Commit Graph

133 Commits

Author SHA1 Message Date
christos 4aafff6cc5 it makes no sense to check ptyfs for new and gone devices. From Rui Paulo,
many thanks.
2005-05-12 14:02:05 +00:00
jdolecek 8e401e6c31 add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
2005-02-05 15:26:37 +00:00
jwise 5b40cd9b6b With the recent fixes to cpp(1) and calendar(1), it is now safe to turn
on run_calendar by default.  Include a note advising users who replace
/usr/bin/cpp with a non-basesrc version to turn this off.
2004-11-30 02:03:57 +00:00
dsainty 3507ec273f Comment typos: unecessary->unnecessary, accidentaly->accidentally 2004-10-09 02:18:48 +00:00
erh 7da8bb106d PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.
2004-09-28 15:03:58 +00:00
atatat 89fc8be761 Change the default settings for sendmail.
(1) The stock sendmail.cf will only listen on the loopback interface.
(2) The stock submit.cf specifally connects to "localhost." which
    should be less susceptible to being confused or looking confused.
(3) The smtp listener starts by default, if needed.  The setting in
    /etc/default/rc.conf is still "no", but rc.d/sendmail detects the
    default setting and will change it to yes if need is determined.

Need is defined as "nothing else seems to have been changed about the
mail configuration but we'd like locally originated and locally
destined mail to be delivered".  If you change, eg, mailer.conf to
point to postfix or some other MTA, sendmail will not start.
2004-07-15 03:47:18 +00:00
atatat 5f89bdd921 Make the directory into which crash dumps are saved into something
that can be controlled via rc.conf.  The default is, of course,
/var/crash.
2004-07-15 03:29:55 +00:00
martin 81b4ff7c8b PR bin/26142: add defaults for $pf and $pflogd. 2004-07-04 13:59:34 +00:00
abs 050f98e610 Add quota=YES and ldconfig=YES 2004-06-03 16:30:44 +00:00
lukem ee04d88971 Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.
2004-05-16 09:53:09 +00:00
dbj 1195d38f2f add support for turning off fixsb in rc.conf
default is fixsb=YES
2004-04-18 03:49:43 +00:00
mrg f79db8d04e move ipmon's "-D" argument from "command_args" to "ipmon_flags" so that
passing an (optional) filename argument (that must come last) works fine
from $ipmon_flags.  from PR#25006.
2004-04-04 13:59:36 +00:00
jonb c384cda06a Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.
2004-02-18 17:36:34 +00:00
christos 2a8f4efd20 add line for standalone identd invocation. 2004-01-31 21:49:52 +00:00
blymn af8c26254d Add veriexec to defaults. 2004-01-14 06:54:48 +00:00
uebayasi 79ca61d5d8 Define an rcvar "virecover" so that this can be configurable. The default
is YES.
2004-01-11 14:21:43 +00:00
martin 448491ee86 Add a new /etc/rc.conf option: rtclocaltime=YES adapts the RTC offset
at boot automatically, so a machine dual booting another OS that uses
the RTC at localtime and NetBSD agree on the current time even if daylight
saving started/ended (without recompiling a kernel twice per year).
Awk code by Matt Thomas.
2003-12-27 00:23:22 +00:00
perry 08f64583cc add show_remote_fs
Triggers showing nfs mounted file systems in the nightly report.
2003-12-08 01:14:08 +00:00
perry f9f0805e4c add full_netstat=NO 2003-12-07 22:17:54 +00:00
jhawk 4828bcfb5b check_homes_permit_usergroups=NO 2003-11-18 03:21:40 +00:00
christos b5aee30a01 set fsck_flags=-p in /etc/defaults/rc.conf instead of checking if it is
empty in /etc/rc.d/fsck. From Bernd Ernesti.
2003-10-20 15:02:15 +00:00
christos f32195ffa6 turn off calendar -a by default and mention why. 2003-09-30 00:23:23 +00:00
wiz ea949da1c7 Add a knob to turn off automatic configuration (via rc.d) of
non-auto-configured (via kernel) raid devices. oster says ok.
2003-09-10 14:50:19 +00:00
thorpej 7fcb5daedb Add defaults for powerd(8). 2003-04-18 05:21:20 +00:00
atatat 4beb2262be Capitalize the word "if". 2003-04-02 18:17:27 +00:00
atatat d47616429d Expand the sendmail settings section (from two to five) and elaborate
(in brief) on what it's all about.
2003-03-24 15:20:36 +00:00
wiz 4f30393de2 Allow ccd autoconfiguration to be turned off (by setting ccd=NO in
/etc/rc.conf; default is YES.)
Suggested by elric, ok'ed by lukem.
2003-03-19 08:54:00 +00:00
wiz 4c74ff3fdd Allow cgd configuration to be skipped (by setting cgd=NO, defaults to YES).
Closes my PR/20766.  Based on a suggestion by lukem.
2003-03-19 06:06:47 +00:00
lukem b307261961 clarify that lkm needs /usr 2003-03-10 18:21:00 +00:00
jhawk 1d79603c81 Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.

Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:47:51 +00:00
jhawk 3b390ffb5f Suppress emailing the daily security report if it is empty, unless
send_empty_security=YES. Implements change-request PR security/17249
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:35:46 +00:00
jhawk 687107d3c0 Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set.
Apparently mtree -L is imperfect, but it is far better than the lack thereof
if symlinks are involved reaching files mtree verifies.
2003-02-13 02:42:06 +00:00
jhawk 1a4c8c0295 Add some flexibility to /etc/security, by way of security.conf options:
check_passwd_nowarn_shells	Don't warn about these non-/etc/shells shells
  check_passwd_nowarn_users	Don't warn about these users
  check_passwd_permit_star	Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
  /usr/libexec/uucp/uucico, so that it will not warn about the default
  master.passwd.
The rationale here is that an administrator who chooses to permit these
  warnable conditions should not be warned about them day after day, yet
  should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
  entries for Kerberos or ssh logins, despite the fact that we permit
  "*ssh" (etc.) for this purpose (legacy).
2003-02-13 01:55:10 +00:00
kent ba5fd9b3f8 /etc/rc.d/mixerctl: Add capability to save and restore mixer settings.
Thanks to Julio Merino.
2002-10-12 11:29:28 +00:00
takemura b8ce6e8201 Added touch panel calibration utility. 2002-08-27 14:12:09 +00:00
thorpej afbf483286 Add a wdogctl startup/shutdown script. 2002-07-30 05:58:42 +00:00
christos e2eb1d43c0 add a line about wsmoused commented out. 2002-06-27 15:10:32 +00:00
lukem 56dc20a9f6 ntpd_chrootdir needs /dev/clockctl as well 2002-06-17 06:47:58 +00:00
lukem 3da8227a70 $ntpd_chroot requires "pseudo-device clockctl" in the kernel 2002-06-15 01:55:44 +00:00
lukem 96e2ff62c8 Add two new rc.conf(5) variables:
rc_rcorder_flags		extra flags to rcorder(8) in /etc/rc
    rcshutdown_rcorder_flags	extra flags to rcorder(8) in /etc/rc.shutdown

This can be used to specify extra directories to search for rc.d scripts in.
For example, adding the following to rc.conf(5):
	rc_rcorder_flags="/usr/pkg/etc/rc.d/*"
	rcshutdown_rcorder_flags="/usr/pkg/etc/rc.d/*"
will add the files in /usr/pkg/etc/rc.d to the list of files that rcorder(8)
uses to build the list of scripts to start or stop.

