# $NetBSD: special,v 1.55 2002/03/27 07:15:57 lukem Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # # Hand-crafted mtree specification for the dangerous files. # # /etc/security checks: # - All of these are checked if $check_mtree is enabled. # - Files with "nodiff" tags are highlighted if they change. # - Files without "nodiff" or "exclude" tags are displayed # with diff(1)s if $check_changelist is enabled. # /set uname=root gname=wheel . type=dir mode=0755 ./dev type=dir mode=0755 ./dev/drum type=char mode=0640 gname=kmem ./dev/fd type=dir mode=0755 ignore ./dev/kmem type=char mode=0640 gname=kmem ./dev/mem type=char mode=0640 gname=kmem ./etc type=dir mode=0755 ./etc/Distfile type=file mode=0644 optional ./etc/amd type=dir mode=0755 optional ./etc/apm type=dir mode=0755 optional ./etc/bootparams type=file mode=0644 optional ./etc/bootptab type=file mode=0644 optional ./etc/ccd.conf type=file mode=0644 optional ./etc/changelist type=file mode=0644 ./etc/crontab type=file mode=0644 optional ./etc/csh.cshrc type=file mode=0644 ./etc/csh.login type=file mode=0644 ./etc/csh.logout type=file mode=0644 ./etc/daily type=file mode=0644 ./etc/daily.conf type=file mode=0644 ./etc/daily.local type=file mode=0644 optional ./etc/defaultdomain type=file mode=0644 optional ./etc/defaults type=dir mode=0755 ./etc/defaults/daily.conf type=file mode=0444 ./etc/defaults/monthly.conf type=file mode=0444 ./etc/defaults/rc.conf type=file mode=0444 ./etc/defaults/security.conf type=file mode=0444 ./etc/defaults/weekly.conf type=file mode=0444 ./etc/dhclient-enter-hooks type=file mode=0644 optional ./etc/dhclient-exit-hooks type=file mode=0644 optional ./etc/dhclient.conf type=file mode=0644 optional ./etc/dhcpd.conf type=file mode=0644 optional ./etc/disktab type=file mode=0644 ./etc/dm.conf type=file mode=0644 ./etc/dumpdates type=file mode=0664 gname=operator optional ./etc/ethers type=file mode=0644 optional ./etc/exports type=file mode=0644 optional ./etc/floppytab type=file mode=0644 ./etc/fstab type=file mode=0644 ./etc/ftpchroot type=file mode=0644 ./etc/ftpd.conf type=file mode=0644 optional ./etc/ftpusers type=file mode=0644 ./etc/ftpwelcome type=file mode=0644 optional ./etc/gateways type=file mode=0644 optional ./etc/gettytab type=file mode=0644 ./etc/group type=file mode=0644 ./etc/hesiod.conf type=file mode=0644 optional ./etc/hosts type=file mode=0644 ./etc/hosts.allow type=file mode=0644 optional ./etc/hosts.deny type=file mode=0644 optional ./etc/hosts.equiv type=file mode=0600 optional ./etc/hosts.lpd type=file mode=0644 optional ./etc/ifaliases type=file mode=0644 optional ./etc/inetd.conf type=file mode=0644 ./etc/ipf.conf type=file mode=0644 optional ./etc/ipf6.conf type=file mode=0644 optional ./etc/ipnat.conf type=file mode=0644 optional ./etc/ipsec.conf type=file mode=0644 optional ./etc/kerberosIV type=dir mode=0755 ignore optional ./etc/ld.so.conf type=file mode=0644 optional ./etc/lkm.conf type=file mode=0644 optional ./etc/localtime type=link mode=0755 ./etc/login.conf type=file mode=0644 optional ./etc/mail type=dir mode=0755 ./etc/mail/aliases type=file mode=0644 ./etc/mail/aliases.db type=file mode=0644 tags=exclude ./etc/mail/helpfile type=file mode=0444 ./etc/mail/local-host-names