diff options
Diffstat (limited to 'etc')
359 files changed, 36800 insertions, 0 deletions
diff --git a/etc/Makefile b/etc/Makefile new file mode 100644 index 0000000..42d6959 --- /dev/null +++ b/etc/Makefile @@ -0,0 +1,320 @@ +# from: @(#)Makefile 5.11 (Berkeley) 5/21/91 +# $FreeBSD$ + +.include <bsd.own.mk> + +.if ${MK_SENDMAIL} != "no" +SUBDIR= sendmail +.endif + +BIN1= auth.conf \ + crontab devd.conf devfs.conf \ + ddb.conf dhclient.conf disktab fbtab \ + ftpusers gettytab group \ + hosts hosts.allow hosts.equiv \ + inetd.conf libalias.conf login.access login.conf mac.conf motd \ + netconfig network.subr networks newsyslog.conf nsswitch.conf \ + phones profile protocols \ + rc rc.bsdextended rc.firewall rc.initdiskless \ + rc.sendmail rc.shutdown \ + rc.subr remote rpc services shells \ + sysctl.conf syslog.conf termcap.small + +.if exists(${.CURDIR}/etc.${MACHINE}/ttys) +BIN1+= etc.${MACHINE}/ttys +.elif exists(${.CURDIR}/etc.${MACHINE_ARCH}/ttys) +BIN1+= etc.${MACHINE_ARCH}/ttys +.elif exists(${.CURDIR}/etc.${MACHINE_CPUARCH}/ttys) +BIN1+= etc.${MACHINE_CPUARCH}/ttys +.else +.error etc.MACHINE/ttys missing +.endif + +OPENBSMDIR= ${.CURDIR}/../contrib/openbsm +BSM_ETC_OPEN_FILES= ${OPENBSMDIR}/etc/audit_class \ + ${OPENBSMDIR}/etc/audit_event +BSM_ETC_RESTRICTED_FILES= ${OPENBSMDIR}/etc/audit_control \ + ${OPENBSMDIR}/etc/audit_user +BSM_ETC_EXEC_FILES= ${OPENBSMDIR}/etc/audit_warn +BSM_ETC_DIR= ${DESTDIR}/etc/security + +# NB: keep these sorted by MK_* knobs + +.if ${MK_AMD} != "no" +BIN1+= amd.map +.endif + +.if ${MK_APM} != "no" +BIN1+= apmd.conf +.endif + +.if ${MK_BSNMP} != "no" +BIN1+= snmpd.config +.endif + +.if ${MK_FREEBSD_UPDATE} != "no" +BIN1+= freebsd-update.conf +.endif + +.if ${MK_LOCATE} != "no" +BIN1+= ${.CURDIR}/../usr.bin/locate/locate/locate.rc +.endif + +.if ${MK_LPR} != "no" +BIN1+= hosts.lpd printcap +.endif + +.if ${MK_MAIL} != "no" +BIN1+= ${.CURDIR}/../usr.bin/mail/misc/mail.rc +.endif + +.if ${MK_NTP} != "no" +BIN1+= ntp.conf +.endif + +.if ${MK_OPENSSH} != "no" +SSH= ${.CURDIR}/../crypto/openssh/ssh_config \ + ${.CURDIR}/../crypto/openssh/sshd_config \ + ${.CURDIR}/../crypto/openssh/moduli +.endif +.if ${MK_OPENSSL} != "no" +SSL= ${.CURDIR}/../crypto/openssl/apps/openssl.cnf +.endif + +.if ${MK_NS_CACHING} != "no" +BIN1+= nscd.conf +.endif + +.if ${MK_PORTSNAP} != "no" +BIN1+= portsnap.conf +.endif + +.if ${MK_PF} != "no" +BIN1+= pf.os +.endif + +.if ${MK_TCSH} != "no" +BIN1+= csh.cshrc csh.login csh.logout +.endif + +.if ${MK_WIRELESS} != "no" +BIN1+= regdomain.xml +.endif + +# -rwxr-xr-x root:wheel, for the new cron root:wheel +BIN2= netstart pccard_ether rc.suspend rc.resume + +MTREE= BSD.include.dist BSD.root.dist BSD.usr.dist BSD.var.dist +.if ${MK_SENDMAIL} != "no" +MTREE+= BSD.sendmail.dist +.endif +.if ${MK_BIND} != "no" +MTREE+= BIND.chroot.dist +.if ${MK_BIND_LIBS} != "no" +MTREE+= BIND.include.dist +.endif +.endif + +PPPCNF= ppp.conf + +.if ${MK_SENDMAIL} == "no" +ETCMAIL=mailer.conf aliases +.else +ETCMAIL=Makefile README mailer.conf access.sample virtusertable.sample \ + mailertable.sample aliases +.endif + +# Special top level files for FreeBSD +FREEBSD=COPYRIGHT + +afterinstall: +.if ${MK_MAN} != "no" + ${_+_}cd ${.CURDIR}/../share/man; ${MAKE} makedb +.endif + +distribute: + ${_+_}cd ${.CURDIR} ; ${MAKE} install DESTDIR=${DISTDIR}/${DISTRIBUTION} + ${_+_}cd ${.CURDIR} ; ${MAKE} distribution DESTDIR=${DISTDIR}/${DISTRIBUTION} + +.include <bsd.endian.mk> +.if ${TARGET_ENDIANNESS} == "1234" +CAP_MKDB_ENDIAN?= -l +PWD_MKDB_ENDIAN?= -L +.elif ${TARGET_ENDIANNESS} == "4321" +CAP_MKDB_ENDIAN?= -b +PWD_MKDB_ENDIAN?= -B +.else +CAP_MKDB_ENDIAN?= +PWD_MKDB_ENDIAN?= +.endif + +distribution: +.if !defined(DESTDIR) + @echo "set DESTDIR before running \"make ${.TARGET}\"" + @false +.endif + cd ${.CURDIR}; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${BIN1} ${DESTDIR}/etc; \ + cap_mkdb ${CAP_MKDB_ENDIAN} ${DESTDIR}/etc/login.conf; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 755 \ + ${BIN2} ${DESTDIR}/etc; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ + master.passwd nsmb.conf opieaccess ${DESTDIR}/etc; +.if ${MK_AT} == "no" + sed -i "" -e 's;.*/usr/libexec/atrun;#&;' ${DESTDIR}/etc/crontab +.endif +.if ${MK_TCSH} == "no" + sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd +.endif + pwd_mkdb ${PWD_MKDB_ENDIAN} -i -p -d ${DESTDIR}/etc \ + ${DESTDIR}/etc/master.passwd +.if ${MK_BLUETOOTH} != "no" + ${_+_}cd ${.CURDIR}/bluetooth; ${MAKE} install +.endif + ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install + ${_+_}cd ${.CURDIR}/devd; ${MAKE} install + ${_+_}cd ${.CURDIR}/gss; ${MAKE} install + ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install + ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install + ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall + ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap + ${_+_}cd ${.CURDIR}/../usr.sbin/rmt; ${MAKE} etc-rmt + ${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install + cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0444 \ + ${BSM_ETC_OPEN_FILES} ${BSM_ETC_DIR} + cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0600 \ + ${BSM_ETC_RESTRICTED_FILES} ${BSM_ETC_DIR} + cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0500 \ + ${BSM_ETC_EXEC_FILES} ${BSM_ETC_DIR} +.if ${MK_BIND_MTREE} != "no" + @if [ ! -e ${DESTDIR}/etc/namedb ]; then \ + set -x; \ + ln -s ../var/named/etc/namedb ${DESTDIR}/etc/namedb; \ + fi +.endif +.if ${MK_BIND_ETC} != "no" + ${_+_}cd ${.CURDIR}/namedb; ${MAKE} install +.endif +.if ${MK_SENDMAIL} != "no" + ${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution +.endif +.if ${MK_OPENSSH} != "no" + cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${SSH} ${DESTDIR}/etc/ssh +.endif +.if ${MK_OPENSSL} != "no" + cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${SSL} ${DESTDIR}/etc/ssl +.endif +.if ${MK_KERBEROS} != "no" + cd ${.CURDIR}/root; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + dot.k5login ${DESTDIR}/root/.k5login; +.endif + cd ${.CURDIR}/root; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + dot.profile ${DESTDIR}/root/.profile; \ + rm -f ${DESTDIR}/.profile; \ + ln ${DESTDIR}/root/.profile ${DESTDIR}/.profile +.if ${MK_TCSH} != "no" + cd ${.CURDIR}/root; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + dot.cshrc ${DESTDIR}/root/.cshrc; \ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + dot.login ${DESTDIR}/root/.login; \ + rm -f ${DESTDIR}/.cshrc; \ + ln ${DESTDIR}/root/.cshrc ${DESTDIR}/.cshrc +.endif + cd ${.CURDIR}/mtree; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${MTREE} ${DESTDIR}/etc/mtree +.if ${MK_PPP} != "no" + cd ${.CURDIR}/ppp; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ + ${PPPCNF} ${DESTDIR}/etc/ppp +.endif +.if ${MK_MAIL} != "no" + cd ${.CURDIR}/mail; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${ETCMAIL} ${DESTDIR}/etc/mail + @if [ -d ${DESTDIR}/etc/mail -a -f ${DESTDIR}/etc/mail/aliases -a \ + ! -f ${DESTDIR}/etc/aliases ]; then \ + set -x; \ + ln -s mail/aliases ${DESTDIR}/etc/aliases; \ + fi +.endif + ${INSTALL} -o ${BINOWN} -g operator -m 664 /dev/null \ + ${DESTDIR}/etc/dumpdates + ${INSTALL} -o nobody -g ${BINGRP} -m 644 /dev/null \ + ${DESTDIR}/var/db/locate.database + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 ${.CURDIR}/minfree \ + ${DESTDIR}/var/crash + cd ${.CURDIR}/..; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${FREEBSD} ${DESTDIR}/ +.if ${MK_BOOT} != "no" +.if exists(${.CURDIR}/../sys/${MACHINE}/conf/GENERIC.hints) + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${.CURDIR}/../sys/${MACHINE}/conf/GENERIC.hints \ + ${DESTDIR}/boot/device.hints +.endif +.endif +.if ${MK_NIS} == "no" + sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \ + ${DESTDIR}/etc/nsswitch.conf +.endif + +distrib-dirs: + mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.root.dist -p ${DESTDIR}/ + mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.var.dist -p ${DESTDIR}/var + mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.usr.dist -p ${DESTDIR}/usr + mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.include.dist \ + -p ${DESTDIR}/usr/include +.if ${MK_BIND_LIBS} != "no" + mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BIND.include.dist \ + -p ${DESTDIR}/usr/include +.endif +.if ${MK_BIND_MTREE} != "no" + mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BIND.chroot.dist \ + -p ${DESTDIR}/var/named +.endif +.if ${MK_GROFF} != "no" + mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.groff.dist -p ${DESTDIR}/usr +.endif +.if ${MK_SENDMAIL} != "no" + mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.sendmail.dist -p ${DESTDIR}/ +.endif + cd ${DESTDIR}/; rm -f ${DESTDIR}/sys; ln -s usr/src/sys sys + cd ${DESTDIR}/usr/share/man/en.ISO8859-1; ln -sf ../man* . + cd ${DESTDIR}/usr/share/man/en.UTF-8; ln -sf ../man* . + cd ${DESTDIR}/usr/share/man; \ + set - `grep "^[a-zA-Z]" ${.CURDIR}/man.alias`; \ + while [ $$# -gt 0 ] ; \ + do \ + rm -rf "$$1"; \ + ln -s "$$2" "$$1"; \ + shift; shift; \ + done + cd ${DESTDIR}/usr/share/openssl/man; \ + set - `grep "^[a-zA-Z]" ${.CURDIR}/man.alias`; \ + while [ $$# -gt 0 ] ; \ + do \ + rm -rf "$$1"; \ + ln -s "$$2" "$$1"; \ + shift; shift; \ + done + cd ${DESTDIR}/usr/share/openssl/man/en.ISO8859-1; ln -sf ../man* . + cd ${DESTDIR}/usr/share/nls; \ + set - `grep "^[a-zA-Z]" ${.CURDIR}/nls.alias`; \ + while [ $$# -gt 0 ] ; \ + do \ + rm -rf "$$1"; \ + ln -s "$$2" "$$1"; \ + shift; shift; \ + done + +etc-examples: + cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${BIN1} ${BIN2} nsmb.conf opieaccess \ + ${DESTDIR}/usr/share/examples/etc + ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install \ + DESTDIR=${DESTDIR}/usr/share/examples + +.include <bsd.prog.mk> diff --git a/etc/amd.map b/etc/amd.map new file mode 100644 index 0000000..375ef34 --- /dev/null +++ b/etc/amd.map @@ -0,0 +1,4 @@ +# $FreeBSD$ +# +/defaults type:=host;fs:=${autodir}/${rhost}/host;rhost:=${key} +* opts:=rw,grpid,resvport,vers=3,proto=tcp,nosuid,nodev diff --git a/etc/apmd.conf b/etc/apmd.conf new file mode 100644 index 0000000..be4a6c3 --- /dev/null +++ b/etc/apmd.conf @@ -0,0 +1,55 @@ +# apmd Configuration File +# +# $FreeBSD$ +# + +apm_event SUSPENDREQ { + exec "/etc/rc.suspend apm suspend"; +} + +apm_event USERSUSPENDREQ { + exec "sync && sync && sync"; + exec "sleep 1"; + exec "apm -z"; +} + +apm_event NORMRESUME { + exec "/etc/rc.resume apm suspend"; +} + +apm_event STANDBYRESUME { + exec "/etc/rc.resume apm standby"; +} + +# resume event configuration for serial mouse users by +# reinitializing a moused(8) connected to a serial port. +# +#apm_event NORMRESUME { +# exec "kill -HUP `cat /var/run/moused.pid`"; +#} + +# suspend request event configuration for ATA HDD users: +# execute standby instead of suspend. +# +#apm_event SUSPENDREQ { +# reject; +# exec "sync && sync && sync"; +# exec "sleep 1"; +# exec "apm -Z"; +#} + +# Sample entries for battery state monitoring +#apm_battery 5% discharging { +# exec "logger -p user.emerg battery status critical!"; +# exec "echo T250L8CE-GE-C >/dev/speaker"; +#} +#apm_battery 1% discharging { +# exec "logger -p user.emerg battery low - emergency suspend"; +# exec "echo T250L16B+BA+AG+GF+FED+DC+CC >/dev/speaker"; +# exec "apm -z"; +#} +#apm_battery 99% charging { +# exec "logger -p user.notice battery fully charged"; +#} + +# apmd Configuration ends here diff --git a/etc/auth.conf b/etc/auth.conf new file mode 100644 index 0000000..08b6f7a --- /dev/null +++ b/etc/auth.conf @@ -0,0 +1,8 @@ +# +# $FreeBSD$ +# +# Configure some authentication-related defaults. This file is being +# gradually subsumed by user class and PAM configuration. +# + +# crypt_default = md5 des diff --git a/etc/bluetooth/Makefile b/etc/bluetooth/Makefile new file mode 100644 index 0000000..e2e3622 --- /dev/null +++ b/etc/bluetooth/Makefile @@ -0,0 +1,9 @@ +# $Id: Makefile,v 1.2 2003/10/21 22:22:27 max Exp $ +# $FreeBSD$ + +FILESDIR= /etc/bluetooth +FILES= hcsecd.conf hosts protocols +FILESMODE_hcsecd.conf= 600 +FILESMODE_hosts= 644 + +.include <bsd.prog.mk> diff --git a/etc/bluetooth/hcsecd.conf b/etc/bluetooth/hcsecd.conf new file mode 100644 index 0000000..e6b9599 --- /dev/null +++ b/etc/bluetooth/hcsecd.conf @@ -0,0 +1,56 @@ +# $Id: hcsecd.conf,v 1.1 2003/05/26 22:50:47 max Exp $ +# $FreeBSD$ +# +# HCI security daemon configuration file +# +# Format: +# +# device { +# option value ; +# } +# +# Possible options and values +# +# Options Values +# ---------------------------------- +# bdaddr xx:xx:xx:xx:xx:xx ; - remote device BD_ADDR +# name "any char" ; - to set user friendly device name +# key 0x11223344 | nokey ; - to set link key for the device +# pin "secret" | nopin ; - to PIN code for the device +# +# Notes: +# +# Currently there is no way to select keys/PIN code based on which +# local device received the request. Everything is based on remote +# device BD_ADDR. +# +# "nokey" means that no link key has been defined and we should +# send Link_Key_Negative_Reply command to the device. +# +# "nopin" means that no PIN code has been defined and we should +# send PIN_Code_Negative_Reply command to the device +# + +# Default entry is applied if no better match found +# It MUST have 00:00:00:00:00:00 as bdaddr +device { + bdaddr 00:00:00:00:00:00; + name "Default entry"; + key nokey; + pin nopin; +} + +device { + bdaddr 00:01:02:03:04:05; + name "Dummy"; + key nokey; + pin "0000"; +} + +device { + bdaddr 00:11:22:33:44:55; + name "Dummy"; + key 0x00112233445566778899aabbccddeeff; # 16 bytes key (hex string) + pin nopin; +} + diff --git a/etc/bluetooth/hosts b/etc/bluetooth/hosts new file mode 100644 index 0000000..b704248 --- /dev/null +++ b/etc/bluetooth/hosts @@ -0,0 +1,10 @@ +# $Id: hosts,v 1.1 2003/05/21 17:48:40 max Exp $ +# $FreeBSD$ +# +# Bluetooth Host Database +# +# This file should contain the Bluetooth addresses and aliases for hosts. +# +# BD_ADDR Name [ alias0 alias1 ... ] + +# 00:11:22:33:44:55 phone diff --git a/etc/bluetooth/protocols b/etc/bluetooth/protocols new file mode 100644 index 0000000..6715094 --- /dev/null +++ b/etc/bluetooth/protocols @@ -0,0 +1,22 @@ +# $Id: protocols,v 1.2 2003/05/21 22:17:14 max Exp $ +# $FreeBSD$ +# +# Bluetooth Protocol/Service Multiplexor (PSM) names and numbers +# +# See also +# https://www.bluetooth.org/foundry/assignnumb/document/assigned_numbers +# +# Protocol PSM Alias Reference + +sdp 1 SDP # Service Discovery Protocol +rfcomm 3 RFCOMM # RFCOMM with TS 07.10 +tcs-bin 5 TCS-BIN # Telephony Control Specification +tcs-bin-cordless 7 TCS-BIN-CORDLESS # Telephony Control Specification +bnep 15 BNEP # Bluetooth Network Encapsulation Protocol +hid-control 17 HID-Control # Human Interface Device (control) +hid-interrupt 19 HID-Interrupt # Human Interface Device (interrupt) +upnp 21 UPnP # See ESDP, Bluetooth SIG +avctp 23 AVCTP # Audio/Video Control Transport Protocol +avdtp 25 AVDTP # Audio/Video Distribution Transport Protocol +udi-c-plane 29 UDI-C-Plane # Unrestricted Digital Information Profile + diff --git a/etc/crontab b/etc/crontab new file mode 100644 index 0000000..e1e6e88 --- /dev/null +++ b/etc/crontab @@ -0,0 +1,25 @@ +# /etc/crontab - root's crontab for FreeBSD +# +# $FreeBSD$ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin +# +#minute hour mday month wday who command +# +*/5 * * * * root /usr/libexec/atrun +# +# Save some entropy so that /dev/random can re-seed on boot. +*/11 * * * * operator /usr/libexec/save-entropy +# +# Rotate log files every hour, if necessary. +0 * * * * root newsyslog +# +# Perform daily/weekly/monthly maintenance. +1 3 * * * root periodic daily +15 4 * * 6 root periodic weekly +30 5 1 * * root periodic monthly +# +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root adjkerntz -a diff --git a/etc/csh.cshrc b/etc/csh.cshrc new file mode 100644 index 0000000..f4f775a --- /dev/null +++ b/etc/csh.cshrc @@ -0,0 +1,3 @@ +# $FreeBSD$ +# +# System-wide .cshrc file for csh(1). diff --git a/etc/csh.login b/etc/csh.login new file mode 100644 index 0000000..283c6d4 --- /dev/null +++ b/etc/csh.login @@ -0,0 +1,15 @@ +# $FreeBSD$ +# +# System-wide .login file for csh(1). +# Uncomment this to give you the default 4.2 behavior, where disk +# information is shown in K-Blocks +# setenv BLOCKSIZE K +# +# For the setting of languages and character sets please see +# login.conf(5) and in particular the charset and lang options. +# For full locales list check /usr/share/locale/* +# +# Check system messages +# msgs -q +# Allow terminal messages +# mesg y diff --git a/etc/csh.logout b/etc/csh.logout new file mode 100644 index 0000000..6b0584f --- /dev/null +++ b/etc/csh.logout @@ -0,0 +1,3 @@ +# $FreeBSD$ +# +# System-wide .logout file for csh(1). diff --git a/etc/ddb.conf b/etc/ddb.conf new file mode 100644 index 0000000..a793705 --- /dev/null +++ b/etc/ddb.conf @@ -0,0 +1,15 @@ +# $FreeBSD$ +# +# This file is read when going to multi-user and its contents piped thru +# ``ddb'' to define debugging scripts. +# +# see ``man 4 ddb'' and ``man 8 ddb'' for details. +# + +script lockinfo=show locks; show alllocks; show lockedvnods + +# kdb.enter.panic panic(9) was called. +script kdb.enter.panic=textdump set; capture on; run lockinfo; show pcpu; bt; ps; alltrace; capture off; call doadump; reset + +# kdb.enter.witness witness(4) detected a locking error. +script kdb.enter.witness=run lockinfo diff --git a/etc/defaults/Makefile b/etc/defaults/Makefile new file mode 100644 index 0000000..c6555e6 --- /dev/null +++ b/etc/defaults/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD$ + +FILES= bluetooth.device.conf devfs.rules periodic.conf rc.conf +NO_OBJ= +FILESDIR= /etc/defaults + +.include <bsd.prog.mk> diff --git a/etc/defaults/bluetooth.device.conf b/etc/defaults/bluetooth.device.conf new file mode 100644 index 0000000..6e6a981 --- /dev/null +++ b/etc/defaults/bluetooth.device.conf @@ -0,0 +1,111 @@ +# Copyright (c) 2005 Maksim Yevmenkin <m_evmenkin@yahoo.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# The authentication_enable parameter controls if the device requires to +# authenticate the remote device at connection setup. At connection setup, +# only the devices with the authentication_enable parameter enabled will +# try to authenticate the other device. +# +# Possible values: +# +# NO or 0 authentication disabled (default); +# YES or 1 authentication enabled. + +# authentication_enable="NO" + +# The class parameter is used to indicate the capabilities of the device to +# other devices. +# +# For more details see "Assigned Numbers - Bluetooth Baseband" document +# +# Possible value: +# +# xx:xx:xx where xx is a hex number + +# class="ff:01:0c" + +# The connectable parameter controls whether or not the device should +# periodically scan for page attempts from other devices. +# +# Possible values: +# +# NO or 0 do not scan for page attempts; +# YES or 1 scan for page attempts (default). + +# connectable="YES" + +# The discoverable parameter controls whether or not the device should +# periodically scan for inquiry requests from other devices. +# +# Possible values: +# +# NO or 0 do not scan for inquiry requests; +# YES or 1 scan for inquiry requests (default). + +# discoverable="YES" + +# The encryption_mode parameter controls if the device requires encryption +# to the remote device at connection setup. At connection setup, only the +# devices with the authentication_enable parameter enabled and encryption_mode +# parameter enabled will try to encrypt the connection to the other device. +# +# Possible values: +# +# NONE or 0 encryption disabled (default); +# P2P or 1 encryption only for point-to-point packets; +# ALL or 2 encryption for both point-to-point and broadcast packets. + +# encryption_mode="NONE" + +# HCI node debug level. Higher values mean more verbose output. +# +# Possible values: 0 - 4 + +# hci_debug_level="3" + +# L2CAP node debug level. Higher values mean more verbose output. +# +# Possible values: 0 - 4 + +# l2cap_debug_level="3" + +# The local_name parameter provides the ability to modify the user friendly +# name for the device. + +# local_name="My device" + +# The role_switch parameter controls whether the local device should perform +# role switch. By default, if role switch is supported, the local device will +# try to perform role switch and become Master on incoming connection. Some +# devices do not support role switch and thus incoming connections from such +# devices will fail. If role switch is disabled then accepting device will +# remain Slave. +# +# NO or 0 do not perform role switch; +# YES or 1 perform role switch (default). + +# role_switch="YES" + diff --git a/etc/defaults/devfs.rules b/etc/defaults/devfs.rules new file mode 100644 index 0000000..8fa6496 --- /dev/null +++ b/etc/defaults/devfs.rules @@ -0,0 +1,86 @@ +# +# The following are some default rules for devfs(5) mounts. +# The format is very simple. Empty lines and lines beginning +# with a hash '#' are ignored. If the hash mark occurs anywhere +# other than the beginning of a line, it and any subsequent +# characters will be ignored. A line in between brackets '[]' +# denotes the beginning of a ruleset. In the brackets should +# be a name for the rule and its ruleset number. Any other lines +# will be considered to be the 'action' part of a rule +# passed to the devfs(8) command. These will be passed +# "as-is" to the devfs(8) command with the exception that +# any references to other rulesets will be expanded first. These +# references must include a dollar sign '$' in front of the +# name to be expanded properly. +# +# $FreeBSD$ +# + +# Very basic and secure ruleset: Hide everything. +# Used as a basis for other rules. +# +[devfsrules_hide_all=1] +add hide + +# Basic devices typically necessary. +# Requires: devfsrules_hide_all +# +[devfsrules_unhide_basic=2] +add path log unhide +add path null unhide +add path zero unhide +add path crypto unhide +add path random unhide +add path urandom unhide + +# Devices typically needed to support logged-in users. +# Requires: devfsrules_hide_all +# +[devfsrules_unhide_login=3] +add path 'ptyp*' unhide +add path 'ptyq*' unhide +add path 'ptyr*' unhide +add path 'ptys*' unhide +add path 'ptyP*' unhide +add path 'ptyQ*' unhide +add path 'ptyR*' unhide +add path 'ptyS*' unhide +add path 'ptyl*' unhide +add path 'ptym*' unhide +add path 'ptyn*' unhide +add path 'ptyo*' unhide +add path 'ptyL*' unhide +add path 'ptyM*' unhide +add path 'ptyN*' unhide +add path 'ptyO*' unhide +add path 'ttyp*' unhide +add path 'ttyq*' unhide +add path 'ttyr*' unhide +add path 'ttys*' unhide +add path 'ttyP*' unhide +add path 'ttyQ*' unhide +add path 'ttyR*' unhide +add path 'ttyS*' unhide +add path 'ttyl*' unhide +add path 'ttym*' unhide +add path 'ttyn*' unhide +add path 'ttyo*' unhide +add path 'ttyL*' unhide +add path 'ttyM*' unhide +add path 'ttyN*' unhide +add path 'ttyO*' unhide +add path ptmx unhide +add path pts unhide +add path 'pts/*' unhide +add path fd unhide +add path 'fd/*' unhide +add path stdin unhide +add path stdout unhide +add path stderr unhide + +# Devices usually found in a jail. +# +[devfsrules_jail=4] +add include $devfsrules_hide_all +add include $devfsrules_unhide_basic +add include $devfsrules_unhide_login diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf new file mode 100644 index 0000000..27192bc --- /dev/null +++ b/etc/defaults/periodic.conf @@ -0,0 +1,290 @@ +#!