I proposed this functionality on tech-userlevel@ over one month ago.
Closes the recent [misc/16888], which asked for a similar feature.
2002-05-19 01:01:32 +00:00
lukem b3cffe8cbf deprecate $sshd_conf_dir and hardcode /etc/ssh.
$sshd_conf_dir wasn't as flexible as liked (it didn't work for ssh(1),
host keys or known_hosts).
2002-04-29 05:55:05 +00:00
lukem 2c1cfc8e8c - in <bsd.files.mk>, don't clear FILES after using it, as that prevents
make -V FILES
  from being useful (and given that every other variable can be
  extracted using make -V, the behaviour was unusually inconsistent
  given that the original reason for clearing it doesn't seem to be
  relevant anymore)
- use <bsd.prog.mk> instead of directly including <bsd.files.mk>
  (and possibly <bsd.man.mk> or <bsd.own.mk>)
- remove obsolete NOPROG
2002-04-24 08:18:45 +00:00
martin c095b10bc5 Now that isdnd does auto-UP/DOWN itself, remove it from the rc.d script.
Remove all related rc.conf options as well, we now have fine-grained
controll in /etc/isdn/isdnd.rc.
2002-04-10 23:37:12 +00:00
lukem 5ee7ac8886 Replace $critical_filesystems_beforenet with $critical_filesystems_local .
Replace  $critical_filesystems            with  $critical_filesystems_remote .

The new names are now consistent with the type argument that
mount_critical_filesystems() is called with, and allows for other types to
be easily supported by that function.

For backwards compatibility purposes, if the now obsolete variable is defined
(even empty), it takes precedence over the new form, and you will be warned.
If you want to stop the warnings, update your rc.conf(5) settings!
2002-03-27 08:53:39 +00:00
lukem 3c3d3219ff Implement rc.conf(5) variable `` $swapoff ''.
If set to yes, block-type swap partitions will be deleted upon shutdown.
This can be useful if swapping onto a RAIDframe device, but may cause
unnecessary delays during shutdown for the general case, so it's
disabled by default.
Should resolve [bin/14433] and [kern/14769].
2002-03-21 23:08:35 +00:00
itojun 0a2445c3b6 move sshd config files to /etc/ssh 2002-03-11 04:57:55 +00:00
lukem c5a625870b ipmon: set -D via command_args rather than the default ipmon_flags.
resolves [install/15753]
2002-02-28 01:06:13 +00:00
lukem 7d6824228d Support alternate config dir for sshd conf file and keys (defaults to "/etc").
Based on [misc/12473] from Jim Bernard.
2002-02-24 12:50:08 +00:00
garbled 120f0525b3 add a note requesting people edit share/sushi/system/rcconf/form when editing
this file to keep it in sync.
2002-02-21 19:59:09 +00:00
martti d7bcd10a27 ipfs allows state information created for NAT entries and rules using
keep state to be locked (modification prevented) and then saved to disk,
allowing for the system to experience a reboot, followed by the restoration
of that information, resulting in connections not being interrupted.

To activate this feature, set ipfs=YES in /etc/rc.conf
2002-02-11 10:19:55 +00:00
lukem 6405cef9be minor cosmetic changes (no functional change) 2002-01-21 14:33:25 +00:00
lukem f9d5a55631 commented out entry for ntpd_chrootdir 2002-01-18 10:53:29 +00:00
martin 2859135383 Add rc.d support for ifwatchd (used to run ip-up/ip-down scripts for
in-kernel pppoe interfaces).
2001-12-10 16:53:06 +00:00
augustss 0f4c5ed617 Add moused, default off. 2001-10-29 23:25:00 +00:00
lukem 01c63bc35a - add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd
2001-10-11 07:21:07 +00:00
lukem 8c4fc91c36 replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir" 2001-10-03 15:41:25 +00:00
atatat 9202500182 Add a chunk of code to check the installed pkgs list by making a list
of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if
they have one) and handling this file along with all the other
CHANGELIST stuff.

Greg Woods gets points for coming up with the idea.

Luke Mewburn asked me to do it, and provided lots of criticism along
the way.
2001-10-01 02:21:20 +00:00
hubertf d8250777f4 Make rtsol_flags default to -a, to do Router Solicitation on all
interfaces when someone sets rtsol=YES.

