Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
146,204 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

12 Commits

Author SHA1 Message Date
tsarna 55551a76e2 Add postinstall item for the rwhod de-preivledging. 
Check and correct permissions on /var/rwho files so rwhod
will be able to update them.
 2006-02-14 17:14:21 +00:00
lukem 547b2d58b6 Add checks for _rwhod group & user. 
Noted by Patrick Welche on current-users.
 2005-11-22 22:10:52 +00:00
lukem 2484bb2972 Fix do_defaults() so that it errors when there's a mismatch. 
Noted by Matthias Scheler.
 2005-10-02 23:46:48 +00:00
lukem 922ca28a60 Add "named" item to move /etc/namedb/named.conf to /etc/named.conf. 
Per discussion with Matthias Scheler.
 2005-09-12 23:16:15 +00:00
lukem d50a2d0385 Reorganize items so that they're in alphabetical order except that 
"obsolete" is moved to the end.
Clean up some comments.
 2005-09-12 15:48:29 +00:00
lukem d4b0741135 not all items can be fixed automatically 2005-09-12 15:42:12 +00:00
lukem 898fa7c553 Fix the installation of /etc/defaults/pf.boot.conf so that it works 
with -s etc.tgz.
 2005-09-04 10:13:15 +00:00
peter 9c1da17e90 pf needs to be started after the network is up, because some pf rules 
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
 2005-08-23 12:12:56 +00:00
lukem ea2bd1f523 If /etc/ssh/sshd_config contains the following deprecated options, 
comment them out:
	rhostsauthentication
	verifyreversemapping
	reversemappingcheck
 2005-04-26 01:07:35 +00:00
lukem 5cae62926d do_postinstall() is now unnecessary; remove it. 
If extracting -s etc.tgz to a temporary directory, don't run the
embedded etc/postinstall since it doesn't exist anymore.

Remember the original SRC_DIR passed in (e.g, "-s etc.tgz") and
display that in the suggested "fix" message, rather than a temporary
path to the extracted etc.tgz which won't be correct for the next run.
 2005-04-17 15:38:34 +00:00
lukem 9358e88bbf Update for move to /usr/sbin. 
Add a HISTORY.
 2005-04-17 15:27:23 +00:00
lukem 5c5750a595 Move /etc/postinstall (and the etc.tgz set) to /usr/sbin/postinstall 
(and the base.tgz set).
 2005-04-17 15:15:48 +00:00