/bin/sh +# +# This is defaults/periodic.conf - a file full of useful variables that +# you can set to change the default behaviour of periodic jobs on your +# system. You should not edit this file! Put any overrides into one of the +# $periodic_conf_files instead and you will be able to update these defaults +# later without spamming your local configuration information. +# +# The $periodic_conf_files files should only contain values which override +# values set in this file. This eases the upgrade path when defaults +# are changed and new features are added. +# +# For a more detailed explanation of all the periodic.conf variables, please +# refer to the periodic.conf(5) manual page. +# +# $FreeBSD$ +# + +# What files override these defaults ? +periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" + +# periodic script dirs +local_periodic="/usr/local/etc/periodic" + + +# Daily options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + +# 100.clean-disks +daily_clean_disks_enable="NO" # Delete files daily +daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" +daily_clean_disks_days=3 # If older than this +daily_clean_disks_verbose="YES" # Mention files deleted + +# 110.clean-tmps +daily_clean_tmps_enable="NO" # Delete stuff daily +daily_clean_tmps_dirs="/tmp" # Delete under here +daily_clean_tmps_days="3" # If not accessed for +daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" +daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" + # Don't delete these +daily_clean_tmps_verbose="YES" # Mention files deleted + +# 120.clean-preserve +daily_clean_preserve_enable="YES" # Delete files daily +daily_clean_preserve_days=7 # If not modified for +daily_clean_preserve_verbose="YES" # Mention files deleted + +# 130.clean-msgs +daily_clean_msgs_enable="YES" # Delete msgs daily +daily_clean_msgs_days= # If not modified for + +# 140.clean-rwho +daily_clean_rwho_enable="YES" # Delete rwho daily +daily_clean_rwho_days=7 # If not modified for +daily_clean_rwho_verbose="YES" # Mention files deleted + +# 150.clean-hoststat +daily_clean_hoststat_enable="YES" # Purge sendmail host + # status cache daily + +# 200.backup-passwd +daily_backup_passwd_enable="YES" # Backup passwd & group + +# 210.backup-aliases +daily_backup_aliases_enable="YES" # Backup mail aliases + +# 220.backup-pkgdb +daily_backup_pkgdb_enable="YES" # Backup /var/db/pkg +daily_backup_pkgdb_dir="/var/backups" + +# 300.calendar +daily_calendar_enable="NO" # Run calendar -a + +# 310.accounting +daily_accounting_enable="YES" # Rotate acct files +daily_accounting_compress="NO" # Gzip rotated files +daily_accounting_flags=-q # Flags to /usr/sbin/sa +daily_accounting_save=3 # How many files to save + +# 330.news +daily_news_expire_enable="YES" # Run news.expire + +# 400.status-disks +daily_status_disks_enable="YES" # Check disk status +daily_status_disks_df_flags="-l -h" # df(1) flags for check + +# 404.status-zfs +daily_status_zfs_enable="NO" # Check ZFS + +# 405.status-ata_raid +daily_status_ata_raid_enable="NO" # Check ATA raid status + +# 406.status-gmirror +daily_status_gmirror_enable="NO" # Check gmirror(8) + +# 407.status-graid3 +daily_status_graid3_enable="NO" # Check graid3(8) + +# 408.status-gstripe +daily_status_gstripe_enable="NO" # Check gstripe(8) + +# 409.status-gconcat +daily_status_gconcat_enable="NO" # Check gconcat(8) + +# 420.status-network +daily_status_network_enable="YES" # Check network status +daily_status_network_usedns="YES" # DNS lookups are ok + +# 430.status-rwho +daily_status_rwho_enable="YES" # Check system status + +# 440.status-mailq +daily_status_mailq_enable="YES" # Check mail status +daily_status_mailq_shorten="NO" # Shorten output +daily_status_include_submit_mailq="YES" # Also submit queue + +# 450.status-security +daily_status_security_enable="YES" # Security check +# See "Security options" below for more options + +# 460.status-mail-rejects +daily_status_mail_rejects_enable="YES" # Check mail rejects +daily_status_mail_rejects_logs=3 # How many logs to check +daily_status_mail_rejects_shorten="NO" # Shorten output + +# 470.status-named +daily_status_named_enable="YES" +daily_status_named_usedns="YES" # DNS lookups are ok + +# 480.status-ntpd +daily_status_ntpd_enable="NO" # Check NTP status + +# 490.status-pkg-changes +daily_status_pkg_changes_enable="NO" # Show package changes + +# 500.queuerun +daily_queuerun_enable="YES" # Run mail queue +daily_submit_queuerun="YES" # Also submit queue + +# 800.scrub-zfs +daily_scrub_zfs_enable="NO" +daily_scrub_zfs_pools="" # empty string selects all pools +daily_scrub_zfs_default_threshold="35" # days between scrubs +#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold + +# 999.local +daily_local="/etc/daily.local" # Local scripts + + +# Security options + +# These options are used by the security periodic(8) scripts spawned in +# 450.status-security above. +daily_status_security_inline="NO" # Run inline ? +daily_status_security_output="root" # user or /file +daily_status_security_noamd="NO" # Don't check amd mounts +daily_status_security_logdir="/var/log" # Directory for logs +daily_status_security_diff_flags="-b -u" # flags for diff output + +# 100.chksetuid +daily_status_security_chksetuid_enable="YES" + +# 110.neggrpperm +daily_status_security_neggrpperm_enable="YES" + +# 200.chkmounts +daily_status_security_chkmounts_enable="YES" +#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching + # FS types + +# 300.chkuid0 +daily_status_security_chkuid0_enable="YES" + +# 400.passwdless +daily_status_security_passwdless_enable="YES" + +# 410.logincheck +daily_status_security_logincheck_enable="YES" + +# 460.chkportsum +daily_status_security_chkportsum_enable="NO" # Check ports w/ wrong checksum + +# 500.ipfwdenied +daily_status_security_ipfwdenied_enable="YES" + +# 510.ipfdenied +daily_status_security_ipfdenied_enable="YES" + +# 520.pfdenied +daily_status_security_pfdenied_enable="YES" + +# 550.ipfwlimit +daily_status_security_ipfwlimit_enable="YES" + +# 610.ipf6denied +daily_status_security_ipf6denied_enable="YES" + +# 700.kernelmsg +daily_status_security_kernelmsg_enable="YES" + +# 800.loginfail +daily_status_security_loginfail_enable="YES" + +# 900.tcpwrap +daily_status_security_tcpwrap_enable="YES" + + +# Weekly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + +# 310.locate +weekly_locate_enable="YES" # Update locate weekly + +# 320.whatis +weekly_whatis_enable="YES" # Update whatis weekly + +# 330.catman +weekly_catman_enable="NO" # Preformat man pages + +# 340.noid +weekly_noid_enable="NO" # Find unowned files +weekly_noid_dirs="/" # Look here + +# 400.status-pkg +weekly_status_pkg_enable="NO" # Find out-of-date pkgs +pkg_version=pkg_version # Use this program +pkg_version_index=/usr/ports/INDEX-9 # Use this index file + +# 999.local +weekly_local="/etc/weekly.local" # Local scripts + + +# Monthly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + +# 200.accounting +monthly_accounting_enable="YES" # Login accounting + +# 999.local +monthly_local="/etc/monthly.local" # Local scripts + + +# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* +# scripts to source defaults/periodic.conf overrides safely. + +if [ -z "${source_periodic_confs_defined}" ]; then + source_periodic_confs_defined=yes + source_periodic_confs () { + local i sourced_files + + for i in ${periodic_conf_files}; do + case ${sourced_files} in + *:$i:*) + ;; + *) + sourced_files="${sourced_files}:$i:" + [ -r $i ] && . $i + ;; + esac + done + } +fi diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf new file mode 100644 index 0000000..b9e78ce --- /dev/null +++ b/etc/defaults/rc.conf @@ -0,0 +1,725 @@ +#!/bin/sh + +# This is rc.conf - a file full of useful variables that you can set +# to change the default startup behavior of your system. You should +# not edit this file! Put any overrides into one of the ${rc_conf_files} +# instead and you will be able to update these defaults later without +# spamming your local configuration information. +# +# The ${rc_conf_files} files should only contain values which override +# values set in this file. This eases the upgrade path when defaults +# are changed and new features are added. +# +# All arguments must be in double or single quotes. +# +# For a more detailed explanation of all the rc.conf variables, please +# refer to the rc.conf(5) manual page. +# +# $FreeBSD$ + +############################################################## +### Important initial Boot-time options #################### +############################################################## + +rc_debug="NO" # Set to YES to enable debugging output from rc.d +rc_info="NO" # Enables display of informational messages at boot. +rc_startmsgs="YES" # Show "Starting foo:" messages at boot +rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown +early_late_divider="FILESYSTEMS" # Script that separates early/late + # stages of the boot process. Make sure you know + # the ramifications if you change this. + # See rc.conf(5) for more details. + +swapfile="NO" # Set to name of swapfile if aux swapfile desired. +apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). +apmd_enable="NO" # Run apmd to handle APM event from userland. +apmd_flags="" # Flags to apmd (if enabled). +ddb_enable="NO" # Set to YES to load ddb scripts at boot. +ddb_config="/etc/ddb.conf" # ddb(8) config file. +devd_enable="YES" # Run devd, to trigger programs on device tree changes. +devd_flags="" # Additional flags for devd(8). +#kld_list="" # Kernel modules to load after local disks are mounted +kldxref_enable="NO" # Build linker.hints files with kldxref(8). +kldxref_clobber="NO" # Overwrite old linker.hints at boot. +kldxref_module_path="" # Override kern.module_path. A ';'-delimited list. +powerd_enable="NO" # Run powerd to lower our power usage. +powerd_flags="" # Flags to powerd (if enabled). +tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never +tmpsize="20m" # Size of mfs /tmp if created +tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp +varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never +varsize="32m" # Size of mfs /var if created +varmfs_flags="-S" # Extra mount options for the mfs /var +populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never +cleanvar_enable="YES" # Clean the /var directory +local_startup="/usr/local/etc/rc.d" # startup script dirs. +script_name_sep=" " # Change if your startup scripts' names contain spaces +rc_conf_files="/etc/rc.conf /etc/rc.conf.local" + +# ZFS support +zfs_enable="NO" # Set to YES to automatically mount ZFS file systems + +gptboot_enable="YES" # GPT boot success/failure reporting. + +# Experimental - test before enabling +gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab +gbde_devices="NO" # Devices to automatically attach (list, or AUTO) +gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices +gbde_lockdir="/etc" # Where to look for gbde lockfiles + +# GELI disk encryption configuration. +geli_devices="" # List of devices to automatically attach in addition to + # GELI devices listed in /etc/fstab. +geli_tries="" # Number of times to attempt attaching geli device. + # If empty, kern.geom.eli.tries will be used. +geli_default_flags="" # Default flags for geli(8). +geli_autodetach="YES" # Automatically detach on last close. + # Providers are marked as such when all file systems are + # mounted. +# Example use. +#geli_devices="da1 mirror/home" +#geli_da1_flags="-p -k /etc/geli/da1.keys" +#geli_da1_autodetach="NO" +#geli_mirror_home_flags="-k /etc/geli/home.keys" + +geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted + # swap partitions. + +root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. +fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. +fsck_y_flags="" # Additional flags for fsck -y +background_fsck="YES" # Attempt to run fsck in the background where possible. +background_fsck_delay="60" # Time to wait (seconds) before starting the fsck. +netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB portalfs:PORTAL nwfs:NWFS" # Net filesystems. +extra_netfs_types="NO" # List of network extra filesystem types for delayed + # mount at startup (or NO). + +############################################################## +### Network configuration sub-section ###################### +############################################################## + +### Basic network and firewall/security options: ### +hostname="" # Set this! +hostid_enable="YES" # Set host UUID. +hostid_file="/etc/hostid" # File with hostuuid. +nisdomainname="NO" # Set to NIS domain if using NIS (or NO). +dhclient_program="/sbin/dhclient" # Path to dhcp client program. +dhclient_flags="" # Extra flags to pass to dhcp client. +#dhclient_flags_fxp0="" # Extra dhclient flags for fxp0 only +background_dhclient="NO" # Start dhcp client in the background. +#background_dhclient_fxp0="YES" # Start dhcp client on fxp0 in the background. +synchronous_dhclient="NO" # Start dhclient directly on configured + # interfaces during startup. +defaultroute_delay="30" # Time to wait for a default route on a DHCP interface. +defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route. +wpa_supplicant_program="/usr/sbin/wpa_supplicant" +wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant +wpa_supplicant_conf_file="/etc/wpa_supplicant.conf" +# +firewall_enable="NO" # Set to YES to enable firewall functionality +firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall +firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) +firewall_quiet="NO" # Set to YES to suppress rule display +firewall_logging="NO" # Set to YES to enable events logging +firewall_flags="" # Flags passed to ipfw when type is a file +firewall_coscripts="" # List of executables/scripts to run after + # firewall starts/stops +firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" + # firewall. +#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for + # "client" firewall. +firewall_simple_iif="ed1" # Inside network interface for "simple" + # firewall. +firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple" + # firewall. +firewall_simple_oif="ed0" # Outside network interface for "simple" + # firewall. +firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple" + # firewall. +#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple" + # firewall. +#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix + # for "simple" firewall. +#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple" + # firewall. +#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix + # for "simple" firewall. +firewall_myservices="" # List of TCP ports on which this host + # offers services for "workstation" firewall. +firewall_allowservices="" # List of IPs which have access to + # $firewall_myservices for "workstation" + # firewall. +firewall_trusted="" # List of IPs which have full access to this + # host for "workstation" firewall. +firewall_logdeny="NO" # Set to YES to log default denied incoming + # packets for "workstation" firewall. +firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports + # for which denied incoming packets are not + # logged for "workstation" firewall. +firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES) +firewall_nat_interface="" # Public interface or IPaddress to use +firewall_nat_flags="" # Additional configuration parameters +dummynet_enable="NO" # Load the dummynet(4) module +ip_portrange_first="NO" # Set first dynamically allocated port +ip_portrange_last="NO" # Set last dynamically allocated port +ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) +ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon +ike_flags="" # Additional flags for IKE daemon +ipsec_enable="NO" # Set to YES to run setkey on ipsec_file +ipsec_file="/etc/ipsec.conf" # Name of config file for setkey +natd_program="/sbin/natd" # path to natd, if you want a different one. +natd_enable="NO" # Enable natd (if firewall_enable == YES). +natd_interface="" # Public interface or IPaddress to use. +natd_flags="" # Additional flags for natd. +ipfilter_enable="NO" # Set to YES to enable ipfilter functionality +ipfilter_program="/sbin/ipf" # where the ipfilter program lives +ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see + # /usr/src/contrib/ipfilter/rules for examples +ipfilter_flags="" # additional flags for ipfilter +ipnat_enable="NO" # Set to YES to enable ipnat functionality +ipnat_program="/sbin/ipnat" # where the ipnat program lives +ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat +ipnat_flags="" # additional flags for ipnat +ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat +ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives +ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" +ipfs_enable="NO" # Set to YES to enable saving and restoring + # of state tables at shutdown and boot +ipfs_program="/sbin/ipfs" # where the ipfs program lives +ipfs_flags="" # additional flags for ipfs +pf_enable="NO" # Set to YES to enable packet filter (pf) +pf_rules="/etc/pf.conf" # rules definition file for pf +pf_program="/sbin/pfctl" # where the pfctl program lives +pf_flags="" # additional flags for pfctl +pflog_enable="NO" # Set to YES to enable packet filter logging +pflog_logfile="/var/log/pflog" # where pflogd should store the logfile +pflog_program="/sbin/pflogd" # where the pflogd program lives +pflog_flags="" # additional flags for pflogd +ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf +ftpproxy_flags="" # additional flags for ftp-proxy(8) +pfsync_enable="NO" # Expose pf state to other hosts for syncing +pfsync_syncdev="" # Interface for pfsync to work through +pfsync_syncpeer="" # IP address of pfsync peer host +pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync +tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. +log_in_vain="0" # >=1 to log connects to ports w/o listeners. +tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). +tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN + # NOTE: this violates the TCP specification +icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets +icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets +network_interfaces="auto" # List of network interfaces (or "auto"). +cloned_interfaces="" # List of cloned network interfaces to create. +#cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. +#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. +#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. +#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. +#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry +#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias +#ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. +#vlans_fxp0="101 vlan0" # vlan(4) interfaces for fxp0 device +#create_args_vlan0="vlan 102" # vlan tag for vlan0 device +#wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device +#wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8) +#ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry. +# +#autobridge_interfaces="bridge0" # List of bridges to check +#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge +# +# If you have any sppp(4) interfaces above, you might also want to set +# the following parameters. Refer to spppcontrol(8) for their meaning. +sppp_interfaces="" # List of sppp interfaces. +#sppp_interfaces="...0" # example: sppp over ... +#spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'" +gif_interfaces="" # List of GIF tunnels. +#gif_interfaces="gif0 gif1" # Examples typically for a router. + # Choose correct tunnel addrs. +#gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router. +#gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router. +fec_interfaces="" # List of Fast EtherChannels. +#fec_interfaces="fec0 fec1" +#fecconfig_fec0="fxp0 dc0" # Examples typically for two NICs +#fecconfig_fec1="em0 em1 bge0 bge1" # Examples typically for four NICs + +# User ppp configuration. +ppp_enable="NO" # Start user-ppp (or NO). +ppp_program="/usr/sbin/ppp" # Path to user-ppp program. +ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated". + # For details see man page for ppp(8). Default is auto. +ppp_nat="YES" # Use PPP's internal network address translation or NO. +ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. +ppp_user="root" # Which user to run ppp as + +# Start multiple instances of ppp at boot time +#ppp_profile="profile1 profile2 profile3" # Which profiles to use +#ppp_profile1_mode="ddial" # Override ppp mode for profile1 +#ppp_profile2_nat="NO" # Override nat mode for profile2 +# profile3 uses default ppp_mode and ppp_nat + +### Network daemon (miscellaneous) ### +hostapd_enable="NO" # Run hostap daemon. +syslogd_enable="YES" # Run syslog daemon (or NO). +syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. +syslogd_flags="-s" # Flags to syslogd (if enabled). +inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). +inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. +inetd_flags="-wW -C 60" # Optional flags to inetd +hastd_enable="NO" # Run the HAST daemon (YES/NO). +hastd_program="/sbin/hastd" # path to hastd, if you want a different one. +hastd_flags="" # Optional flags to hastd. +# +# named. It may be possible to run named in a sandbox, man security for +# details. +# +named_enable="NO" # Run named, the DNS server (or NO). +named_program="/usr/sbin/named" # Path to named, if you want a different one. +named_conf="/etc/namedb/named.conf" # Path to the configuration file +#named_flags="" # Use this for flags OTHER than -u and -c +named_uid="bind" # User to run named as +named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) +named_chroot_autoupdate="YES" # Automatically install/update chrooted + # components of named. See /etc/rc.d/named. +named_symlink_enable="YES" # Symlink the chrooted pid file +named_wait="NO" # Wait for working name service before exiting +named_wait_host="localhost" # Hostname to check if named_wait is enabled +named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf +named_auto_forward_only="NO" # Do "forward only" instead of "forward first" + +# +# kerberos. Do not run the admin daemons on slave servers +# +kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). +kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC +kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server +kadmind5_server_enable="NO" # Run kadmind (or NO) +kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon +kpasswdd_server_enable="NO" # Run kpasswdd (or NO) +kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon + +gssd_enable="NO" # Run the gssd daemon (or NO). +gssd_flags="" # Flags for gssd. + +rwhod_enable="NO" # Run the rwho daemon (or NO). +rwhod_flags="" # Flags for rwhod +rarpd_enable="NO" # Run rarpd (or NO). +rarpd_flags="-a" # Flags to rarpd. +bootparamd_enable="NO" # Run bootparamd (or NO). +bootparamd_flags="" # Flags to bootparamd +pppoed_enable="NO" # Run the PPP over Ethernet daemon. +pppoed_provider="*" # Provider and ppp(8) config file entry. +pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). +pppoed_interface="fxp0" # The interface that pppoed runs on. +sshd_enable="NO" # Enable sshd +sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. +sshd_flags="" # Additional flags for sshd. +ftpd_enable="NO" # Enable stand-alone ftpd. +ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one. +ftpd_flags="" # Additional flags to stand-alone ftpd. + +### Network daemon (NFS): All need rpcbind_enable="YES" ### +amd_enable="NO" # Run amd service with $amd_flags (or NO). +amd_program="/usr/sbin/amd" # path to amd, if you want a different one. +amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" +amd_map_program="NO" # Can be set to "ypcat -k amd.master" +nfs_client_enable="NO" # This host is an NFS client (or NO). +nfs_access_cache="60" # Client cache timeout in seconds +nfs_server_enable="NO" # This host is an NFS server (or NO). +oldnfs_server_enable="NO" # Run the old NFS server (YES/NO). +nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). +mountd_enable="NO" # Run mountd (or NO). +mountd_flags="-r" # Flags to mountd (if NFS server enabled). +weak_mountd_authentication="NO" # Allow non-root mount requests to be served. +nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). +nfs_bufpackets="" # bufspace (in packets) for client +rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server. +rpc_lockd_flags="" # Flags to rpc.lockd (if enabled). +rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server. +rpc_statd_flags="" # Flags to rpc.statd (if enabled). +rpcbind_enable="NO" # Run the portmapper service (YES/NO). +rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one. +rpcbind_flags="" # Flags to rpcbind (if enabled). +rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). +keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). +keyserv_flags="" # Flags to keyserv (if enabled). +nfsv4_server_enable="NO" # Enable support for NFSv4 +nfscbd_enable="NO" # NFSv4 client side callback daemon +nfscbd_flags="" # Flags for nfscbd +nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon +nfsuserd_flags="" # Flags for nfsuserd + +### Network Time Services options: ### +timed_enable="NO" # Run the time daemon (or NO). +timed_flags="" # Flags to timed (if enabled). +ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO). +ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one. +ntpdate_flags="-b" # Flags to ntpdate (if enabled). +ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file +ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers. +ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO). +ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one. +ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file +ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high +ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift" + # Flags to ntpd (if enabled). + +# Network Information Services (NIS) options: All need rpcbind_enable="YES" ### +nis_client_enable="NO" # We're an NIS client (or NO). +nis_client_flags="" # Flags to ypbind (if enabled). +nis_ypset_enable="NO" # Run ypset at boot time (or NO). +nis_ypset_flags="" # Flags to ypset (if enabled). +nis_server_enable="NO" # We're an NIS server (or NO). +nis_server_flags="" # Flags to ypserv (if enabled). +nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). +nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). +nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). +nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). + +### SNMP daemon ### +# Be sure to understand the security implications of running SNMP v1/v2 +# in your network. +bsnmpd_enable="NO" # Run the SNMP daemon (or NO). +bsnmpd_flags="" # Flags for bsnmpd. + +### Network routing options: ### +defaultrouter="NO" # Set to default gateway (or NO). +static_arp_pairs="" # Set to static ARP list (or leave empty). +static_ndp_pairs="" # Set to static NDP list (or leave empty). +static_routes="" # Set to static route list (or leave empty). +natm_static_routes="" # Set to static route list for NATM (or leave empty). +gateway_enable="NO" # Set to YES if this host will be a gateway. +routed_enable="NO" # Set to YES to enable a routing daemon. +routed_program="/sbin/routed" # Name of routing daemon to use if enabled. +routed_flags="-q" # Flags for routing daemon. +mrouted_enable="NO" # Do IPv4 multicast routing. +mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast + # routing daemon. You need to + # install it from package or + # port. +mrouted_flags="" # Flags for multicast routing daemon. +ipxgateway_enable="NO" # Set to YES to enable IPX routing. +ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. +ipxrouted_flags="" # Flags for IPX routing daemon. +arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL. +forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") +accept_sourceroute="NO" # accept source routed packets to us + +### ATM interface options: ### +atm_enable="NO" # Configure ATM interfaces (or NO). +#atm_netif_hea0="atm 1" # Network interfaces for physical interface. +#atm_sigmgr_hea0="uni31" # Signalling manager for physical interface. +#atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI). +#atm_macaddr_hea0="NO" # Override physical MAC address (or NO). +#atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local). +#atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO). +atm_pvcs="" # Set to PVC list (or leave empty). +atm_arps="" # Set to permanent ARP list (or leave empty). + +### Bluetooth ### +hcsecd_enable="NO" # Enable hcsecd(8) (or NO) +hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file + +sdpd_enable="NO" # Enable sdpd(8) (or NO) +sdpd_control="/var/run/sdp" # sdpd(8) control socket +sdpd_groupname="nobody" # set spdp(8) user/group to run as after +sdpd_username="nobody" # it initializes + +bthidd_enable="NO" # Enable bthidd(8) (or NO) +bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file +bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file + +rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO) +rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf +# +#rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one' +rfcomm_pppd_server_one_channel="1" # Override local channel for 'one' +#rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register +#rfcomm_pppd_server_one_register_dun="NO" # for 'one' +# +#rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two' +rfcomm_pppd_server_two_channel="3" # Override local channel for 'two' +#rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register +#rfcomm_pppd_server_two_register_dun="NO" # for 'two' + +ubthidhci_enable="NO" # Switch an USB BT controller present on +#ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode. +#ubthidhci_addr="2" # Check usbconfig list to find the correct + # numbers for your system. + +### Network link/usability verification options +netwait_enable="NO" # Enable rc.d/netwait (or NO) +#netwait_ip="" # IP addresses to be pinged by netwait. +netwait_timeout="60" # Total number of seconds to perform pings. +#netwait_if="" # Interface name to watch link state on. +netwait_if_timeout="30" # Total number of seconds to monitor link state. + +### Miscellaneous network options: ### +icmp_bmcastecho="NO" # respond to broadcast ping packets + +### IPv6 options: ### +ipv6_network_interfaces="auto" # List of IPv6 network interfaces + # (or "auto" or "none"). +ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no + # corresponding $ifconfig_IF_ipv6 is + # marked as IFDISABLED for security + # reason. +ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). +#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) +ipv6_static_routes="" # Set to static route list (or leave