type=file mode=0644 optional ./etc/mail/sendmail.cf type=file mode=0444 ./etc/mail.rc type=file mode=0644 ./etc/mailer.conf type=file mode=0644 ./etc/man.conf type=file mode=0644 ./etc/master.passwd type=file mode=0600 tags=nodiff ./etc/mk.conf type=file mode=0644 optional ./etc/moduli type=file mode=0444 ./etc/monthly type=file mode=0644 ./etc/monthly.conf type=file mode=0644 ./etc/monthly.local type=file mode=0644 optional ./etc/mrouted.conf type=file mode=0644 ./etc/mtree type=dir mode=0755 ./etc/mtree/special type=file mode=0444 ./etc/mtree/special.local type=file mode=0644 optional ./etc/mygate type=file mode=0644 optional ./etc/myname type=file mode=0644 optional ./etc/named.conf type=file mode=0644 optional ./etc/namedb type=dir mode=0755 ./etc/netconfig type=file mode=0644 ./etc/netgroup type=file mode=0644 optional ./etc/netgroup.db type=file mode=0644 optional tags=exclude ./etc/netstart.local type=file mode=0644 optional ./etc/networks type=file mode=0644 ./etc/newsyslog.conf type=file mode=0644 ./etc/nsswitch.conf type=file mode=0644 ./etc/ntp.conf type=file mode=0644 optional ./etc/passwd type=file mode=0644 ./etc/passwd.conf type=file mode=0644 optional ./etc/phones type=file mode=0644 ./etc/postfix type=dir mode=0755 uname=root gname=wheel optional ./etc/postfix/main.cf type=file mode=0444 uname=root gname=wheel optional ./etc/postfix/master.cf type=file mode=0444 uname=root gname=wheel optional ./etc/postfix/postfix-script type=file mode=0555 uname=root gname=wheel optional ./etc/ppp type=dir mode=0755 optional ./etc/ppp/options type=file mode=0644 optional ./etc/printcap type=file mode=0644 ./etc/profile type=file mode=0644 ./etc/protocols type=file mode=0644 ./etc/rbootd.conf type=file mode=0644 optional ./etc/rc type=file mode=0644 ./etc/rc.conf type=file mode=0644 ./etc/rc.d type=dir mode=0755 ./etc/rc.d/DAEMON type=file mode=0555 ./etc/rc.d/LOGIN type=file mode=0555 ./etc/rc.d/NETWORKING type=file mode=0555 ./etc/rc.d/SERVERS type=file mode=0555 ./etc/rc.d/accounting type=file mode=0555 ./etc/rc.d/altqd type=file mode=0555 ./etc/rc.d/amd type=file mode=0555 ./etc/rc.d/apmd type=file mode=0555 ./etc/rc.d/bootconf.sh type=file mode=0555 ./etc/rc.d/bootparams type=file mode=0555 ./etc/rc.d/ccd type=file mode=0555 ./etc/rc.d/cleartmp type=file mode=0555 ./etc/rc.d/cron type=file mode=0555 ./etc/rc.d/dhclient type=file mode=0555 ./etc/rc.d/dhcpd type=file mode=0555 ./etc/rc.d/dhcrelay type=file mode=0555 ./etc/rc.d/dmesg type=file mode=0555 ./etc/rc.d/downinterfaces type=file mode=0555 ./etc/rc.d/fsck type=file mode=0555 ./etc/rc.d/inetd type=file mode=0555 ./etc/rc.d/ipfilter type=file mode=0555 ./etc/rc.d/ipmon type=file mode=0555 ./etc/rc.d/ipnat type=file mode=0555 ./etc/rc.d/ipsec type=file mode=0555 ./etc/rc.d/isdnd type=file mode=0555 ./etc/rc.d/kdc type=file mode=0555 ./etc/rc.d/ldconfig type=file mode=0555 ./etc/rc.d/lkm1 type=file mode=0555 ./etc/rc.d/lkm2 type=file mode=0555 ./etc/rc.d/lkm3 type=file mode=0555 ./etc/rc.d/local type=file mode=0555 ./etc/rc.d/lpd type=file mode=0555 ./etc/rc.d/mopd type=file mode=0555 ./etc/rc.d/motd type=file mode=0555 ./etc/rc.d/mountall type=file mode=0555 ./etc/rc.d/mountcritlocal type=file mode=0555 ./etc/rc.d/mountcritremote