diff options
author | julian <julian@FreeBSD.org> | 2006-09-20 22:24:20 +0000 |
---|---|---|
committer | julian <julian@FreeBSD.org> | 2006-09-20 22:24:20 +0000 |
commit | bedb0044a6cdb20b896d2a2ec44c0a76bd037124 (patch) | |
tree | 36627f2a1021921e9c8b77c960f0ddd85224353c | |
parent | 2fbe025d48dfd8da7d53d2a174d4c0c49804404e (diff) | |
download | FreeBSD-src-bedb0044a6cdb20b896d2a2ec44c0a76bd037124.zip FreeBSD-src-bedb0044a6cdb20b896d2a2ec44c0a76bd037124.tar.gz |
In the spirit of nanoBSD and PicoBSD, add TinyBSD.
Submitted by jmeloatfreebsdbrasil,com-br
(Jean Milanez Melo)
As PicoBSD becomes slightly less useful, TinyBSD fills the gap below nanoBSD.
46 files changed, 5596 insertions, 0 deletions
diff --git a/tools/tools/README b/tools/tools/README index 14e3d94..6232b5b 100644 --- a/tools/tools/README +++ b/tools/tools/README @@ -50,6 +50,7 @@ recoverdisk Copy as much data as possible from a deffective disk. scsi-defects Get at the primary or grown defect list of a SCSI disk. sysdoc Build a manual page with available sysctls for a specific kernel configuration. +tinybsd Script to build FreeBSD embedded systems. vop_table Generates a HTML document that shows all the VOP's in the kernel. whereintheworld Summarizes "make world" output. diff --git a/tools/tools/tinybsd/CHANGES b/tools/tools/tinybsd/CHANGES new file mode 100644 index 0000000..b409fd6 --- /dev/null +++ b/tools/tools/tinybsd/CHANGES @@ -0,0 +1,43 @@ +# $FreeBSD$ + +0.9: +- Added function personal_directories, you can create on conf dir your custom +personal directories with your custom files inside of them and it will be copied +to your image. +Thanks to Marcus Grando <mnag@FreeBSD.org> for the patch. + +0.8: +- Now FreeBSD 6.X is the default configuration on TinyBSD files. +- TinyBSD no longer use bootmanager, so fstab device was changed to ad0a. +- Added an example configuration to WRAP motherboards. Just use 'wrap' as argument on build to use it. + +0.7: +- Revision on Makefile to respect non-standard LOCALBASE/X11BASE on FreeBSD. +Thanks to Florent Thoumie <flz@FreeBSD.org>. + +0.6: +- fix script problem on symlinks creation. +- added debug information on tinybsd build process with "====>". + +0.5: +- fix script problem when the kernel is not build, it's not should process +an image without kernel :) Thanks to Marten <info@martenvijn.nl> for the patch. + +0.4: +- added pre configured images to build tinybsd: default, bridge, minimal, vpn, +firewall and wireless. +- added etc/ on each image directory to the user copy your custom etc +configuration. + +0.3: +- fix named directory missing on etc build. + +0.2: +- added "device ath_rate_onoe" on kernel config file to be compiled on +FreeBSD 6. +- added on tinybsd script a line to clean up kernel build directory +- added on tinybsd script a for function to copy correct pam depends. + +0.1: +- TinyBSD released + diff --git a/tools/tools/tinybsd/README b/tools/tools/tinybsd/README new file mode 100644 index 0000000..a49316d --- /dev/null +++ b/tools/tools/tinybsd/README @@ -0,0 +1,253 @@ +# $FreeBSD$ + +- TinyBSD + +You must read this to know how to build embedded systems with TinyBSD. + +- TinyBSD files + +TinyBSD's creation conf files are available under /usr/src/tools/tools/tinybsd/conf +and the script are available under /usr/src/tools/tools/tinybsd/tinybsd. + +The system has been entirely based on the ease of image customization from +PicoBSD, and the compilation script based on NanoBSD's. + +# ls /usr/src/tools/tools/tinybsd/conf +bridge/ default/ firewall/ minimal/ vpn/ wireless/ wrap/ + +We have these six pre configured images to build. On each directory we have 3 +main files in there. Let's see what each of them are: + +# ls /usr/src/tools/tools/tinybsd/conf/default +TINYBSD etc/ tinybsd.basefiles + +TINYBSD: Just like PicoBSD had its kernel previously compiled, we call ours +TINYBSD. + +# more TINYBSD + +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +#To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" #Default places to look for devices. +... + +As you can see, it's a kernel file identical to your system's, leaving only +the task of enabling or disabling options, according to your needs. + +tinybsd.basefiles: Just like PicoBSD had its crunch.conf file to define which +files we'd want the new system to have, in this one we'll have all files to be +put into our embedded system, already having all available files for running +the system well. Put in or take out the files you need according to your +needs. Let's see it: + +# more tinybsd.basefiles +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +... +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +... + +And so on. In case you'd want to add the binary "setkey", sitting on +/usr/sbin, you'd only need to add the following line inside the /usr/sbin part +of the file, like this: + +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/setkey + +etc/: This is the directory where you can put your custom /etc configuration. + +# ls /usr/src/tools/tools/tinybsd/tinybsd +tinybsd + +tinybsd: This is the script that builds the entire system. You'll hardly +need to modify it at all. The idea is for it to create a temporary work +directory for it to create the entire system tree. Once done, it'll copy all +files listed in tinybsd.basefiles to this tree, then it'll compile a new +kernel using the definitions in the TINYBSD file, and finally copy the library +dependencies the binaries will have. We'll then populate /etc on that +temporary tree and put in a few important default configurations inside on +/usr/src/tools/tools/tinybsd/conf/YOURCHOICE/etc/ like rc.conf, fstab and others. + +Finally, we create an empty image, according to your media's specifications, +passed on to the script on the command line, and copy the entire temporary +work tree into the image mounted on /mnt. + +- Running TinyBSD + +Now that we know how it works, it's time for us to build our own image. Let's +do that step-by-step. + +1) Choose what pre-configured image you want. + +2) Edit the TINYBSD kernel file and add/remove all options you'll need. + +3) Edit the tinybsd.basefiles file and add/remove all binaries you'll need on +your system. + +4) Copy all your /etc configuration wich you want to conf/YOURIMAGE/etc/. + +5) Gather the right information on your destination media. To do that, plug in +the device on the system and fetch the information using diskinfo(8): + +# diskinfo -v /dev/ad2 +ad2 + 512 # sectorsize + 20060135424 # mediasize in bytes (19G) + 39179952 # mediasize in sectors + 38869 # Cylinders according to firmware. + 16 # Heads according to firmware. + 63 # Sectors according to firmware. + +To create my image, I'll need to know the media size in sectors, Heads +according to firmware and Sectors according to firmware. Optionally, you may +define the name of the generated image's file, but if you don't, it'll be +named tinybsd.bin. Now that we have gathered these informations through +diskinfo, all we need to do is run tinybsd. Remember that it has 3 +parameters plus 1 optional, and if you don't pass on the required ones, the +script will warn you about it: + +# /usr/src/tools/tools/tinybsd/tinybsd +Woops! + Usage: tinybsd <mediasize in sectors> <heads according to firmware> + <sectors according to firmware> <conf> [<tinybsd image name>] + + Example: tinybsd 62592 4 32 + + or + + /usr/src/tools/tools/tinybsd/tinybsd 62592 4 32 wireless + + Run diskinfo(8) -v against your CF device to get correct information + about your disk. + +Passing on the parameters correctly: + +# /usr/src/tools/tools/tinybsd/tinybsd 39179952 16 63 wireless +Creating directory hierarchy... +./bin missing (created) +./boot missing (created) +./boot/defaults missing (created) +./boot/kernel missing (created) +./boot/modules missing (created) +./dev missing (created) +./etc missing (created) +... + +In the end, we have the generated tinybsd.bin image. Now we have to copy it to +its final destination: + +# dd if=/usr/src/tools/tools/tinybsd/tinybsd.bin of=/dev/ad2 + +Boot up your new embedded system and log on it. If you're ever going to modify +it, you must first remount the root slice as read-write, as it operates by +default on read-only mode, saving disk writes and preventing data-loss in case +of power failures. To mount it for read-write, use mount: + +# mount -u -o rw / + +Once you're done, return it to read-only mode: + +# mount -u -o ro / + +The first thing you need to do after logging for the first time, is to set a +root password. By default, it's created with no root password. + +If you run df(1), you'll see the following partitions: + +# df +Filesystem 1K-blocks Used Avail Capacity Mounted on +/dev/ad0a 29359 19446 7565 72% / +devfs 1 1 0 100% /dev +procfs 4 4 0 100% /proc +/dev/md0 3694 114 3286 3% /var +/dev/md1 19566 6 17996 0% /tmp + +As you can see, /var and /tmp are mounted on /dev/md0 and /dev/md1 +respectively, using memory disk devices. That's because both /var and /tmp are +write-intensive, and as our system works mostly on read-only mode, we'd suffer +with writing problems there, so the memory disk approach works fine. On the +other hand, whenever you reboot the system, those directories' contents +(including logs on /var/log) will be lost. If you need to keep the contents of +those directories, I suggest you to always upload them to another box. + +The configuration line that fires up the system script to create /var as a +memory disk partition is "varmfs="YES"", inside +/etc/rc.conf. Besides mounting /var as a memory disk device, it also populates +its tree with the necessary subdirectories. Initially, /var is created on +memory using only 32MB of space, and that's usually enough. Although, if you +find it necessary to tweak that configuration, you may edit this line of +/etc/rc.conf: + +varsize="32m" + +Change 32m to whatever value you see fit (in MBytes). Take care of not using +your entire memory for /var. + +- Ports and TinyBSD + +You can also install ports on the new system via ports. For that, you'll need +to set the PREFIX environment variable to the image's destination path. Let's +assume you want to install apache on the newly-created image. For that, I'd do +this: + +# mdconfig -a -t vnode -f /usr/src/tools/tools/tinybsd/tinybsd.bin -u 0 + +That uses mdconfig to enable the memory disk 0. + +# mount /dev/md0a /mnt + +Now we've mounted the image on the temporary directory /mnt. Let's then +install apache via ports: + +# cd /usr/ports/www/apache13 +# make install PREFIX=/mnt/usr/local +===> Vulnerability check disabled +>> apache_1.3.31.tar.gz doesn't seem to exist in /usr/ports/distfiles/. +>> Attempting to fetch from http://www.apache.org/dist/httpd/. +... + This port has installed the following startup scripts which may cause + these network services to be started at boot time. +/mnt/usr/local/etc/rc.d/apache.sh +.... + +Once the install is finished, let's verify that apache has indeed been +properly installed under our /mnt directory: + +# cd /mnt/usr/local/sbin +# ls -lga httpd +-rwxr-xr-x 1 root wheel 252439 Jul 14 15:31 httpd + +Our software has been successfully installed. You must notice that at the end +of the install, it shows the full path for the PREFIX variable we passed it. +The problem with that is that at boot-time, your system is going to look for +it under /mnt instead of /usr. So we need to edit apache's initialization +script under /usr/local/etc/rc.d (apache.sh) and remove all instances of +"/mnt" in it. + +WARNING: A very important thing to care about are dependencies. Before +installing anything, check to see if it has any dependencies, and that you'll +have enough disk space on the destination system for both the application +you're installing and its dependencies. + +- Script download + +TinyBSD is still a project under heavy development, both the script itself and +its documentation. + +In case you'd like to try or use the BETA version of the script, feel free to +download it from the project's official site at http://www.tinybsd.org. diff --git a/tools/tools/tinybsd/conf/bridge/TINYBSD b/tools/tools/tinybsd/conf/bridge/TINYBSD new file mode 100644 index 0000000..d1d22bb --- /dev/null +++ b/tools/tools/tinybsd/conf/bridge/TINYBSD @@ -0,0 +1,169 @@ +# $FreeBSD$ + +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device eisa +device pci + +# Floppy drives +#device fdc + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device vga # VGA video card driver + +#device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc + +# Enable this for the pcvt (VT220 compatible) console driver +#device vt +#options XSERVER # support for X server on a vt console +#options FAT_CURSOR # start with block cursor + +device agp # support several AGP chipsets + +# Floating point support - do not disable. +device npx + +# Power management support (see NOTES for more options) +#device apm +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports + +# PCI Ethernet NICs. +device de # DEC/Intel DC21x4x (``Tulip'') +device em # Intel PRO/1000 adapter Gigabit Ethernet Card +device ixgb # Intel PRO/10GbE Ethernet Card +device txp # 3Com 3cR990 (``Typhoon'') +device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet +device dc # DEC/Intel 21143 and various workalikes +device fxp # Intel EtherExpress PRO/100B (82557, 82558) +device lge # Level 1 LXT1001 gigabit ethernet +device nge # NatSemi DP83820 gigabit ethernet +device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') +device re # RealTek 8139C+/8169/8169S/8110S +device rl # RealTek 8129/8139 +device sf # Adaptec AIC-6915 (``Starfire'') +device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +device ste # Sundance ST201 (D-Link DFE-550TX) +device ti # Alteon Networks Tigon I/II gigabit Ethernet +device tl # Texas Instruments ThunderLAN +device tx # SMC EtherPower II (83c170 ``EPIC'') +device vge # VIA VT612x gigabit ethernet +device vr # VIA Rhine, Rhine II +device wb # Winbond W89C840F +device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device lnc # NE2100, NE32-VL Lance Ethernet cards +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet + +# ISA devices that use the old ISA shims +#device le + +# Wireless NIC cards +device wlan # 802.11 support +device an # Aironet 4500/4800 802.11 wireless NICs. +device awi # BayStack 660 and others +device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +#device wl # Older non 802.11 Wavelan wireless NIC. + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options BRIDGE + +device ath +device ath_hal +device ath_rate_sample + +# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254 +# clock to actually be used. +options CLK_USE_I8254_CALIBRATION + +# CPU_ELAN enables support for AMDs ElanSC520 CPU. +options CPU_ELAN +options CPU_SOEKRIS +options CPU_ELAN_XTAL=32768000 +options CPU_ELAN_PPS + diff --git a/tools/tools/tinybsd/conf/bridge/etc/fstab b/tools/tools/tinybsd/conf/bridge/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/bridge/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/bridge/etc/rc.conf b/tools/tools/tinybsd/conf/bridge/etc/rc.conf new file mode 100644 index 0000000..2a585c1 --- /dev/null +++ b/tools/tools/tinybsd/conf/bridge/etc/rc.conf @@ -0,0 +1,12 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + diff --git a/tools/tools/tinybsd/conf/bridge/etc/sysctl.conf b/tools/tools/tinybsd/conf/bridge/etc/sysctl.conf new file mode 100644 index 0000000..82cc61f --- /dev/null +++ b/tools/tools/tinybsd/conf/bridge/etc/sysctl.conf @@ -0,0 +1,8 @@ +# $FreeBSD$ + +# BRIDGE Options +net.link.ether.bridge.enable=1 +net.link.ether.bridge.ipfw=1 +net.link.ether.bridge.config==xl0:0,xl1:0,fxp0:1,fxp1:1 + + diff --git a/tools/tools/tinybsd/conf/bridge/tinybsd.basefiles b/tools/tools/tinybsd/conf/bridge/tinybsd.basefiles new file mode 100644 index 0000000..9bfa6f6b --- /dev/null +++ b/tools/tools/tinybsd/conf/bridge/tinybsd.basefiles @@ -0,0 +1,242 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/dd +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/comcontrol +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/ipfw +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/md5 +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nfs +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/nos-tun +sbin/ping +sbin/rcorder +sbin/route +sbin/shutdown +sbin/slattach +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chat +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/cmp +usr/bin/compress:usr/bin/uncompress +usr/bin/cpio +usr/bin/crontab +usr/bin/cu +usr/bin/dig +usr/bin/dirname +usr/bin/du +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fetch +usr/bin/find +usr/bin/finger +usr/bin/fstat +usr/bin/fsync +usr/bin/ftp +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/gzexe +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/ident +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/limits +usr/bin/lock +usr/bin/lockf +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/netstat +usr/bin/nfsstat +usr/bin/nice +usr/bin/nslookup +usr/bin/nsupdate +usr/bin/nohup +usr/bin/objformat +usr/bin/openssl +usr/bin/passwd +usr/bin/printf +usr/bin/renice +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/script +usr/bin/sed +usr/bin/sftp +usr/bin/shar +usr/bin/slogin:usr/bin/ssh +usr/bin/sort +usr/bin/split +usr/bin/ssh-keygen +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/telnet +usr/bin/tftp +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/tput +usr/bin/tr +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vi +usr/bin/vmstat +usr/bin/wall +usr/bin/who +usr/bin/whois +usr/bin/write +usr/bin/yes + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/arp +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/chroot +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/inetd +usr/sbin/iostat +usr/sbin/kbdcontrol +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mountd +usr/sbin/mtree +usr/sbin/newsyslog +usr/sbin/ngctl +usr/sbin/nghook +usr/sbin/ntpdate +usr/sbin/pciconf +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/slstat +usr/sbin/sshd +usr/sbin/syslogd +usr/sbin/tcpdchk +usr/sbin/tcpdmatch +usr/sbin/tcpdump +usr/sbin/traceroute +usr/sbin/vidcontrol +usr/sbin/vipw +usr/sbin/vnconfig +usr/sbin/watch +usr/sbin/wicontrol +usr/sbin/pccardc +usr/sbin/pccardd + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/ftpd +usr/libexec/getty +usr/libexec/sftp-server +usr/libexec/telnetd +usr/libexec/tftpd + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/conf/default/TINYBSD b/tools/tools/tinybsd/conf/default/TINYBSD new file mode 100644 index 0000000..3d2599a --- /dev/null +++ b/tools/tools/tinybsd/conf/default/TINYBSD @@ -0,0 +1,186 @@ +# $FreeBSD$ + +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_ACL # Support for access control lists +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options NFSCLIENT # Network Filesystem Client +options NFSSERVER # Network Filesystem Server +options NFS_ROOT # NFS usable as /, requires NFSCLIENT +options MSDOSFS # MSDOS Filesystem +options CD9660 # ISO 9660 Filesystem +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device eisa +device pci + +# Floppy drives +#device fdc + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +#device ataraid # ATA RAID drives +#device atapicd # ATAPI CDROM drives +#device atapifd # ATAPI floppy drives +device atapist # ATAPI tape drives +options ATA_STATIC_ID # Static device numbering + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device vga # VGA video card driver + +#device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc + +# Enable this for the pcvt (VT220 compatible) console driver +#device vt +#options XSERVER # support for X server on a vt console +#options FAT_CURSOR # start with block cursor + +device agp # support several AGP chipsets + +# Floating point support - do not disable. +device npx + +# Power management support (see NOTES for more options) +#device apm +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports + +# PCI Ethernet NICs. +device de # DEC/Intel DC21x4x (``Tulip'') +device em # Intel PRO/1000 adapter Gigabit Ethernet Card +device ixgb # Intel PRO/10GbE Ethernet Card +device txp # 3Com 3cR990 (``Typhoon'') +device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet +device dc # DEC/Intel 21143 and various workalikes +device fxp # Intel EtherExpress PRO/100B (82557, 82558) +device lge # Level 1 LXT1001 gigabit ethernet +device nge # NatSemi DP83820 gigabit ethernet +device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') +device re # RealTek 8139C+/8169/8169S/8110S +device rl # RealTek 8129/8139 +device sf # Adaptec AIC-6915 (``Starfire'') +device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +device ste # Sundance ST201 (D-Link DFE-550TX) +device ti # Alteon Networks Tigon I/II gigabit Ethernet +device tl # Texas Instruments ThunderLAN +device tx # SMC EtherPower II (83c170 ``EPIC'') +device vge # VIA VT612x gigabit ethernet +device vr # VIA Rhine, Rhine II +device wb # Winbond W89C840F +device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device lnc # NE2100, NE32-VL Lance Ethernet cards +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet + +# ISA devices that use the old ISA shims +#device le + +# Wireless NIC cards +device wlan # 802.11 support +device an # Aironet 4500/4800 802.11 wireless NICs. +device awi # BayStack 660 and others +device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +#device wl # Older non 802.11 Wavelan wireless NIC. + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +#device sl # Kernel SLIP +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device faith # IPv6-to-IPv4 relaying (translation) + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPDIVERT +options DUMMYNET +options BRIDGE + +device ath +device ath_hal +device ath_rate_sample + +# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254 +# clock to actually be used. +options CLK_USE_I8254_CALIBRATION + +# CPU_ELAN enables support for AMDs ElanSC520 CPU. +options CPU_ELAN +options CPU_SOEKRIS +options CPU_ELAN_XTAL=32768000 +options CPU_ELAN_PPS + diff --git a/tools/tools/tinybsd/conf/default/etc/fstab b/tools/tools/tinybsd/conf/default/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/default/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/default/etc/rc.conf b/tools/tools/tinybsd/conf/default/etc/rc.conf new file mode 100644 index 0000000..2a585c1 --- /dev/null +++ b/tools/tools/tinybsd/conf/default/etc/rc.conf @@ -0,0 +1,12 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + diff --git a/tools/tools/tinybsd/conf/default/tinybsd.basefiles b/tools/tools/tinybsd/conf/default/tinybsd.basefiles new file mode 100644 index 0000000..30a1346 --- /dev/null +++ b/tools/tools/tinybsd/conf/default/tinybsd.basefiles @@ -0,0 +1,253 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/dd +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/comcontrol +sbin/dhclient +sbin/dhclient-script +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/ipfw +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/md5 +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nfs +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/natd +sbin/nfsiod +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/nos-tun +sbin/ping +sbin/rcorder +sbin/route +sbin/shutdown +sbin/slattach +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chat +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/cmp +usr/bin/compress:usr/bin/uncompress +usr/bin/cpio +usr/bin/crontab +usr/bin/cu +usr/bin/dig +usr/bin/dirname +usr/bin/du +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fetch +usr/bin/find +usr/bin/finger +usr/bin/fstat +usr/bin/fsync +usr/bin/ftp +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/gzexe +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/ident +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/limits +usr/bin/lock +usr/bin/lockf +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/netstat +usr/bin/nfsstat +usr/bin/nice +usr/bin/nslookup +usr/bin/nsupdate +usr/bin/nohup +usr/bin/objformat +usr/bin/openssl +usr/bin/passwd +usr/bin/printf +usr/bin/renice +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/script +usr/bin/sed +usr/bin/sftp +usr/bin/shar +usr/bin/slogin:usr/bin/ssh +usr/bin/sort +usr/bin/split +usr/bin/ssh-keygen +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/telnet +usr/bin/tftp +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/tput +usr/bin/tr +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vi +usr/bin/vmstat +usr/bin/wall +usr/bin/who +usr/bin/whois +usr/bin/write +usr/bin/yes + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/arp +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/chroot +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/inetd +usr/sbin/iostat +usr/sbin/kbdcontrol +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mountd +usr/sbin/mtree +usr/sbin/named +usr/sbin/named.reload +usr/sbin/newsyslog +usr/sbin/nfsd +usr/sbin/ngctl +usr/sbin/nghook +usr/sbin/ntpdate +usr/sbin/pciconf +usr/sbin/ppp +usr/sbin/pppctl +usr/sbin/pppstats +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/rpcbind +usr/sbin/slstat +usr/sbin/sshd +usr/sbin/syslogd +usr/sbin/tcpdchk +usr/sbin/tcpdmatch +usr/sbin/tcpdump +usr/sbin/traceroute +usr/sbin/vidcontrol +usr/sbin/vipw +usr/sbin/vnconfig +usr/sbin/watch +usr/sbin/wicontrol +usr/sbin/pccardc +usr/sbin/pccardd + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/ftpd +usr/libexec/getty +usr/libexec/sftp-server +usr/libexec/telnetd +usr/libexec/tftpd + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/conf/firewall/TINYBSD b/tools/tools/tinybsd/conf/firewall/TINYBSD new file mode 100644 index 0000000..8d4cb9b --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/TINYBSD @@ -0,0 +1,183 @@ +# $FreeBSD$ +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device eisa +device pci + +# Floppy drives +#device fdc + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device vga # VGA video card driver + +#device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc + +# Enable this for the pcvt (VT220 compatible) console driver +#device vt +#options XSERVER # support for X server on a vt console +#options FAT_CURSOR # start with block cursor + +device agp # support several AGP chipsets + +# Floating point support - do not disable. +device npx + +# Power management support (see NOTES for more options) +#device apm +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +#device cbb # cardbus (yenta) bridge +#device pccard # PC Card (16-bit) bus +#device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports + +# PCI Ethernet NICs. +device de # DEC/Intel DC21x4x (``Tulip'') +device em # Intel PRO/1000 adapter Gigabit Ethernet Card +device ixgb # Intel PRO/10GbE Ethernet Card +device txp # 3Com 3cR990 (``Typhoon'') +device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet +device dc # DEC/Intel 21143 and various workalikes +device fxp # Intel EtherExpress PRO/100B (82557, 82558) +device lge # Level 1 LXT1001 gigabit ethernet +device nge # NatSemi DP83820 gigabit ethernet +device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') +device re # RealTek 8139C+/8169/8169S/8110S +device rl # RealTek 8129/8139 +device sf # Adaptec AIC-6915 (``Starfire'') +device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +device ste # Sundance ST201 (D-Link DFE-550TX) +device ti # Alteon Networks Tigon I/II gigabit Ethernet +device tl # Texas Instruments ThunderLAN +device tx # SMC EtherPower II (83c170 ``EPIC'') +device vge # VIA VT612x gigabit ethernet +device vr # VIA Rhine, Rhine II +device wb # Winbond W89C840F +device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device lnc # NE2100, NE32-VL Lance Ethernet cards +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet + +# ISA devices that use the old ISA shims +#device le + +# Wireless NIC cards +#device wlan # 802.11 support +#device an # Aironet 4500/4800 802.11 wireless NICs. +#device awi # BayStack 660 and others +#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +#device wl # Older non 802.11 Wavelan wireless NIC. + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPDIVERT +options DUMMYNET + +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +device pfsync #synchronization interface for PF +device carp #Common Address Redundancy Protocol + +options ALTQ +options ALTQ_CBQ # Class Bases Queueing +options ALTQ_RED # Random Early Detection +options ALTQ_RIO # RED In/Out +options ALTQ_HFSC # Hierarchical Packet Scheduler +options ALTQ_CDNR # Traffic conditioner +options ALTQ_PRIQ # Priority Queueing +options ALTQ_NOPCC # Required for SMP build + +device ath +device ath_hal +device ath_rate_sample + +# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254 +# clock to actually be used. +options CLK_USE_I8254_CALIBRATION + +# CPU_ELAN enables support for AMDs ElanSC520 CPU. +options CPU_ELAN +options CPU_SOEKRIS +options CPU_ELAN_XTAL=32768000 +options CPU_ELAN_PPS + diff --git a/tools/tools/tinybsd/conf/firewall/etc/authpf/authpf.rules b/tools/tools/tinybsd/conf/firewall/etc/authpf/authpf.rules new file mode 100644 index 0000000..e8c0da7 --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/authpf/authpf.rules @@ -0,0 +1 @@ +# $FreeBSD$ diff --git a/tools/tools/tinybsd/conf/firewall/etc/fstab b/tools/tools/tinybsd/conf/firewall/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/firewall/etc/natd.conf b/tools/tools/tinybsd/conf/firewall/etc/natd.conf new file mode 100644 index 0000000..e8c0da7 --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/natd.conf @@ -0,0 +1 @@ +# $FreeBSD$ diff --git a/tools/tools/tinybsd/conf/firewall/etc/pf.conf b/tools/tools/tinybsd/conf/firewall/etc/pf.conf new file mode 100644 index 0000000..9acf363 --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/pf.conf @@ -0,0 +1,78 @@ +# $FreeBSD$ +# +# See pf.conf(5) and /usr/share/examples/pf for syntax and examples. +# Required order: options, normalization, queueing, translation, filtering. +# Macros and tables may be defined and used anywhere. +# Note that translation rules are first match while filter rules are last match. + +# Macros: define common values, so they can be referenced and changed easily. +#ext_if="ext0" # replace with actual external interface name i.e., dc0 +#int_if="int0" # replace with actual internal interface name i.e., dc1 +#internal_net="10.1.1.1/8" +#external_addr="192.168.1.1" + +# Tables: similar to macros, but more flexible for many addresses. +#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 } + +# Options: tune the behavior of pf, default values are given. +#set timeout { interval 10, frag 30 } +#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } +#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } +#set timeout { udp.first 60, udp.single 30, udp.multiple 60 } +#set timeout { icmp.first 20, icmp.error 10 } +#set timeout { other.first 60, other.single 30, other.multiple 60 } +#set timeout { adaptive.start 0, adaptive.end 0 } +#set limit { states 10000, frags 5000 } +#set loginterface none +#set optimization normal +#set block-policy drop +#set require-order yes +#set fingerprints "/etc/pf.os" + +# Normalization: reassemble fragments and resolve or reduce traffic ambiguities. +#scrub in all + +# Queueing: rule-based bandwidth control. +#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing } +#queue dflt bandwidth 5% cbq(default) +#queue developers bandwidth 80% +#queue marketing bandwidth 15% + +# Translation: specify how addresses are to be mapped or redirected. +# nat: packets going out through $ext_if with source address $internal_net will +# get translated as coming from the address of $ext_if, a state is created for +# such packets, and incoming packets will be redirected to the internal address. +#nat on $ext_if from $internal_net to any -> ($ext_if) + +# rdr: packets coming in on $ext_if with destination $external_addr:1234 will +# be redirected to 10.1.1.1:5678. A state is created for such packets, and +# outgoing packets will be translated as coming from the external address. +#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678 + +# rdr outgoing FTP requests to the ftp-proxy +#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 + +# spamd-setup puts addresses to be redirected into table <spamd>. +#table <spamd> persist +#no rdr on { lo0, lo1 } from any to any +#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025 + +# Filtering: the implicit first two rules are +#pass in all +#pass out all + +# block all incoming packets but allow ssh, pass all outgoing tcp and udp +# connections and keep state, logging blocked packets. +#block in log all +#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state +#pass out on $ext_if proto { tcp, udp } all keep state + +# pass incoming packets destined to the addresses given in table <foo>. +#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state + +# pass incoming ports for ftp-proxy +#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state + +# assign packets to a queue. +#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers +#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing diff --git a/tools/tools/tinybsd/conf/firewall/etc/pf.os b/tools/tools/tinybsd/conf/firewall/etc/pf.os new file mode 100644 index 0000000..2a64809 --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/pf.os @@ -0,0 +1,549 @@ +# $FreeBSD$ +# passive OS fingerprinting +# ------------------------- +# +# SYN signatures. Those signatures work for SYN packets only (duh!). +# +# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> +# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# +# This fingerprint database is adapted from Michal Zalewski's p0f passive +# operating system package. +# +# +# Each line in this file specifies a single fingerprint. Please read the +# information below carefully before attempting to append any signatures +# reported as UNKNOWN to this file to avoid mistakes. +# +# We use the following set metrics for fingerprinting: +# +# - Window size (WSS) - a highly OS dependent setting used for TCP/IP +# performance control (max. amount of data to be sent without ACK). +# Some systems use a fixed value for initial packets. On other +# systems, it is a multiple of MSS or MTU (MSS+40). In some rare +# cases, the value is just arbitrary. +# +# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number +# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn' +# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the +# value of nn is not fixed (unlikely), just copy the Snn or Tnn token +# literally. If you know this device has a simple stack and a fixed +# MTU, you can however multiply S value by MSS, or T value by MSS+40, +# and put it instead of Snn or Tnn. +# +# If WSS otherwise looks like a fixed value (for example a multiple +# of two), or if you can confirm the value is fixed, please quote +# it literally. If there's no apparent pattern in WSS chosen, you +# should consider wildcarding this value. +# +# - Overall packet size - a function of all IP and TCP options and bugs. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Initial TTL - We check the actual TTL of a received packet. It can't +# be higher than the initial TTL, and also shouldn't be dramatically +# lower (maximum distance is defined as 40 hops). +# +# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally. +# You need to determine the initial TTL. The best way to do it is to +# check the documentation for a remote system, or check its settings. +# A fairly good method is to simply round the observed TTL up to +# 32, 64, 128, or 255, but it should be noted that some obscure devices +# might not use round TTLs (in particular, some shoddy appliances use +# "original" initial TTL settings). If not sure, you can see how many +# hops you're away from the remote party with traceroute or mtr. +# +# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU +# discovery. Others do not bother. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f +# uses it to determine link type of the remote host. +# +# NEW SIGNATURE: Always wildcard this value, except for rare cases when +# you have an appliance with a fixed value, know the system supports only +# a very limited number of network interface types, or know the system +# is using a value it pulled out of nowhere. Specific unique MSS +# can be used to tell Google crawlbots from the rest of the population. +# +# - Window scaling (WSCALE) - this feature is used to scale WSS. +# It extends the size of a TCP/IP window to 32 bits. Some modern +# systems implement this feature. +# +# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set +# to zero or other low value. There's usually no need to wildcard this +# parameter. +# +# - Timestamp - some systems that implement timestamps set them to +# zero in the initial SYN. This case is detected and handled appropriately. +# +# - Selective ACK permitted - a flag set by systems that implement +# selective ACK functionality. +# +# - The sequence of TCP all options (MSS, window scaling, selective ACK +# permitted, timestamp, NOP). Other than the options previously +# discussed, p0f also checks for timestamp option (a silly +# extension to broadcast your uptime ;-), NOP options (used for +# header padding) and sackOK option (selective ACK feature). +# +# NEW SIGNATURE: Copy the sequence literally. +# +# To wildcard any value (except for initial TTL or TCP options), replace +# it with '*'. You can also use a modulo operator to match any values +# that divide by nnn - '%nnn'. +# +# Fingerprint entry format: +# +# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details +# +# wwww - window size (can be *, %nnn, Snn or Tnn). The special values +# "S" and "T" which are a multiple of MSS or a multiple of MTU +# respectively. +# ttt - initial TTL +# D - don't fragment bit (0 - not set, 1 - set) +# ss - overall SYN packet size +# OOO - option value and order specification (see below) +# OS - OS genre (Linux, Solaris, Windows) +# Version - OS Version (2.0.27 on x86, etc) +# Subtype - OS subtype or patchlevel (SP3, lo0) +# details - Generic OS details +# +# If OS genre starts with '*', p0f will not show distance, link type +# and timestamp data. It is useful for userland TCP/IP stacks of +# network scanners and so on, where many settings are randomized or +# bogus. +# +# If OS genre starts with @, it denotes an approximate hit for a group +# of operating systems (signature reporting still enabled in this case). +# Use this feature at the end of this file to catch cases for which +# you don't have a precise match, but can tell it's Windows or FreeBSD +# or whatnot by looking at, say, flag layout alone. +# +# Option block description is a list of comma or space separated +# options in the order they appear in the packet: +# +# N - NOP option +# Wnnn - window scaling option, value nnn (or * or %nnn) +# Mnnn - maximum segment size option, value nnn (or * or %nnn) +# S - selective ACK OK +# T - timestamp +# T0 - timestamp with a zero value +# +# To denote no TCP options, use a single '.'. +# +# Please report any additions to this file, or any inaccuracies or +# problems spotted, to the maintainers: lcamtuf@coredump.cx, +# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet +# capture of the relevant SYN packet(s) +# +# WARNING WARNING WARNING +# ----------------------- +# +# Do not add a system X as OS Y just because NMAP says so. It is often +# the case that X is a NAT firewall. While nmap is talking to the +# device itself, p0f is fingerprinting the guy behind the firewall +# instead. +# +# When in doubt, use common sense, don't add something that looks like +# a completely different system as Linux or FreeBSD or LinkSys router. +# Check DNS name, establish a connection to the remote host and look +# at SYN+ACK - does it look similar? +# +# Some users tweak their TCP/IP settings - enable or disable RFC1323 +# functionality, enable or disable timestamps or selective ACK, +# disable PMTU discovery, change MTU and so on. Always compare a new rule +# to other fingerprints for this system, and verify the system isn't +# "customized" before adding it. It is OK to add signature variants +# caused by a commonly used software (personal firewalls, security +# packages, etc), but it makes no sense to try to add every single +# possible /proc/sys/net/ipv4 tweak on Linux or so. +# +# KEEP IN MIND: Some packet firewalls configured to normalize outgoing +# traffic (OpenBSD pf with "scrub" enabled, for example) will, well, +# normalize packets. Signatures will not correspond to the originating +# system (and probably not quite to the firewall either). +# +# NOTE: Try to keep this file in some reasonable order, from most to +# least likely systems. This will speed up operation. Also keep most +# generic and broad rules near the end. +# + +########################## +# Standard OS signatures # +########################## + +# ----------------- AIX --------------------- + +# AIX is first because its signatures are close to NetBSD, MacOS X and +# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes... +# This is a shoddy hack, though. + +16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier + +16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1 + +# ----------------- Linux ------------------- + +512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x +16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x + +# Endian snafu! Nelson says "ha-ha": +2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac +64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac + + +S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) + +S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) +S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer +S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 +S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6 + +S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 +S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 + +S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer +S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 +S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 + +# Popular cluster config scripts disable timestamps and +# selective ACK: +S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster + +# This needs to be investigated. On some systems, WSS +# is selected as a multiple of MTU instead of MSS. I got +# many submissions for this for many late versions of 2.4: +T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon) + +# This happens only over loopback, but let's make folks happy: +32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local) +S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local) + +# Opera visitors: +16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?) +32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?) + +# Some fairly common mods: +S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps +S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps + + +# ----------------- FreeBSD ----------------- + +16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1 +16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1 +16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1 +16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) +57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8 + +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1 +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1 + +# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) + +# ----------------- NetBSD ------------------ + +65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera) +16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6 +16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) +16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3 +65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) + +# ----------------- OpenBSD ----------------- + +16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) +16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4::OpenBSD 3.0-3.4 +16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df) +57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4::OpenBSD 3.3-3.4 +57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df) + +65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera) + +# ----------------- Solaris ----------------- + +S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 +S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 +S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 + +S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 +S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 +S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9 +S44:255:1:44:M*: Solaris:2.7::Solaris 7 + +# ----------------- IRIX -------------------- + +49152:64:0:44:M*: IRIX:6.4::IRIX 6.4 +61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5 +49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) +49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) + +61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 +49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 + +# ----------------- Tru64 ------------------- + +32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 +32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0 +8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6) + +# This looks awfully Linuxish :/ +# S22:64:0:60:M*,S,T,N,W0: Tru64:5.0:a:Tru64 5.0a + +61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack) + + +# ----------------- OpenVMS ----------------- + +6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack) + +# ----------------- MacOS ------------------- + +16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +32768:255:1:48:M*,W0,N: MacOS:9.1-9.2::MacOS 9.1/9.2 +32768:64:0:60:M*,N,W0,N,N,T: MacOS:X:10.2:MacOS X 10.2 + +# ----------------- Windows ----------------- + +# Windows 95 - need more: + +8192:32:1:44:M*: Windows:95::Windows 95 (low TTL) + +# Windows 98 - plenty of silly signatures: +S44:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL) +8192:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL) + +%8192:64:1:48:M*,N,N,S: Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL) +S4:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S6:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S12:64:1:48:M*,N,N,S: Windows:98::Windows 98 +32767:64:1:48:M*,N,N,S: Windows:98::Windows 98 +37300:64:1:48:M*,N,N,S: Windows:98::Windows 98 +46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323) +65535:64:1:44:M*: Windows:98:noSACK:Windows 98 (no sack) + +S16:128:1:48:M*,N,N,S: Windows:98::Windows 98 +S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 +S26:128:1:48:M*,N,N,S: Windows:98::Windows 98 +T30:128:1:48:M*,N,N,S: Windows:98::Windows 98 +32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98 +60352:128:1:48:M*,N,N,S: Windows:98::Windows 98 +60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98 + +# Windows NT 4.0 - need more: + +64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a +8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older) +6144:128:1:52:M*,W0,N,S,N,N: Windows:NT:4.0:Windows NT 4.0 (RFC1323) + +# Windows XP and 2000. Most of the signatures that were +# either dubious or non-specific (no service pack data) +# were deleted and replaced with generics at the end. + +65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 +%8192:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 +S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4 +S6:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows XP SP1, 2000 SP4 +S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3 + +S6:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1, 2000 SP4 +S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3 +64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1 +32767:128:1:48:M1452,N,N,S: Windows:XP:SP1:Windows XP SP1 +65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 +%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 + +# Odds, ends, mods: + +S52:128:1:48:M1260,N,N,S: Windows:XP:Cisco:Windows XP/2000 via Cisco +S52:128:1:48:M1260,N,N,S: Windows:2000:Cisco:Windows XP/2000 via Cisco + +# HUNT DOWN: +# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT) + +# ----------------- HP/UX ------------------- + +32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20 +32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0 +32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11 +32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11 + +# Whoa. Hardcore WSS. +0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) + + +# ----------------- RiscOS ------------------ + +# We don't yet support the ?12 TCP option +#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36 + +# ----------------- BSD/OS ------------------ + +# Once again, power of two WSS is also shared by MacOS X with DF set +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF) +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2) + + +# ---------------- NewtonOS ----------------- + +4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1 + +# ---------------- NeXTSTEP ----------------- + +S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 + +# ------------------ BeOS ------------------- + +1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1 +12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x + +# ------------------ OS/400 ----------------- + +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5 +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5 +4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032 + + +# ------------------ ULTRIX ----------------- + +16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5 + +# ------------------- QNX ------------------- + +S16:64:0:44:M512: QNX:::QNX demodisk + +# ------------------ Novell ----------------- + +16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0 +6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11 + +# ----------------- SCO ------------------ +S17:64:1:44:M1460: SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06 +S17:64:1:44:M1460: SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06 +S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 + +# ------------------- DOS ------------------- + +2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 + +########################################### +# Appliance / embedded / other signatures # +########################################### + +# ---------- Firewalls / routers ------------ + +S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) +S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) +4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x +60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x + +# ------- Switches and other stuff ---------- + +4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc +S8:255:0:44:M*: Cisco:12008::Cisco 12008 +60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch +64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client + + +# ---------- Caches and whatnots ------------ + +S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache + +32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x +16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1 +65535:64:0:64:M1460,N,N,S,N,W3,N,N,T: NetApp:5.3:1:NetApp 5.3.1 +65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow +8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1 + +S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine + +27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based) + +65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler +S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg + + +16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) + +# ----------- Embedded systems -------------- + +S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C +S5:255:0:44:M536: PalmOS:3::PalmOS 3/4 +S5:255:0:44:M536: PalmOS:4::PalmOS 3/4 +S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 +2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) + +S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 +8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?) +8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?) + + +# Perhaps S4? +5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10 + +32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 + +S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0 + +4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0 + +S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 + + + +#################### +# Fancy signatures # +#################### + +1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1) +2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2) +3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) +4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) + +1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) +2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) +3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) +4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) + +##################################### +# Generic signatures - just in case # +##################################### + +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x + +*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) +*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000 +*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000 diff --git a/tools/tools/tinybsd/conf/firewall/etc/rc.conf b/tools/tools/tinybsd/conf/firewall/etc/rc.conf new file mode 100644 index 0000000..1631ede --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/rc.conf @@ -0,0 +1,40 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + +# IPFW +firewall_enable="YES" +firewall_script="/etc/rc.firewall" +firewall_type="closed" + +# NAT +natd_enable="NO" +natd_interface="" +natd_flags="" + +# PF +pf_enable="NO" +pf_rules="/etc/pf.conf" +pf_program="/sbin/pfctl" +pf_flags="" +pflog_enable="NO" +pflog_logfile="/var/log/pflog" +pflog_program="/sbin/pflogd" +pflog_flags="" + +# CARP Example +#cloned_interfaces="carp0" +#ifconfig_carp0="vhid 1 pass xalala 192.168.1.1/24" + + + + + diff --git a/tools/tools/tinybsd/conf/firewall/etc/rc.firewall b/tools/tools/tinybsd/conf/firewall/etc/rc.firewall new file mode 100644 index 0000000..05a1a6a --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/rc.firewall @@ -0,0 +1,302 @@ +#!/bin/sh - +# Copyright (c) 1996 Poul-Henning Kamp +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Setup system for firewall service. +# + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +############ +# Define the firewall type in /etc/rc.conf. Valid values are: +# open - will allow anyone in +# client - will try to protect just this machine +# simple - will try to protect a whole network +# closed - totally disables IP services except via lo0 interface +# UNKNOWN - disables the loading of firewall rules. +# filename - will load the rules in the given filename (full path required) +# +# For ``client'' and ``simple'' the entries below should be customized +# appropriately. + +############ +# +# If you don't know enough about packet filtering, we suggest that you +# take time to read this book: +# +# Building Internet Firewalls, 2nd Edition +# Brent Chapman and Elizabeth Zwicky +# +# O'Reilly & Associates, Inc +# ISBN 1-56592-871-7 +# http://www.ora.com/ +# http://www.oreilly.com/catalog/fire2/ +# +# For a more advanced treatment of Internet Security read: +# +# Firewalls & Internet Security +# Repelling the wily hacker +# William R. Cheswick, Steven M. Bellowin +# +# Addison-Wesley +# ISBN 0-201-63357-4 +# http://www.awl.com/ +# http://www.awlonline.com/product/0%2C2627%2C0201633574%2C00.html +# + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +if [ -n "${1}" ]; then + firewall_type="${1}" +fi + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +############ +# Network Address Translation. All packets are passed to natd(8) +# before they encounter your remaining rules. The firewall rules +# will then be run again on each packet after translation by natd +# starting at the rule number following the divert rule. +# +# For ``simple'' firewall type the divert rule should be put to a +# different place to not interfere with address-checking rules. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} + fi + ;; + esac +esac + +############ +# If you just configured ipfw in the kernel as a tool to solve network +# problems or you just want to disallow some particular kinds of traffic +# then you will want to change the default policy to open. You can also +# do this as your only action by setting the firewall_type to ``open''. +# +# ${fwcmd} add 65000 pass all from any to any + + +# Prototype setups. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]) + setup_loopback + ${fwcmd} add 65000 pass all from any to any + ;; + +[Cc][Ll][Ii][Ee][Nn][Tt]) + ############ + # This is a prototype setup that will protect your system somewhat + # against people from outside your own network. + ############ + + # set these to your network and netmask and ip + net="192.0.2.0" + mask="255.255.255.0" + ip="192.0.2.1" + + setup_loopback + + # Allow any traffic to or from my own net. + ${fwcmd} add pass all from ${ip} to ${net}:${mask} + ${fwcmd} add pass all from ${net}:${mask} to ${ip} + + # Allow TCP through if setup succeeded + ${fwcmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fwcmd} add pass tcp from any to ${ip} 25 setup + + # Allow setup of outgoing TCP connections only + ${fwcmd} add pass tcp from ${ip} to any setup + + # Disallow setup of all other TCP connections + ${fwcmd} add deny tcp from any to any setup + + # Allow DNS queries out in the world + ${fwcmd} add pass udp from ${ip} to any 53 keep-state + + # Allow NTP queries out in the world + ${fwcmd} add pass udp from ${ip} to any 123 keep-state + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Ss][Ii][Mm][Pp][Ll][Ee]) + ############ + # This is a prototype setup for a simple firewall. Configure this + # machine as a DNS and NTP server, and point all the machines + # on the inside at this machine for those services. + ############ + + # set these to your outside interface network and netmask and ip + oif="ed0" + onet="192.0.2.0" + omask="255.255.255.240" + oip="192.0.2.1" + + # set these to your inside interface network and netmask and ip + iif="ed1" + inet="192.0.2.16" + imask="255.255.255.240" + iip="192.0.2.17" + + setup_loopback + + # Stop spoofing + ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} + ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} + ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} + ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} + ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} + ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} + ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} + ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} + + # Network Address Translation. This rule is placed here deliberately + # so that it does not interfere with the surrounding address-checking + # rules. If for example one of your internal LAN machines had its IP + # address set to 192.0.2.1 then an incoming packet for it after being + # translated by natd(8) would match the `deny' rule above. Similarly + # an outgoing packet originated from it before being translated would + # match the `deny' rule below. + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add divert natd all from any to any via ${natd_interface} + fi + ;; + esac + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} + ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} + ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} + ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} + ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} + + # Allow TCP through if setup succeeded + ${fwcmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fwcmd} add pass tcp from any to ${oip} 25 setup + + # Allow access to our DNS + ${fwcmd} add pass tcp from any to ${oip} 53 setup + ${fwcmd} add pass udp from any to ${oip} 53 + ${fwcmd} add pass udp from ${oip} 53 to any + + # Allow access to our WWW + ${fwcmd} add pass tcp from any to ${oip} 80 setup + + # Reject&Log all setup of incoming connections from the outside + ${fwcmd} add deny log tcp from any to any in via ${oif} setup + + # Allow setup of any other TCP connection + ${fwcmd} add pass tcp from any to any setup + + # Allow DNS queries out in the world + ${fwcmd} add pass udp from ${oip} to any 53 keep-state + + # Allow NTP queries out in the world + ${fwcmd} add pass udp from ${oip} to any 123 keep-state + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Cc][Ll][Oo][Ss][Ee][Dd]) + setup_loopback + ;; +[Uu][Nn][Kk][Nn][Oo][Ww][Nn]) + ;; +*) + if [ -r "${firewall_type}" ]; then + ${fwcmd} ${firewall_flags} ${firewall_type} + fi + ;; +esac diff --git a/tools/tools/tinybsd/conf/firewall/etc/sysctl.conf b/tools/tools/tinybsd/conf/firewall/etc/sysctl.conf new file mode 100644 index 0000000..f9e09ff --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/etc/sysctl.conf @@ -0,0 +1,5 @@ +# $FreeBSD$ +# CARP Options +#net.inet.carp.preempt=1 +#net.inet.carp.arpbalance=1 + diff --git a/tools/tools/tinybsd/conf/firewall/tinybsd.basefiles b/tools/tools/tinybsd/conf/firewall/tinybsd.basefiles new file mode 100644 index 0000000..ab5a5a1 --- /dev/null +++ b/tools/tools/tinybsd/conf/firewall/tinybsd.basefiles @@ -0,0 +1,245 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/dd +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/comcontrol +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/ipfw +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/md5 +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nfs +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/natd +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/nos-tun +sbin/pfctl +sbin/pflogd +sbin/ping +sbin/rcorder +sbin/route +sbin/shutdown +sbin/slattach +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chat +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/cmp +usr/bin/compress:usr/bin/uncompress +usr/bin/cpio +usr/bin/crontab +usr/bin/cu +usr/bin/dig +usr/bin/dirname +usr/bin/du +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fetch +usr/bin/find +usr/bin/finger +usr/bin/fstat +usr/bin/fsync +usr/bin/ftp +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/gzexe +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/ident +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/limits +usr/bin/lock +usr/bin/lockf +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/netstat +usr/bin/nfsstat +usr/bin/nice +usr/bin/nslookup +usr/bin/nsupdate +usr/bin/nohup +usr/bin/objformat +usr/bin/openssl +usr/bin/passwd +usr/bin/printf +usr/bin/renice +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/script +usr/bin/sed +usr/bin/sftp +usr/bin/shar +usr/bin/slogin:usr/bin/ssh +usr/bin/sort +usr/bin/split +usr/bin/ssh-keygen +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/telnet +usr/bin/tftp +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/tput +usr/bin/tr +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vi +usr/bin/vmstat +usr/bin/wall +usr/bin/who +usr/bin/whois +usr/bin/write +usr/bin/yes + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/arp +usr/sbin/authpf +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/chroot +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/inetd +usr/sbin/iostat +usr/sbin/kbdcontrol +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mountd +usr/sbin/mtree +usr/sbin/named +usr/sbin/named.reload +usr/sbin/newsyslog +usr/sbin/ngctl +usr/sbin/nghook +usr/sbin/ntpdate +usr/sbin/pciconf +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/slstat +usr/sbin/sshd +usr/sbin/syslogd +usr/sbin/tcpdchk +usr/sbin/tcpdmatch +usr/sbin/tcpdump +usr/sbin/traceroute +usr/sbin/vidcontrol +usr/sbin/vipw +usr/sbin/vnconfig +usr/sbin/watch + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/ftpd +usr/libexec/getty +usr/libexec/sftp-server +usr/libexec/telnetd +usr/libexec/tftpd + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/conf/minimal/TINYBSD b/tools/tools/tinybsd/conf/minimal/TINYBSD new file mode 100644 index 0000000..ff425b8 --- /dev/null +++ b/tools/tools/tinybsd/conf/minimal/TINYBSD @@ -0,0 +1,89 @@ +# $FreeBSD$ +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device vga # VGA video card driver + +#device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc + +# Enable this for the pcvt (VT220 compatible) console driver +#device vt +#options XSERVER # support for X server on a vt console +#options FAT_CURSOR # start with block cursor + +device agp # support several AGP chipsets + +# Floating point support - do not disable. +device npx + +# Power management support (see NOTES for more options) +#device apm +# Add suspend/resume support for the i8254. +device pmtimer + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" + +# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254 +# clock to actually be used. +options CLK_USE_I8254_CALIBRATION + +# CPU_ELAN enables support for AMDs ElanSC520 CPU. +options CPU_ELAN +options CPU_SOEKRIS +options CPU_ELAN_XTAL=32768000 +options CPU_ELAN_PPS + diff --git a/tools/tools/tinybsd/conf/minimal/etc/fstab b/tools/tools/tinybsd/conf/minimal/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/minimal/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/minimal/etc/rc.conf b/tools/tools/tinybsd/conf/minimal/etc/rc.conf new file mode 100644 index 0000000..2a585c1 --- /dev/null +++ b/tools/tools/tinybsd/conf/minimal/etc/rc.conf @@ -0,0 +1,12 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + diff --git a/tools/tools/tinybsd/conf/minimal/tinybsd.basefiles b/tools/tools/tinybsd/conf/minimal/tinybsd.basefiles new file mode 100644 index 0000000..d7bedd7 --- /dev/null +++ b/tools/tools/tinybsd/conf/minimal/tinybsd.basefiles @@ -0,0 +1,172 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/rcorder +sbin/shutdown +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/compress:usr/bin/uncompress +usr/bin/crontab +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fstat +usr/bin/fsync +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/nice +usr/bin/nohup +usr/bin/objformat +usr/bin/passwd +usr/bin/printf +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/sed +usr/bin/slogin:usr/bin/ssh +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vmstat +usr/bin/who +usr/bin/whois + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mtree +usr/sbin/newsyslog +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/syslogd +usr/sbin/vidcontrol +usr/sbin/vipw + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/getty + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/conf/vpn/TINYBSD b/tools/tools/tinybsd/conf/vpn/TINYBSD new file mode 100644 index 0000000..00e5830 --- /dev/null +++ b/tools/tools/tinybsd/conf/vpn/TINYBSD @@ -0,0 +1,170 @@ +# $FreeBSD$ +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device eisa +device pci + +# Floppy drives +#device fdc + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +device atapist # ATAPI tape drives +options ATA_STATIC_ID # Static device numbering + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device vga # VGA video card driver + +#device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc + +# Enable this for the pcvt (VT220 compatible) console driver +#device vt +#options XSERVER # support for X server on a vt console +#options FAT_CURSOR # start with block cursor + +device agp # support several AGP chipsets + +# Floating point support - do not disable. +device npx + +# Power management support (see NOTES for more options) +#device apm +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +#device cbb # cardbus (yenta) bridge +#device pccard # PC Card (16-bit) bus +#device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports + +# PCI Ethernet NICs. +device de # DEC/Intel DC21x4x (``Tulip'') +device em # Intel PRO/1000 adapter Gigabit Ethernet Card +device ixgb # Intel PRO/10GbE Ethernet Card +device txp # 3Com 3cR990 (``Typhoon'') +device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet +device dc # DEC/Intel 21143 and various workalikes +device fxp # Intel EtherExpress PRO/100B (82557, 82558) +device lge # Level 1 LXT1001 gigabit ethernet +device nge # NatSemi DP83820 gigabit ethernet +device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') +device re # RealTek 8139C+/8169/8169S/8110S +device rl # RealTek 8129/8139 +device sf # Adaptec AIC-6915 (``Starfire'') +device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +device ste # Sundance ST201 (D-Link DFE-550TX) +device ti # Alteon Networks Tigon I/II gigabit Ethernet +device tl # Texas Instruments ThunderLAN +device tx # SMC EtherPower II (83c170 ``EPIC'') +device vge # VIA VT612x gigabit ethernet +device vr # VIA Rhine, Rhine II +device wb # Winbond W89C840F +device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device lnc # NE2100, NE32-VL Lance Ethernet cards +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet + +# ISA devices that use the old ISA shims +#device le + +# Wireless NIC cards +#device wlan # 802.11 support +#device an # Aironet 4500/4800 802.11 wireless NICs. +#device awi # BayStack 660 and others +#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +#device wl # Older non 802.11 Wavelan wireless NIC. + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +#device sl # Kernel SLIP +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device faith # IPv6-to-IPv4 relaying (translation) + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254 +# clock to actually be used. +options CLK_USE_I8254_CALIBRATION + +# CPU_ELAN enables support for AMDs ElanSC520 CPU. +options CPU_ELAN +options CPU_SOEKRIS +options CPU_ELAN_XTAL=32768000 +options CPU_ELAN_PPS + +# IPSEC +options IPSEC +options IPSEC_ESP + diff --git a/tools/tools/tinybsd/conf/vpn/etc/fstab b/tools/tools/tinybsd/conf/vpn/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/vpn/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/vpn/etc/rc.conf b/tools/tools/tinybsd/conf/vpn/etc/rc.conf new file mode 100644 index 0000000..7a3a7e2 --- /dev/null +++ b/tools/tools/tinybsd/conf/vpn/etc/rc.conf @@ -0,0 +1,21 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + +# VPN +ipsec_enable="YES" +ipsec_file="/etc/ipsec.conf" + +# CONF +ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff" +static_routes="vpn" +route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00" + diff --git a/tools/tools/tinybsd/conf/vpn/etc/setkey.conf b/tools/tools/tinybsd/conf/vpn/etc/setkey.conf new file mode 100644 index 0000000..e8c0da7 --- /dev/null +++ b/tools/tools/tinybsd/conf/vpn/etc/setkey.conf @@ -0,0 +1 @@ +# $FreeBSD$ diff --git a/tools/tools/tinybsd/conf/vpn/tinybsd.basefiles b/tools/tools/tinybsd/conf/vpn/tinybsd.basefiles new file mode 100644 index 0000000..129256b --- /dev/null +++ b/tools/tools/tinybsd/conf/vpn/tinybsd.basefiles @@ -0,0 +1,227 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/comcontrol +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/ipfw +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/md5 +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/nos-tun +sbin/ping +sbin/rcorder +sbin/route +sbin/shutdown +sbin/slattach +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chat +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/cmp +usr/bin/compress:usr/bin/uncompress +usr/bin/cpio +usr/bin/crontab +usr/bin/cu +usr/bin/dig +usr/bin/dirname +usr/bin/du +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fetch +usr/bin/find +usr/bin/fstat +usr/bin/fsync +usr/bin/ftp +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/gzexe +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/ident +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/limits +usr/bin/lock +usr/bin/lockf +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/netstat +usr/bin/nfsstat +usr/bin/nice +usr/bin/nslookup +usr/bin/nsupdate +usr/bin/nohup +usr/bin/objformat +usr/bin/openssl +usr/bin/passwd +usr/bin/printf +usr/bin/renice +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/script +usr/bin/sed +usr/bin/sftp +usr/bin/shar +usr/bin/slogin:usr/bin/ssh +usr/bin/sort +usr/bin/split +usr/bin/ssh-keygen +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/telnet +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/tput +usr/bin/tr +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vi +usr/bin/vmstat +usr/bin/wall +usr/bin/who +usr/bin/whois +usr/bin/write +usr/bin/yes + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/iostat +usr/sbin/kbdcontrol +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mtree +usr/sbin/newsyslog +usr/sbin/ntpdate +usr/sbin/pciconf +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/setkey +usr/sbin/slstat +usr/sbin/sshd +usr/sbin/syslogd +usr/sbin/tcpdchk +usr/sbin/tcpdmatch +usr/sbin/tcpdump +usr/sbin/traceroute +usr/sbin/vidcontrol +usr/sbin/vipw +usr/sbin/vnconfig +usr/sbin/watch + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/getty +usr/libexec/sftp-server + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/conf/wireless/TINYBSD b/tools/tools/tinybsd/conf/wireless/TINYBSD new file mode 100644 index 0000000..e819aa1 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/TINYBSD @@ -0,0 +1,180 @@ +# $FreeBSD$ +machine i386 +cpu I486_CPU +cpu I586_CPU +cpu I686_CPU +ident TINYBSD + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device eisa +device pci + +# Floppy drives +#device fdc + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +device atapist # ATAPI tape drives +options ATA_STATIC_ID # Static device numbering + +# atkbdc0 controls both the keyboard and the PS/2 mouse +device atkbdc # AT keyboard controller +device atkbd # AT keyboard +device psm # PS/2 mouse + +device vga # VGA video card driver + +#device splash # Splash screen and screen saver support + +# syscons is the default console driver, resembling an SCO console +device sc + +# Enable this for the pcvt (VT220 compatible) console driver +#device vt +#options XSERVER # support for X server on a vt console +#options FAT_CURSOR # start with block cursor + +device agp # support several AGP chipsets + +# Floating point support - do not disable. +device npx + +# Power management support (see NOTES for more options) +#device apm +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports + +# PCI Ethernet NICs. +#device de # DEC/Intel DC21x4x (``Tulip'') +#device em # Intel PRO/1000 adapter Gigabit Ethernet Card +#device ixgb # Intel PRO/10GbE Ethernet Card +#device txp # 3Com 3cR990 (``Typhoon'') +#device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +#device miibus # MII bus support +#device bfe # Broadcom BCM440x 10/100 Ethernet +#device bge # Broadcom BCM570xx Gigabit Ethernet +#device dc # DEC/Intel 21143 and various workalikes +#device fxp # Intel EtherExpress PRO/100B (82557, 82558) +#device lge # Level 1 LXT1001 gigabit ethernet +#device nge # NatSemi DP83820 gigabit ethernet +#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') +#device re # RealTek 8139C+/8169/8169S/8110S +#device rl # RealTek 8129/8139 +#device sf # Adaptec AIC-6915 (``Starfire'') +#device sis # Silicon Integrated Systems SiS 900/SiS 7016 +#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +#device ste # Sundance ST201 (D-Link DFE-550TX) +#device ti # Alteon Networks Tigon I/II gigabit Ethernet +#device tl # Texas Instruments ThunderLAN +#device tx # SMC EtherPower II (83c170 ``EPIC'') +#device vge # VIA VT612x gigabit ethernet +#device vr # VIA Rhine, Rhine II +#device wb # Winbond W89C840F +#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# ISA Ethernet NICs. pccard NICs included. +#device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +#device ex # Intel EtherExpress Pro/10 and Pro/10+ +#device ep # Etherlink III based cards +#device fe # Fujitsu MB8696x based cards +#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +#device lnc # NE2100, NE32-VL Lance Ethernet cards +#device sn # SMC's 9000 series of Ethernet chips +#device xe # Xircom pccard Ethernet + +# ISA devices that use the old ISA shims +#device le + +# Wireless NIC cards +device wlan # 802.11 support +device wlan_wep #802.11 WEP support +device wlan_ccmp #802.11 CCMP support +device wlan_tkip #802.11 TKIP support +device wlan_xauth #802.11 external authenticator support +device wlan_acl #802.11 MAC ACL support +device an # Aironet 4500/4800 802.11 wireless NICs. +device awi # BayStack 660 and others +device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +#device wl # Older non 802.11 Wavelan wireless NIC. + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPDIVERT +options DUMMYNET +options BRIDGE + +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +device pfsync #synchronization interface for PF + +device ath +device ath_hal +device ath_rate_sample + +# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254 +# clock to actually be used. +options CLK_USE_I8254_CALIBRATION + +# CPU_ELAN enables support for AMDs ElanSC520 CPU. +options CPU_ELAN +options CPU_SOEKRIS +options CPU_ELAN_XTAL=32768000 +options CPU_ELAN_PPS + diff --git a/tools/tools/tinybsd/conf/wireless/etc/authpf/authpf.rules b/tools/tools/tinybsd/conf/wireless/etc/authpf/authpf.rules new file mode 100644 index 0000000..e8c0da7 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/authpf/authpf.rules @@ -0,0 +1 @@ +# $FreeBSD$ diff --git a/tools/tools/tinybsd/conf/wireless/etc/fstab b/tools/tools/tinybsd/conf/wireless/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/wireless/etc/natd.conf b/tools/tools/tinybsd/conf/wireless/etc/natd.conf new file mode 100644 index 0000000..e8c0da7 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/natd.conf @@ -0,0 +1 @@ +# $FreeBSD$ diff --git a/tools/tools/tinybsd/conf/wireless/etc/pf.conf b/tools/tools/tinybsd/conf/wireless/etc/pf.conf new file mode 100644 index 0000000..9acf363 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/pf.conf @@ -0,0 +1,78 @@ +# $FreeBSD$ +# +# See pf.conf(5) and /usr/share/examples/pf for syntax and examples. +# Required order: options, normalization, queueing, translation, filtering. +# Macros and tables may be defined and used anywhere. +# Note that translation rules are first match while filter rules are last match. + +# Macros: define common values, so they can be referenced and changed easily. +#ext_if="ext0" # replace with actual external interface name i.e., dc0 +#int_if="int0" # replace with actual internal interface name i.e., dc1 +#internal_net="10.1.1.1/8" +#external_addr="192.168.1.1" + +# Tables: similar to macros, but more flexible for many addresses. +#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 } + +# Options: tune the behavior of pf, default values are given. +#set timeout { interval 10, frag 30 } +#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } +#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } +#set timeout { udp.first 60, udp.single 30, udp.multiple 60 } +#set timeout { icmp.first 20, icmp.error 10 } +#set timeout { other.first 60, other.single 30, other.multiple 60 } +#set timeout { adaptive.start 0, adaptive.end 0 } +#set limit { states 10000, frags 5000 } +#set loginterface none +#set optimization normal +#set block-policy drop +#set require-order yes +#set fingerprints "/etc/pf.os" + +# Normalization: reassemble fragments and resolve or reduce traffic ambiguities. +#scrub in all + +# Queueing: rule-based bandwidth control. +#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing } +#queue dflt bandwidth 5% cbq(default) +#queue developers bandwidth 80% +#queue marketing bandwidth 15% + +# Translation: specify how addresses are to be mapped or redirected. +# nat: packets going out through $ext_if with source address $internal_net will +# get translated as coming from the address of $ext_if, a state is created for +# such packets, and incoming packets will be redirected to the internal address. +#nat on $ext_if from $internal_net to any -> ($ext_if) + +# rdr: packets coming in on $ext_if with destination $external_addr:1234 will +# be redirected to 10.1.1.1:5678. A state is created for such packets, and +# outgoing packets will be translated as coming from the external address. +#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678 + +# rdr outgoing FTP requests to the ftp-proxy +#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 + +# spamd-setup puts addresses to be redirected into table <spamd>. +#table <spamd> persist +#no rdr on { lo0, lo1 } from any to any +#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025 + +# Filtering: the implicit first two rules are +#pass in all +#pass out all + +# block all incoming packets but allow ssh, pass all outgoing tcp and udp +# connections and keep state, logging blocked packets. +#block in log all +#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state +#pass out on $ext_if proto { tcp, udp } all keep state + +# pass incoming packets destined to the addresses given in table <foo>. +#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state + +# pass incoming ports for ftp-proxy +#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state + +# assign packets to a queue. +#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers +#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing diff --git a/tools/tools/tinybsd/conf/wireless/etc/pf.os b/tools/tools/tinybsd/conf/wireless/etc/pf.os new file mode 100644 index 0000000..2a64809 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/pf.os @@ -0,0 +1,549 @@ +# $FreeBSD$ +# passive OS fingerprinting +# ------------------------- +# +# SYN signatures. Those signatures work for SYN packets only (duh!). +# +# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> +# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# +# This fingerprint database is adapted from Michal Zalewski's p0f passive +# operating system package. +# +# +# Each line in this file specifies a single fingerprint. Please read the +# information below carefully before attempting to append any signatures +# reported as UNKNOWN to this file to avoid mistakes. +# +# We use the following set metrics for fingerprinting: +# +# - Window size (WSS) - a highly OS dependent setting used for TCP/IP +# performance control (max. amount of data to be sent without ACK). +# Some systems use a fixed value for initial packets. On other +# systems, it is a multiple of MSS or MTU (MSS+40). In some rare +# cases, the value is just arbitrary. +# +# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number +# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn' +# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the +# value of nn is not fixed (unlikely), just copy the Snn or Tnn token +# literally. If you know this device has a simple stack and a fixed +# MTU, you can however multiply S value by MSS, or T value by MSS+40, +# and put it instead of Snn or Tnn. +# +# If WSS otherwise looks like a fixed value (for example a multiple +# of two), or if you can confirm the value is fixed, please quote +# it literally. If there's no apparent pattern in WSS chosen, you +# should consider wildcarding this value. +# +# - Overall packet size - a function of all IP and TCP options and bugs. