_flags="/usr/pkg/etc/rc.d/*"
	rcshutdown_rcorder_flags="/usr/pkg/etc/rc.d/*"
will add the files in /usr/pkg/etc/rc.d to the list of files that rcorder(8)
uses to build the list of scripts to start or stop.

I proposed this functionality on tech-userlevel@ over one month ago.
Closes the recent [misc/16888], which asked for a similar feature.
2002-05-19 01:01:32 +00:00