type=file mode=0555 ./etc/rc.d/mountd type=file mode=0555 ./etc/rc.d/mrouted type=file mode=0555 ./etc/rc.d/named type=file mode=0555 ./etc/rc.d/ndbootd type=file mode=0555 ./etc/rc.d/network type=file mode=0555 ./etc/rc.d/newsyslog type=file mode=0555 ./etc/rc.d/nfsd type=file mode=0555 ./etc/rc.d/nfslocking type=file mode=0555 ./etc/rc.d/ntpd type=file mode=0555 ./etc/rc.d/ntpdate type=file mode=0555 ./etc/rc.d/poffd type=file mode=0555 ./etc/rc.d/postfix type=file mode=0555 ./etc/rc.d/ppp type=file mode=0555 ./etc/rc.d/pwcheck type=file mode=0555 ./etc/rc.d/quota type=file mode=0555 ./etc/rc.d/racoon type=file mode=0555 ./etc/rc.d/raidframe type=file mode=0555 ./etc/rc.d/rarpd type=file mode=0555 ./etc/rc.d/rbootd type=file mode=0555 ./etc/rc.d/root type=file mode=0555 ./etc/rc.d/route6d type=file mode=0555 ./etc/rc.d/routed type=file mode=0555 ./etc/rc.d/rpcbind type=file mode=0555 ./etc/rc.d/rtadvd type=file mode=0555 ./etc/rc.d/rtsold type=file mode=0555 ./etc/rc.d/rwho type=file mode=0555 ./etc/rc.d/savecore type=file mode=0555 ./etc/rc.d/screenblank type=file mode=0555 ./etc/rc.d/securelevel type=file mode=0555 ./etc/rc.d/sendmail type=file mode=0555 ./etc/rc.d/sshd type=file mode=0555 ./etc/rc.d/swap1 type=file mode=0555 ./etc/rc.d/swap2 type=file mode=0555 ./etc/rc.d/sysctl type=file mode=0555 ./etc/rc.d/sysdb type=file mode=0555 ./etc/rc.d/syslogd type=file mode=0555 ./etc/rc.d/timed type=file mode=0555 ./etc/rc.d/ttys type=file mode=0555 ./etc/rc.d/virecover type=file mode=0555 ./etc/rc.d/wscons type=file mode=0555 ./etc/rc.d/xdm type=file mode=0555 ./etc/rc.d/xfs type=file mode=0555 ./etc/rc.d/ypbind type=file mode=0555 ./etc/rc.d/yppasswdd type=file mode=0555 ./etc/rc.d/ypserv type=file mode=0555 ./etc/rc.lkm type=file mode=0644 ./etc/rc.local type=file mode=0644 optional ./etc/rc.shutdown type=file mode=0644 ./etc/rc.shutdown.local type=file mode=0644 optional ./etc/rc.subr type=file mode=0644 ./etc/remote type=file mode=0644 ./etc/resolv.conf type=file mode=0644 optional ./etc/rpc type=file mode=0644 ./etc/rtadvd.conf type=file mode=0644 optional ./etc/security type=file mode=0644 ./etc/security.conf type=file mode=0644 ./etc/security.local type=file mode=0644 optional ./etc/services type=file mode=0644 ./etc/shells type=file mode=0644 ./etc/shosts.equiv type=file mode=0600 optional ./etc/spwd.db type=file mode=0600 tags=exclude ./etc/ssh type=dir mode=0755 optional ./etc/ssh/ssh.conf type=file mode=0644 optional ./etc/ssh/ssh_host_dsa_key type=file mode=0600 optional tags=nodiff ./etc/ssh/ssh_host_dsa_key.pub type=file mode=0644 optional ./etc/ssh/ssh_host_key type=file mode=0600 optional tags=nodiff ./etc/ssh/ssh_host_key.pub type=file mode=0644 optional ./etc/ssh/ssh_host_rsa_key type=file mode=0600 optional tags=nodiff ./etc/ssh/ssh_host_rsa_key.pub type=file mode=0644 optional ./etc/ssh/ssh_known_hosts type=file mode=0644 optional ./etc/ssh/ssh_known_hosts2 type=file mode=0644 optional ./etc/ssh/sshd.conf type=file mode=0644 optional ./etc/sysctl.conf type=file mode=0644 ./etc/syslog.conf type=file mode=0644 ./etc/ttyaction type=file mode=0644 optional ./etc/ttys type=file mode=0644 ./etc/usermgmt.conf type=file mode=0644 optional ./etc/weekly type=file mode=0644 ./etc/weekly.conf