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Initial TTL - We check the actual TTL of a received packet. It can't +# be higher than the initial TTL, and also shouldn't be dramatically +# lower (maximum distance is defined as 40 hops). +# +# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally. +# You need to determine the initial TTL. The best way to do it is to +# check the documentation for a remote system, or check its settings. +# A fairly good method is to simply round the observed TTL up to +# 32, 64, 128, or 255, but it should be noted that some obscure devices +# might not use round TTLs (in particular, some shoddy appliances use +# "original" initial TTL settings). If not sure, you can see how many +# hops you're away from the remote party with traceroute or mtr. +# +# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU +# discovery. Others do not bother. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f +# uses it to determine link type of the remote host. +# +# NEW SIGNATURE: Always wildcard this value, except for rare cases when +# you have an appliance with a fixed value, know the system supports only +# a very limited number of network interface types, or know the system +# is using a value it pulled out of nowhere. Specific unique MSS +# can be used to tell Google crawlbots from the rest of the population. +# +# - Window scaling (WSCALE) - this feature is used to scale WSS. +# It extends the size of a TCP/IP window to 32 bits. Some modern +# systems implement this feature. +# +# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set +# to zero or other low value. There's usually no need to wildcard this +# parameter. +# +# - Timestamp - some systems that implement timestamps set them to +# zero in the initial SYN. This case is detected and handled appropriately. +# +# - Selective ACK permitted - a flag set by systems that implement +# selective ACK functionality. +# +# - The sequence of TCP all options (MSS, window scaling, selective ACK +# permitted, timestamp, NOP). Other than the options previously +# discussed, p0f also checks for timestamp option (a silly +# extension to broadcast your uptime ;-), NOP options (used for +# header padding) and sackOK option (selective ACK feature). +# +# NEW SIGNATURE: Copy the sequence literally. +# +# To wildcard any value (except for initial TTL or TCP options), replace +# it with '*'. You can also use a modulo operator to match any values +# that divide by nnn - '%nnn'. +# +# Fingerprint entry format: +# +# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details +# +# wwww - window size (can be *, %nnn, Snn or Tnn). The special values +# "S" and "T" which are a multiple of MSS or a multiple of MTU +# respectively. +# ttt - initial TTL +# D - don't fragment bit (0 - not set, 1 - set) +# ss - overall SYN packet size +# OOO - option value and order specification (see below) +# OS - OS genre (Linux, Solaris, Windows) +# Version - OS Version (2.0.27 on x86, etc) +# Subtype - OS subtype or patchlevel (SP3, lo0) +# details - Generic OS details +# +# If OS genre starts with '*', p0f will not show distance, link type +# and timestamp data. It is useful for userland TCP/IP stacks of +# network scanners and so on, where many settings are randomized or +# bogus. +# +# If OS genre starts with @, it denotes an approximate hit for a group +# of operating systems (signature reporting still enabled in this case). +# Use this feature at the end of this file to catch cases for which +# you don't have a precise match, but can tell it's Windows or FreeBSD +# or whatnot by looking at, say, flag layout alone. +# +# Option block description is a list of comma or space separated +# options in the order they appear in the packet: +# +# N - NOP option +# Wnnn - window scaling option, value nnn (or * or %nnn) +# Mnnn - maximum segment size option, value nnn (or * or %nnn) +# S - selective ACK OK +# T - timestamp +# T0 - timestamp with a zero value +# +# To denote no TCP options, use a single '.'. +# +# Please report any additions to this file, or any inaccuracies or +# problems spotted, to the maintainers: lcamtuf@coredump.cx, +# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet +# capture of the relevant SYN packet(s) +# +# WARNING WARNING WARNING +# ----------------------- +# +# Do not add a system X as OS Y just because NMAP says so. It is often +# the case that X is a NAT firewall. While nmap is talking to the +# device itself, p0f is fingerprinting the guy behind the firewall +# instead. +# +# When in doubt, use common sense, don't add something that looks like +# a completely different system as Linux or FreeBSD or LinkSys router. +# Check DNS name, establish a connection to the remote host and look +# at SYN+ACK - does it look similar? +# +# Some users tweak their TCP/IP settings - enable or disable RFC1323 +# functionality, enable or disable timestamps or selective ACK, +# disable PMTU discovery, change MTU and so on. Always compare a new rule +# to other fingerprints for this system, and verify the system isn't +# "customized" before adding it. It is OK to add signature variants +# caused by a commonly used software (personal firewalls, security +# packages, etc), but it makes no sense to try to add every single +# possible /proc/sys/net/ipv4 tweak on Linux or so. +# +# KEEP IN MIND: Some packet firewalls configured to normalize outgoing +# traffic (OpenBSD pf with "scrub" enabled, for example) will, well, +# normalize packets. Signatures will not correspond to the originating +# system (and probably not quite to the firewall either). +# +# NOTE: Try to keep this file in some reasonable order, from most to +# least likely systems. This will speed up operation. Also keep most +# generic and broad rules near the end. +# + +########################## +# Standard OS signatures # +########################## + +# ----------------- AIX --------------------- + +# AIX is first because its signatures are close to NetBSD, MacOS X and +# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes... +# This is a shoddy hack, though. + +16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier + +16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1 + +# ----------------- Linux ------------------- + +512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x +16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x + +# Endian snafu! Nelson says "ha-ha": +2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac +64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac + + +S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) + +S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) +S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer +S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 +S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6 + +S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 +S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 + +S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer +S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 +S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 + +# Popular cluster config scripts disable timestamps and +# selective ACK: +S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster + +# This needs to be investigated. On some systems, WSS +# is selected as a multiple of MTU instead of MSS. I got +# many submissions for this for many late versions of 2.4: +T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon) + +# This happens only over loopback, but let's make folks happy: +32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local) +S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local) + +# Opera visitors: +16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?) +32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?) + +# Some fairly common mods: +S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps +S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps + + +# ----------------- FreeBSD ----------------- + +16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1 +16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1 +16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1 +16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) +57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8 + +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1 +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1 + +# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) + +# ----------------- NetBSD ------------------ + +65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera) +16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6 +16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) +16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3 +65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) + +# ----------------- OpenBSD ----------------- + +16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) +16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4::OpenBSD 3.0-3.4 +16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df) +57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4::OpenBSD 3.3-3.4 +57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df) + +65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera) + +# ----------------- Solaris ----------------- + +S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 +S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 +S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 + +S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 +S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 +S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9 +S44:255:1:44:M*: Solaris:2.7::Solaris 7 + +# ----------------- IRIX -------------------- + +49152:64:0:44:M*: IRIX:6.4::IRIX 6.4 +61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5 +49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) +49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) + +61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 +49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 + +# ----------------- Tru64 ------------------- + +32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 +32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0 +8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6) + +# This looks awfully Linuxish :/ +# S22:64:0:60:M*,S,T,N,W0: Tru64:5.0:a:Tru64 5.0a + +61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack) + + +# ----------------- OpenVMS ----------------- + +6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack) + +# ----------------- MacOS ------------------- + +16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +32768:255:1:48:M*,W0,N: MacOS:9.1-9.2::MacOS 9.1/9.2 +32768:64:0:60:M*,N,W0,N,N,T: MacOS:X:10.2:MacOS X 10.2 + +# ----------------- Windows ----------------- + +# Windows 95 - need more: + +8192:32:1:44:M*: Windows:95::Windows 95 (low TTL) + +# Windows 98 - plenty of silly signatures: +S44:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL) +8192:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL) + +%8192:64:1:48:M*,N,N,S: Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL) +S4:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S6:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S12:64:1:48:M*,N,N,S: Windows:98::Windows 98 +32767:64:1:48:M*,N,N,S: Windows:98::Windows 98 +37300:64:1:48:M*,N,N,S: Windows:98::Windows 98 +46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323) +65535:64:1:44:M*: Windows:98:noSACK:Windows 98 (no sack) + +S16:128:1:48:M*,N,N,S: Windows:98::Windows 98 +S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 +S26:128:1:48:M*,N,N,S: Windows:98::Windows 98 +T30:128:1:48:M*,N,N,S: Windows:98::Windows 98 +32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98 +60352:128:1:48:M*,N,N,S: Windows:98::Windows 98 +60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98 + +# Windows NT 4.0 - need more: + +64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a +8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older) +6144:128:1:52:M*,W0,N,S,N,N: Windows:NT:4.0:Windows NT 4.0 (RFC1323) + +# Windows XP and 2000. Most of the signatures that were +# either dubious or non-specific (no service pack data) +# were deleted and replaced with generics at the end. + +65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 +%8192:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 +S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4 +S6:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows XP SP1, 2000 SP4 +S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3 + +S6:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1, 2000 SP4 +S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3 +64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1 +32767:128:1:48:M1452,N,N,S: Windows:XP:SP1:Windows XP SP1 +65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 +%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 + +# Odds, ends, mods: + +S52:128:1:48:M1260,N,N,S: Windows:XP:Cisco:Windows XP/2000 via Cisco +S52:128:1:48:M1260,N,N,S: Windows:2000:Cisco:Windows XP/2000 via Cisco + +# HUNT DOWN: +# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT) + +# ----------------- HP/UX ------------------- + +32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20 +32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0 +32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11 +32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11 + +# Whoa. Hardcore WSS. +0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) + + +# ----------------- RiscOS ------------------ + +# We don't yet support the ?12 TCP option +#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36 + +# ----------------- BSD/OS ------------------ + +# Once again, power of two WSS is also shared by MacOS X with DF set +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF) +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2) + + +# ---------------- NewtonOS ----------------- + +4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1 + +# ---------------- NeXTSTEP ----------------- + +S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 + +# ------------------ BeOS ------------------- + +1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1 +12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x + +# ------------------ OS/400 ----------------- + +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5 +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5 +4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032 + + +# ------------------ ULTRIX ----------------- + +16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5 + +# ------------------- QNX ------------------- + +S16:64:0:44:M512: QNX:::QNX demodisk + +# ------------------ Novell ----------------- + +16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0 +6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11 + +# ----------------- SCO ------------------ +S17:64:1:44:M1460: SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06 +S17:64:1:44:M1460: SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06 +S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 + +# ------------------- DOS ------------------- + +2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 + +########################################### +# Appliance / embedded / other signatures # +########################################### + +# ---------- Firewalls / routers ------------ + +S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) +S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) +4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x +60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x + +# ------- Switches and other stuff ---------- + +4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc +S8:255:0:44:M*: Cisco:12008::Cisco 12008 +60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch +64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client + + +# ---------- Caches and whatnots ------------ + +S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache + +32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x +16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1 +65535:64:0:64:M1460,N,N,S,N,W3,N,N,T: NetApp:5.3:1:NetApp 5.3.1 +65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow +8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1 + +S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine + +27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based) + +65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler +S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg + + +16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) + +# ----------- Embedded systems -------------- + +S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C +S5:255:0:44:M536: PalmOS:3::PalmOS 3/4 +S5:255:0:44:M536: PalmOS:4::PalmOS 3/4 +S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 +2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) + +S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 +8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?) +8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?) + + +# Perhaps S4? +5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10 + +32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 + +S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0 + +4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0 + +S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 + + + +#################### +# Fancy signatures # +#################### + +1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1) +2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2) +3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) +4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) + +1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) +2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) +3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) +4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) + +##################################### +# Generic signatures - just in case # +##################################### + +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x + +*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) +*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000 +*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000 diff --git a/tools/tools/tinybsd/conf/wireless/etc/rc.conf b/tools/tools/tinybsd/conf/wireless/etc/rc.conf new file mode 100644 index 0000000..36936d9 --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/rc.conf @@ -0,0 +1,31 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + +# IPFW +firewall_enable="YES" +firewall_script="/etc/rc.firewall" +firewall_type="closed" + +# NAT +natd_enable="NO" +natd_interface="" +natd_flags="" + +# PF +pf_enable="NO" +pf_rules="/etc/pf.conf" +pf_program="/sbin/pfctl" +pf_flags="" +pflog_enable="NO" +pflog_logfile="/var/log/pflog" +pflog_program="/sbin/pflogd" +pflog_flags="" diff --git a/tools/tools/tinybsd/conf/wireless/etc/rc.firewall b/tools/tools/tinybsd/conf/wireless/etc/rc.firewall new file mode 100644 index 0000000..05a1a6a --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/etc/rc.firewall @@ -0,0 +1,302 @@ +#!/bin/sh - +# Copyright (c) 1996 Poul-Henning Kamp +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Setup system for firewall service. +# + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +############ +# Define the firewall type in /etc/rc.conf. Valid values are: +# open - will allow anyone in +# client - will try to protect just this machine +# simple - will try to protect a whole network +# closed - totally disables IP services except via lo0 interface +# UNKNOWN - disables the loading of firewall rules. +# filename - will load the rules in the given filename (full path required) +# +# For ``client'' and ``simple'' the entries below should be customized +# appropriately. + +############ +# +# If you don't know enough about packet filtering, we suggest that you +# take time to read this book: +# +# Building Internet Firewalls, 2nd Edition +# Brent Chapman and Elizabeth Zwicky +# +# O'Reilly & Associates, Inc +# ISBN 1-56592-871-7 +# http://www.ora.com/ +# http://www.oreilly.com/catalog/fire2/ +# +# For a more advanced treatment of Internet Security read: +# +# Firewalls & Internet Security +# Repelling the wily hacker +# William R. Cheswick, Steven M. Bellowin +# +# Addison-Wesley +# ISBN 0-201-63357-4 +# http://www.awl.com/ +# http://www.awlonline.com/product/0%2C2627%2C0201633574%2C00.html +# + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any +} + +if [ -n "${1}" ]; then + firewall_type="${1}" +fi + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +############ +# Network Address Translation. All packets are passed to natd(8) +# before they encounter your remaining rules. The firewall rules +# will then be run again on each packet after translation by natd +# starting at the rule number following the divert rule. +# +# For ``simple'' firewall type the divert rule should be put to a +# different place to not interfere with address-checking rules. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} + fi + ;; + esac +esac + +############ +# If you just configured ipfw in the kernel as a tool to solve network +# problems or you just want to disallow some particular kinds of traffic +# then you will want to change the default policy to open. You can also +# do this as your only action by setting the firewall_type to ``open''. +# +# ${fwcmd} add 65000 pass all from any to any + + +# Prototype setups. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]) + setup_loopback + ${fwcmd} add 65000 pass all from any to any + ;; + +[Cc][Ll][Ii][Ee][Nn][Tt]) + ############ + # This is a prototype setup that will protect your system somewhat + # against people from outside your own network. + ############ + + # set these to your network and netmask and ip + net="192.0.2.0" + mask="255.255.255.0" + ip="192.0.2.1" + + setup_loopback + + # Allow any traffic to or from my own net. + ${fwcmd} add pass all from ${ip} to ${net}:${mask} + ${fwcmd} add pass all from ${net}:${mask} to ${ip} + + # Allow TCP through if setup succeeded + ${fwcmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fwcmd} add pass tcp from any to ${ip} 25 setup + + # Allow setup of outgoing TCP connections only + ${fwcmd} add pass tcp from ${ip} to any setup + + # Disallow setup of all other TCP connections + ${fwcmd} add deny tcp from any to any setup + + # Allow DNS queries out in the world + ${fwcmd} add pass udp from ${ip} to any 53 keep-state + + # Allow NTP queries out in the world + ${fwcmd} add pass udp from ${ip} to any 123 keep-state + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Ss][Ii][Mm][Pp][Ll][Ee]) + ############ + # This is a prototype setup for a simple firewall. Configure this + # machine as a DNS and NTP server, and point all the machines + # on the inside at this machine for those services. + ############ + + # set these to your outside interface network and netmask and ip + oif="ed0" + onet="192.0.2.0" + omask="255.255.255.240" + oip="192.0.2.1" + + # set these to your inside interface network and netmask and ip + iif="ed1" + inet="192.0.2.16" + imask="255.255.255.240" + iip="192.0.2.17" + + setup_loopback + + # Stop spoofing + ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} + ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} + ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} + ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} + ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} + ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} + ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} + ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} + + # Network Address Translation. This rule is placed here deliberately + # so that it does not interfere with the surrounding address-checking + # rules. If for example one of your internal LAN machines had its IP + # address set to 192.0.2.1 then an incoming packet for it after being + # translated by natd(8) would match the `deny' rule above. Similarly + # an outgoing packet originated from it before being translated would + # match the `deny' rule below. + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add divert natd all from any to any via ${natd_interface} + fi + ;; + esac + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} + ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} + ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} + ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} + ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} + + # Allow TCP through if setup succeeded + ${fwcmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fwcmd} add pass tcp from any to ${oip} 25 setup + + # Allow access to our DNS + ${fwcmd} add pass tcp from any to ${oip} 53 setup + ${fwcmd} add pass udp from any to ${oip} 53 + ${fwcmd} add pass udp from ${oip} 53 to any + + # Allow access to our WWW + ${fwcmd} add pass tcp from any to ${oip} 80 setup + + # Reject&Log all setup of incoming connections from the outside + ${fwcmd} add deny log tcp from any to any in via ${oif} setup + + # Allow setup of any other TCP connection + ${fwcmd} add pass tcp from any to any setup + + # Allow DNS queries out in the world + ${fwcmd} add pass udp from ${oip} to any 53 keep-state + + # Allow NTP queries out in the world + ${fwcmd} add pass udp from ${oip} to any 123 keep-state + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Cc][Ll][Oo][Ss][Ee][Dd]) + setup_loopback + ;; +[Uu][Nn][Kk][Nn][Oo][Ww][Nn]) + ;; +*) + if [ -r "${firewall_type}" ]; then + ${fwcmd} ${firewall_flags} ${firewall_type} + fi + ;; +esac diff --git a/tools/tools/tinybsd/conf/wireless/tinybsd.basefiles b/tools/tools/tinybsd/conf/wireless/tinybsd.basefiles new file mode 100644 index 0000000..d790cce --- /dev/null +++ b/tools/tools/tinybsd/conf/wireless/tinybsd.basefiles @@ -0,0 +1,238 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/dd +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/comcontrol +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/ipfw +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/md5 +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/natd +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/nos-tun +sbin/pfctl +sbin/pflogd +sbin/ping +sbin/rcorder +sbin/route +sbin/shutdown +sbin/slattach +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chat +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/cmp +usr/bin/compress:usr/bin/uncompress +usr/bin/cpio +usr/bin/crontab +usr/bin/cu +usr/bin/dig +usr/bin/dirname +usr/bin/du +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fetch +usr/bin/find +usr/bin/finger +usr/bin/fstat +usr/bin/fsync +usr/bin/ftp +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/gzexe +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/ident +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/limits +usr/bin/lock +usr/bin/lockf +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/netstat +usr/bin/nfsstat +usr/bin/nice +usr/bin/nslookup +usr/bin/nsupdate +usr/bin/nohup +usr/bin/objformat +usr/bin/openssl +usr/bin/passwd +usr/bin/printf +usr/bin/renice +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/script +usr/bin/sed +usr/bin/sftp +usr/bin/shar +usr/bin/slogin:usr/bin/ssh +usr/bin/sort +usr/bin/split +usr/bin/ssh-keygen +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/telnet +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/tput +usr/bin/tr +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vi +usr/bin/vmstat +usr/bin/wall +usr/bin/who +usr/bin/whois +usr/bin/write +usr/bin/yes + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/arp +usr/sbin/authpf +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/inetd +usr/sbin/iostat +usr/sbin/kbdcontrol +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mtree +usr/sbin/newsyslog +usr/sbin/ntpdate +usr/sbin/pciconf +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/slstat +usr/sbin/sshd +usr/sbin/syslogd +usr/sbin/tcpdchk +usr/sbin/tcpdmatch +usr/sbin/tcpdump +usr/sbin/traceroute +usr/sbin/vidcontrol +usr/sbin/vipw +usr/sbin/vnconfig +usr/sbin/watch +usr/sbin/wicontrol +usr/sbin/pccardc +usr/sbin/pccardd + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/ftpd +usr/libexec/getty +usr/libexec/sftp-server + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/conf/wrap/TINYBSD b/tools/tools/tinybsd/conf/wrap/TINYBSD new file mode 100644 index 0000000..f3debf6 --- /dev/null +++ b/tools/tools/tinybsd/conf/wrap/TINYBSD @@ -0,0 +1,149 @@ +# $FreeBSD$ +machine i386 +cpu I586_CPU +ident TINYBSD +maxusers 8 +options CPU_GEODE + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. +options SCHED_4BSD # 4BSD scheduler +options INET # InterNETworking +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_ACL # Support for access control lists +options UFS_DIRHASH # Improve performance on big directories +options MD_ROOT # MD is a potential root device +options NFSCLIENT # Network Filesystem Client +options NFSSERVER # Network Filesystem Server +options NFS_ROOT # NFS usable as /, requires NFSCLIENT +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_GPT # GUID Partition Tables. +options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options AHC_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~128k to driver. +options AHD_REG_PRETTY_PRINT # Print register bitfields in debug + # output. Adds ~215k to driver. +options ADAPTIVE_GIANT # Giant mutex is adaptive. + +#device apic # I/O APIC + +# Bus support. Do not remove isa, even if you have no isa slots +device isa +device pci + +# ATA and ATAPI devices +device ata +device atadisk # ATA disk drives +options ATA_STATIC_ID # Static device numbering + +# Floating point support - do not disable. +device npx + +# Serial (COM) ports +device sio # 8250, 16[45]50 based serial ports + +# PCI Ethernet NICs. +device de # DEC/Intel DC21x4x (``Tulip'') +device em # Intel PRO/1000 adapter Gigabit Ethernet Card +device ixgb # Intel PRO/10GbE Ethernet Card +device txp # 3Com 3cR990 (``Typhoon'') +device vx # 3Com 3c590, 3c595 (``Vortex'') + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet +device dc # DEC/Intel 21143 and various workalikes +device fxp # Intel EtherExpress PRO/100B (82557, 82558) +device lge # Level 1 LXT1001 gigabit ethernet +device nge # NatSemi DP83820 gigabit ethernet +device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') +device re # RealTek 8139C+/8169/8169S/8110S +device rl # RealTek 8129/8139 +device sf # Adaptec AIC-6915 (``Starfire'') +device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet +device ste # Sundance ST201 (D-Link DFE-550TX) +device ti # Alteon Networks Tigon I/II gigabit Ethernet +device tl # Texas Instruments ThunderLAN +device tx # SMC EtherPower II (83c170 ``EPIC'') +device vge # VIA VT612x gigabit ethernet +device vr # VIA Rhine, Rhine II +device wb # Winbond W89C840F +device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') + +# ISA Ethernet NICs. pccard NICs included. +device cs # Crystal Semiconductor CS89x0 NIC +# 'device ed' requires 'device miibus' +device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards +device ex # Intel EtherExpress Pro/10 and Pro/10+ +device ep # Etherlink III based cards +device fe # Fujitsu MB8696x based cards +device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. +device lnc # NE2100, NE32-VL Lance Ethernet cards +device sn # SMC's 9000 series of Ethernet chips +device xe # Xircom pccard Ethernet + +# Wireless NIC cards +device wlan # 802.11 support +device wlan_wep #802.11 WEP support +device wlan_ccmp #802.11 CCMP support +device wlan_tkip #802.11 TKIP support +device wlan_xauth #802.11 external authenticator support +device wlan_acl #802.11 MAC ACL support +device an # Aironet 4500/4800 802.11 wireless NICs. +device awi # BayStack 660 and others +device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. +device ath +device ath_hal +device ath_rate_sample + +# Pseudo devices. +device loop # Network loopback +device mem # Memory and kernel memory devices +device io # I/O device +device random # Entropy device +device ether # Ethernet support +device ppp # Kernel PPP +device tun # Packet tunnel. +device pty # Pseudo-ttys (telnet etc) +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device faith # IPv6-to-IPv4 relaying (translation) + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +options INCLUDE_CONFIG_FILE + +options IPFIREWALL +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPDIVERT +options DUMMYNET +options BRIDGE + +options ALTQ +options ALTQ_CBQ +options ALTQ_RED +options ALTQ_RIO +options ALTQ_HFSC +options ALTQ_CDNR +options ALTQ_PRIQ + +device pf +device pflog +device pfsync +device carp + +options DEVICE_POLLING diff --git a/tools/tools/tinybsd/conf/wrap/etc/fstab b/tools/tools/tinybsd/conf/wrap/etc/fstab new file mode 100644 index 0000000..16ada11 --- /dev/null +++ b/tools/tools/tinybsd/conf/wrap/etc/fstab @@ -0,0 +1,2 @@ +# $FreeBSD$ +/dev/ad0a / ufs ro 1 1 diff --git a/tools/tools/tinybsd/conf/wrap/etc/rc.conf b/tools/tools/tinybsd/conf/wrap/etc/rc.conf new file mode 100644 index 0000000..2a585c1 --- /dev/null +++ b/tools/tools/tinybsd/conf/wrap/etc/rc.conf @@ -0,0 +1,12 @@ +# $FreeBSD$ +hostname="tinybsd.freebsd.org" +sendmail_enable="NONE" +sshd_enable="YES" +usbd_enable="NO" +inetd_enable="NO" +portmap_enable="NO" +update_motd="NO" +varmfs="YES" +populate_var="YES" +varsize="8192" + diff --git a/tools/tools/tinybsd/conf/wrap/etc/ttys b/tools/tools/tinybsd/conf/wrap/etc/ttys new file mode 100644 index 0000000..d20b7eb --- /dev/null +++ b/tools/tools/tinybsd/conf/wrap/etc/ttys @@ -0,0 +1,308 @@ +# +# $FreeBSD$ +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically cons25, but +# vt220 will work better if you need interoperability with other +# systems like Solaris or GNU/Linux. +# Other common values include network for network connections on +# pseudo-terminals, dialup for incoming modem ports, and unknown +# when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" cons25 off secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" cons25 off secure +ttyv2 "/usr/libexec/getty Pc" cons25 off secure +ttyv3 "/usr/libexec/getty Pc" cons25 off secure +ttyv4 "/usr/libexec/getty Pc" cons25 off secure +ttyv5 "/usr/libexec/getty Pc" cons25 off secure +ttyv6 "/usr/libexec/getty Pc" cons25 off secure +ttyv7 "/usr/libexec/getty Pc" cons25 off secure +ttyv8 "/usr/X11R6/bin/xdm -nodaemoff" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyd0 "/usr/libexec/getty std.9600" dialup on secure +ttyd1 "/usr/libexec/getty std.9600" dialup off secure +ttyd2 "/usr/libexec/getty std.9600" dialup off secure +ttyd3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure +# Pseudo terminals +ttyp0 none network +ttyp1 none network +ttyp2 none network +ttyp3 none network +ttyp4 none network +ttyp5 none network +ttyp6 none network +ttyp7 none network +ttyp8 none network +ttyp9 none network +ttypa none network +ttypb none network +ttypc none network +ttypd none network +ttype none network +ttypf none network +ttypg none network +ttyph none network +ttypi none network +ttypj none network +ttypk none network +ttypl none network +ttypm none network +ttypn none network +ttypo none network +ttypp none network +ttypq none network +ttypr none network +ttyps none network +ttypt none network +ttypu none network +ttypv none network +ttyq0 none network +ttyq1 none network +ttyq2 none network +ttyq3 none network +ttyq4 none network +ttyq5 none network +ttyq6 none network +ttyq7 none network +ttyq8 none network +ttyq9 none network +ttyqa none network +ttyqb none network +ttyqc none network +ttyqd none network +ttyqe none network +ttyqf none network +ttyqg none network +ttyqh none network +ttyqi none network +ttyqj none network +ttyqk none network +ttyql none network +ttyqm none network +ttyqn none network +ttyqo none network +ttyqp none network +ttyqq none network +ttyqr none network +ttyqs none network +ttyqt none network +ttyqu none network +ttyqv none network +ttyr0 none network +ttyr1 none network +ttyr2 none network +ttyr3 none network +ttyr4 none network +ttyr5 none network +ttyr6 none network +ttyr7 none network +ttyr8 none network +ttyr9 none network +ttyra none network +ttyrb none network +ttyrc none network +ttyrd none network +ttyre none network +ttyrf none network +ttyrg none network +ttyrh none network +ttyri none network +ttyrj none network +ttyrk none network +ttyrl none network +ttyrm none network +ttyrn none network +ttyro none network +ttyrp none network +ttyrq none network +ttyrr none network +ttyrs none network +ttyrt none network +ttyru none network +ttyrv none network +ttys0 none network +ttys1 none network +ttys2 none network +ttys3 none network +ttys4 none network +ttys5 none network +ttys6 none network +ttys7 none network +ttys8 none network +ttys9 none network +ttysa none network +ttysb none network +ttysc none network +ttysd none network +ttyse none network +ttysf none network +ttysg none network +ttysh none network +ttysi none network +ttysj none network +ttysk none network +ttysl none network +ttysm none network +ttysn none network +ttyso none network +ttysp none network +ttysq none network +ttysr none network +ttyss none network +ttyst none network +ttysu none network +ttysv none network +ttyP0 none network +ttyP1 none network +ttyP2 none network +ttyP3 none network +ttyP4 none network +ttyP5 none network +ttyP6 none network +ttyP7 none network +ttyP8 none network +ttyP9 none network +ttyPa none network +ttyPb none network +ttyPc none network +ttyPd none network +ttyPe none network +ttyPf none network +ttyPg none network +ttyPh none network +ttyPi none network +ttyPj none network +ttyPk none network +ttyPl none network +ttyPm none network +ttyPn none network +ttyPo none network +ttyPp none network +ttyPq none network +ttyPr none network +ttyPs none network +ttyPt none network +ttyPu none network +ttyPv none network +ttyQ0 none network +ttyQ1 none network +ttyQ2 none network +ttyQ3 none network +ttyQ4 none network +ttyQ5 none network +ttyQ6 none network +ttyQ7 none network +ttyQ8 none network +ttyQ9 none network +ttyQa none network +ttyQb none network +ttyQc none network +ttyQd none network +ttyQe none network +ttyQf none network +ttyQg none network +ttyQh none network +ttyQi none network +ttyQj none network +ttyQk none network +ttyQl none network +ttyQm none network +ttyQn none network +ttyQo none network +ttyQp none network +ttyQq none network +ttyQr none network +ttyQs none network +ttyQt none network +ttyQu none network +ttyQv none network +ttyR0 none network +ttyR1 none network +ttyR2 none network +ttyR3 none network +ttyR4 none network +ttyR5 none network +ttyR6 none network +ttyR7 none network +ttyR8 none network +ttyR9 none network +ttyRa none network +ttyRb none network +ttyRc none network +ttyRd none network +ttyRe none network +ttyRf none network +ttyRg none network +ttyRh none network +ttyRi none network +ttyRj none network +ttyRk none network +ttyRl none network +ttyRm none network +ttyRn none network +ttyRo none network +ttyRp none network +ttyRq none network +ttyRr none network +ttyRs none network +ttyRt none network +ttyRu none network +ttyRv none network +ttyS0 none network +ttyS1 none network +ttyS2 none network +ttyS3 none network +ttyS4 none network +ttyS5 none network +ttyS6 none network +ttyS7 none network +ttyS8 none network +ttyS9 none network +ttySa none network +ttySb none network +ttySc none network +ttySd none network +ttySe none network +ttySf none network +ttySg none network +ttySh none network +ttySi none network +ttySj none network +ttySk none network +ttySl none network +ttySm none network +ttySn none network +ttySo none network +ttySp none network +ttySq none network +ttySr none network +ttySs none network +ttySt none network +ttySu none network +ttySv none network diff --git a/tools/tools/tinybsd/conf/wrap/tinybsd.basefiles b/tools/tools/tinybsd/conf/wrap/tinybsd.basefiles new file mode 100644 index 0000000..d790cce --- /dev/null +++ b/tools/tools/tinybsd/conf/wrap/tinybsd.basefiles @@ -0,0 +1,238 @@ +# $FreeBSD$ +# contents of ${WORKDIR}/boot +boot/boot0 +boot/boot1 +boot/boot2 +boot/defaults/loader.conf +boot/device.hints +boot/loader +boot/loader.4th +boot/loader.help +boot/loader.rc +boot/mbr +boot/support.4th + +# contents of ${WORKDIR}/libexec +libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1 + +# contents of ${WORKDIR}/bin +bin/[:bin/test +bin/cat +bin/chflags +bin/chio +bin/chmod +bin/cp +bin/csh:bin/tcsh +bin/date +bin/dd +bin/df +bin/domainname +bin/echo +bin/ed:bin/red +bin/expr +bin/hostname +bin/kenv +bin/kill +bin/ln:bin/link +bin/ls +bin/mkdir +bin/mv +bin/pax +bin/ps +bin/pwd +bin/realpath +bin/rm:bin/unlink +bin/rmdir +bin/sh +bin/sleep +bin/stty +bin/sync + +# contents of ${WORKDIR}/sbin +sbin/adjkerntz +sbin/comcontrol +sbin/disklabel +sbin/dmesg +sbin/fastboot:sbin/reboot +sbin/fasthalt:sbin/halt +sbin/fsck +sbin/fsck_ufs:sbin/fsck_ffs +sbin/fsck_ufs:sbin/fsck_4.2bsd +sbin/ifconfig +sbin/init +sbin/ipfw +sbin/kldconfig +sbin/kldload +sbin/kldstat +sbin/kldunload +sbin/ldconfig +sbin/md5 +sbin/mdconfig +sbin/mknod +sbin/mdmfs +sbin/mount +sbin/mount_devfs:sbin/mount_fdescfs +sbin/mount_devfs:sbin/mount_linprocfs +sbin/mount_devfs:sbin/mount_procfs +sbin/mount_devfs:sbin/mount_std +sbin/mount_nullfs +sbin/mount_umapfs +sbin/mount_unionfs +sbin/natd +sbin/newfs +sbin/nextboot +sbin/nologin +sbin/nos-tun +sbin/pfctl +sbin/pflogd +sbin/ping +sbin/rcorder +sbin/route +sbin/shutdown +sbin/slattach +sbin/swapon +sbin/sysctl +sbin/umount + +# contents of ${WORKDIR}/usr/sbin +usr/bin/at:usr/bin/atq +usr/bin/at:usr/bin/atrm +usr/bin/at:usr/bin/batch +usr/bin/awk +usr/bin/basename +usr/bin/bunzip2:usr/bin/bzcat +usr/bin/bunzip2:usr/bin/bzip2 +usr/bin/chat +usr/bin/chfn:usr/bin/chpass +usr/bin/chfn:usr/bin/chsh +usr/bin/chgrp +usr/bin/cksum +usr/bin/clear +usr/bin/cmp +usr/bin/compress:usr/bin/uncompress +usr/bin/cpio +usr/bin/crontab +usr/bin/cu +usr/bin/dig +usr/bin/dirname +usr/bin/du +usr/bin/ee +usr/bin/egrep:usr/bin/fgrep +usr/bin/egrep:usr/bin/grep +usr/bin/env +usr/bin/false +usr/bin/fetch +usr/bin/find +usr/bin/finger +usr/bin/fstat +usr/bin/fsync +usr/bin/ftp +usr/bin/gunzip:usr/bin/gzcat +usr/bin/gunzip:usr/bin/gzip +usr/bin/gzexe +usr/bin/head +usr/bin/hexdump +usr/bin/id:usr/bin/whoami +usr/bin/ident +usr/bin/killall +usr/bin/last +usr/bin/less:usr/bin/more +usr/bin/limits +usr/bin/lock +usr/bin/lockf +usr/bin/logger +usr/bin/login +usr/bin/logname +usr/bin/mesg +usr/bin/minigzip +usr/bin/mkfifo +usr/bin/mktemp +usr/bin/msgs +usr/bin/netstat +usr/bin/nfsstat +usr/bin/nice +usr/bin/nslookup +usr/bin/nsupdate +usr/bin/nohup +usr/bin/objformat +usr/bin/openssl +usr/bin/passwd +usr/bin/printf +usr/bin/renice +usr/bin/reset:usr/sbin/tset +usr/bin/scp +usr/bin/script +usr/bin/sed +usr/bin/sftp +usr/bin/shar +usr/bin/slogin:usr/bin/ssh +usr/bin/sort +usr/bin/split +usr/bin/ssh-keygen +usr/bin/su +usr/bin/tail +usr/bin/tar +usr/bin/tee +usr/bin/telnet +usr/bin/time +usr/bin/top +usr/bin/touch +usr/bin/tput +usr/bin/tr +usr/bin/true +usr/bin/tty +usr/bin/uname +usr/bin/uptime:usr/bin/w +usr/bin/users +usr/bin/uudecode +usr/bin/uuencode +usr/bin/vi +usr/bin/vmstat +usr/bin/wall +usr/bin/who +usr/bin/whois +usr/bin/write +usr/bin/yes + +# contents of ${WORKDIR}/usr/sbin +usr/sbin/arp +usr/sbin/authpf +usr/sbin/boot0cfg +usr/sbin/chown +usr/sbin/cron +usr/sbin/idprio:usr/sbin/rtprio +usr/sbin/inetd +usr/sbin/iostat +usr/sbin/kbdcontrol +usr/sbin/lastlogin +usr/sbin/memcontrol +usr/sbin/mtree +usr/sbin/newsyslog +usr/sbin/ntpdate +usr/sbin/pciconf +usr/sbin/pw +usr/sbin/pwd_mkdb +usr/sbin/slstat +usr/sbin/sshd +usr/sbin/syslogd +usr/sbin/tcpdchk +usr/sbin/tcpdmatch +usr/sbin/tcpdump +usr/sbin/traceroute +usr/sbin/vidcontrol +usr/sbin/vipw +usr/sbin/vnconfig +usr/sbin/watch +usr/sbin/wicontrol +usr/sbin/pccardc +usr/sbin/pccardd + +# contents of ${WORKDIR}/usr/libexec +usr/libexec/atrun +usr/libexec/ftpd +usr/libexec/getty +usr/libexec/sftp-server + +# contents of ${WORKDIR}/usr/share +usr/share/misc/termcap + diff --git a/tools/tools/tinybsd/tinybsd b/tools/tools/tinybsd/tinybsd new file mode 100755 index 0000000..5d2a4ff --- /dev/null +++ b/tools/tools/tinybsd/tinybsd @@ -0,0 +1,220 @@ +#!/bin/sh - +# Copyright (c) 2006 Jean Milanez Melo <jmelo@freebsdbrasil.com.br> +# <jmelo@FreeBSD.org> +# Patrick Tracanelli <eksffa@freebsdbrasil.com.br> +# +# $FreeBSD$ +#set -xv +CURRENTDIR=/usr/src/tools/tools/tinybsd +WORKDIR=/usr/obj/tinybsdbuild +KERNCONF=TINYBSD +DEFINSTARGS="-o 0 -g 0 -m 555" +SECTUNIT=$1 +TRACKCYL=$2 +SECTRACK=$3 +CONF=$4 +IMG=$5 +TS="=====>" + +if [ "$#" -lt 3 ] +then + echo "Woops! + Usage: $0 <mediasize in sectors> <heads according to firmware> + <sectors according to firmware> <conf> [<tinybsd image name>] + + Example: $0 62592 4 32 + + or + + $0 62592 4 32 wireless + + Run diskinfo(8) -v against your CF device to get correct information + about your disk." + exit 1 +fi + +check_conf() { + if [ -z ${CONF} ] + then + CONF="default" + echo "${TS} Alternative conf name not set; defaulting to 'default'" + fi +} + +check_alt_imgname() { + if [ -z ${IMG} ] + then + IMG="tinybsd.bin" + echo "${TS} Alternative image name not set; defaulting to 'tinybsd.bin'" + fi +} + +remove_workdir() { + chflags -R noschg ${WORKDIR} + echo "${TS} Removing "${WORKDIR} + rm -rf ${WORKDIR} + echo "${TS} Removing Build Kernel Directory" + rm -rf /usr/obj/usr/src/sys/${KERNCONF} + echo "${TS} done." +} + + +prework() { + remove_workdir + mkdir -p ${WORKDIR} +} + + +create_tree() { + echo "${TS} Creating directory hierarchy... " + mtree -deU -f /etc/mtree/BSD.root.dist -p ${WORKDIR} + mtree -deU -f /etc/mtree/BSD.usr.dist -p ${WORKDIR}/usr + mtree -deU -f /etc/mtree/BSD.var.dist -p ${WORKDIR}/var +} + + +copy_binaries() { +#set -xv + for file in `cat ${CURRENTDIR}/conf/${CONF}/tinybsd.basefiles | grep -v "#" | \ + cut -f1 -d":" | sort | uniq` ; do + echo "${TS} Copying "/${file}" to "${WORKDIR}/${file} + cp -fp /${file} ${WORKDIR}/${file} ; + done +#set +xv +} + +make_kernel() { + echo "${TS} Building customized tiny beastie kernel... " + cp -p ${CURRENTDIR}/conf/${CONF}/${KERNCONF} /usr/src/sys/i386/conf + cd /usr/src + make buildkernel KERNCONF=${KERNCONF} || exit 1 + gzip -9 /usr/obj/usr/src/sys/${KERNCONF}/kernel + install ${DEFINSTARGS} /usr/obj/usr/src/sys/${KERNCONF}/kernel.gz ${WORKDIR}/boot/kernel/ + install ${DEFINSTARGS} \ + /usr/obj/usr/src/sys/${KERNCONF}/modules/usr/src/sys/modules/acpi/acpi/acpi.ko \ + ${WORKDIR}/boot/kernel + install -o 0 -g 0 -m 444 /sys/i386/conf/GENERIC.hints ${WORKDIR}/boot/device.hints +} + + +copy_libraries() { +#set -xv + TDEPFILE="`mktemp -t deps`" + TDEPFILES="`mktemp -t depsymlnk`" + + cd ${CURRENTDIR}/conf/${CONF} + for file in `cat tinybsd.basefiles | grep -v "#" | cut -f1 -d":"`; do + ldd -f "%p\n" /${file} >> ${TDEPFILE} ; # don't worry on progs been "not dynamic" + done + + for libdeplib in `cat ${TDEPFILE} | sort | uniq`; do + ldd -f "%p\n" /${libdeplib} >> ${TDEPFILE} ; + done + + for pamdep in `ls -1 /usr/lib/pam*`; do + echo $pamdep >> ${TDEPFILE} ; + ldd -f "%p\n" /${pamdep} >> ${TDEPFILE} ; + done + + for lib in `cat ${TDEPFILE} | sort | uniq`; do + echo "${TS} Copying "${lib}" to "${WORKDIR}${lib} + cp -fp ${lib} ${WORKDIR}${lib} ; + done + + for depsymlink in `cat ${TDEPFILE}`; do + echo "${TS} Checking if ${depsymlink} is a symbolic link" + /bin/ls -l $depsymlink | grep "\->" | awk '{print $11":"$9}' >> ${TDEPFILES} + done + + for i in `cat ${TDEPFILES}`; do + SOURCE_FILE=`echo $i | awk -F ":" '{print $1}'` + TARGET_FILE=`echo $i | awk -F ":" '{print $2}'` + + echo "${TS} Unlinking ${WORKDIR}${TARGET_FILE}" + chroot ${WORKDIR} /bin/rm -f ${TARGET_FILE} + + echo "${TS} Symlinking ${SOURCE_FILE} to ${TARGET_FILE}" + chroot ${WORKDIR} /bin/ln -s ${SOURCE_FILE} ${TARGET_FILE} + done + + echo -n "${TS} Unlinking " + rm -fv ${TDEPFILE} ${TDEPFILES} +#set +xv +} + + +create_etc() { + cd /usr/src/etc/sendmail/ + make freebsd.cf freebsd.submit.cf + + cd /usr/src/etc/ + mkdir -p ${WORKDIR}/var/named/etc/namedb + make distribution DESTDIR=${WORKDIR} +} + +personal_directories() { + echo "${TS} Copying your custom configuration on conf/ ..." + for custom in `find ${CURRENTDIR}/conf/${CONF}/ -type d -depth 1`; do + cp -Rp ${custom}/* ${WORKDIR}/${custom#${CURRENTDIR}/conf/${CONF}/}/ + done +} + +symlinks() { +#set -xv + for i in `cat tinybsd.basefiles | grep -v "#" | grep ":"`; do + SOURCE_FILE=`echo $i | awk -F ":" {'print $1'}` + TARGET_FILE=`echo $i | awk -F ":" {'print $2'}` + chroot ${WORKDIR} /bin/ln -vs /${SOURCE_FILE} ${TARGET_FILE} + done +#set +xv +} + + +create_image() { + #set -ex + + VNODEFILE=`mktemp -t tinybsd` + IMGMNT=`mktemp -d -t tinybsd` + + dd if=/dev/zero of=${VNODEFILE} count=${SECTUNIT} + + MD=`mdconfig -a -t vnode -f ${VNODEFILE} -x ${SECTRACK} -y ${TRACKCYL}` + + diskinfo -v /dev/${MD} + + fdisk -I /dev/${MD} + fdisk /dev/${MD} + + cp -p /boot/boot0 ${WORKDIR}/boot/boot0 + bsdlabel -w -B /dev/${MD} + newfs -O2 -U /dev/${MD}a + + mount /dev/${MD}a ${IMGMNT} + + ( cd ${WORKDIR} && find . -print | cpio -dump ${IMGMNT} ) || true + + df ${IMGMNT} + umount ${IMGMNT} + + dd if=/dev/${MD} of=${CURRENTDIR}/${IMG} bs=64k + + rm -vf ${VNODEFILE} + rm -rvf ${IMGMNT} + mdconfig -d -u ${MD} +} + +########################## +# run things +prework +check_conf +check_alt_imgname +create_tree +copy_binaries +make_kernel +copy_libraries +symlinks +create_etc +personal_directories +create_image +#set +xv + |