empty). +#ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64 + # route toward loopback interface. +#ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" +ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. +ipv6_cpe_wanif="NO" # Set to the upstram interface name if this + # node will work as a router to forward IPv6 + # packets not explicitly addressed to itself. +ipv6_privacy="NO" # Use privacy address on RA-receiving IFs + # (RFC 4941) + +route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. +route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. +route6d_flags="" # Flags to IPv6 routing daemon. +#route6d_flags="-l" # Example for route6d with only IPv6 site local + # addrs. +#route6d_flags="-q" # If you want to run a routing daemon on an end + # node, you should stop advertisement. +#ipv6_network_interfaces="ed0 ep0" # Examples for router + # or static configuration for end node. + # Choose correct prefix value. +#ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. +#ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. +ipv6_default_interface="NO" # Default output interface for scoped addrs. + # This works only with + # ipv6_gateway_enable="NO". +rtsol_flags="" # Flags to IPv6 router solicitation. +rtsold_enable="NO" # Set to YES to enable an IPv6 router + # solicitation daemon. +rtsold_flags="-a" # Flags to an IPv6 router solicitation + # daemon. +rtadvd_enable="NO" # Set to YES to enable an IPv6 router + # advertisement daemon. If set to YES, + # this router becomes a possible candidate + # IPv6 default router for local subnets. +rtadvd_interfaces="" # Interfaces rtadvd sends RA packets. +mroute6d_enable="NO" # Do IPv6 multicast routing. +mroute6d_program="/usr/local/sbin/pim6dd" # Name of IPv6 multicast + # routing daemon. You need to + # install it from package or + # port. +mroute6d_flags="" # Flags to IPv6 multicast routing daemon. +stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4 + # tunneling interface. Specify this entry + # to enable 6to4 interface. +stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, + # to limit peer addr range. Effective value + # is 0-31. +stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. + # If you like, you can set "AUTO" for this. +stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 +ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH + # IPv6-to-IPv4 TCP translator. You also need + # faithd(8) setup. +ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr + # communication. (like ::ffff:a.b.c.d) +ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, + # see /usr/src/contrib/ipfilter/rules + # for examples +ip6addrctl_enable="YES" # Set to YES to enable default address selection +ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages +ip6addrctl_policy="AUTO" # A pre-defined address selection policy + # (ipv4_prefer, ipv6_prefer, or AUTO) + +############################################################## +### System console options ################################# +############################################################## + +keyboard="" # keyboard device to use (default /dev/kbd0). +keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO). +keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). +keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable. +keychange="NO" # function keys default values (or NO). +cursor="NO" # cursor type {normal|blink|destructive} (or NO). +scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). +font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). +font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). +font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). +blanktime="300" # blank time (in seconds) or "NO" to turn it off. +saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko +moused_nondefault_enable="YES" # Treat non-default mice as enabled unless + # specifically overriden in rc.conf(5). +moused_enable="NO" # Run the mouse daemon. +moused_type="auto" # See man page for rc.conf(5) for available settings. +moused_port="/dev/psm0" # Set to your mouse port. +moused_flags="" # Any additional flags to moused. +mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your + # language code table, specify alternative range + # start like mousechar_start=3, see vidcontrol(1) +allscreens_flags="" # Set this vidcontrol mode for all virtual screens +allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens + +############################################################## +### Mail Transfer Agent (MTA) options ###################### +############################################################## + +mta_start_script="/etc/rc.sendmail" + # Script to start your chosen MTA, called by /etc/rc. +# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail: +sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). +sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file +sendmail_procname="/usr/sbin/sendmail" # sendmail process name +sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) +sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission +sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" + # Flags for localhost-only MTA +sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO). +sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only) +sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO). +sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" + # Flags for sendmail_msp_queue daemon. +sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO). + + +############################################################## +### Miscellaneous administrative options ################### +############################################################## + +auditd_enable="NO" # Run the audit daemon. +auditd_program="/usr/sbin/auditd" # Path to the audit daemon. +auditd_flags="" # Which options to pass to the audit daemon. +cron_enable="YES" # Run the periodic job daemon. +cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled). +cron_dst="YES" # Handle DST transitions intelligently (YES/NO) +cron_flags="" # Which options to pass to the cron daemon. +lpd_enable="NO" # Run the line printer daemon. +lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. +lpd_flags="" # Flags to lpd (if enabled). +nscd_enable="NO" # Run the nsswitch caching daemon. +chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd. +chkprintcap_flags="-d" # Create missing directories by default. +dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). +dumpdir="/var/crash" # Directory where crash dumps are to be stored +savecore_flags="" # Used if dumpdev is enabled above, and present. +crashinfo_enable="YES" # Automatically generate crash dump summary. +crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary. +quota_enable="NO" # turn on quotas on startup (or NO). +check_quotas="YES" # Check quotas on startup (or NO). +quotaon_flags="-a" # Turn quotas on for all file systems (if enabled) +quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown +quotacheck_flags="-a" # Check all file system quotas (if enabled) +accounting_enable="NO" # Turn on process accounting (or NO). +ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). +ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO). + +# Emulation/compatibility services provided by /etc/rc.d/abi +sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO). +linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). +svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO). +clear_tmp_enable="NO" # Clear /tmp at startup. +clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp +ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks +ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg" + # shared library search paths +ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths +ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout" + # a.out shared library search paths +ldconfig_local_dirs="/usr/local/libdata/ldconfig" + # Local directories with ldconfig configuration files. +ldconfig_local32_dirs="/usr/local/libdata/ldconfig32" + # Local directories with 32-bit compatibility ldconfig + # configuration files. +kern_securelevel_enable="NO" # kernel security level (see security(7)) +kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure + # Note that setting securelevel to 0 will result + # in the system booting with securelevel set to 1, as + # init(8) will raise the level when rc(8) completes. +update_motd="YES" # update version info in /etc/motd (or NO) +entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. + # /var/db/entropy-file is preferred if / is not avail. +entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. +entropy_save_sz="2048" # Size of the entropy cache files. +entropy_save_num="8" # Number of entropy cache files to save. +harvest_interrupt="YES" # Entropy device harvests interrupt randomness +harvest_ethernet="YES" # Entropy device harvests ethernet randomness +harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness +dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot +watchdogd_enable="NO" # Start the software watchdog daemon +watchdogd_flags="" # Flags to watchdogd (if enabled) +devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing + # devfs(8) rules. +devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev +devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to + # apply (must be mounted already, i.e. fstab(5)) +performance_cx_lowest="HIGH" # Online CPU idle state +performance_cpu_freq="NONE" # Online CPU frequency +economy_cx_lowest="HIGH" # Offline CPU idle state +economy_cpu_freq="NONE" # Offline CPU frequency +virecover_enable="YES" # Perform housekeeping for the vi(1) editor +ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot +bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4) + # ruleset file. +newsyslog_enable="YES" # Run newsyslog at startup. +newsyslog_flags="-CN" # Newsyslog flags to create marked files +mixer_enable="YES" # Run the sound mixer. +opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off + +############################################################## +### Jail Configuration ####################################### +############################################################## +jail_enable="NO" # Set to NO to disable starting of any jails +jail_parallel_start="NO" # Start jails in the background +jail_list="" # Space separated list of names of jails +jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname +jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail +jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail + +# +# To use rc's built-in jail infrastructure create entries for +# each jail, specified in jail_list, with the following variables. +# NOTES: +# - replace 'example' with the jail's name. +# - except rootdir, hostname, ip and the _multi<n> addresses, +# all of the following variables may be made global jail variables +# if you don't specify a jail name (ie. jail_interface, jail_devfs_ruleset). +# +#jail_example_rootdir="/usr/jail/default" # Jail's root directory +#jail_example_hostname="default.domain.com" # Jail's hostname +#jail_example_interface="" # Jail's interface variable to create IP aliases on +#jail_example_fib="0" # Routing table for setfib(1) +#jail_example_ip="192.0.2.10,2001:db8::17" # Jail's primary IPv4 and IPv6 address +#jail_example_ip_multi0="2001:db8::10" # and another IPv6 address +#jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting +#jail_example_exec_afterstart0="/bin/sh command" # command to execute after the one for + # starting the jail. More than one can be + # specified using a trailing number +#jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping +#jail_example_devfs_enable="NO" # mount devfs in the jail +#jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail - + # usually you want "devfsrules_jail". +#jail_example_fdescfs_enable="NO" # mount fdescfs in the jail +#jail_example_procfs_enable="NO" # mount procfs in jail +#jail_example_mount_enable="NO" # mount/umount jail's fs +#jail_example_fstab="" # fstab(5) for mount/umount +#jail_example_flags="-l -U root" # flags for jail(8) + +############################################################## +### Define source_rc_confs, the mechanism used by /etc/rc.* ## +### scripts to source rc_conf_files overrides safely. ## +############################################################## + +if [ -z "${source_rc_confs_defined}" ]; then + source_rc_confs_defined=yes + source_rc_confs () { + local i sourced_files + for i in ${rc_conf_files}; do + case ${sourced_files} in + *:$i:*) + ;; + *) + sourced_files="${sourced_files}:$i:" + if [ -r $i ]; then + . $i + fi + ;; + esac + done + } +fi diff --git a/etc/devd.conf b/etc/devd.conf new file mode 100644 index 0000000..27abc1f --- /dev/null +++ b/etc/devd.conf @@ -0,0 +1,326 @@ +# $FreeBSD$ +# +# Refer to devd.conf(5) and devd(8) man pages for the details on how to +# run and configure devd. +# + +# NB: All regular expressions have an implicit ^$ around them. +# NB: device-name is shorthand for 'match device-name' + +options { + # Each "directory" directive adds a directory to the list of + # directories that we scan for files. Files are loaded in the order + # that they are returned from readdir(3). The rule-sets are combined + # to create a DFA that's used to match events to actions. + directory "/etc/devd"; + directory "/usr/local/etc/devd"; + pid-file "/var/run/devd.pid"; + + # Setup some shorthand for regex that we use later in the file. + #XXX Yes, these are gross -- imp + set scsi-controller-regex + "(aac|adv|adw|aha|ahb|ahc|ahd|aic|amd|amr|asr|bt|ciss|ct|dpt|\ + esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm|wds)\ + [0-9]+"; +}; + +# Note that the attach/detach with the highest value wins, so that one can +# override these general rules. + +# +# Configure the interface on attach. Due to a historical accident, this +# script is called pccard_ether. +# +# NB: DETACH events are ignored; the kernel should handle all cleanup +# (routes, arp cache). Beware of races against immediate create +# of a device with the same name; e.g. +# ifconfig bridge0 destroy; ifconfig bridge0 create +# +notify 0 { + match "system" "IFNET"; + match "subsystem" "!usbus[0-9]+"; + match "type" "ATTACH"; + action "/etc/pccard_ether $subsystem start"; +}; + +# +# Try to start dhclient on Ethernet-like interfaces when the link comes +# up. Only devices that are configured to support DHCP will actually +# run it. No link down rule exists because dhclient automatically exits +# when the link goes down. +# +notify 0 { + match "system" "IFNET"; + match "type" "LINK_UP"; + media-type "ethernet"; + action "/etc/rc.d/dhclient quietstart $subsystem"; +}; + +# +# Like Ethernet devices, but separate because +# they have a different media type. We may want +# to exploit this later. +# +detach 0 { + media-type "802.11"; + action "/etc/pccard_ether $device-name stop"; +}; +attach 0 { + media-type "802.11"; + action "/etc/pccard_ether $device-name start"; +}; +notify 0 { + match "system" "IFNET"; + match "type" "LINK_UP"; + media-type "802.11"; + action "/etc/rc.d/dhclient quietstart $subsystem"; +}; + +# An entry like this might be in a different file, but is included here +# as an example of how to override things. Normally 'ed50' would match +# the above attach/detach stuff, but the value of 100 makes it +# hard wired to 1.2.3.4. +attach 100 { + device-name "ed50"; + action "ifconfig $device-name inet 1.2.3.4 netmask 0xffff0000"; +}; +detach 100 { + device-name "ed50"; +}; + +# When a USB Bluetooth dongle appears, activate it +attach 100 { + device-name "ubt[0-9]+"; + action "/etc/rc.d/bluetooth quietstart $device-name"; +}; +detach 100 { + device-name "ubt[0-9]+"; + action "/etc/rc.d/bluetooth quietstop $device-name"; +}; + +# Firmware downloader for Atheros AR3011 based USB Bluetooth devices +#attach 100 { +# match "vendor" "0x0cf3"; +# match "product" "0x3000"; +# action "sleep 2 && /usr/sbin/ath3kfw -d $device-name -f /usr/local/etc/ath3k-1.fw"; +#}; + +# When a USB keyboard arrives, attach it as the console keyboard. +attach 100 { + device-name "ukbd0"; + action "/etc/rc.d/syscons setkeyboard /dev/ukbd0"; +}; +detach 100 { + device-name "ukbd0"; + action "/etc/rc.d/syscons setkeyboard /dev/kbd0"; +}; + +attach 100 { + device-name "ums[0-9]+"; + action "/etc/rc.d/moused quietstart $device-name"; +}; + +detach 100 { + device-name "ums[0-9]+"; + action "/etc/rc.d/moused stop $device-name"; +}; + +# Firmware download into the ActiveWire board. After the firmware download is +# done, the device detaches and reappears as something new and shiny +# automatically. +attach 100 { + match "vendor" "0x0854"; + match "product" "0x0100"; + match "release" "0x0000"; + action "/usr/local/bin/ezdownload -f /usr/local/share/usb/firmware/0854.0100.0_01.hex $device-name"; +}; + +# Firmware download for Entrega Serial DB25 adapter. +attach 100 { + match "vendor" "0x1645"; + match "product" "0x8001"; + match "release" "0x0101"; + action "if ! kldstat -n usio > /dev/null 2>&1 ; then kldload usio; fi; /usr/sbin/ezdownload -v -f /usr/share/usb/firmware/1645.8001.0101 /dev/$device-name"; +}; + +# This entry starts the ColdSync tool in daemon mode. Make sure you have an up +# to date /usr/local/etc/palms. We override the 'listen' settings for port and +# type in /usr/local/etc/coldsync.conf. +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x082d"; + match "product" "0x0100"; + match "release" "0x0100"; + action "/usr/local/bin/coldsync -md -p /dev/$cdev -t usb"; +}; + +# +# Rescan scsi device-names on attach, but not detach. However, it is +# disabled by default due to reports of problems. +# +attach 0 { + device-name "$scsi-controller-regex"; +// action "camcontrol rescan all"; +}; + +# Don't even try to second guess what to do about drivers that don't +# match here. Instead, pass it off to syslog. Commented out for the +# moment, as the pnpinfo variable isn't set in devd yet. Individual +# variables within the bus supplied pnpinfo are set. +nomatch 0 { +# action "logger Unknown device: $pnpinfo $location $bus"; +}; + +# Various logging of unknown devices. +nomatch 10 { + match "bus" "uhub[0-9]+"; + action "logger Unknown USB device: vendor $vendor product $product \ + bus $bus"; +}; + +# Some PC-CARDs don't offer numerical manufacturer/product IDs, just +# show the CIS info there. +nomatch 20 { + match "bus" "pccard[0-9]+"; + match "manufacturer" "0xffffffff"; + match "product" "0xffffffff"; + action "logger Unknown PCCARD device: CISproduct $cisproduct \ + CIS-vendor $cisvendor bus $bus"; +}; + +nomatch 10 { + match "bus" "pccard[0-9]+"; + action "logger Unknown PCCARD device: manufacturer $manufacturer \ + product $product CISproduct $cisproduct CIS-vendor \ + $cisvendor bus $bus"; +}; + +nomatch 10 { + match "bus" "cardbus[0-9]+"; + action "logger Unknown Cardbus device: device $device class $class \ + vendor $vendor bus $bus"; +}; + +# Switch power profiles when the AC line state changes. +notify 10 { + match "system" "ACPI"; + match "subsystem" "ACAD"; + action "/etc/rc.d/power_profile $notify"; +}; + +# Notify all users before beginning emergency shutdown when we get +# a _CRT or _HOT thermal event and we're going to power down the system +# very soon. +notify 10 { + match "system" "ACPI"; + match "subsystem" "Thermal"; + match "notify" "0xcc"; + action "logger -p kern.emerg 'WARNING: system temperature too high, shutting down soon!'"; +}; + +# Sample ZFS problem reports handling. +notify 10 { + match "system" "ZFS"; + match "type" "zpool"; + action "logger -p kern.err 'ZFS: failed to load zpool $pool'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "vdev"; + action "logger -p kern.err 'ZFS: vdev failure, zpool=$pool type=$type'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "data"; + action "logger -p kern.warn 'ZFS: zpool I/O failure, zpool=$pool error=$zio_err'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "io"; + action "logger -p kern.warn 'ZFS: vdev I/O failure, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size error=$zio_err'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "checksum"; + action "logger -p kern.warn 'ZFS: checksum mismatch, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size'"; +}; + +# User requested suspend, so perform preparation steps and then execute +# the actual suspend process. +notify 10 { + match "system" "ACPI"; + match "subsystem" "Suspend"; + action "/etc/rc.suspend acpi $notify"; +}; +notify 10 { + match "system" "ACPI"; + match "subsystem" "Resume"; + action "/etc/rc.resume acpi $notify"; +}; + +/* EXAMPLES TO END OF FILE + +# An example of something that a vendor might install if you were to +# add their device. This might reside in /usr/local/etc/devd/deqna.conf. +# A deqna is, in this hypothetical example, a pccard ethernet-like device. +# Students of history may know other devices by this name, and will get +# the in-jokes in this entry. +nomatch 10 { + match "bus" "pccard[0-9]+"; + match "manufacturer" "0x1234"; + match "product" "0x2323"; + action "kldload if_deqna"; +}; +attach 10 { + device-name "deqna[0-9]+"; + action "/etc/pccard_ether $device-name start"; +}; +detach 10 { + device-name "deqna[0-9]+"; + action "/etc/pccard_ether $device-name stop"; +}; + +# Examples of notify hooks. A notify is a generic way for a kernel +# subsystem to send event notification to userland. + +# Here are some examples of ACPI notify handlers. ACPI subsystems that +# generate notifies include the AC adapter, power/sleep buttons, +# control method batteries, lid switch, and thermal zones. +# +# Information returned is not always the same as the ACPI notify +# events. See the ACPI specification for more information about +# notifies. Here is the information returned for each subsystem: +# +# ACAD: AC line state (0 is offline, 1 is online) +# Button: Button pressed (0 for power, 1 for sleep) +# CMBAT: ACPI battery events +# Lid: Lid state (0 is closed, 1 is open) +# RCTL: Resource limits +# Suspend, Resume: Suspend and resume notification +# Thermal: ACPI thermal zone events +# +# This example calls a script when the AC state changes, passing the +# notify value as the first argument. If the state is 0x00, it might +# call some sysctls to implement economy mode. If 0x01, it might set +# the mode to performance. +notify 10 { + match "system" "ACPI"; + match "subsystem" "ACAD"; + action "/etc/acpi_ac $notify"; +}; + +# This example works around a memory leak in PostgreSQL, restarting +# it when the "user:pgsql:swap:devctl=1G" rctl(8) rule gets triggered. +notify 0 { + match "system" "RCTL"; + match "rule" "user:70:swap:.*"; + action "/usr/local/etc/rc.d/postgresql restart" +}; + +*/ diff --git a/etc/devd/Makefile b/etc/devd/Makefile new file mode 100644 index 0000000..433436b --- /dev/null +++ b/etc/devd/Makefile @@ -0,0 +1,17 @@ +# $FreeBSD$ + +FILES= uath.conf usb.conf + +.if ${MACHINE} == "powerpc" +FILES+= apple.conf +.endif + +.if ${MACHINE} == "amd64" || ${MACHINE} == "i386" +FILES+= asus.conf +.endif + +NO_OBJ= +FILESDIR= /etc/devd +FILESMODE= 644 + +.include <bsd.prog.mk> diff --git a/etc/devd/apple.conf b/etc/devd/apple.conf new file mode 100644 index 0000000..a57a8e0 --- /dev/null +++ b/etc/devd/apple.conf @@ -0,0 +1,46 @@ +# $FreeBSD$ +# +# PowerPC Apple specific devd events + +# Keyboard power key +notify 0 { + match "system" "PMU"; + match "subsystem" "Button"; + match "notify" "0x0"; + action "shutdown -p now"; +}; + + +# The next blocks enable volume hotkeys that can be found on Apple laptops +notify 0 { + match "system" "PMU"; + match "subsystem" "keys"; + match "type" "mute"; + action "mixer 0"; +}; + +notify 0 { + match "system" "PMU"; + match "subsystem" "keys"; + match "type" "volume"; + match "notify" "down"; + action "mixer vol -10"; +}; + +notify 0 { + match "system" "PMU"; + match "subsystem" "keys"; + match "type" "volume"; + match "notify" "up"; + action "mixer vol +10"; +}; + +# Eject key +notify 0 { + match "system" "PMU"; + match "subsystem" "keys"; + match "type" "eject"; + action "camcontrol eject cd0"; +}; + + diff --git a/etc/devd/asus.conf b/etc/devd/asus.conf new file mode 100644 index 0000000..a195a58 --- /dev/null +++ b/etc/devd/asus.conf @@ -0,0 +1,74 @@ +# $FreeBSD$ +# +# ASUS specific devd events + +# The next blocks enable volume hotkeys that can be found on the Asus laptops +notify 0 { + match "system" "ACPI"; + match "subsystem" "ASUS"; + match "notify" "0x32"; + action "mixer 0"; +}; + +notify 0 { + match "system" "ACPI"; + match "subsystem" "ASUS"; + match "notify" "0x31"; + action "mixer vol -10"; +}; + +notify 0 { + match "system" "ACPI"; + match "subsystem" "ASUS"; + match "notify" "0x30"; + action "mixer vol +10"; +}; + +# The next blocks enable volume hotkeys that can be found on the Asus EeePC +notify 0 { + match "system" "ACPI"; + match "subsystem" "ASUS-Eee"; + match "notify" "0x13"; + action "mixer 0"; +}; + +notify 0 { + match "system" "ACPI"; + match "subsystem" "ASUS-Eee"; + match "notify" "0x14"; + action "mixer vol -10"; +}; + +notify 0 { + match "system" "ACPI"; + match "subsystem" "ASUS-Eee"; + match "notify" "0x15"; + action "mixer vol +10"; +}; + +# Enable user hotkeys that can be found on the Asus EeePC +# The four keys above the keyboard notify 0x1a through to 0x1d respectively +#notify 0 { +# match "system" "ACPI"; +# match "subsystem" "ASUS-Eee"; +# match "notify" "0x1a"; +# action ""; +#}; +#notify 0 { +# match "system" "ACPI"; +# match "subsystem" "ASUS-Eee"; +# match "notify" "0x1b"; +# action ""; +#}; +#notify 0 { +# match "system" "ACPI"; +# match "subsystem" "ASUS-Eee"; +# match "notify" "0x1c"; +# action ""; +#}; +#notify 0 { +# match "system" "ACPI"; +# match "subsystem" "ASUS-Eee"; +# match "notify" "0x1d"; +# action ""; +#}; diff --git a/etc/devd/uath.conf b/etc/devd/uath.conf new file mode 100644 index 0000000..9f0cb93 --- /dev/null +++ b/etc/devd/uath.conf @@ -0,0 +1,146 @@ +# $FreeBSD$ +# +# Atheros USB wireless network device specific devd events + +# Accton +# SMCWUSBT-G2 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x083a"; + match "product" "0x4507"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Atheros Communications +# AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x168c"; + match "product" "0x0002"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Atheros Communications +# AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x0cf3"; + match "product" "(0x0002|0x0004|0x0006)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Conceptronic +# AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x0d8e"; + match "product" "(0x7802|0x7812)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# D-Link +# DWL-AG132, DWL-G132 and DWL-AG122 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2001"; + match "product" "(0x3a01|0x3a03|0x3a05)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# D-Link +# DWA-120 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x07d1"; + match "product" "0x3a0c"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Gigaset +# SMCWUSBT-G +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1690"; + match "product" "(0x0711|0x0713)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Global Sun Technology +# AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x16ab"; + match "product" "(0x7802|0x7812)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# BayNETGEAR +# WG111U +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x0846"; + match "product" "0x4301"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Netgear +# WG111T and WPN111 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1385"; + match "product" "(0x4251|0x5f01)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# U-MEDIA Communications +# TEW-444UB and AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x157e"; + match "product" "(0x3007|0x3206)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Wistron NeWeb +# AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1435"; + match "product" "(0x0827|0x0829)"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; + +# Z-Com +# AR5523 +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x0cde"; + match "product" "0x0013"; + action "/usr/sbin/uathload -d /dev/$cdev"; +}; diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf new file mode 100644 index 0000000..22cb7ad --- /dev/null +++ b/etc/devd/usb.conf @@ -0,0 +1,4331 @@ +# +# $FreeBSD$ +# +# This file was automatically generated by "tools/bus_autoconf.sh". +# Please do not edit! +# + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "0x1290"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "0x1292"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "0x1294"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "0x1297"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0104"; + match "product" "0x00be"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0123"; + match "product" "0x0001"; + action "kldload uep"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03e8"; + match "product" "0x0008"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03eb"; + match "product" "0x2109"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "0x0121"; + action "kldload ugensa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "(0x1016|0x1116|0x1216)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "(0x1b1d|0x1e1d)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "(0x2016|0x2116|0x2216|0x3016|0x3116|0x3216)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "0x3524"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "(0x4016|0x4116|0x4216|0x5016|0x5116|0x5216)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "0x811c"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "0xca02"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0402"; + match "product" "0x5632"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0403"; + match "product" "(0x6001|0x6004|0x6010|0x6011|0x8372|0x9e90|0xcc48|0xcc49|0xcc4a|0xd678|0xe6c8|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xee18|0xf608|0xf60b|0xf850|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfc08|0xfc09|0xfc0b|0xfc0c|0xfc0d|0xfc82)"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0408"; + match "product" "0x0304"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0408"; + match "product" "(0x1000|0xea02|0xea03|0xea04|0xea05|0xea06)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0409"; + match "product" "(0x00d5|0x00d6|0x00d7|0x8024|0x8025)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "(0x0001|0x0005|0x0009)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x0012"; + action "kldload if_rue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x003d"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "(0x005e|0x0066|0x0067)"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x006e"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x008b"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x00b3"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "(0x00d8|0x00d9)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x00da"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x00e8"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "(0x0116|0x0119)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x012e"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "0x0137"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0411"; + match "product" "(0x0148|0x0150|0x015d|0x016f)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0413"; + match "product" "0x2101"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0423"; + match "product" "(0x000a|0x000c)"; + action "kldload if_cue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x043e"; + match "product" "0x9c01"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x045a"; + match "product" "(0x5001|0x5002)"; + action "kldload urio"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x045b"; + match "product" "0x0053"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x045e"; + match "product" "0x0079"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x045e"; + match "product" "0x007a"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x045e"; + match "product" "(0x00ce|0x0400|0x0401|0x0402|0x0403|0x0404|0x0405|0x0406|0x0407|0x0408|0x0409|0x040a|0x040b|0x040c|0x040d|0x040e|0x040f|0x0410|0x0411|0x0412|0x0413|0x0414|0x0415|0x0416|0x0417|0x0432|0x0433|0x0434|0x0435|0x0436|0x0437|0x0438|0x0439|0x043a|0x043b|0x043c|0x043d|0x043e|0x043f|0x0440|0x0441|0x0442|0x0443|0x0444|0x0445|0x0446|0x0447|0x0448|0x0449|0x044a|0x044b|0x044c|0x044d|0x044e|0x044f|0x0450|0x0451|0x0452|0x0453|0x0454|0x0455|0x0456|0x0457|0x0458|0x0459|0x045a|0x045b|0x045c|0x045d|0x045e|0x045f|0x0460|0x0461|0x0462|0x0463|0x0464|0x0465|0x0466|0x0467|0x0468|0x0469|0x046a|0x046b|0x046c|0x046d|0x046e|0x046f|0x0470|0x0471|0x0472|0x0473|0x0474|0x0475|0x0476|0x0477|0x0478|0x0479|0x047a|0x047b|0x04c8|0x04c9|0x04ca|0x04cb|0x04cc|0x04cd|0x04ce|0x04d7|0x04d8|0x04d9|0x04da|0x04db|0x04dc|0x04dd|0x04de|0x04df|0x04e0|0x04e1|0x04e2|0x04e3|0x04e4|0x04e5|0x04e6|0x04e7|0x04e8|0x04e9|0x04ea)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0471"; + match "product" "0x066a"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0471"; + match "product" "0x1236"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0471"; + match "product" "0x200f"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0482"; + match "product" "0x0203"; + action "kldload umodem"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0489"; + match "product" "(0xe000|0xe003)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x049f"; + match "product" "(0x0003|0x0032)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x049f"; + match "product" "0x505a"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04a4"; + match "product" "0x0014"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04a5"; + match "product" "0x4027"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04a5"; + match "product" "0x4068"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04ad"; + match "product" "(0x0301|0x0302|0x0303|0x0306)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04b4"; + match "product" "0x1002"; + action "kldload ufm"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04b7"; + match "product" "0x0531"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04b8"; + match "product" "(0x0521|0x0522)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04bb"; + match "product" "0x0901"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04bb"; + match "product" "(0x0904|0x0913)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04bb"; + match "product" "0x0930"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04bb"; + match "product" "(0x0944|0x0945|0x0947|0x0948)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04bb"; + match "product" "(0x0a03|0x0a0e)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04bf"; + match "product" "(0x0115|0x0117)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04c5"; + match "product" "(0x1058|0x1079)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04da"; + match "product" "0x2500"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04da"; + match "product" "0x3900"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04dd"; + match "product" "(0x8004|0x8005|0x8006|0x8007|0x9031)"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04dd"; + match "product" "(0x9102|0x9121|0x9123|0x9151|0x91ac|0x9242)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04e8"; + match "product" "0x2018"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04e8"; + match "product" "(0x5f00|0x5f01|0x5f02|0x5f03|0x5f04)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04e8"; + match "product" "0x6601"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04e8"; + match "product" "(0x6611|0x6613|0x6615|0x6617|0x6619|0x661b|0x662e|0x6630|0x6632)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04e8"; + match "product" "0x8001"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04f1"; + match "product" "0x3008"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x04f1"; + match "product" "(0x3011|0x3012)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0502"; + match "product" "(0x1631|0x1632|0x16e1|0x16e2|0x16e3)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0506"; + match "product" "(0x03e8|0x11f8)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0506"; + match "product" "0x4601"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x0103"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x0109"; + action "kldload umct"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x0121"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x0257"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x0409"; + action "kldload umct"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x1203"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x4050"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x5055"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x7050"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "(0x7050|0x7051)"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x705a"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x705c"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x705e"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "(0x8053|0x805c|0x815c|0x825a|0x825b)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x905b"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x935a"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0525"; + match "product" "0x1080"; + action "kldload udbp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0525"; + match "product" "0xa4a2"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0536"; + match "product" "0x01a0"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0543"; + match "product" "(0x0ed9|0x1527|0x1529|0x152b|0x152e|0x1921|0x1922|0x1923)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0547"; + match "product" "0x2008"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0547"; + match "product" "0x2720"; + action "kldload udbp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x054c"; + match "product" "(0x0038|0x0066|0x0095|0x009a|0x00da|0x0169)"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x054c"; + match "product" "0x0437"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0557"; + match "product" "0x2002"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0557"; + match "product" "0x2007"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0557"; + match "product" "0x2008"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0557"; + match "product" "0x2009"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0557"; + match "product" "0x4000"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x055d"; + match "product" "0x2018"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0565"; + match "product" "0x0001"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0565"; + match "product" "(0x0002|0x0003|0x0005)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0567"; + match "product" "(0x2000|0x2002)"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x056c"; + match "product" "0x8007"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x056e"; + match "product" "(0x200c|0x4002|0x4005|0x400b|0x4010)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x056e"; + match "product" "(0x5003|0x5004)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x056e"; + match "product" "0xabc1"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x057c"; + match "product" "(0x2200|0x3800)"; + action "kldload ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0584"; + match "product" "0xb000"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0584"; + match "product" "0xb020"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0586"; + match "product" "(0x3401|0x3407|0x3409|0x340a|0x340f|0x3410)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0586"; + match "product" "(0x3416|0x341a)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x058f"; + match "product" "0x9720"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05a6"; + match "product" "0x0101"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x020d|0x020e|0x020f|0x0215|0x0217|0x0218|0x0219|0x021a|0x021b|0x021c|0x0229|0x022a|0x022b|0x030a|0x030b)"; + action "kldload atp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "0x1402"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ad"; + match "product" "0x0fba"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05c6"; + match "product" "(0x6000|0x6613)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05cc"; + match "product" "0x3000"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05db"; + match "product" "(0x0003|0x0005|0x0009|0x000a|0x0011)"; + action "kldload uvscom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05e0"; + match "product" "(0x2000|0x2001|0x2002|0x2003|0x2004|0x2005|0x2006|0x2007|0x2008|0x2009|0x200a)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05e3"; + match "product" "0x0501"; + action "kldload udbp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05e9"; + match "product" "(0x0008|0x0009)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x066b"; + match "product" "(0x200c|0x2202)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x066b"; + match "product" "0x2202"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x066b"; + match "product" "(0x2203|0x2204|0x2206|0x400b)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0675"; + match "product" "0x0550"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x067b"; + match "product" "(0x0000|0x0001)"; + action "kldload udbp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x067b"; + match "product" "(0x04bb|0x0609|0x0611|0x0612|0x1234|0x206a|0x2303)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x067b"; + match "product" "0x2501"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x067b"; + match "product" "(0x331a|0xaaa0|0xaaa2)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x067c"; + match "product" "0x1001"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x067e"; + match "product" "0x1001"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0681"; + match "product" "0x3c06"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x06e1"; + match "product" "(0x0008|0x0009)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x06f8"; + match "product" "0xe000"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x06f8"; + match "product" "(0xe010|0xe020)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x06f8"; + match "product" "0xe030"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0707"; + match "product" "0x0100"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0707"; + match "product" "(0x0200|0x0201)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0707"; + match "product" "0xee13"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0707"; + match "product" "0xee13"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0711"; + match "product" "(0x0200|0x0210|0x0230)"; + action "kldload umct"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0731"; + match "product" "(0x0528|0x2003)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0745"; + match "product" "0x0001"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0745"; + match "product" "0x1000"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0769"; + match "product" "0x11f2"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0769"; + match "product" "0x11f3"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0769"; + match "product" "0x31f3"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x077b"; + match "product" "0x2226"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0789"; + match "product" "0x010c"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0789"; + match "product" "0x0160"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0789"; + match "product" "(0x0162|0x0163|0x0164)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x078b"; + match "product" "0x1234"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x079b"; + match "product" "0x0027"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x079b"; + match "product" "(0x004a|0x0062)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07a6"; + match "product" "(0x07c2|0x0986|0x8511|0x8513|0x8515)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "0x0001"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "(0x0004|0x000d)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "0x0017"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "0x002a"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "(0x002d|0x002e)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "(0x002f|0x003c|0x003f|0x0041|0x0042)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "0x9601"; + action "kldload if_udav"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "(0x110c|0x200c)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "(0x2770|0x2870|0x3070|0x3071|0x3072)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "0x4000"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "(0x4002|0x4003|0x4004|0x4007|0x400b|0x400c|0x4102|0x4104)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "0x420a"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "0x6001"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "0xabc1"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; + match "product" "(0xb21b|0xb21c|0xb21d|0xb21e|0xb21f)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07c9"; + match "product" "0xb100"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07cf"; + match "product" "(0x2001|0x2002|0x2003)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07d1"; + match "product" "0x3a0c"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07d1"; + match "product" "(0x3c03|0x3c04|0x3c06|0x3c07)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07d1"; + match "product" "(0x3c09|0x3c0a|0x3c0b|0x3c0d|0x3c0e|0x3c0f|0x3c11|0x3c13|0x3c15|0x3c16)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x081e"; + match "product" "0xdf00"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x082d"; + match "product" "(0x0100|0x0200|0x0300)"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0830"; + match "product" "(0x0001|0x0002|0x0003|0x0020|0x0031|0x0040|0x0050|0x0060|0x0061|0x0070)"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0833"; + match "product" "(0x012e|0x039f)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0x1046"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "(0x4505|0x4506)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0x4508"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0x4521"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0x5046"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "(0x6618|0x7511|0x7512|0x7522|0x8522|0xa512|0xa618|0xa701|0xa702|0xb522|0xc522|0xd522)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0xe501"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0841"; + match "product" "0x0001"; + action "kldload urio"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "(0x1001|0x1002)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "0x1020"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "0x1040"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "0x4240"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "0x4260"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "0x4300"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; + match "product" "(0x6100|0x6a00)"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0856"; + match "product" "0xac01"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x085a"; + match "product" "(0x0008|0x0009)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x086e"; + match "product" "0x1920"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x087d"; + match "product" "0x5704"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x08d1"; + match "product" "0x0001"; + action "kldload if_cue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x08d1"; + match "product" "0x0003"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x08dd"; + match "product" "(0x0986|0x0987|0x0988|0x8511)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x08dd"; + match "product" "0x90ff"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x08e6"; + match "product" "0x5501"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x08fd"; + match "product" "0x000a"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0915"; + match "product" "(0x2000|0x2002)"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x091e"; + match "product" "0x0004"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0921"; + match "product" "0x1001"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0930"; + match "product" "(0x0700|0x0705|0x0706|0x0707|0x0708|0x0709|0x070a|0x070b)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0930"; + match "product" "0x0a07"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0930"; + match "product" "(0x0d45|0x1302)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x093c"; + match "product" "(0x0601|0x0701)"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x094b"; + match "product" "0x0001"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0951"; + match "product" "0x0008"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0951"; + match "product" "0x000a"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x095a"; + match "product" "0x3003"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0960"; + match "product" "(0x0065|0x0066|0x0067)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0961"; + match "product" "0x0010"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x099e"; + match "product" "(0x0052|0x4000)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x09aa"; + match "product" "0x1000"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x09d7"; + match "product" "0x0100"; + action "kldload ugensa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0a46"; + match "product" "(0x0268|0x8515|0x9601)"; + action "kldload if_udav"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0a5c"; + match "product" "0x2033"; + action "kldload ubtbcmfw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0ace"; + match "product" "(0x1211|0x1215)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "(0x5000|0x6000|0x6050|0x6100|0x6150|0x6200|0x6250|0x6300|0x6350|0x6500|0x6501|0x6600|0x6601|0x6701)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x6711"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "(0x6721|0x6741|0x6761|0x6800|0x6901)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x6911"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x6971"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x6971"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x7001"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x7011"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "(0x7021|0x7041|0x7061|0x7100|0x7201|0x7211)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "(0x7251|0x7301|0x7361|0x7381|0x7401|0x7501)"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0x7601"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "(0x7601|0xc031|0xd013|0xd031)"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "0xd033"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0af0"; + match "product" "(0xd033|0xd055|0xd055)"; + action "kldload uhso"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "(0x1706|0x1707)"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "(0x170c|0x171b)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x171d"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "(0x1723|0x1724)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "(0x1731|0x1732|0x1742|0x1760|0x1761|0x1784|0x1790)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "(0x4200|0x4201|0x4202|0x420f|0x9200|0x9202)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b39"; + match "product" "0x0109"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b39"; + match "product" "0x0421"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b3b"; + match "product" "(0x1630|0x5630|0x6630)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b41"; + match "product" "0x0011"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b63"; + match "product" "0x6530"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b8c"; + match "product" "0x2303"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b95"; + match "product" "(0x1720|0x1780|0x7720|0x772a|0x772b)"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0baf"; + match "product" "0x0118"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0baf"; + match "product" "0x0121"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bb2"; + match "product" "0x6098"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bb4"; + match "product" "(0x00ce|0x00cf|0x00cf|0x0a01|0x0a02|0x0a03|0x0a04|0x0a05|0x0a06|0x0a07|0x0a08|0x0a09|0x0a0a|0x0a0b|0x0a0c|0x0a0d|0x0a0e|0x0a0f|0x0a10|0x0a11|0x0a12|0x0a13|0x0a14|0x0a15|0x0a16|0x0a17|0x0a18|0x0a19|0x0a1a|0x0a1b|0x0a1c|0x0a1d|0x0a1e|0x0a1f|0x0a20|0x0a21|0x0a22|0x0a23|0x0a24|0x0a25|0x0a26|0x0a27|0x0a28|0x0a29|0x0a2a|0x0a2b|0x0a2c|0x0a2d|0x0a2e|0x0a2f|0x0a30|0x0a31|0x0a32|0x0a33|0x0a34|0x0a35|0x0a36|0x0a37|0x0a38|0x0a39|0x0a3a|0x0a3b|0x0a3c|0x0a3d|0x0a3e|0x0a3f|0x0a40|0x0a41|0x0a42|0x0a43|0x0a44|0x0a45|0x0a46|0x0a47|0x0a48|0x0a49|0x0a4a|0x0a4b|0x0a4c|0x0a4d|0x0a4e|0x0a4f|0x0a50|0x0a51|0x0a52|0x0a53|0x0a54|0x0a55|0x0a56|0x0a57|0x0a58|0x0a59|0x0a5a|0x0a5b|0x0a5c|0x0a5d|0x0a5e|0x0a5f|0x0a60|0x0a61|0x0a62|0x0a63|0x0a64|0x0a65|0x0a66|0x0a67|0x0a68|0x0a69|0x0a6a|0x0a6b|0x0a6c|0x0a6d|0x0a6e|0x0a6f|0x0a70|0x0a71|0x0a72|0x0a73|0x0a74|0x0a75|0x0a76|0x0a77|0x0a78|0x0a79|0x0a7a|0x0a7b|0x0a7c|0x0a7d|0x0a7e|0x0a7f|0x0a80|0x0a81|0x0a82|0x0a83|0x0a84|0x0a85|0x0a86|0x0a87|0x0a88|0x0a89|0x0a8a|0x0a8b|0x0a8c|0x0a8d|0x0a8e|0x0a8f|0x0a90|0x0a91|0x0a92|0x0a93|0x0a94|0x0a95|0x0a96|0x0a97|0x0a98|0x0a99|0x0a9a|0x0a9b|0x0a9c|0x0a9d|0x0a9e|0x0a9f|0x0bce)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0x8150"; + action "kldload if_rue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8187|0x8189|0x8197|0x8198)"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bed"; + match "product" "(0x1100|0x1101)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bf8"; + match "product" "0x1001"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bf8"; + match "product" "0x1009"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0c44"; + match "product" "0x03a2"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0c88"; + match "product" "0x17da"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0c88"; + match "product" "0x17da"; + action "kldload ugensa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0c88"; + match "product" "0x180a"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0c8e"; + match "product" "0x6000"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cad"; + match "product" "0x9001"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cde"; + match "product" "0x0008"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cde"; + match "product" "0x0011"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cde"; + match "product" "0x0012"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cde"; + match "product" "0x0015"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cde"; + match "product" "0x001a"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cde"; + match "product" "(0x0022|0x0025)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0cf3"; + match "product" "(0x0001|0x0003|0x0005)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0d8e"; + match "product" "0x3762"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0d8e"; + match "product" "(0x7801|0x7811)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0db0"; + match "product" "(0x3820|0x3821|0x3822|0x3870|0x3871)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0db0"; + match "product" "(0x6861|0x6865|0x6869)"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0db0"; + match "product" "(0x6874|0x6877)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0db0"; + match "product" "(0x6899|0x821a|0x822a|0x870a|0x871a|0x899a)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0db0"; + match "product" "(0xa861|0xa874)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0db7"; + match "product" "0x0002"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x000d"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x0017"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x0021"; + action "kldload if_mos"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x0028"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "(0x002b|0x002c|0x002d|0x0039|0x003b|0x003c|0x003d|0x003e|0x003f|0x0040|0x0041|0x0042|0x0047|0x0048|0x004a|0x004d)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x061c"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "(0x9071|0x9075)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "(0x90ac|0x9712)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df7"; + match "product" "0x0620"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e0b"; + match "product" "(0x9031|0x9041)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e55"; + match "product" "0x110b"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e66"; + match "product" "(0x0001|0x0003|0x0009|0x000b)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e66"; + match "product" "0x400c"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e67"; + match "product" "0x0002"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e7e"; + match "product" "0x1001"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0ea0"; + match "product" "0x6858"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0eab"; + match "product" "0xc893"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0eb0"; + match "product" "0x9020"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0eb0"; + match "product" "0x9021"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0eba"; + match "product" "(0x1080|0x2080)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0eef"; + match "product" "(0x0001|0x0002)"; + action "kldload uep"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f3d"; + match "product" "0x0112"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f3d"; + match "product" "0x0112"; + action "kldload ugensa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f3d"; + match "product" "0x68a3"; + action "kldload usie"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f4e"; + match "product" "0x0200"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f88"; + match "product" "0x3012"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f88"; + match "product" "0x3014"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f94"; + match "product" "0x0001"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0f98"; + match "product" "0x0201"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0fb8"; + match "product" "(0x3001|0x3002|0x3003|0x4001)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0fcf"; + match "product" "(0x1003|0x1004|0x1006)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0fe6"; + match "product" "(0x8101|0x9700)"; + action "kldload if_udav"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x100d"; + match "product" "(0x9031|0x9032)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1011"; + match "product" "0x3198"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1044"; + match "product" "0x8001"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1044"; + match "product" "0x8002"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1044"; + match "product" "0x8007"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1044"; + match "product" "(0x8008|0x800a)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1044"; + match "product" "(0x800b|0x800c|0x800d)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1066"; + match "product" "(0x00ce|0x0300|0x0500|0x0600|0x0700)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x106c"; + match "product" "0x3701"; + action "kldload umodem"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10a6"; + match "product" "0xaa26"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10ab"; + match "product" "0x10c5"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10b5"; + match "product" "0xac70"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10b5"; + match "product" "0xac70"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10bd"; + match "product" "0x1427"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10c4"; + match "product" "(0x0f91|0x1101|0x1601|0x800a|0x803b|0x8043|0x8044)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10c4"; + match "product" "0x8053"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10c4"; + match "product" "(0x8066|0x806f|0x807a|0x80ca|0x80dd|0x80ed|0x80f6|0x8115|0x813d|0x813f|0x814a|0x814a|0x814b|0x8156|0x815e|0x818b|0x819f|0x81a6|0x81ac|0x81ad|0x81c8|0x81e2|0x81e7|0x81e8|0x81f2|0x8218|0x822b|0x826b|0x8293|0x82f9|0x8341|0x8382|0x83a8|0x8411|0x846e|0x8477|0xea60|0xea61|0xea71|0xf001|0xf002|0xf003|0xf004)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10c5"; + match "product" "0xea61"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x10ce"; + match "product" "0xea61"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1114"; + match "product" "(0x0001|0x0004|0x0006)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x114b"; + match "product" "0x0110"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x114b"; + match "product" "0x0150"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1163"; + match "product" "0x0100"; + action "kldload ucycom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1182"; + match "product" "0x1388"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1186"; + match "product" "0x3e04"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1189"; + match "product" "0x0893"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1199"; + match "product" "(0x0017|0x0018|0x0019|0x0020|0x0021|0x0022|0x0023|0x0024|0x0025|0x0026|0x0027|0x0028|0x0029|0x0112|0x0120|0x0218)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1199"; + match "product" "0x0218"; + action "kldload umodem"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1199"; + match "product" "(0x0220|0x0224|0x0fff)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1199"; + match "product" "0x0fff"; + action "kldload usie"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1199"; + match "product" "(0x6802|0x6803|0x6804|0x6805|0x6808|0x6809|0x6812|0x6813|0x6815|0x6816|0x6820|0x6821|0x6822|0x6832|0x6833|0x6834|0x6835|0x6838|0x6839|0x683a|0x683b|0x683c|0x683d|0x683e|0x6850|0x6851|0x6852|0x6853|0x6855|0x6856|0x6859|0x685a|0x6880|0x6890|0x6891|0x6892|0x6893|0x68a3)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1199"; + match "product" "0x68a3"; + action "kldload usie"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x11ad"; + match "product" "0x0701"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x11d9"; + match "product" "(0x1002|0x1003)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x11f5"; + match "product" "(0x0001|0x0003|0x0004|0x0005)"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x11f6"; + match "product" "0x2001"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x11f7"; + match "product" "0x02df"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1231"; + match "product" "(0xce01|0xce02)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x126f"; + match "product" "0xa006"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x129b"; + match "product" "0x1666"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x129b"; + match "product" "0x1828"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x12d1"; + match "product" "(0x1001|0x1003|0x1004|0x1401|0x1402|0x1403|0x1404|0x1405|0x1406|0x1407|0x1408|0x1409|0x140a|0x140b|0x140c|0x140d|0x140e|0x140f|0x1410|0x1411|0x1412|0x1413|0x1414|0x1415|0x1416|0x1417|0x1418|0x1419|0x141a|0x141b|0x141c|0x141d|0x141e|0x141f|0x1420|0x1421|0x1422|0x1423|0x1424|0x1425|0x1426|0x1427|0x1428|0x1429|0x142a|0x142b|0x142c|0x142d|0x142e|0x142f|0x1430|0x1431|0x1432|0x1433|0x1434|0x1435|0x1436|0x1437|0x1438|0x1439|0x143a|0x143b|0x143c|0x143d|0x143e|0x143f|0x1446|0x1465|0x14ac|0x1520|0x1c05|0x1c0b)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x12ef"; + match "product" "0x0100"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1342"; + match "product" "0x0204"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1371"; + match "product" "(0x9022|0x9032)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1371"; + match "product" "0x9401"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1385"; + match "product" "(0x4250|0x5f00|0x5f02)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13ad"; + match "product" "0x9999"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "0x000c"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "(0x000d|0x0011)"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "0x0018"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "0x001a"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "(0x0020|0x0023)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "0x0024"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13b1"; + match "product" "0x002f"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13d2"; + match "product" "0x0400"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13d3"; + match "product" "(0x3247|0x3262|0x3273|0x3284|0x3305)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1410"; + match "product" "(0x1100|0x1110|0x1120|0x1130|0x1400|0x1410|0x1420|0x1430|0x1450|0x2100|0x2110|0x2120|0x2130|0x2400|0x2410|0x2420|0x4100|0x4400|0x5010|0x5100|0x6000|0x6002|0x7042)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1416"; + match "product" "0x1110"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1435"; + match "product" "0x0427"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1435"; + match "product" "0x0711"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1435"; + match "product" "(0x0826|0x082a)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1453"; + match "product" "0x4026"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1472"; + match "product" "0x0009"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1482"; + match "product" "0x3c09"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1485"; + match "product" "(0x0001|0x0002)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "0x1706"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "0x2070"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "0x2570"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "(0x2573|0x2671)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "(0x2770|0x2870|0x3070|0x3071|0x3072|0x3370|0x3572|0x8070)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "0x9020"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x148f"; + match "product" "0x9021"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14b2"; + match "product" "0x3c02"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14b2"; + match "product" "(0x3c06|0x3c07|0x3c08|0x3c09|0x3c11|0x3c12)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14b2"; + match "product" "0x3c22"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14b2"; + match "product" "(0x3c23|0x3c25|0x3c25|0x3c27|0x3c28)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14ea"; + match "product" "0xab10"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14ea"; + match "product" "0xab11"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14ea"; + match "product" "0xab13"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1555"; + match "product" "0x0004"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1557"; + match "product" "0x7720"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1557"; + match "product" "0x8150"; + action "kldload if_rue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x157e"; + match "product" "0x3006"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x157e"; + match "product" "(0x300a|0x300b|0x300d)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x157e"; + match "product" "0x300e"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x157e"; + match "product" "0x3204"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x157e"; + match "product" "0x3205"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1582"; + match "product" "0x6003"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x15a9"; + match "product" "0x0004"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x15a9"; + match "product" "(0x0006|0x0010)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x15c5"; + match "product" "0x0008"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x15e8"; + match "product" "(0x9100|0x9110)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1614"; + match "product" "(0x0800|0x0802|0x7002)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1631"; + match "product" "0x6200"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1631"; + match "product" "0xc019"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1645"; + match "product" "(0x0005|0x0008|0x8005)"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x166a"; + match "product" "0x0303"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x167b"; + match "product" "0x4001"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x168c"; + match "product" "0x0001"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1690"; + match "product" "0x0601"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1690"; + match "product" "(0x0710|0x0712)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1690"; + match "product" "0x0722"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1690"; + match "product" "(0x0740|0x0744)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16ab"; + match "product" "(0x7801|0x7811)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d5"; + match "product" "(0x6202|0x6501)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d5"; + match "product" "0x6501"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d5"; + match "product" "0x6502"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d5"; + match "product" "0x6502"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d6"; + match "product" "(0x0001|0x0001)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d8"; + match "product" "(0x6006|0x6280)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16d8"; + match "product" "0x6280"; + action "kldload ugensa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x16dc"; + match "product" "(0x0010|0x0011|0x0012|0x0015)"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1726"; + match "product" "0x1000"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1726"; + match "product" "0x1000"; + action "kldload ubsa"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1737"; + match "product" "0x0039"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1737"; + match "product" "(0x0070|0x0071)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1737"; + match "product" "0x0073"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1737"; + match "product" "(0x0077|0x0078|0x0079)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1740"; + match "product" "(0x0605|0x0615)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1740"; + match "product" "0x2000"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1740"; + match "product" "(0x9701|0x9702|0x9703|0x9705|0x9706|0x9707|0x9708|0x9709|0x9801)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1761"; + match "product" "0x0b05"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x177f"; + match "product" "(0x0153|0x0302|0x0313)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x17f4"; + match "product" "0xaaaa"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1843"; + match "product" "0x0200"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18c5"; + match "product" "0x0002"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18c5"; + match "product" "(0x0008|0x0012)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18e8"; + match "product" "(0x6196|0x6229)"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18e8"; + match "product" "0x6232"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18e8"; + match "product" "0x6238"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18e8"; + match "product" "0x6259"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x18ef"; + match "product" "0xe00f"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x19d2"; + match "product" "(0x0001|0x0002|0x0003|0x0004|0x0005|0x0006|0x0007|0x0008|0x0009|0x000a|0x000b|0x000c|0x000d|0x000e|0x000f|0x0010|0x0011|0x0012|0x0013|0x0014|0x0015|0x0016|0x0017|0x0018|0x0019|0x0020|0x0021|0x0022|0x0023|0x0024|0x0025|0x0026|0x0027|0x0028|0x0029|0x0030|0x0031|0x0032|0x0033|0x0037|0x0039|0x0042|0x0043|0x0048|0x0049|0x0051|0x0052|0x0053|0x0054|0x0055|0x0057|0x0058|0x0059|0x0060|0x0061|0x0062|0x0063|0x0064|0x0066|0x0069|0x0070|0x0073|0x0076|0x0078|0x0082|0x0086|0x0117|0x2000|0x2002|0x2003|0xfff1|0xfff5|0xfffe)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1a86"; + match "product" "0x7523"; + action "kldload uchcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1a8d"; + match "product" "(0x1002|0x1003|0x1004|0x1005|0x1006|0x1007|0x1008|0x1009|0x100a|0x100b|0x100c|0x100d|0x100e|0x100f|0x1010|0x1011|0x1012)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1b3d"; + match "product" "0x0153"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1b75"; + match "product" "0x3072"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1b75"; + match "product" "0x8187"; + action "kldload if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1bbb"; + match "product" "(0x0000|0xf000)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1bc7"; + match "product" "(0x1003|0x1004)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1be3"; + match "product" "0x07a6"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1c9e"; + match "product" "(0x6061|0x9603|0x9605|0xf000)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1cf1"; + match "product" "(0x0001|0x0004)"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1d09"; + match "product" "0x4000"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1d4d"; + match "product" "(0x0002|0x000c|0x000e|0x0010)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1da5"; + match "product" "(0x4512|0x4515|0x4519|0x4523)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1e0e"; + match "product" "(0x9000|0x9200|0xce16)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1eda"; + match "product" "0x2310"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "0x1a00"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "0x200c"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "(0x3a00|0x3a02|0x3a04)"; + action "kldload if_uath"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "0x3c00"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "0x3c05"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "(0x3c09|0x3c0a)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "0x4000"; + action "kldload if_kue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; + match "product" "(0x4001|0x4002|0x4003|0x400b|0x4102|0xabc1)"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "0x5303"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "0xab01"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "(0xab24|0xab25)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "0xab50"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "(0xc007|0xed01)"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "0xed02"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "(0xed06|0xed14)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x203d"; + match "product" "(0x1480|0x14a1|0x14a9)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x20b8"; + match "product" "0x8888"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x20b9"; + match "product" "0x1682"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x22b8"; + match "product" "(0x4204|0x4214|0x4224|0x4234|0x4244)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x22b8"; + match "product" "(0x600c|0x6027)"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2478"; + match "product" "0x2008"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x3334"; + match "product" "0x1701"; + action "kldload if_aue"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x3340"; + match "product" "(0x011c|0x0326|0x0426|0x043a|0x051c|0x053a|0x071c|0x0b1c|0x0e3a|0x0f1c|0x0f3a|0x1326|0x191c|0x2326|0x3326)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x3708"; + match "product" "(0x20ce|0x21ce)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x4113"; + match "product" "(0x0210|0x0211|0x0400|0x0410)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x413c"; + match "product" "(0x4001|0x4002|0x4003|0x4004|0x4005|0x4006|0x4007|0x4008|0x4009)"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x413c"; + match "product" "(0x8102|0x8104)"; + action "kldload if_upgt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x413c"; + match "product" "(0x8114|0x8115|0x8116|0x8117|0x8118|0x8128|0x8129|0x8133|0x8134|0x8135|0x8136|0x8137|0x8138|0x8180|0x8181|0x8182)"; + action "kldload u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x413c"; + match "product" "0x9500"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x4348"; + match "product" "0x5523"; + action "kldload uchcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x4505"; + match "product" "0x0010"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x4766"; + match "product" "0x0001"; + action "kldload uvisor"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x5173"; + match "product" "0x1809"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x5372"; + match "product" "0x2303"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x5a57"; + match "product" "0x0260"; + action "kldload if_ural"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x5a57"; + match "product" "(0x0280|0x0282|0x0283|0x0284|0x5257)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x5e04"; + match "product" "0xce00"; + action "kldload uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x6189"; + match "product" "0x182d"; + action "kldload if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x6189"; + match "product" "0x2068"; + action "kldload uplcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x6547"; + match "product" "0x0232"; + action "kldload uark"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x6891"; + match "product" "0xa727"; + action "kldload if_zyd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x7392"; + match "product" "0x7318"; + action "kldload if_rum"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x7392"; + match "product" "(0x7711|0x7717|0x7718)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x8516"; + match "product" "(0x2070|0x2770|0x2870|0x3070|0x3071|0x3072|0x3572)"; + action "kldload if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x9710"; + match "product" "0x7703"; + action "kldload umoscom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x9710"; + match "product" "0x7730"; + action "kldload if_mos"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x9710"; + match "product" "0x7820"; + action "kldload umcs"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x9710"; + match "product" "0x7830"; + action "kldload if_mos"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x9710"; + match "product" "0x7840"; + action "kldload umcs"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x9e88"; + match "product" "0x9e8f"; + action "kldload uftdi"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0xdaae"; + match "product" "0xead6"; + action "kldload uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x02"; + match "intsubclass" "0x02"; + match "intprotocol" "0x01"; + action "kldload umodem"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x03"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload ukbd"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x03"; + match "intsubclass" "0x01"; + match "intprotocol" "0x02"; + action "kldload ums"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x07"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload ulpt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x07"; + match "intsubclass" "0x01"; + match "intprotocol" "0x02"; + action "kldload ulpt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x07"; + match "intsubclass" "0x01"; + match "intprotocol" "0x03"; + action "kldload ulpt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0xe0"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0xff"; + match "intsubclass" "0x5d"; + match "intprotocol" "0x01"; + action "kldload uhid"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x01"; + match "intsubclass" "0x01"; + action "kldload snd_uaudio"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x01"; + match "intsubclass" "0x03"; + action "kldload snd_uaudio"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "(host|device)"; + match "intclass" "0x02"; + match "intsubclass" "0x06"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "(host|device)"; + match "intclass" "0x02"; + match "intsubclass" "0x0a"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "(host|device)"; + match "intclass" "0x02"; + match "intsubclass" "0x0d"; + action "kldload if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x02"; + match "intsubclass" "0x88"; + action "kldload ufoma"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x03"; + action "kldload uhid"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x08"; + action "kldload umass"; +}; + +# 1645 USB entries processed + diff --git a/etc/devfs.conf b/etc/devfs.conf new file mode 100644 index 0000000..d3d6075 --- /dev/null +++ b/etc/devfs.conf @@ -0,0 +1,43 @@ +# Copyright (c) 2003 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# These are examples of how to configure devices using /etc/rc.d/devfs. +# The first parameter is always the action to take, the second is always the +# existing device created by devfs, and the last is what you want to change. +# The name of the action is only significant to the first unique character. +# +# Examples: + +# Commonly used by many ports +#link cd0 cdrom +#link cd0 dvd + +# Allow a user in the wheel group to query the smb0 device +#perm smb0 0660 + +# Allow members of group operator to cat things to the speaker +#own speaker root:operator +#perm speaker 0660 diff --git a/etc/dhclient.conf b/etc/dhclient.conf new file mode 100644 index 0000000..a7639d9 --- /dev/null +++ b/etc/dhclient.conf @@ -0,0 +1,8 @@ +# $FreeBSD$ +# +# This file is required by the ISC DHCP client. +# See ``man 5 dhclient.conf'' for details. +# +# In most cases an empty file is sufficient for most people as the +# defaults are usually fine. +# diff --git a/etc/disktab b/etc/disktab new file mode 100644 index 0000000..136a816 --- /dev/null +++ b/etc/disktab @@ -0,0 +1,198 @@ +# $FreeBSD$ +# +# Disk geometry and partition layout tables. +# See disktab(5) for format of this file. +# + +# +# Floppy formats: +# +# To make a filesystem on a floppy: +# fdformat [-f <size>] fd<drive>[.