type=file mode=0644 ./etc/weekly.local type=file mode=0644 optional ./etc/wscons.conf type=file mode=0644 ./root type=dir mode=0755 ./root/.cshrc type=file mode=0644 ./root/.klogin type=file mode=0600 optional ./root/.login type=file mode=0644 ./root/.profile type=file mode=0644 ./root/.rhosts type=file mode=0600 optional ./root/.shosts type=file mode=0600 optional ./root/.ssh type=dir mode=0700 optional ./root/.ssh/authorized_keys type=file mode=0600 optional ./root/.ssh/authorized_keys2 type=file mode=0600 optional ./root/.ssh/config type=file mode=0644 optional ./root/.ssh/id_dsa type=file mode=0600 optional tags=nodiff ./root/.ssh/id_dsa.pub type=file mode=0644 optional ./root/.ssh/id_rsa type=file mode=0600 optional tags=nodiff ./root/.ssh/id_rsa.pub type=file mode=0644 optional ./root/.ssh/identity type=file mode=0600 optional tags=nodiff ./root/.ssh/identity.pub type=file mode=0644 optional ./root/.ssh/known_hosts type=file mode=0644 optional ./root/.ssh/known_hosts2 type=file mode=0644 optional ./sbin type=dir mode=0755 ignore ./usr type=dir mode=0755 ./usr/bin type=dir mode=0755 ignore ./usr/games type=dir mode=0755 optional ./usr/games/hide type=dir mode=0750 gname=games ignore optional ./usr/include type=dir mode=0755 ignore ./usr/lib type=dir mode=0755 ignore ./usr/libdata type=dir mode=0755 ignore ./usr/libexec type=dir mode=0755 ignore ./usr/local type=dir mode=0755 ./usr/local/bin type=dir mode=0755 ignore ./usr/local/lib type=dir mode=0755 ignore ./usr/pkg type=dir mode=0755 ignore optional ./usr/sbin type=dir mode=0755 ignore ./usr/share type=dir mode=0755 ignore ./var type=dir mode=0755 ./var/account type=dir mode=0755 ./var/account/acct type=file mode=0644 optional tags=exclude ./var/at type=dir mode=0755 ignore ./var/backups type=dir mode=0755 ignore ./var/cron type=dir mode=0755 ./var/cron/tabs type=dir mode=0700 ./var/cron/tabs/root type=file mode=0600 ./var/db type=dir mode=0755 ./var/db/kvm.db type=file mode=0644 tags=exclude ./var/log type=dir mode=0755 ./var/log/authlog type=file mode=0600 optional tags=exclude ./var/log/wtmp type=file mode=0644 tags=exclude ./var/mail type=dir mode=1777 ignore ./var/preserve type=dir mode=0755 ignore ./var/run type=dir mode=0755 ./var/run/utmp type=file mode=0664 gname=utmp tags=exclude ./var/spool type=dir mode=0755 ./var/spool/ftp type=dir mode=0755 optional ./var/spool/ftp/bin type=dir mode=0755 optional ./var/spool/ftp/bin/ls type=file mode=0555 optional ./var/spool/ftp/etc type=dir mode=0755 optional ./var/spool/ftp/etc/group type=file mode=0644 optional ./var/spool/ftp/etc/localtime type=file mode=0644 optional ./var/spool/ftp/etc/master.passwd type=file mode=0600 optional ./var/spool/ftp/etc/passwd type=file mode=0644 optional ./var/spool/ftp/hidden type=dir mode=0111 ignore optional ./var/spool/ftp/pub type=dir mode=0775 ignore optional ./var/spool/mqueue type=dir mode=0755 ignore ./var/spool/news type=dir mode=0755 uname=news gname=news ignore optional ./var/spool/output type=dir mode=0755 ignore ./var/spool/uucp type=dir mode=0755 uname=uucp gname=daemon ignore optional ./var/spool/uucppublic type=dir mode=1777 uname=uucp gname=daemon ignore optional ./var/yp type=dir mode=0755 ./var/yp/Makefile type=file mode=0644 optional