OK'd by Itojun.
2001-09-24 11:34:11 +00:00
mason 80e5affebe language corrections 2001-09-19 23:42:21 +00:00
martin d7e4ab316c Add support to down some interfaces before shutting down the system. All
pppoe*  interfaces are automatically shut down by this script, others may be
added to the force_down_interfaces variable in /etc/rc.conf.
2001-09-04 18:09:13 +00:00
tron 3543e0f5fa Start "ipmon" with option "D" for daemon mode instead of starting it
in a subshell.
2001-07-05 05:26:57 +00:00
lukem 919eb089e2 change mountd to use its own $mountd variable (instead of $nfs_server).
nfsd will complain if mountd isn't set.  from [misc/13135] by Johnny C. Lam.
2001-06-16 06:13:09 +00:00
lukem 586521f84e - Implement an optional global watchdog timeout for rc.shutdown, which is
enabled by setting $rcshutdown_timeout to a number of seconds to wait for
  before terminating rc.shutdown.  This is disabled by default.
- Use symbolic names rather than numbers when defining a trap.
- Improve some comments.
2001-06-16 04:09:19 +00:00
fredette b934309492 sunndd has been renamed to ndbootd. 2001-05-22 14:51:37 +00:00
fredette bc14be100e Added rc.d support for sunndd. 2001-05-17 23:19:06 +00:00
jdolecek a0cf66443f change comment for accouting; /var/account/acct is not needed to be created
manually any more
2001-04-25 11:50:56 +00:00
pk 87f992edd6 Put `gated' back; we still refer to it. 2001-04-12 09:59:18 +00:00
wiz dc5eda62fb Remove references to gated, except the conflict check in rc.d/routed.
Noted by Launey Thomas <ljt@alum.mit.edu>.
2001-04-06 09:38:54 +00:00
thorpej bd4e08b66c Add defaults for altqd. 2001-04-06 00:37:03 +00:00
atatat 2811b1707a Provide the capability of storing backups via RCS instead of just a
"current" and a "last" (which is useless if you wanna know what you
changed last week).  Set the default to on.
2001-04-04 03:17:19 +00:00
hubertf efc93d040b Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's
some risk that the users don't get warned if an admin turns off running
/etc/security (by putting run_security=no into daily.conf).

Fixes PR 12267.
2001-03-15 02:23:47 +00:00
lukem c01bf98a39 commented out entry for named_chrootdir 2001-03-12 16:13:17 +00:00
lukem 7c7983ed46 provide commented-out example for rc_fast_and_loose 2001-02-28 16:52:04 +00:00
jdolecek 4ceebb1156 Introduce max_grouplen - this determines the maximum permitted length
of group names, similarily to max_loginlen
2001-02-11 09:55:09 +00:00
thorpej 24753f79c0 Add a default for racoon. 2001-01-18 02:03:09 +00:00
minoura cb75d98f1d Add /etc/rc.d/poffd, for x68k power management deamon. 2001-01-14 15:37:22 +00:00
abs 6258e0bf60 Add a new variable 'backup_dir', which can be used to change the backup
directory from /var/backup (useful for those of us who have a separate /var
and would like to have our backup disklabels on the root filesystem).
Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
2001-01-09 17:30:29 +00:00
martin 5b6d57d949 Supply enough rope to let the user disable or override all interface
up/down magic.
2001-01-08 12:45:39 +00:00
martin 15a3b3b6e1 Add startup script for isdnd. 2001-01-07 17:04:49 +00:00
itojun 6c348b2e2e add $ip6sitelocal, to control installation of reject route for fec0::/10. 2001-01-03 17:54:04 +00:00
veego 3a384146be Remove $amd_master. We now use /etc/amd.conf. 2000-11-21 12:21:05 +00:00
lukem 2775f3b901 remind people to edit /etc/*.conf instead of /etc/defaults/*.conf 2000-11-08 23:17:50 +00:00
lukem 6d52152500 move default config files from /etc/default -> /etc/defaults, to be
consistent with what FreeBSD uses /etc/defaults for and since SVR4
uses /etc/default for another purpose. as discussed on tech-userlevel,
and no objections were made.
2000-10-01 05:46:03 +00:00