<size>] +# disklabel -B -r -w fd<drive>[.<size>] fd<size> +# newfs <opts> fd<drive>[.<size>] +# +# with <opts>: +# -t 2 - two heads +# -u 9|15|18 - sectors per track +# (using the default value of 1/4096 is not much useful for floppies) +# -l 1 - interleave 1 (for most floppies) +# -i 65536 - bytes of data per i-node +# (the default -i value will render you with a floppy wasting way +# too much space in i-node areas) +# + +fd360:\ + :ty=floppy:se#512:nt#2:rm#300:ns#9:nc#40:\ + :pa#720:oa#0:ba#4096:fa#512:\ + :pc#720:oc#0:bc#4096:fc#512: + +fd720:\ + :ty=floppy:se#512:nt#2:rm#300:ns#9:nc#80:\ + :pa#1440:oa#0:ba#4096:fa#512:\ + :pc#1440:oc#0:bc#4096:fc#512: + +fd1200|floppy5|5in|5.25in High Density Floppy:\ + :ty=floppy:se#512:nt#2:rm#360:ns#15:nc#80:\ + :pa#2400:oa#0:ba#4096:fa#512:\ + :pc#2400:oc#0:bc#4096:fc#512: + +fd1440|floppy|floppy3|3in|3.5in High Density Floppy:\ + :ty=floppy:se#512:nt#2:rm#300:ns#18:nc#80:\ + :pa#2880:oa#0:ba#4096:fa#512:\ + :pc#2880:oc#0:bc#4096:fc#512: + +# +# Stressed floppy-formats. No guarantees given. +# + +fd800:\ + :ty=floppy:se#512:nt#2:rm#300:ns#10:nc#80:\ + :pa#1600:oa#0:ba#4096:fa#512:\ + :pc#1600:oc#0:bc#4096:fc#512: + +fd820:\ + :ty=floppy:se#512:nt#2:rm#300:ns#10:nc#82:\ + :pa#1640:oa#0:ba#4096:fa#512:\ + :pc#1640:oc#0:bc#4096:fc#512: + +fd1480:\ + :ty=floppy:se#512:nt#2:rm#300:ns#18:nc#82:\ + :pa#2952:oa#0:ba#4096:fa#512:\ + :pc#2952:oc#0:bc#4096:fc#512: + +fd1720:\ + :ty=floppy:se#512:nt#2:rm#300:ns#21:nc#82:\ + :pa#3444:oa#0:ba#4096:fa#512:\ + :pc#3444:oc#0:bc#4096:fc#512: + +# +# LS-120 floppy-format. +# +fd120m|floppy120|floppy120m|3.5in LS-120 Floppy:\ + :ty=floppy:se#512:nt#8:rm#300:ns#32:nc#963:\ + :pa#246528:oa#0:ba#4096:fa#512:\ + :pc#246528:oc#0:bc#4096:fc#512: + +# +# Harddisk formats +# +qp120at|Quantum Peripherals 120MB IDE:\ + :dt=ESDI:ty=winchester:se#512:nt#9:ns#32:nc#813:sf: \ + :pa#13824:oa#0:ta=4.2BSD:ba#4096:fa#512: \ + :pb#13824:ob#13824:tb=swap: \ + :pc#234144:oc#0: \ + :ph#206496:oh#27648:th=4.2BSD:bh#4096:fh#512: + +pan60|Panasonic Laptop's 60MB IDE:\ + :dt=ST506:ty=winchester:se#512:nt#13:ns#17:nc#565:\ + :pa#13260:oa#0:ta=4.2BSD:ba#4096:fa#512:\ + :pb#13260:ob#13260:tb=swap: \ + :pc#124865:oc#0: \ + :ph#97682:oh#26520:th=4.2BSD:bh#4096:fh#512: + +mk156|toshiba156|Toshiba MK156 156Mb:\ + :dt=SCSI:ty=winchester:se#512:nt#10:ns#35:nc#825:\ + :pa#15748:oa#0:ba#4096:fa#512:ta=4.2BSD:\ + :pb#15748:ob#15748:tb=swap:\ + :pc#288750:oc#0:\ + :ph#257250:oh#31500:bh#4096:fh#512:th=4.2BSD: + +cp3100|Connor Peripherals 100MB IDE:\ + :dt=ST506:ty=winchester:se#512:nt#8:ns#33:nc#766: \ + :pa#12144:oa#0:ta=4.2BSD:ba#4096:fa#512: \ + :pb#12144:ob#12144:tb=swap: \ + :pc#202224:oc#0: \ + :ph#177936:oh#24288:th=4.2BSD:bh#4096:fh#512: + +# a == root +# b == swap +# c == d == whole disk +# e == /var +# f == scratch +# h == /usr + +cp3100new|Connor Peripherals 100MB IDE, with a different configuration:\ + :dt=ST506:ty=winchester:se#512:nt#8:ns#33:nc#766: \ + :pa#15840:oa#0:ta=4.2BSD:ba#4096:fa#512: \ + :pb#24288:ob#15840:tb=swap: \ + :pc#202224:oc#0: \ + :pd#202224:od#0: \ + :pe#15840:oe#40128:te=4.2BSD:be#4096:fe#512: \ + :pg#15840:og#55968:tg=4.2BSD:bg#4096:fg#512: \ + :ph#130416:oh#71808:th=4.2BSD:bh#4096:fh#512: + +maxtor4380|Maxtor XT4380E ESDI :\ + :dt=ESDI:ty=winchester:se#512:nt#15:ns#36:nc#1222:sf: \ + :pa#21600:oa#0:ta=4.2BSD:ba#4096:fa#512:\ + :pb#21600:ob#21600:tb=swap: \ + :pc#659880:oc#0: \ + :pd#216000:od#53200:td=4.2BSD:bd#4096:fd#512: \ + :ph#398520:oh#269200:th=4.2BSD:bh#4096:fh#512: + +miniscribe9380|compaq38|Miniscribe 9380 ESDI :\ + :ty=winchester:dt=ESDI:se#512:nt#15:ns#35:nc#1223:rm#3600:sf: \ + :pa#21000:oa#0:ba#8192:fa#1024:ta=4.2BSD: \ + :pb#42000:ob#21000:tb=swap: \ + :pc#642075:oc#0: \ + :pd#21000:od#63000:bd#8192:fd#1024:td=4.2BSD: \ + :ph#556500:oh#84000:bh#8192:fh#1024:th=4.2BSD: + +ida4|compaq88|Compaq IDA (4 drives) :\ + :ty=winchester:dt=IDA:se#512:nt#16:ns#63:nc#1644:rm#3600:\ + :pa#20160:oa#0:ba#8192:fa#1024:ta=4.2BSD: \ + :pb#80640:ob#20160:tb=swap: \ + :pc#1659168:oc#0: \ + :pd#201600:od#100800:bd#8192:fd#1024:td=4.2BSD: \ + :pe#20160:oe#1310400:be#8192:fe#1024:te=4.2BSD: \ + :ph#1008000:oh#302400:bh#8192:fh#1024:th=4.2BSD: \ + :pg#302400:og#1330560:bg#4096:fg#512:tg=4.2BSD: + +fuji513|Fujitsu M22XXXX: \ + :ty=winchester:dt=ESDI:se#512:nt#16:ns#63:nc#954:rm#3600:\ + :pa#20160:oa#82656:ba#4096:fa#512:ta=4.2BSD: \ + :pb#40320:ob#102816:tb=swap: \ + :pc#961632:oc#0: \ + :ph#656208:oh#143136:bh#4096:fh#512:th=4.2BSD: + +sony650|Sony 650 MB MOD|\ + :ty=removable:dt=SCSI:se#512:nt#1:ns#31:nc#18600:ts#1:rm#4800:\ + :pc#576600:oc#0:\ + :pa#576600:oa#0:ta=4.2BSD:ba#8192:fa#1024: + +mta3230|mo230|IBM MTA-3230 230 Meg 3.5inch Magneto-Optical:\ + :ty=removeable:dt=SCSI:rm#3600:\ + :se#512:nt#64:ns#32:nc#216:sc#2048:su#444384:\ + :pa#444384:oa#0:ba#4096:fa#0:ta=4.2BSD:\ + :pc#444384:oc#0: + +minimum:ty=mfs:se#512:nt#1:rm#300:\ + :ns#2880:nc#1:\ + :pa#2880:oa#0:ba#4096:fa#512:\ + :pc#2880:oc#0:bc#4096:fc#512: + +minimum2:ty=mfs:se#512:nt#1:rm#300:\ + :ns#5760:nc#1:\ + :pa#5760:oa#0:ba#4096:fa#512:\ + :pc#5760:oc#0:bc#4096:fc#512: + +minimum3:ty=mfs:se#512:nt#1:rm#300:\ + :ns#8640:nc#1:\ + :pa#8640:oa#0:ba#4096:fa#512:\ + :pc#8640:oc#0:bc#4096:fc#512: + +zip100|zip 100:\ + :ty=removable:se#512:nc#96:nt#64:ns#32:\ + :pa#196608:oa#0:ba#4096:fa#512:\ + :pc#196608:oc#0:bc#4096:fc#512: + +zip250|zip 250:\ + :ty=removable:se#512:nc#239:nt#64:ns#32:\ + :pa#489472:oa#0:ba#4096:fa#512:\ + :pc#489472:oc#0:bc#4096:fc#512: + +orb2200|orb22|orb:\ + :ty=removable:ns#63:nt#128:nc#4273:sc#1008:su#4307184:se#512:\ + :pa#4307184:oa#0:ba#8192:fa#1024:\ + :pc#4307184:oc#0:bc#8192:fc#1024: + diff --git a/etc/etc.amd64/ttys b/etc/etc.amd64/ttys new file mode 100644 index 0000000..42fa7c0 --- /dev/null +++ b/etc/etc.amd64/ttys @@ -0,0 +1,49 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" xterm on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" xterm on secure +ttyv2 "/usr/libexec/getty Pc" xterm on secure +ttyv3 "/usr/libexec/getty Pc" xterm on secure +ttyv4 "/usr/libexec/getty Pc" xterm on secure +ttyv5 "/usr/libexec/getty Pc" xterm on secure +ttyv6 "/usr/libexec/getty Pc" xterm on secure +ttyv7 "/usr/libexec/getty Pc" xterm on secure +ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyu0 "/usr/libexec/getty std.9600" dialup off secure +ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu2 "/usr/libexec/getty std.9600" dialup off secure +ttyu3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/etc.arm/ttys b/etc/etc.arm/ttys new file mode 100644 index 0000000..b6fd9ed --- /dev/null +++ b/etc/etc.arm/ttys @@ -0,0 +1,49 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" xterm off secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" xterm off secure +ttyv2 "/usr/libexec/getty Pc" xterm off secure +ttyv3 "/usr/libexec/getty Pc" xterm off secure +ttyv4 "/usr/libexec/getty Pc" xterm off secure +ttyv5 "/usr/libexec/getty Pc" xterm off secure +ttyv6 "/usr/libexec/getty Pc" xterm off secure +ttyv7 "/usr/libexec/getty Pc" xterm off secure +#ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyu0 "/usr/libexec/getty std.9600" vt100 on secure +ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu2 "/usr/libexec/getty std.9600" dialup off secure +ttyu3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/etc.i386/ttys b/etc/etc.i386/ttys new file mode 100644 index 0000000..42fa7c0 --- /dev/null +++ b/etc/etc.i386/ttys @@ -0,0 +1,49 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" xterm on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" xterm on secure +ttyv2 "/usr/libexec/getty Pc" xterm on secure +ttyv3 "/usr/libexec/getty Pc" xterm on secure +ttyv4 "/usr/libexec/getty Pc" xterm on secure +ttyv5 "/usr/libexec/getty Pc" xterm on secure +ttyv6 "/usr/libexec/getty Pc" xterm on secure +ttyv7 "/usr/libexec/getty Pc" xterm on secure +ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyu0 "/usr/libexec/getty std.9600" dialup off secure +ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu2 "/usr/libexec/getty std.9600" dialup off secure +ttyu3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/etc.ia64/ttys b/etc/etc.ia64/ttys new file mode 100644 index 0000000..2da3461 --- /dev/null +++ b/etc/etc.ia64/ttys @@ -0,0 +1,49 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" xterm off secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" xterm off secure +ttyv2 "/usr/libexec/getty Pc" xterm off secure +ttyv3 "/usr/libexec/getty Pc" xterm off secure +ttyv4 "/usr/libexec/getty Pc" xterm off secure +ttyv5 "/usr/libexec/getty Pc" xterm off secure +ttyv6 "/usr/libexec/getty Pc" xterm off secure +ttyv7 "/usr/libexec/getty Pc" xterm off secure +ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals. The 'dialup' keyword identifies dialin lines to login, +# fingerd etc. +ttyu0 "/usr/libexec/getty std.9600" vt100 on secure +ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu2 "/usr/libexec/getty std.9600" dialup off secure +ttyu3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/etc.mips/ttys b/etc/etc.mips/ttys new file mode 100644 index 0000000..2fbeae5 --- /dev/null +++ b/etc/etc.mips/ttys @@ -0,0 +1,36 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyu0 "/usr/libexec/getty std.115200" dialup on secure +ttyu1 "/usr/libexec/getty std.115200" dialup off secure +ttyu2 "/usr/libexec/getty std.115200" dialup off secure +ttyu3 "/usr/libexec/getty std.115200" dialup off secure diff --git a/etc/etc.pc98/ttys b/etc/etc.pc98/ttys new file mode 100644 index 0000000..ad20aca --- /dev/null +++ b/etc/etc.pc98/ttys @@ -0,0 +1,49 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically cons25w. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" cons25w on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" cons25w on secure +ttyv2 "/usr/libexec/getty Pc" cons25w on secure +ttyv3 "/usr/libexec/getty Pc" cons25w on secure +ttyv4 "/usr/libexec/getty Pc" cons25w on secure +ttyv5 "/usr/libexec/getty Pc" cons25w on secure +ttyv6 "/usr/libexec/getty Pc" cons25w on secure +ttyv7 "/usr/libexec/getty Pc" cons25w on secure +ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyu0 "/usr/libexec/getty std.9600" dialup off secure +ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu2 "/usr/libexec/getty std.9600" dialup off secure +ttyu3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/etc.powerpc/ttys b/etc/etc.powerpc/ttys new file mode 100644 index 0000000..51a802c --- /dev/null +++ b/etc/etc.powerpc/ttys @@ -0,0 +1,49 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" xterm on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" xterm on secure +ttyv2 "/usr/libexec/getty Pc" xterm on secure +ttyv3 "/usr/libexec/getty Pc" xterm on secure +ttyv4 "/usr/libexec/getty Pc" xterm on secure +ttyv5 "/usr/libexec/getty Pc" xterm on secure +ttyv6 "/usr/libexec/getty Pc" xterm on secure +ttyv7 "/usr/libexec/getty Pc" xterm on secure +#ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +ttyu0 "/usr/libexec/getty std.9600" vt100 on secure +ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu2 "/usr/libexec/getty std.9600" dialup off secure +ttyu3 "/usr/libexec/getty std.9600" dialup off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/etc.sparc64/ttys b/etc/etc.sparc64/ttys new file mode 100644 index 0000000..fccc6bd --- /dev/null +++ b/etc/etc.sparc64/ttys @@ -0,0 +1,54 @@ +# +# $FreeBSD$ +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# This file specifies various information about terminals on the system. +# It is used by several different programs. Common entries for the +# various columns include: +# +# name The name of the terminal device. +# +# getty The program to start running on the terminal. Typically a +# getty program, as the name implies. Other common entries +# include none, when no getty is needed, and xdm, to start the +# X Window System. +# +# type The initial terminal type for this port. For hardwired +# terminal lines, this will contain the type of terminal used. +# For virtual consoles, the correct type is typically xterm. +# Other common values include dialup for incoming modem ports, and +# unknown when the terminal type cannot be predetermined. +# +# status Must be on or off. If on, init will run the getty program on +# the specified port. If the word "secure" appears, this tty +# allows root login. +# +# name getty type status comments +# +# If console is marked "insecure", then init will ask for the root password +# when going to single-user mode. +console none unknown off secure +# ofw_console(4) +screen "/usr/libexec/getty Pc" vt100 off secure +ttya "/usr/libexec/getty 3wire.9600" vt100 off secure +ttyb "/usr/libexec/getty 3wire.9600" vt100 off secure +# syscons(4) +ttyv0 "/usr/libexec/getty Pc" xterm on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" xterm on secure +ttyv2 "/usr/libexec/getty Pc" xterm on secure +ttyv3 "/usr/libexec/getty Pc" xterm on secure +ttyv4 "/usr/libexec/getty Pc" xterm on secure +ttyv5 "/usr/libexec/getty Pc" xterm on secure +ttyv6 "/usr/libexec/getty Pc" xterm on secure +ttyv7 "/usr/libexec/getty Pc" xterm on secure +ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure +# Serial terminals +# The 'dialup' keyword identifies dialin lines to login, fingerd etc. +# uart(4) +ttyu0 "/usr/libexec/getty std.9600" vt100 on secure +ttyu1 "/usr/libexec/getty std.9600" vt100 on secure +ttyu2 "/usr/libexec/getty std.9600" vt100 on secure +ttyu3 "/usr/libexec/getty std.9600" vt100 off secure +# Dumb console +dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/fbtab b/etc/fbtab new file mode 100644 index 0000000..83ac65d --- /dev/null +++ b/etc/fbtab @@ -0,0 +1,4 @@ +# $FreeBSD$ +# +#/dev/ttyv0 0600 /dev/console +#/dev/ttyv0 0600 /dev/pcaudio:/dev/pcaudioctl diff --git a/etc/freebsd-update.conf b/etc/freebsd-update.conf new file mode 100644 index 0000000..4410903 --- /dev/null +++ b/etc/freebsd-update.conf @@ -0,0 +1,76 @@ +# $FreeBSD$ + +# Trusted keyprint. Changing this is a Bad Idea unless you've received +# a PGP-signed email from <security-officer@FreeBSD.org> telling you to +# change it and explaining why. +KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5 + +# Server or server pool from which to fetch updates. You can change +# this to point at a specific server if you want, but in most cases +# using a "nearby" server won't provide a measurable improvement in +# performance. +ServerName update.FreeBSD.org + +# Components of the base system which should be kept updated. +Components src world kernel + +# Example for updating the userland and the kernel source code only: +# Components src/base src/sys world + +# Paths which start with anything matching an entry in an IgnorePaths +# statement will be ignored. +IgnorePaths + +# Paths which start with anything matching an entry in an IDSIgnorePaths +# statement will be ignored by "freebsd-update IDS". +IDSIgnorePaths /usr/share/man/cat +IDSIgnorePaths /usr/share/man/whatis +IDSIgnorePaths /var/db/locate.database +IDSIgnorePaths /var/log + +# Paths which start with anything matching an entry in an UpdateIfUnmodified +# statement will only be updated if the contents of the file have not been +# modified by the user (unless changes are merged; see below). +UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile + +# When upgrading to a new FreeBSD release, files which match MergeChanges +# will have any local changes merged into the version from the new release. +MergeChanges /etc/ /var/named/etc/ /boot/device.hints + +### Default configuration options: + +# Directory in which to store downloaded updates and temporary +# files used by FreeBSD Update. +# WorkDir /var/db/freebsd-update + +# Destination to send output of "freebsd-update cron" if an error +# occurs or updates have been downloaded. +# MailTo root + +# Is FreeBSD Update allowed to create new files? +# AllowAdd yes + +# Is FreeBSD Update allowed to delete files? +# AllowDelete yes + +# If the user has modified file ownership, permissions, or flags, should +# FreeBSD Update retain this modified metadata when installing a new version +# of that file? +# KeepModifiedMetadata yes + +# When upgrading between releases, should the list of Components be +# read strictly (StrictComponents yes) or merely as a list of components +# which *might* be installed of which FreeBSD Update should figure out +# which actually are installed and upgrade those (StrictComponents no)? +# StrictComponents no + +# When installing a new kernel perform a backup of the old one first +# so it is possible to boot the old kernel in case of problems. +# BackupKernel yes + +# If BackupKernel is enabled, the backup kernel is saved to this +# directory. +# BackupKernelDir /boot/kernel.old + +# When backing up a kernel also back up debug symbol files? +# BackupKernelSymbolFiles no diff --git a/etc/ftpusers b/etc/ftpusers new file mode 100644 index 0000000..06b3f49 --- /dev/null +++ b/etc/ftpusers @@ -0,0 +1,26 @@ +# $FreeBSD$ +# +# list of users disallowed any ftp access. +# read by ftpd(8). +root +toor +daemon +operator +bin +tty +kmem +games +news +man +sshd +bind +proxy +_pflogd +_dhcp +uucp +pop +www +hast +nobody +mailnull +smmsp diff --git a/etc/gettytab b/etc/gettytab new file mode 100644 index 0000000..f450105 --- /dev/null +++ b/etc/gettytab @@ -0,0 +1,233 @@ +# $FreeBSD$ +# from: @(#)gettytab 5.14 (Berkeley) 3/27/91 +# +# Most of the table entries here are just copies of the old getty table, +# it is by no means certain, or even likely, that any of them are optimal +# for any purpose whatever. Nor is it likely that more than a couple are +# even correct. +# +# The default gettytab entry, used to set defaults for all other +# entries, and in cases where getty is called with no table name. +# +# cb, ce and ck are desirable on most crt's. The non-crt entries need to +# be changed to turn them off (:cb@:ce@:ck@:). +# +# lc should always be on; it's a remainder of some stone age when there +# have been terminals around not being able of handling lower-case +# characters. Those terminals aren't supported any longer, but getty is +# `smart' about them by default. +# +# Parity defaults to even, but the Pc entry and all the `std' entries +# specify no parity. The different parities are: +# (none): same as ep for getty. login will use terminal as is. +# ep: getty will use raw mode (cs8 -parenb) (unless rw is set) and +# fake parity. login will use even parity (cs7 parenb -parodd). +# op: same as ep except odd parity (cs7 parenb parodd) for login. +# getty will fake odd parity as well. +# ap: same as ep except -inpck instead of inpck for login. +# ap overrides op and ep. +# np: 1. don't fake parity in getty. The fake parity garbles +# characters on non-terminals (like pccons) that don't +# support parity. It would probably better for getty not to +# try to fake parity. It could just use cbreak mode so as +# not to force cs8 and let the hardware handle the parity. +# login has to be rely on the hardware anyway. +# 2. set cs8 -parenb -istrip -inpck. +# ep:op: same as ap. +# +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue: + +# +# Fixed speed entries +# +# The "std.NNN" names are known to the special case +# portselector code in getty, however they can +# be assigned to any table desired. +# The "NNN-baud" names are known to the special case +# autobaud code in getty, and likewise can +# be assigned to any table desired (hopefully the same speed). +# +a|std.110|110-baud:\ + :np:nd#1:cd#1:uc:sp#110: +b|std.134|134.5-baud:\ + :np:nd#1:cd#2:ff#1:td#1:sp#134:ht:nl: +1|std.150|150-baud:\ + :np:nd#1:cd#2:td#1:fd#1:sp#150:ht:nl:lm=\E\72\6\6\17login\72 : +c|std.300|300-baud:\ + :np:nd#1:cd#1:sp#300: +d|std.600|600-baud:\ + :np:nd#1:cd#1:sp#600: +f|std.1200|1200-baud:\ + :np:fd#1:sp#1200: +6|std.2400|2400-baud:\ + :np:sp#2400: +7|std.4800|4800-baud:\ + :np:sp#4800: +2|std.9600|9600-baud:\ + :np:sp#9600: +g|std.19200|19200-baud:\ + :np:sp#19200: +std.38400|38400-baud:\ + :np:sp#38400: +std.57600|57600-baud:\ + :np:sp#57600: +std.115200|115200-baud:\ + :np:sp#115200: +std.230400|230400-baud:\ + :np:sp#230400: + +# +# Entry specifying explicit device settings. See termios(4) and +# /usr/include/termios.h, too. The entry forces the tty into +# CLOCAL mode (so no DCD is required), and uses Xon/Xoff flow control. +# +# cflags: CLOCAL | HUPCL | CREAD | CS8 +# oflags: OPOST | ONLCR | OXTABS +# iflags: IXOFF | IXON | ICRNL | IGNPAR +# lflags: IEXTEN | ICANON | ISIG | ECHOCTL | ECHO | ECHOK | ECHOE | ECHOKE +# +# The `0' flags don't have input enabled. The `1' flags don't echo. +# (Echoing is done inside getty itself.) +# +local.9600|CLOCAL tty @ 9600 Bd:\ + :c0#0x0000c300:c1#0x0000cb00:c2#0x0000cb00:\ + :o0#0x00000007:o1#0x00000002:o2#0x00000007:\ + :i0#0x00000704:i1#0x00000000:i2#0x00000704:\ + :l0#0x000005cf:l1#0x00000000:l2#0x000005cf:\ + :sp#9600: + +# +# Dial in rotary tables, speed selection via 'break' +# +0|d300|Dial-300:\ + :nx=d1200:cd#2:sp#300: +d1200|Dial-1200:\ + :nx=d150:fd#1:sp#1200: +d150|Dial-150:\ + :nx=d110:lm@:tc=150-baud: +d110|Dial-110:\ + :nx=d300:tc=300-baud: + +# +# Fast dialup terminals, 2400/1200/300 rotary (can start either way) +# +D2400|d2400|Fast-Dial-2400:\ + :nx=D1200:tc=2400-baud: +3|D1200|Fast-Dial-1200:\ + :nx=D300:tc=1200-baud: +5|D300|Fast-Dial-300:\ + :nx=D2400:tc=300-baud: + +# +#telebit (19200) +# +t19200:\ + :nx=t2400:tc=19200-baud: +t2400:\ + :nx=t1200:tc=2400-baud: +t1200:\ + :nx=t19200:tc=1200-baud: + +# +#telebit (9600) +# +t9600:\ + :nx=t2400a:tc=9600-baud: +t2400a:\ + :nx=t1200a:tc=2400-baud: +t1200a:\ + :nx=t9600:tc=1200-baud: + +# +# Odd special case terminals +# +-|tty33|asr33|Pity the poor user of this beast:\ + :tc=110-baud: + +4|Console|Console Decwriter II:\ + :nd@:cd@:rw:tc=300-baud: + +e|Console-1200|Console Decwriter III:\ + :fd@:nd@:cd@:rw:tc=1200-baud: + +i|Interdata console:\ + :uc:sp#0: + +l|lsi chess terminal:\ + :sp#300: + +X|Xwindow|X window system:\ + :fd@:nd@:cd@:rw:sp#9600: + +P|Pc|Pc console:\ + :ht:np:sp#9600: + +# +# Weirdo special case for fast crt's with hardcopy devices +# +8|T9600|CRT with hardcopy:\ + :nx=T300:tc=9600-baud: +9|T300|CRT with hardcopy (300):\ + :nx=T9600:tc=300-baud: + +# +# Plugboard, and misc other terminals +# +plug-9600|Plugboard-9600:\ + :pf#1:tc=9600-baud: +p|P9600|Plugboard-9600-rotary:\ + :pf#1:nx=P300:tc=9600-baud: +q|P300|Plugboard-300:\ + :pf#1:nx=P1200:tc=300-baud: +r|P1200|Plugboard-1200:\ + :pf#1:nx=P9600:tc=1200-baud: + +# +# XXXX Port selector +# +s|DSW|Port Selector:\ + :ps:sp#2400: + +# +# Auto-baud speed detect entry for Micom 600. +# Special code in getty will switch this out +# to one of the NNN-baud entries. +# +A|Auto-baud:\ + :ab:sp#2400:f0#040: + +# +# autologin - automatically log in as root +# + +autologin|al.9600:\ + :al=root:tc=std.9600: +al.19200:\ + :al=root:tc=std.19200: +al.38400:\ + :al=root:tc=std.38400: +al.57600:\ + :al=root:tc=std.57600: +al.115200:\ + :al=root:tc=std.115200: +al.230400:\ + :al=root:tc=std.230400: + +# +# Entries for 3-wire serial terminals. These don't supply carrier, so +# clocal needs to be set, and crtscts needs to be unset. +# +3wire.9600|9600-3wire:\ + :np:nc:sp#9600: +3wire.19200|19200-3wire:\ + :np:nc:sp#19200: +3wire.38400|38400-3wire:\ + :np:nc:sp#38400: +3wire.57600|57600-3wire:\ + :np:nc:sp#57600: +3wire.115200|115200-3wire:\ + :np:nc:sp#115200: +3wire.230400|230400-3wire:\ + :np:nc:sp#230400: diff --git a/etc/group b/etc/group new file mode 100644 index 0000000..54d5c59 --- /dev/null +++ b/etc/group @@ -0,0 +1,32 @@ +# $FreeBSD$ +# +wheel:*:0:root +daemon:*:1: +kmem:*:2: +sys:*:3: +tty:*:4: +operator:*:5:root +mail:*:6: +bin:*:7: +news:*:8: +man:*:9: +games:*:13: +ftp:*:14: +staff:*:20: +sshd:*:22: +smmsp:*:25: +mailnull:*:26: +guest:*:31: +bind:*:53: +proxy:*:62: +authpf:*:63: +_pflogd:*:64: +_dhcp:*:65: +uucp:*:66: +dialer:*:68: +network:*:69: +audit:*:77: +www:*:80: +hast:*:845: +nogroup:*:65533: +nobody:*:65534: diff --git a/etc/gss/Makefile b/etc/gss/Makefile new file mode 100644 index 0000000..479fd2f --- /dev/null +++ b/etc/gss/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD$ + +FILES= mech qop +NO_OBJ= +FILESDIR= /etc/gss + +.include <bsd.prog.mk> diff --git a/etc/gss/mech b/etc/gss/mech new file mode 100644 index 0000000..7cc82c7 --- /dev/null +++ b/etc/gss/mech @@ -0,0 +1,6 @@ +# $FreeBSD$ +# +# Name OID Library name Kernel module +kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.10 kgssapi_krb5 +spnego 1.3.6.1.5.5.2 /usr/lib/libgssapi_spnego.so.10 - +#ntlm 1.3.6.1.4.1.311.2.2.10 /usr/lib/libgssapi_ntlm.so.10 - diff --git a/etc/gss/qop b/etc/gss/qop new file mode 100644 index 0000000..f975dbf --- /dev/null +++ b/etc/gss/qop @@ -0,0 +1,3 @@ +# $FreeBSD$ +GSS_KRB5_CONF_C_QOP_DES 0x0100 kerberosv5 +GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 kerberosv5 diff --git a/etc/hosts b/etc/hosts new file mode 100644 index 0000000..2690a9a --- /dev/null +++ b/etc/hosts @@ -0,0 +1,31 @@ +# $FreeBSD$ +# +# Host Database +# +# This file should contain the addresses and aliases for local hosts that +# share this file. Replace 'my.domain' below with the domainname of your +# machine. +# +# In the presence of the domain name service or NIS, this file may +# not be consulted at all; see /etc/nsswitch.conf for the resolution order. +# +# +::1 localhost localhost.my.domain +127.0.0.1 localhost localhost.my.domain +# +# Imaginary network. +#10.0.0.2 myname.my.domain myname +#10.0.0.3 myfriend.my.domain myfriend +# +# According to RFC 1918, you can use the following IP networks for +# private nets which will never be connected to the Internet: +# +# 10.0.0.0 - 10.255.255.255 +# 172.16.0.0 - 172.31.255.255 +# 192.168.0.0 - 192.168.255.255 +# +# In case you want to be able to connect to the Internet, you need +# real official assigned numbers. Do not try to invent your own network +# numbers but instead get one from your network provider (if any) or +# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.) +# diff --git a/etc/hosts.allow b/etc/hosts.allow new file mode 100644 index 0000000..96e0b67 --- /dev/null +++ b/etc/hosts.allow @@ -0,0 +1,91 @@ +# +# hosts.allow access control file for "tcp wrapped" applications. +# $FreeBSD$ +# +# NOTE: The hosts.deny file is deprecated. +# Place both 'allow' and 'deny' rules in the hosts.allow file. +# See hosts_options(5) for the format of this file. +# hosts_access(5) no longer fully applies. + +# _____ _ _ +# | ____| __ __ __ _ _ __ ___ _ __ | | ___ | | +# | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | | +# | |___ > < | (_| | | | | | | | | |_) | | | | __/ |_| +# |_____| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_) +# |_| +# !!! This is an example! You will need to modify it for your specific +# !!! requirements! + + +# Start by allowing everything (this prevents the rest of the file +# from working, so remove it when you need protection). +# The rules here work on a "First match wins" basis. +ALL : ALL : allow + +# Wrapping sshd(8) is not normally a good idea, but if you +# need to do it, here's how +#sshd : .evil.cracker.example.com : deny + +# Protect against simple DNS spoofing attacks by checking that the +# forward and reverse records for the remote host match. If a mismatch +# occurs, access is denied, and any positive ident response within +# 20 seconds is logged. No protection is afforded against DNS poisoning, +# IP spoofing or more complicated attacks. Hosts with no reverse DNS +# pass this rule. +ALL : PARANOID : RFC931 20 : deny + +# Allow anything from localhost. Note that an IP address (not a host +# name) *MUST* be specified for rpcbind(8). +ALL : localhost 127.0.0.1 : allow +# Comment out next line if you build libwrap without IPv6 support. +ALL : [::1] : allow +#ALL : my.machine.example.com 192.0.2.35 : allow + +# To use IPv6 addresses you must enclose them in []'s +#ALL : [fe80::%fxp0]/10 : allow +#ALL : [fe80::]/10 : deny +#ALL : [2001:db8:2:1:2:3:4:3fe1] : deny +#ALL : [2001:db8:2:1::]/64 : allow + +# Sendmail can help protect you against spammers and relay-rapers +sendmail : localhost : allow +#sendmail : .nice.guy.example.com : allow +#sendmail : .evil.cracker.example.com : deny +sendmail : ALL : allow + +# Exim is an alternative to sendmail, available in the ports tree +exim : localhost : allow +#exim : .nice.guy.example.com : allow +#exim : .evil.cracker.example.com : deny +exim : ALL : allow + +# Rpcbind is used for all RPC services; protect your NFS! +# (IP addresses rather than hostnames *MUST* be used here) +#rpcbind : 192.0.2.32/255.255.255.224 : allow +#rpcbind : 192.0.2.96/255.255.255.224 : allow +rpcbind : ALL : deny + +# NIS master server. Only local nets should have access +# (Since this is an RPC service, rpcbind needs to be considered) +ypserv : localhost : allow +#ypserv : .unsafe.my.net.example.com : deny +#ypserv : .my.net.example.com : allow +ypserv : ALL : deny + +# Provide a small amount of protection for ftpd +ftpd : localhost : allow +#ftpd : .nice.guy.example.com : allow +#ftpd : .evil.cracker.example.com : deny +ftpd : ALL : allow + +# You need to be clever with finger; do _not_ backfinger!! You can easily +# start a "finger war". +fingerd : ALL \ + : spawn (echo Finger. | \ + /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ + : deny + +# The rest of the daemons are protected. +ALL : ALL \ + : severity auth.info \ + : twist /bin/echo "You are not welcome to use %d from %h." diff --git a/etc/hosts.equiv b/etc/hosts.equiv new file mode 100644 index 0000000..d8a71c1 --- /dev/null +++ b/etc/hosts.equiv @@ -0,0 +1,4 @@ +# $FreeBSD$ +# +#localhost +#my_very_good_friend.domain diff --git a/etc/hosts.lpd b/etc/hosts.lpd new file mode 100644 index 0000000..b53202a --- /dev/null +++ b/etc/hosts.lpd @@ -0,0 +1,4 @@ +# $FreeBSD$ +# +# See lpd(8) +#machine.domain diff --git a/etc/inetd.conf b/etc/inetd.conf new file mode 100644 index 0000000..8b8e604 --- /dev/null +++ b/etc/inetd.conf @@ -0,0 +1,118 @@ +# $FreeBSD$ +# +# Internet server configuration database +# +# Define *both* IPv4 and IPv6 entries for dual-stack support. +# To disable a service, comment it out by prefixing the line with '#'. +# To enable a service, remove the '#' at the beginning of the line. +# +#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l +#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l +#ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4 +#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6 +#telnet stream tcp nowait root /usr/libexec/telnetd telnetd +#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd +#shell stream tcp nowait root /usr/libexec/rshd rshd +#shell stream tcp6 nowait root /usr/libexec/rshd rshd +#login stream tcp nowait root /usr/libexec/rlogind rlogind +#login stream tcp6 nowait root /usr/libexec/rlogind rlogind +#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s +#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s +# +# run comsat as root to be able to print partial mailbox contents w/ biff, +# or use the safer tty:tty to just print that new mail has been received. +#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat +# +# ntalk is required for the 'talk' utility to work correctly +#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd +#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot +#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot +#bootps dgram udp wait root /usr/libexec/bootpd bootpd +# +# "Small servers" -- used to be standard on, but we're more conservative +# about things due to Internet security concerns. Only turn on what you +# need. +# +#daytime stream tcp nowait root internal +#daytime stream tcp6 nowait root internal +#daytime dgram udp wait root internal +#daytime dgram udp6 wait root internal +#time stream tcp nowait root internal +#time stream tcp6 nowait root internal +#time dgram udp wait root internal +#time dgram udp6 wait root internal +#echo stream tcp nowait root internal +#echo stream tcp6 nowait root internal +#echo dgram udp wait root internal +#echo dgram udp6 wait root internal +#discard stream tcp nowait root internal +#discard stream tcp6 nowait root internal +#discard dgram udp wait root internal +#discard dgram udp6 wait root internal +#chargen stream tcp nowait root internal +#chargen stream tcp6 nowait root internal +#chargen dgram udp wait root internal +#chargen dgram udp6 wait root internal +# +# CVS servers - for master CVS repositories only! You must set the +# --allow-root path correctly or you open a trivial to exploit but +# deadly security hole. +# +#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver +#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver +# +# RPC based services (you MUST have rpcbind running to use these) +# +#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd +#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd +#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld +#pcnfsd/1-2 dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd rpc.pcnfsd +#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad +#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd +# +# example entry for the optional pop3 server +# +#pop3 stream tcp nowait root /usr/local/libexec/popper popper +# +# example entry for the optional imap4 server +# +#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd +# +# example entry for the optional nntp server +# +#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd +# +# example entry for the optional uucpd server +# +#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd +# +# Return error for all "ident" requests +# +#auth stream tcp nowait root internal +#auth stream tcp6 nowait root internal +# +# Provide internally a real "ident" service which provides ~/.fakeid support, +# provides ~/.noident support, reports UNKNOWN as the operating system type +# and times out after 30 seconds. +# +#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 +#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30 +# +# Example entry for an external ident server +# +#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120 +# +# Example entry for the optional qmail MTA +# NOTE: This is no longer the correct way to handle incoming SMTP +# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html) +# instead. +# +#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd +# +# Enable the following two entries to enable samba startup from inetd +# (from the Samba documentation). Enable the third entry to enable the swat +# samba configuration tool. +# +#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd +#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd +#swat stream tcp nowait/400 root /usr/local/sbin/swat swat diff --git a/etc/libalias.conf b/etc/libalias.conf new file mode 100644 index 0000000..a938e67 --- /dev/null +++ b/etc/libalias.conf @@ -0,0 +1,8 @@ +# $FreeBSD$ +/lib/libalias_cuseeme.so +/lib/libalias_ftp.so +/lib/libalias_irc.so +/lib/libalias_nbt.so +/lib/libalias_pptp.so +/lib/libalias_skinny.so +/lib/libalias_smedia.so diff --git a/etc/login.access b/etc/login.access new file mode 100644 index 0000000..ffe5fff --- /dev/null +++ b/etc/login.access @@ -0,0 +1,46 @@ +# $FreeBSD$ +# +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. The second field should be a list of one or more login names, +# group names, or ALL (always matches). The third field should be a list +# of one or more tty names (for non-networked logins), host names, domain +# names (begin with "."), host addresses, internet network numbers (end +# with "."), ALL (always matches) or LOCAL (matches any string that does +# not contain a "." character). If you run NIS you can use @netgroupname +# in host or user patterns. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Only groups are matched in which users are explicitly +# listed: the program does not look at a user's primary group id value. +# +############################################################################## +# +# Disallow console logins to all but a few accounts. +# +#-:ALL EXCEPT wheel shutdown sync:console +# +# Disallow non-local logins to privileged accounts (group wheel). +# +#-:wheel:ALL EXCEPT LOCAL .win.tue.nl +# +# Some accounts are not allowed to login from anywhere: +# +#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL +# +# All other accounts are allowed to login from anywhere. +# diff --git a/etc/login.conf b/etc/login.conf new file mode 100644 index 0000000..a454758 --- /dev/null +++ b/etc/login.conf @@ -0,0 +1,318 @@ +# login.conf - login class capabilities database. +# +# Remember to rebuild the database after each change to this file: +# +# cap_mkdb /etc/login.conf +# +# This file controls resource limits, accounting limits and +# default user environment settings. +# +# $FreeBSD$ +# + +# Default settings effectively disable resource limits, see the +# examples below for a starting point to enable them. + +# defaults +# These settings are used by login(1) by default for classless users +# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" +# +# Note that since a colon ':' is used to separate capability entries, +# a \c escape sequence must be used to embed a literal colon in the +# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX +# AND SEMANTICS'' section of getcap(3) for more escape sequences). + +default:\ + :passwd_format=md5:\ + :copyright=/etc/COPYRIGHT:\ + :welcome=/etc/motd:\ + :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ + :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ + :nologin=/var/run/nologin:\ + :cputime=unlimited:\ + :datasize=unlimited:\ + :stacksize=unlimited:\ + :memorylocked=unlimited:\ + :memoryuse=unlimited:\ + :filesize=unlimited:\ + :coredumpsize=unlimited:\ + :openfiles=unlimited:\ + :maxproc=unlimited:\ + :sbsize=unlimited:\ + :vmemoryuse=unlimited:\ + :swapuse=unlimited:\ + :pseudoterminals=unlimited:\ + :priority=0:\ + :ignoretime@:\ + :umask=022: + + +# +# A collection of common class names - forward them all to 'default' +# (login would normally do this anyway, but having a class name +# here suppresses the diagnostic) +# +standard:\ + :tc=default: +xuser:\ + :tc=default: +staff:\ + :tc=default: +daemon:\ + :tc=default: +news:\ + :tc=default: +dialer:\ + :tc=default: + +# +# Root can always login +# +# N.B. login_getpwclass(3) will use this entry for the root account, +# in preference to 'default'. +root:\ + :ignorenologin:\ + :tc=default: + +# +# Russian Users Accounts. Setup proper environment variables. +# +russian|Russian Users Accounts:\ + :charset=KOI8-R:\ + :lang=ru_RU.KOI8-R:\ + :tc=default: + + +###################################################################### +###################################################################### +## +## Example entries +## +###################################################################### +###################################################################### + +## Example defaults +## These settings are used by login(1) by default for classless users +## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" +# +#default:\ +# :cputime=infinity:\ +# :datasize-cur=22M:\ +# :stacksize-cur=8M:\ +# :memorylocked-cur=10M:\ +# :memoryuse-cur=30M:\ +# :filesize=infinity:\ +# :coredumpsize=infinity:\ +# :maxproc-cur=64:\ +# :openfiles-cur=64:\ +# :priority=0:\ +# :requirehome@:\ +# :umask=022:\ +# :tc=auth-defaults: +# +# +## +## standard - standard user defaults +## +#standard:\ +# :copyright=/etc/COPYRIGHT:\ +# :welcome=/etc/motd:\ +# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ +# :path=~/bin /bin /usr/bin /usr/local/bin:\ +# :manpath=/usr/share/man /usr/local/man:\ +# :nologin=/var/run/nologin:\ +# :cputime=1h30m:\ +# :datasize=8M:\ +# :vmemoryuse=100M:\ +# :stacksize=2M:\ +# :memorylocked=4M:\ +# :memoryuse=8M:\ +# :filesize=8M:\ +# :coredumpsize=8M:\ +# :openfiles=24:\ +# :maxproc=32:\ +# :priority=0:\ +# :requirehome:\ +# :passwordtime=90d:\ +# :umask=002:\ +# :ignoretime@:\ +# :tc=default: +# +# +## +## users of X (needs more resources!) +## +#xuser:\ +# :manpath=/usr/share/man /usr/local/man:\ +# :cputime=4h:\ +# :datasize=12M:\ +# :vmemoryuse=infinity:\ +# :stacksize=4M:\ +# :filesize=8M:\ +# :memoryuse=16M:\ +# :openfiles=32:\ +# :maxproc=48:\ +# :tc=standard: +# +# +## +## Staff users - few restrictions and allow login anytime +## +#staff:\ +# :ignorenologin:\ +# :ignoretime:\ +# :requirehome@:\ +# :accounted@:\ +# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :umask=022:\ +# :tc=standard: +# +# +## +## root - fallback for root logins +## +#root:\ +# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :cputime=infinity:\ +# :datasize=infinity:\ +# :stacksize=infinity:\ +# :memorylocked=infinity:\ +# :memoryuse=infinity:\ +# :filesize=infinity:\ +# :coredumpsize=infinity:\ +# :openfiles=infinity:\ +# :maxproc=infinity:\ +# :memoryuse-cur=32M:\ +# :maxproc-cur=64:\ +# :openfiles-cur=1024:\ +# :priority=0:\ +# :requirehome@:\ +# :umask=022:\ +# :tc=auth-root-defaults: +# +# +## +## Settings used by /etc/rc +## +#daemon:\ +# :coredumpsize@:\ +# :coredumpsize-cur=0:\ +# :datasize=infinity:\ +# :datasize-cur@:\ +# :maxproc=512:\ +# :maxproc-cur@:\ +# :memoryuse-cur=64M:\ +# :memorylocked-cur=64M:\ +# :openfiles=1024:\ +# :openfiles-cur@:\ +# :stacksize=16M:\ +# :stacksize-cur@:\ +# :tc=default: +# +# +## +## Settings used by news subsystem +## +#news:\ +# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :cputime=infinity:\ +# :filesize=128M:\ +# :datasize-cur=64M:\ +# :stacksize-cur=32M:\ +# :coredumpsize-cur=0:\ +# :maxmemorysize-cur=128M:\ +# :memorylocked=32M:\ +# :maxproc=128:\ +# :openfiles=256:\ +# :tc=default: +# +# +## +## The dialer class should be used for a dialup PPP account +## Welcome messages/news suppressed +## +#dialer:\ +# :hushlogin:\ +# :requirehome@:\ +# :cputime=unlimited:\ +# :filesize=2M:\ +# :datasize=2M:\ +# :stacksize=4M:\ +# :coredumpsize=0:\ +# :memoryuse=4M:\ +# :memorylocked=1M:\ +# :maxproc=16:\ +# :openfiles=32:\ +# :tc=standard: +# +# +## +## Site full-time 24/7 PPP connection +## - no time accounting, restricted to access via dialin lines +## +#site:\ +# :ignoretime:\ +# :passwordtime@:\ +# :refreshtime@:\ +# :refreshperiod@:\ +# :sessionlimit@:\ +# :autodelete@:\ +# :expireperiod@:\ +# :graceexpire@:\ +# :gracetime@:\ +# :warnexpire@:\ +# :warnpassword@:\ +# :idletime@:\ +# :sessiontime@:\ +# :daytime@:\ +# :weektime@:\ +# :monthtime@:\ +# :warntime@:\ +# :accounted@:\ +# :tc=dialer:\ +# :tc=staff: +# +# +## +## Example standard accounting entries for subscriber levels +## +# +#subscriber|Subscribers:\ +# :accounted:\ +# :refreshtime=180d:\ +# :refreshperiod@:\ +# :sessionlimit@:\ +# :autodelete=30d:\ +# :expireperiod=180d:\ +# :graceexpire=7d:\ +# :gracetime=10m:\ +# :warnexpire=7d:\ +# :warnpassword=7d:\ +# :idletime=30m:\ +# :sessiontime=4h:\ +# :daytime=6h:\ +# :weektime=40h:\ +# :monthtime=120h:\ +# :warntime=4h:\ +# :tc=standard: +# +# +## +## Subscriber accounts. These accounts have their login times +## accounted and have access limits applied. +## +#subppp|PPP Subscriber Accounts:\ +# :tc=dialer:\ +# :tc=subscriber: +# +# +#subshell|Shell Subscriber Accounts:\ +# :tc=subscriber: +# +## +## If you want some of the accounts to use traditional UNIX DES based +## password hashes. +## +#des_users:\ +# :passwd_format=des:\ +# :tc=default: diff --git a/etc/mac.conf b/etc/mac.conf new file mode 100644 index 0000000..2e1b9a2 --- /dev/null +++ b/etc/mac.conf @@ -0,0 +1,18 @@ +# +# $FreeBSD$ +# +# TrustedBSD MAC userland policy configuration file. Kernel modules +# export label information, and mac.conf indicates to userland +# applications what defaults they should use in the absense of any +# other user-provided information. +# + +# +# Default label set to be used by simple MAC applications +# + +default_labels file ?biba,?lomac,?mls,?sebsd +default_labels ifnet ?biba,?lomac,?mls,?sebsd +default_labels process ?biba,?lomac,?mls,?partition,?sebsd +default_labels socket ?biba,?lomac,?mls + diff --git a/etc/mail/Makefile b/etc/mail/Makefile new file mode 100644 index 0000000..3f085cc --- /dev/null +++ b/etc/mail/Makefile @@ -0,0 +1,248 @@ +# +# $FreeBSD$ +# +# This Makefile provides an easy way to generate the configuration +# file and database maps for the sendmail(8) daemon. +# +# The user-driven targets are: +# +# all - Build cf, maps and aliases +# cf - Build the .cf file from .mc file +# maps - Build the feature maps +# aliases - Build the sendmail aliases +# install - Install the .cf file as /etc/mail/sendmail.cf +# +# For acting on both the MTA daemon and MSP queue running daemon: +# start - Start both the sendmail MTA daemon and MSP queue running +# daemon with the flags defined in /etc/defaults/rc.conf or +# /etc/rc.conf +# stop - Stop both the sendmail MTA daemon and MSP queue running +# daemon +# restart - Restart both the sendmail MTA daemon and MSP queue running +# daemon +# +# For acting on just the MTA daemon: +# start-mta - Start the sendmail MTA daemon with the flags defined in +# /etc/defaults/rc.conf or /etc/rc.conf +# stop-mta - Stop the sendmail MTA daemon +# restart-mta - Restart the sendmail MTA daemon +# +# For acting on just the MSP queue running daemon: +# start-mspq - Start the sendmail MSP queue running daemon with the +# flags defined in /etc/defaults/rc.conf or /etc/rc.conf +# stop-mspq - Stop the sendmail MSP queue running daemon +# restart-mspq - Restart the sendmail MSP queue running daemon +# +# Calling `make' will generate the updated versions when either the +# aliases or one of the map files were changed. +# +# A `make install` is only necessary after modifying the .mc file. In +# this case one would normally also call `make restart' to allow the +# running sendmail to pick up the changes as well. +# +# ------------------------------------------------------------------------ +# This Makefile uses `<HOSTNAME>.mc' as the default MTA .mc file. This +# can be changed by defining SENDMAIL_MC in /etc/make.conf, e.g.: +# +# SENDMAIL_MC=/etc/mail/myconfig.mc +# +# If '<HOSTNAME>.mc' does not exist, it is created using 'freebsd.mc' +# as a template. +# +# It also uses '<HOSTNAME>.submit.mc' as the default mail submission .mc +# file. This can be changed by defining SENDMAIL_SUBMIT_MC in +# /etc/make.conf, e.g.: +# +# SENDMAIL_SUBMIT_MC=/etc/mail/mysubmit.mc +# +# If '<HOSTNAME>.submit.mc' does not exist, it is created using +# 'freebsd.submit.mc' as a template. +# ------------------------------------------------------------------------ +# +# The Makefile knows about the following maps: +# access, bitdomain, domaintable, genericstable, mailertable, userdb, +# uucpdomain, virtusertable +# + +.ifndef SENDMAIL_MC +SENDMAIL_MC!= hostname +SENDMAIL_MC:= ${SENDMAIL_MC}.mc + +${SENDMAIL_MC}: + cp freebsd.mc ${SENDMAIL_MC} +.endif + +.ifndef SENDMAIL_SUBMIT_MC +SENDMAIL_SUBMIT_MC!= hostname +SENDMAIL_SUBMIT_MC:= ${SENDMAIL_SUBMIT_MC}.submit.mc + +${SENDMAIL_SUBMIT_MC}: + cp freebsd.submit.mc ${SENDMAIL_SUBMIT_MC} +.endif + +INSTALL_CF= ${SENDMAIL_MC:R}.cf + +.ifndef SENDMAIL_SET_USER_ID +INSTALL_SUBMIT_CF= ${SENDMAIL_SUBMIT_MC:R}.cf +.endif + +SENDMAIL_ALIASES?= /etc/mail/aliases + +# +# This is the directory where the sendmail configuration files are +# located. +# +.if exists(/usr/share/sendmail/cf) +SENDMAIL_CF_DIR?= /usr/share/sendmail/cf +.elif exists(/usr/src/contrib/sendmail/cf) +SENDMAIL_CF_DIR?= /usr/src/contrib/sendmail/cf +.endif + +# +# The sendmail startup script +# +SENDMAIL_START_SCRIPT?= /etc/rc.sendmail + +# +# Some useful programs we need. +# +SENDMAIL?= /usr/sbin/sendmail +MAKEMAP?= /usr/sbin/makemap +M4?= /usr/bin/m4 + +# Permissions for generated maps +SENDMAIL_MAP_PERMS?= 0640 + +# Set a reasonable default +.MAIN: all + +# +# ------------------------------------------------------------------------ +# +# The Makefile picks up the list of files from SENDMAIL_MAP_SRC and +# stores the matching .db filenames in SENDMAIL_MAP_OBJ if the file +# exists in the current directory. SENDMAIL_MAP_TYPE is the database +# type to use when calling makemap. +# +SENDMAIL_MAP_SRC+= mailertable domaintable bitdomain uucpdomain \ + genericstable virtusertable access +SENDMAIL_MAP_OBJ= +SENDMAIL_MAP_TYPE?= hash + +.for _f in ${SENDMAIL_MAP_SRC} userdb +.if exists(${_f}) +SENDMAIL_MAP_OBJ+= ${_f}.db +.endif +.endfor + +# +# The makemap command is used to generate a hashed map from the textfile. +# +.for _f in ${SENDMAIL_MAP_SRC} +.if (exists(${_f}.sample) && !exists(${_f})) +${_f}: ${_f}.sample + sed -e 's/^/#/' < ${.OODATE} > ${.TARGET} +.endif + +${_f}.db: ${_f} + ${MAKEMAP} ${SENDMAIL_MAP_TYPE} ${.TARGET} < ${.OODATE} + chmod ${SENDMAIL_MAP_PERMS} ${.TARGET} +.endfor + +userdb.db: userdb + ${MAKEMAP} btree ${.TARGET} < ${.OODATE} + chmod ${SENDMAIL_MAP_PERMS} ${.TARGET} + + +# +# The .cf file needs to be recreated if the templates were modified. +# +M4FILES!= find ${SENDMAIL_CF_DIR} -type f -name '*.m4' -print + +# +# M4(1) is used to generate the .cf file from the .mc file. +# +.SUFFIXES: .cf .mc + +.mc.cf: ${M4FILES} + ${M4} -D_CF_DIR_=${SENDMAIL_CF_DIR}/ ${SENDMAIL_M4_FLAGS} \ + ${SENDMAIL_CF_DIR}/m4/cf.m4 ${@:R}.mc > ${.TARGET} + +# +# Aliases are handled separately since they normally reside in /etc +# and can be rebuild without the help of makemap. +# +.for _f in ${SENDMAIL_ALIASES} +${_f}.db: ${_f} + ${SENDMAIL} -bi -OAliasFile=${.ALLSRC} + chmod ${SENDMAIL_MAP_PERMS} ${.TARGET} +.endfor + +# +# ------------------------------------------------------------------------ +# + +all: cf maps aliases + +clean: + +depend: + +cf: ${INSTALL_CF} ${INSTALL_SUBMIT_CF} + +.ifdef SENDMAIL_SET_USER_ID +install: install-cf +.else +install: install-cf install-submit-cf +.endif + +install-cf: ${INSTALL_CF} +.if ${INSTALL_CF} != /etc/mail/sendmail.cf + ${INSTALL} -m ${SHAREMODE} ${INSTALL_CF} /etc/mail/sendmail.cf +.endif + + +install-submit-cf: ${INSTALL_SUBMIT_CF} +.ifdef SENDMAIL_SET_USER_ID + @echo ">>> ERROR: You should not create a submit.cf file if you are using a" + @echo " set-user-ID sendmail binary (SENDMAIL_SET_USER_ID is set" + @echo " in make.conf)." + @false +.else +.if ${INSTALL_SUBMIT_CF} != /etc/mail/submit.cf + ${INSTALL} -m ${SHAREMODE} ${INSTALL_SUBMIT_CF} /etc/mail/submit.cf +.endif +.endif + +aliases: ${SENDMAIL_ALIASES:%=%.db} + +maps: ${SENDMAIL_MAP_OBJ} + +start start-mta start-mspq: + @if [ -r ${SENDMAIL_START_SCRIPT} ]; then \ + echo -n 'Starting:'; \ + sh ${SENDMAIL_START_SCRIPT} $@; \ + echo '.'; \ + fi + +stop stop-mta stop-mspq: + @if [ -r ${SENDMAIL_START_SCRIPT} ]; then \ + echo -n 'Stopping:'; \ + sh ${SENDMAIL_START_SCRIPT} $@; \ + echo '.'; \ + fi + +restart restart-mta restart-mspq: + @if [ -r ${SENDMAIL_START_SCRIPT} ]; then \ + echo -n 'Restarting:'; \ + sh ${SENDMAIL_START_SCRIPT} $@; \ + echo '.'; \ + fi + +# User defined targets +.if exists(Makefile.local) +.include "Makefile.local" +.endif + +# For the definition of $SHAREMODE +.include <bsd.own.mk> diff --git a/etc/mail/README b/etc/mail/README new file mode 100644 index 0000000..fd7c8f6 --- /dev/null +++ b/etc/mail/README @@ -0,0 +1,58 @@ +# $FreeBSD$ + + Sendmail Processes + +As of sendmail 8.12, in order to improve security, the sendmail binary no +longer needs to be set-user-ID root. Instead, a set-group-ID binary +accepts command line mail and relays it to a full mail transfer agent via +SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by +default) holds the mail if an MTA can not be contacted. + +To accomplish this, under the default setup, an MTA must be listening on +localhost port 25. If the rc.conf sendmail_enable option is set to "NO", +a sendmail daemon will still be started and bound only to the localhost +interface in order to accept command line submitted mail (note that this +does not work inside jail(2) systems as jails do not allow binding to +just the localhost interface). If this is not a desirable solution, it +can be disabled using the sendmail_submit_enable rc.conf option. However, +if both sendmail_enable and sendmail_submit_enable are set to "NO", you +must do one of two things for command line submitted mail: + +1. Designate an alternative host for the submission agent to contact + by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC + in /etc/make.conf to an alternate .mc file) and using + 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line + to FEATURE(msp, hostname) where hostname is the fully qualified hostname + of the alternative host. + +Or: + +2. Return to using a set-user-ID root sendmail binary by changing the + ownership and permissions on the sendmail binary and removing the + /etc/mail/submit.cf file: + chown root /usr/libexec/sendmail/sendmail + chmod 4755 /usr/libexec/sendmail/sendmail + rm /etc/mail/submit.cf + If you install from source, set the SENDMAIL_SET_USER_ID flag in + /etc/make.conf. + +Also, as of 8.12, a new queue-running daemon is started to make sure mail +doesn't remain in the client mail queue. By default, it simply runs the +client mail queue every 30 minutes. Its behavior can be adjusted by setting +the sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. + + + Filtering out SPAM from your site + +Sendmail now includes excellent tools to block spam. These tools are +available as FEATUREs that you can add to your site's .mc file. Proper use +of these FEATUREs will prevent spammer from using your site as a relay as +well as significantly decrease the amount of spam that arrives at your +site. No set of anti-spam tools will block all spam without blocking some +portion of legitimate mail as well. Therefore, these FEATUREs are designed +to prevent as much spam as possible without blocking legitimate mail. + +These tools are discussed in /usr/share/sendmail/cf/README. Read the +section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and +additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. + diff --git a/etc/mail/access.sample b/etc/mail/access.sample new file mode 100644 index 0000000..33cfe17 --- /dev/null +++ b/etc/mail/access.sample @@ -0,0 +1,17 @@ +# $FreeBSD$ +# +# Mail relay access control list. Default is to reject mail unless the +# destination is local, or listed in /etc/mail/local-host-names +# + +## Examples (commented out for safety) +#From:cyberspammer.com ERROR:"550 We don't accept mail from spammers" +#From:okay.cyberspammer.com OK +#Connect:sendmail.org RELAY +#To:sendmail.org RELAY +#Connect:128.32 RELAY +#Connect:128.32.2 SKIP +#Connect:IPv6:1:2:3:4:5:6:7 RELAY +#Connect:suspicious.example.com QUARANTINE:Mail from suspicious host +#Connect:[127.0.0.3] OK +#Connect:[IPv6:1:2:3:4:5:6:7:8] OK diff --git a/etc/mail/aliases b/etc/mail/aliases new file mode 100644 index 0000000..5f5cd24 --- /dev/null +++ b/etc/mail/aliases @@ -0,0 +1,78 @@ +# $FreeBSD$ +# @(#)aliases 5.3 (Berkeley) 5/24/90 +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# +# +# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES +# AND FUNCTIONS', May 1997 +# http://tools.ietf.org/html/rfc2142 + +# Pretty much everything else in this file points to "root", so +# you would do well in either reading root's mailbox or forwarding +# root's email from here. + +# root: me@my.domain + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +_dhcp: root +_pflogd: root +bin: root +bind: root +daemon: root +games: root +hast: root +kmem: root +mailnull: postmaster +man: root +news: root +nobody: root +operator: root +pop: root +proxy: root +smmsp: postmaster +sshd: root +system: root +toor: root +tty: root +usenet: news +uucp: root + +# Well-known aliases -- these should be filled in! +# manager: +# dumper: + +# BUSINESS-RELATED MAILBOX NAMES +# info: +# marketing: +# sales: +# support: + +# NETWORK OPERATIONS MAILBOX NAMES +abuse: root +# noc: root +security: root + +# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +ftp: root +ftp-bugs: ftp +# hostmaster: root +# webmaster: root +# www: webmaster + +# NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's +# DefaultUser (defaults to mailnull) for the msgs alias to work. +# +# msgs: "| /usr/bin/msgs -s" + +# bit-bucket: /dev/null +# dev-null: bit-bucket diff --git a/etc/mail/mailer.conf b/etc/mail/mailer.conf new file mode 100644 index 0000000..3fa6922 --- /dev/null +++ b/etc/mail/mailer.conf @@ -0,0 +1,10 @@ +# $FreeBSD$ +# +# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail +# +sendmail /usr/libexec/sendmail/sendmail +send-mail /usr/libexec/sendmail/sendmail +mailq /usr/libexec/sendmail/sendmail +newaliases /usr/libexec/sendmail/sendmail +hoststat /usr/libexec/sendmail/sendmail +purgestat /usr/libexec/sendmail/sendmail diff --git a/etc/mail/mailertable.sample b/etc/mail/mailertable.sample new file mode 100644 index 0000000..d2c45e0 --- /dev/null +++ b/etc/mail/mailertable.sample @@ -0,0 +1,7 @@ +# $FreeBSD$ +# +# List of domains (possibly wildcarded) and destination mailers +# +.my.domain xnet:%1.my.domain +uuhost1.my.domain suucp:uuhost1 +.bitnet smtp:relay.bit.net diff --git a/etc/mail/virtusertable.sample b/etc/mail/virtusertable.sample new file mode 100644 index 0000000..43e2bbb --- /dev/null +++ b/etc/mail/virtusertable.sample @@ -0,0 +1,11 @@ +# $FreeBSD$ +# +# Map one or all usernames at a source hostname to a specific (or the same) +# username at another target hostname. Remember to add the source hostname +# to /etc/mail/local-host-names so that sendmail will accept mail for the +# source hostname. +# +username@a.sample.hostname localuser +username@a.sample.hostname specificuser@a.possibly.different.hostname +@another.sample.hostname specificuser@a.possibly.different.hostname +@yet.another.sample.hostname %1@a.possibly.different.hostname diff --git a/etc/man.alias b/etc/man.alias new file mode 100644 index 0000000..0268403 --- /dev/null +++ b/etc/man.alias @@ -0,0 +1,4 @@ +# $FreeBSD$ + +en.ISO8859-15 en.ISO8859-1 + diff --git a/etc/master.passwd b/etc/master.passwd new file mode 100644 index 0000000..02163ef --- /dev/null +++ b/etc/master.passwd @@ -0,0 +1,24 @@ +# $FreeBSD$ +# +root::0:0::0:0:Charlie &:/root:/bin/csh +toor:*:0:0::0:0:Bourne-again Superuser:/root: +daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin +operator:*:2:5::0:0:System &:/:/usr/sbin/nologin +bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin +tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin +kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin +games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin +news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin +man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin +sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin +smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin +proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin +_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin +uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico +pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin +www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin +hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin +nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin diff --git a/etc/minfree b/etc/minfree new file mode 100644 index 0000000..c873496 --- /dev/null +++ b/etc/minfree @@ -0,0 +1 @@ +2048 diff --git a/etc/motd b/etc/motd new file mode 100644 index 0000000..cbe55b8 --- /dev/null +++ b/etc/motd @@ -0,0 +1,25 @@ +FreeBSD ?.?.? (UNKNOWN) + +Welcome to FreeBSD! + +Before seeking technical support, please use the following resources: + +o Security advisories and updated errata information for all releases are + at http://www.FreeBSD.org/releases/ - always consult the ERRATA section + for your release first as it's updated frequently. + +o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, + along with the mailing lists, can be searched by going to + http://www.FreeBSD.org/search/. If the doc package has been installed + (or fetched via pkg_add -r lang-freebsd-doc, where lang is the + 2-letter language code, e.g. en), they are also available formatted + in /usr/local/share/doc/freebsd. + +If you still have a question or problem, please take the output of +`uname -a', along with any relevant error messages, and email it +as a question to the questions@FreeBSD.org mailing list. If you are +unfamiliar with FreeBSD's directory layout, please refer to the hier(7) +manual page. If you are not familiar with manual pages, type `man man'. + +Edit /etc/motd to change this login announcement. + diff --git a/etc/mtree/BIND.chroot.dist b/etc/mtree/BIND.chroot.dist new file mode 100644 index 0000000..95423db --- /dev/null +++ b/etc/mtree/BIND.chroot.dist @@ -0,0 +1,35 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + dev mode=0555 + .. + etc + namedb + dynamic uname=bind + .. + master + .. + slave uname=bind + .. + working uname=bind + .. + .. + .. +/set type=dir uname=bind gname=wheel mode=0755 + var uname=root + dump + .. + log + .. + run + named + .. + .. + stats + .. + .. +.. diff --git a/etc/mtree/BIND.include.dist b/etc/mtree/BIND.include.dist new file mode 100644 index 0000000..534794a --- /dev/null +++ b/etc/mtree/BIND.include.dist @@ -0,0 +1,22 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + bind + .. + bind9 + .. + dns + .. + dst + .. + isc + .. + isccc + .. + isccfg + .. +.. diff --git a/etc/mtree/BSD.groff.dist b/etc/mtree/BSD.groff.dist new file mode 100644 index 0000000..3f21375 --- /dev/null +++ b/etc/mtree/BSD.groff.dist @@ -0,0 +1,48 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + share + groff_font + devX100 + .. + devX100-12 + .. + devX75 + .. + devX75-12 + .. + devascii + .. + devcp1047 + .. + devdvi + .. + devhtml + .. + devkoi8-r + .. + devlatin1 + .. + devlbp + .. + devlj4 + .. + devps + .. + devutf8 + .. + .. + me + .. + tmac + mdoc + .. + mm + .. + .. + .. +.. diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist new file mode 100644 index 0000000..c841ca8 --- /dev/null +++ b/etc/mtree/BSD.include.dist @@ -0,0 +1,332 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + altq + .. + arpa + .. + bsm + .. + bsnmp + .. + c++ + 4.2 + backward + .. + bits + .. + debug + .. + ext + pb_ds + detail + basic_tree_policy + .. + bin_search_tree_ + .. + binary_heap_ + .. + binomial_heap_ + .. + binomial_heap_base_ + .. + cc_hash_table_map_ + .. + eq_fn + .. + gp_hash_table_map_ + .. + hash_fn + .. + left_child_next_sibling_heap_ + .. + list_update_map_ + .. + list_update_policy + .. + ov_tree_map_ + .. + pairing_heap_ + .. + pat_trie_ + .. + rb_tree_map_ + .. + rc_binomial_heap_ + .. + resize_policy + .. + splay_tree_ + .. + thin_heap_ + .. + tree_policy + .. + trie_policy + .. + unordered_iterator + .. + .. + .. + .. + tr1 + .. + .. + v1 + ext + .. + .. + .. + cam + ata + .. + scsi + .. + .. + clang + 3.0 + .. + .. + crypto + .. + dev + acpica + .. + an + .. + bktr + .. + ciss + .. + firewire + .. + hwpmc + .. + ic + .. + ieee488 + .. + iicbus + .. + io + .. + lmc + .. + mfi + .. + mpt + mpilib + .. + .. + ofw + .. + pbio + .. + powermac_nvram + .. + ppbus + .. + smbus + .. + speaker + .. + usb + .. + utopia + .. + vkbd + .. + wi + .. + .. + edit + readline + .. + .. + fs + devfs + .. + fdescfs + .. + fifofs + .. + msdosfs + .. + nfs + .. + ntfs + .. + nullfs + .. + nwfs + .. + portalfs + .. + procfs + .. + smbfs + .. + udf + .. + unionfs + .. + .. + gcc + 4.2 + .. + .. + geom + cache + .. + concat + .. + eli + .. + gate + .. + journal + .. + label + .. + mirror + .. + mountver + .. + multipath + .. + nop + .. + raid + .. + raid3 + .. + shsec + .. + stripe + .. + virstor + .. + .. + gnu + posix + .. + .. + gpib + .. + gssapi + .. + infiniband + complib + .. + iba + .. + opensm + .. + vendor + .. + .. + isofs + cd9660 + .. + .. + kadm5 + .. + libmilter + .. + lwres + .. + lzma + .. + machine + pc + .. + .. + net + .. + net80211 + .. + netatalk + .. + netgraph + atm + .. + bluetooth + include + .. + .. + netflow + .. + .. + netinet + .. + netinet6 + .. + netipsec + .. + netipx + .. + netnatm + api + .. + msg + .. + saal + .. + sig + .. + .. + netncp + .. + netsmb + .. + nfs + .. + nfsclient + .. + nfsserver + .. + openssl + .. + pcap + .. + protocols + .. + rdma + .. + readline + .. + rpc + .. + rpcsvc + .. + security + audit + .. + mac_biba + .. + mac_bsdextended + .. + mac_lomac + .. + mac_mls + .. + mac_partition + .. + .. + ssp + .. + sys + .. + ufs + ffs + .. + ufs + .. + .. + vm + .. +.. diff --git a/etc/mtree/BSD.release.dist b/etc/mtree/BSD.release.dist new file mode 100644 index 0000000..952aace --- /dev/null +++ b/etc/mtree/BSD.release.dist @@ -0,0 +1,22 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + filesys + .. + floppies + .. + tarballs + bindist + .. + objdist + .. + secrdist + .. + srcdist + .. + .. +.. diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist new file mode 100644 index 0000000..a6cba24 --- /dev/null +++ b/etc/mtree/BSD.root.dist @@ -0,0 +1,96 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + bin + .. + boot + defaults + .. + firmware + .. + kernel + .. + modules + .. + zfs + .. + .. + dev mode=0555 + .. + etc + X11 + .. + bluetooth + .. + defaults + .. + devd + .. + gnats + .. + gss + .. + mail + .. + mtree + .. + ntp mode=0700 + .. + pam.d + .. + periodic + daily + .. + monthly + .. + security + .. + weekly + .. + .. + ppp + .. + rc.d + .. + security + .. + skel + .. + ssh + .. + ssl + .. + zfs + .. + .. + lib + geom + .. + .. + libexec + resolvconf + .. + .. + media + .. + mnt + .. + proc mode=0555 + .. + rescue + .. + root + .. + sbin + .. + tmp mode=01777 + .. + usr + .. + var + .. +.. diff --git a/etc/mtree/BSD.sendmail.dist b/etc/mtree/BSD.sendmail.dist new file mode 100644 index 0000000..138606b --- /dev/null +++ b/etc/mtree/BSD.sendmail.dist @@ -0,0 +1,14 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. nochange + var nochange + spool nochange + clientmqueue uname=smmsp gname=smmsp mode=0770 + .. + .. + .. +.. diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist new file mode 100644 index 0000000..87497b1 --- /dev/null +++ b/etc/mtree/BSD.usr.dist @@ -0,0 +1,1362 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + bin + .. + games + .. + include + .. + lib + aout + .. + compat + aout + .. + .. + dtrace + .. + engines + .. + i18n + .. + .. + lib32 + dtrace + .. + i18n + .. + .. + libdata + gcc + .. + ldscripts + .. + lint + .. + .. + libexec + bsdinstall + .. + lpr + ru + .. + .. + sendmail + .. + sm.bin + .. + .. + local + .. + obj nochange + .. + sbin + .. + share + calendar + de_DE.ISO8859-1 + .. + fr_FR.ISO8859-1 + .. + hr_HR.ISO8859-2 + .. + hu_HU.ISO8859-2 + .. + ru_RU.KOI8-R + .. + uk_UA.KOI8-U + .. + .. + dict + .. + doc + IPv6 + .. + atm + .. + bind9 + arm + .. + misc + .. + .. + legal + intel_ipw + .. + intel_iwi + .. + intel_wpi + .. + .. + llvm + clang + .. + .. + ncurses + .. + ntp + .. + papers + .. + psd + 01.cacm + .. + 02.implement + .. + 03.iosys + .. + 04.uprog + .. + 05.sysman + .. + 06.Clang + .. + 12.make + .. + 13.rcs + .. + 15.yacc + .. + 16.lex + .. + 17.m4 + .. + 18.gprof + .. + 20.ipctut + .. + 21.ipc + .. + 22.rpcgen + .. + 23.rpc + .. + 24.xdr + .. + 25.xdrrfc + .. + 26.rpcrfc + .. + 27.nfsrfc + .. + 28.cvs + .. + .. + smm + 01.setup + .. + 02.config + .. + 03.fsck + .. + 04.quotas + .. + 05.fastfs + .. + 06.nfs + .. + 07.lpd + .. + 08.sendmailop + .. + 11.timedop + .. + 12.timed + .. + 18.net + .. + .. + usd + 04.csh + .. + 05.dc + .. + 06.bc + .. + 07.mail + .. + 10.exref + .. + 11.edit + .. + 12.vi + .. + 13.viref + .. + 18.msdiffs + .. + 19.memacros + .. + 20.meref + .. + 21.troff + .. + 22.trofftut + .. + .. + .. + examples + BSD_daemon + .. + FreeBSD_version + .. + IPv6 + .. + bootforth + .. + cvs + contrib + .. + .. + cvsup + .. + diskless + .. + drivers + .. + etc + defaults + .. + .. + find_interface + .. + hast + .. + hostapd + .. + ibcs2 + .. + indent + .. + ipfilter + .. + ipfw + .. + iscsi + .. + jails + .. + kld + cdev + module + .. + test + .. + .. + dyn_sysctl + .. + firmware + fwconsumer + .. + fwimage + .. + .. + khelp + .. + syscall + module + .. + test + .. + .. + .. + libvgl + .. + mdoc + .. + netgraph + bluetooth + .. + .. + nwclient + .. + pc-sysinstall + .. + perfmon + .. + pf + .. + portal + .. + ppi + .. + ppp + .. + printing + .. + scsi_target + .. + ses + getencstat + .. + sesd + .. + setencstat + .. + setobjstat + .. + srcs + .. + .. + smbfs + print + .. + .. + sunrpc + dir + .. + msg + .. + sort + .. + .. + tcsh + .. + .. + games + fortune + .. + .. + info + .. + i18n + csmapper + APPLE + .. + AST + .. + BIG5 + .. + CNS + .. + CP + .. + EBCDIC + .. + GB + .. + GEORGIAN + .. + ISO-8859 + .. + ISO646 + .. + JIS + .. + KAZAKH + .. + KOI + .. + KS + .. + MISC + .. + TCVN + .. + .. + esdb + APPLE + .. + AST + .. + BIG5 + .. + CP + .. + DEC + .. + EBCDIC + .. + EUC + .. + GB + .. + GEORGIAN + .. + ISO-2022 + .. + ISO-8859 + .. + ISO646 + .. + KAZAKH + .. + KOI + .. + MISC + .. + TCVN + .. + UTF + .. + .. + .. + locale + UTF-8 + .. + af_ZA.ISO8859-1 + .. + af_ZA.ISO8859-15 + .. + af_ZA.UTF-8 + .. + am_ET.UTF-8 + .. + be_BY.CP1131 + .. + be_BY.CP1251 + .. + be_BY.ISO8859-5 + .. + be_BY.UTF-8 + .. + bg_BG.CP1251 + .. + bg_BG.UTF-8 + .. + ca_AD.ISO8859-1 + .. + ca_ES.ISO8859-1 + .. + ca_FR.ISO8859-1 + .. + ca_IT.ISO8859-1 + .. + ca_AD.ISO8859-15 + .. + ca_ES.ISO8859-15 + .. + ca_FR.ISO8859-15 + .. + ca_IT.ISO8859-15 + .. + ca_AD.UTF-8 + .. + ca_ES.UTF-8 + .. + ca_FR.UTF-8 + .. + ca_IT.UTF-8 + .. + cs_CZ.ISO8859-2 + .. + cs_CZ.UTF-8 + .. + da_DK.ISO8859-1 + .. + da_DK.ISO8859-15 + .. + da_DK.UTF-8 + .. + de_AT.ISO8859-1 + .. + de_AT.ISO8859-15 + .. + de_AT.UTF-8 + .. + de_CH.ISO8859-1 + .. + de_CH.ISO8859-15 + .. + de_CH.UTF-8 + .. + de_DE.ISO8859-1 + .. + de_DE.ISO8859-15 + .. + de_DE.UTF-8 + .. + el_GR.ISO8859-7 + .. + el_GR.UTF-8 + .. + en_AU.ISO8859-1 + .. + en_AU.ISO8859-15 + .. + en_AU.US-ASCII + .. + en_AU.UTF-8 + .. + en_CA.ISO8859-1 + .. + en_CA.ISO8859-15 + .. + en_CA.US-ASCII + .. + en_CA.UTF-8 + .. + en_GB.ISO8859-1 + .. + en_GB.ISO8859-15 + .. + en_GB.US-ASCII + .. + en_GB.UTF-8 + .. + en_IE.UTF-8 + .. + en_NZ.ISO8859-1 + .. + en_NZ.ISO8859-15 + .. + en_NZ.US-ASCII + .. + en_NZ.UTF-8 + .. + en_US.ISO8859-1 + .. + en_US.ISO8859-15 + .. + en_US.US-ASCII + .. + en_US.UTF-8 + .. + es_ES.ISO8859-1 + .. + es_ES.ISO8859-15 + .. + es_ES.UTF-8 + .. + et_EE.ISO8859-15 + .. + et_EE.UTF-8 + .. + eu_ES.ISO8859-1 + .. + eu_ES.ISO8859-15 + .. + eu_ES.UTF-8 + .. + fi_FI.ISO8859-1 + .. + fi_FI.ISO8859-15 + .. + fi_FI.UTF-8 + .. + fr_BE.ISO8859-1 + .. + fr_BE.ISO8859-15 + .. + fr_BE.UTF-8 + .. + fr_CA.ISO8859-1 + .. + fr_CA.ISO8859-15 + .. + fr_CA.UTF-8 + .. + fr_CH.ISO8859-1 + .. + fr_CH.ISO8859-15 + .. + fr_CH.UTF-8 + .. + fr_FR.ISO8859-1 + .. + fr_FR.ISO8859-15 + .. + fr_FR.UTF-8 + .. + he_IL.UTF-8 + .. + hi_IN.ISCII-DEV + .. + hr_HR.ISO8859-2 + .. + hr_HR.UTF-8 + .. + hu_HU.ISO8859-2 + .. + hu_HU.UTF-8 + .. + hy_AM.ARMSCII-8 + .. + hy_AM.UTF-8 + .. + is_IS.ISO8859-1 + .. + is_IS.ISO8859-15 + .. + is_IS.UTF-8 + .. + it_CH.ISO8859-1 + .. + it_CH.ISO8859-15 + .. + it_CH.UTF-8 + .. + it_IT.ISO8859-1 + .. + it_IT.ISO8859-15 + .. + it_IT.UTF-8 + .. + ja_JP.SJIS + .. + ja_JP.UTF-8 + .. + ja_JP.eucJP + .. + kk_KZ.PT154 + .. + kk_KZ.UTF-8 + .. + ko_KR.CP949 + .. + ko_KR.UTF-8 + .. + ko_KR.eucKR + .. + la_LN.ISO8859-1 + .. + la_LN.ISO8859-13 + .. + la_LN.ISO8859-15 + .. + la_LN.ISO8859-2 + .. + la_LN.ISO8859-4 + .. + la_LN.US-ASCII + .. + lt_LT.ISO8859-13 + .. + lt_LT.ISO8859-4 + .. + lt_LT.UTF-8 + .. + lv_LV.ISO8859-13 + .. + lv_LV.UTF-8 + .. + mn_MN.UTF-8 + .. + nb_NO.ISO8859-1 + .. + nb_NO.ISO8859-15 + .. + nb_NO.UTF-8 + .. + nl_BE.ISO8859-1 + .. + nl_BE.ISO8859-15 + .. + nl_BE.UTF-8 + .. + nl_NL.ISO8859-1 + .. + nl_NL.ISO8859-15 + .. + nl_NL.UTF-8 + .. + nn_NO.ISO8859-1 + .. + nn_NO.ISO8859-15 + .. + nn_NO.UTF-8 + .. + no_NO.ISO8859-1 + .. + no_NO.ISO8859-15 + .. + no_NO.UTF-8 + .. + pl_PL.ISO8859-2 + .. + pl_PL.UTF-8 + .. + pt_BR.ISO8859-1 + .. + pt_BR.UTF-8 + .. + pt_PT.ISO8859-1 + .. + pt_PT.ISO8859-15 + .. + pt_PT.UTF-8 + .. + ro_RO.ISO8859-2 + .. + ro_RO.UTF-8 + .. + ru_RU.CP1251 + .. + ru_RU.CP866 + .. + ru_RU.ISO8859-5 + .. + ru_RU.KOI8-R + .. + ru_RU.UTF-8 + .. + sk_SK.ISO8859-2 + .. + sk_SK.UTF-8 + .. + sl_SI.ISO8859-2 + .. + sl_SI.UTF-8 + .. + sr_YU.ISO8859-2 + .. + sr_YU.ISO8859-5 + .. + sr_YU.UTF-8 + .. + sv_SE.ISO8859-1 + .. + sv_SE.ISO8859-15 + .. + sv_SE.UTF-8 + .. + tr_TR.ISO8859-9 + .. + tr_TR.UTF-8 + .. + uk_UA.CP1251 + .. + uk_UA.ISO8859-5 + .. + uk_UA.KOI8-U + .. + uk_UA.UTF-8 + .. + zh_CN.GB18030 + .. + zh_CN.GB2312 + .. + zh_CN.GBK + .. + zh_CN.UTF-8 + .. + zh_CN.eucCN + .. + zh_HK.Big5HKSCS + .. + zh_HK.UTF-8 + .. + zh_TW.Big5 + .. + zh_TW.UTF-8 + .. + .. + man +/set uname=man + cat1 + .. + cat1aout + .. + cat2 + .. + cat3 + .. + cat4 + amd64 + .. + arm + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + cat5 + .. + cat6 + .. + cat7 + .. + cat8 + amd64 + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + cat9 + .. + en.ISO8859-1 uname=root + cat1 + .. + cat1aout + .. + cat2 + .. + cat3 + .. + cat4 + amd64 + .. + arm + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + cat5 + .. + cat6 + .. + cat7 + .. + cat8 + amd64 + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + cat9 + .. + .. + en.UTF-8 uname=root + cat1 + .. + cat1aout + .. + cat2 + .. + cat3 + .. + cat4 + amd64 + .. + arm + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + cat5 + .. + cat6 + .. + cat7 + .. + cat8 + amd64 + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + cat9 + .. + .. + ja uname=root + cat1 + .. + cat2 + .. + cat3 + .. + cat4 + .. + cat5 + .. + cat6 + .. + cat7 + .. + cat8 + .. + cat9 + .. +/set uname=root + man1 + .. + man2 + .. + man3 + .. + man4 + .. + man5 + .. + man6 + .. + man7 + .. + man8 + .. + man9 + .. + .. + man1 + .. + man1aout + .. + man2 + .. + man3 + .. + man4 + amd64 + .. + arm + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + man5 + .. + man6 + .. + man7 + .. + man8 + amd64 + .. + i386 + .. + powerpc + .. + sparc64 + .. + .. + man9 + .. + .. + misc + fonts + .. + .. + mk + .. + nls + C + .. + af_ZA.ISO8859-1 + .. + af_ZA.ISO8859-15 + .. + af_ZA.UTF-8 + .. + am_ET.UTF-8 + .. + be_BY.CP1131 + .. + be_BY.CP1251 + .. + be_BY.ISO8859-5 + .. + be_BY.UTF-8 + .. + bg_BG.CP1251 + .. + bg_BG.UTF-8 + .. + ca_ES.ISO8859-1 + .. + ca_ES.ISO8859-15 + .. + ca_ES.UTF-8 + .. + cs_CZ.ISO8859-2 + .. + cs_CZ.UTF-8 + .. + da_DK.ISO8859-1 + .. + da_DK.ISO8859-15 + .. + da_DK.UTF-8 + .. + de_AT.ISO8859-1 + .. + de_AT.ISO8859-15 + .. + de_AT.UTF-8 + .. + de_CH.ISO8859-1 + .. + de_CH.ISO8859-15 + .. + de_CH.UTF-8 + .. + de_DE.ISO8859-1 + .. + de_DE.ISO8859-15 + .. + de_DE.UTF-8 + .. + el_GR.ISO8859-7 + .. + el_GR.UTF-8 + .. + en_AU.ISO8859-1 + .. + en_AU.ISO8859-15 + .. + en_AU.US-ASCII + .. + en_AU.UTF-8 + .. + en_CA.ISO8859-1 + .. + en_CA.ISO8859-15 + .. + en_CA.US-ASCII + .. + en_CA.UTF-8 + .. + en_GB.ISO8859-1 + .. + en_GB.ISO8859-15 + .. + en_GB.US-ASCII + .. + en_GB.UTF-8 + .. + en_IE.UTF-8 + .. + en_NZ.ISO8859-1 + .. + en_NZ.ISO8859-15 + .. + en_NZ.US-ASCII + .. + en_NZ.UTF-8 + .. + en_US.ISO8859-1 + .. + en_US.ISO8859-15 + .. + en_US.UTF-8 + .. + es_ES.ISO8859-1 + .. + es_ES.ISO8859-15 + .. + es_ES.UTF-8 + .. + et_EE.ISO8859-15 + .. + et_EE.UTF-8 + .. + fi_FI.ISO8859-1 + .. + fi_FI.ISO8859-15 + .. + fi_FI.UTF-8 + .. + fr_BE.ISO8859-1 + .. + fr_BE.ISO8859-15 + .. + fr_BE.UTF-8 + .. + fr_CA.ISO8859-1 + .. + fr_CA.ISO8859-15 + .. + fr_CA.UTF-8 + .. + fr_CH.ISO8859-1 + .. + fr_CH.ISO8859-15 + .. + fr_CH.UTF-8 + .. + fr_FR.ISO8859-1 + .. + fr_FR.ISO8859-15 + .. + fr_FR.UTF-8 + .. + gl_ES.ISO8859-1 + .. + he_IL.UTF-8 + .. + hi_IN.ISCII-DEV + .. + hr_HR.ISO8859-2 + .. + hr_HR.UTF-8 + .. + hu_HU.ISO8859-2 + .. + hu_HU.UTF-8 + .. + hy_AM.ARMSCII-8 + .. + hy_AM.UTF-8 + .. + is_IS.ISO8859-1 + .. + is_IS.ISO8859-15 + .. + is_IS.UTF-8 + .. + it_CH.ISO8859-1 + .. + it_CH.ISO8859-15 + .. + it_CH.UTF-8 + .. + it_IT.ISO8859-1 + .. + it_IT.ISO8859-15 + .. + it_IT.UTF-8 + .. + ja_JP.SJIS + .. + ja_JP.UTF-8 + .. + ja_JP.eucJP + .. + kk_KZ.PT154 + .. + kk_KZ.UTF-8 + .. + ko_KR.CP949 + .. + ko_KR.UTF-8 + .. + ko_KR.eucKR + .. + la_LN.ISO8859-1 + .. + la_LN.ISO8859-13 + .. + la_LN.ISO8859-15 + .. + la_LN.ISO8859-2 + .. + la_LN.ISO8859-4 + .. + la_LN.US-ASCII + .. + lt_LT.ISO8859-13 + .. + lt_LT.ISO8859-4 + .. + lt_LT.UTF-8 + .. + lv_LV.ISO8859-13 + .. + lv_LV.UTF-8 + .. + mn_MN.UTF-8 + .. + nl_BE.ISO8859-1 + .. + nl_BE.ISO8859-15 + .. + nl_BE.UTF-8 + .. + nl_NL.ISO8859-1 + .. + nl_NL.ISO8859-15 + .. + nl_NL.UTF-8 + .. + no_NO.ISO8859-1 + .. + no_NO.ISO8859-15 + .. + no_NO.UTF-8 + .. + pl_PL.ISO8859-2 + .. + pl_PL.UTF-8 + .. + pt_BR.ISO8859-1 + .. + pt_BR.UTF-8 + .. + pt_PT.ISO8859-1 + .. + pt_PT.ISO8859-15 + .. + pt_PT.UTF-8 + .. + ro_RO.ISO8859-2 + .. + ro_RO.UTF-8 + .. + ru_RU.CP1251 + .. + ru_RU.CP866 + .. + ru_RU.ISO8859-5 + .. + ru_RU.KOI8-R + .. + ru_RU.UTF-8 + .. + sk_SK.ISO8859-2 + .. + sk_SK.UTF-8 + .. + sl_SI.ISO8859-2 + .. + sl_SI.UTF-8 + .. + sr_YU.ISO8859-2 + .. + sr_YU.ISO8859-5 + .. + sr_YU.UTF-8 + .. + sv_SE.ISO8859-1 + .. + sv_SE.ISO8859-15 + .. + sv_SE.UTF-8 + .. + tr_TR.ISO8859-9 + .. + tr_TR.UTF-8 + .. + uk_UA.ISO8859-5 + .. + uk_UA.KOI8-U + .. + uk_UA.UTF-8 + .. + zh_CN.GB18030 + .. + zh_CN.GB2312 + .. + zh_CN.GBK + .. + zh_CN.UTF-8 + .. + zh_CN.eucCN + .. + zh_HK.Big5HKSCS + .. + zh_HK.UTF-8 + .. + zh_TW.Big5 + .. + zh_TW.UTF-8 + .. + .. + openssl + man +/set uname=man + cat1 + .. + cat3 + .. + en.ISO8859-1 uname=root + cat1 + .. + cat3 + .. + .. +/set uname=root + man1 + .. + man3 + .. + .. + .. + pc-sysinstall + backend + .. + backend-partmanager + .. + backend-query + .. + conf + license + .. + .. + doc + .. + .. + security + .. + sendmail + .. + skel + .. + snmp + defs + .. + mibs + .. + .. + syscons + fonts + .. + keymaps + .. + scrnmaps + .. + .. + tabset + .. + vi + catalog + .. + .. + zoneinfo + Africa + .. + America + Argentina + .. + Indiana + .. + Kentucky + .. + North_Dakota + .. + .. + Antarctica + .. + Arctic + .. + Asia + .. + Atlantic + .. + Australia + .. + Etc + .. + Europe + .. + Indian + .. + Pacific + .. + SystemV + .. + .. + .. + src nochange + .. +.. diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist new file mode 100644 index 0000000..4481b10 --- /dev/null +++ b/etc/mtree/BSD.var.dist @@ -0,0 +1,96 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + account + .. + at +/set uname=daemon + jobs + .. + spool + .. +/set uname=root + .. +/set mode=0750 +/set gname=audit + audit + .. +/set gname=wheel + backups + .. + cache + .. + crash + .. + cron + tabs mode=0700 + .. + .. +/set mode=0755 + db + entropy uname=operator gname=operator mode=0700 + .. + freebsd-update mode=0700 + .. + ipf mode=0700 + .. + pkg + .. + ports + .. + portsnap + .. + .. + empty mode=0555 flags=schg + .. + games gname=games mode=0775 + .. + heimdal mode=0700 + .. + log + .. + mail gname=mail mode=0775 + .. + msgs uname=daemon + .. + named + .. + preserve + .. + run + named uname=bind gname=bind + .. + ppp gname=network mode=0770 + .. + wpa_supplicant + .. + .. + rwho gname=daemon mode=0775 + .. + spool + lock uname=uucp gname=dialer mode=0775 + .. +/set gname=daemon + lpd + .. + mqueue + .. + opielocks mode=0700 + .. + output + lpd + .. + .. +/set gname=wheel + .. + tmp mode=01777 + vi.recover mode=01777 + .. + .. + yp + .. +.. diff --git a/etc/mtree/Makefile b/etc/mtree/Makefile new file mode 100644 index 0000000..15da1bf --- /dev/null +++ b/etc/mtree/Makefile @@ -0,0 +1,29 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= ${_BIND.chroot.dist} \ + ${_BIND.include.dist} \ + BSD.include.dist \ + BSD.root.dist \ + ${_BSD.sendmail.dist} \ + BSD.usr.dist \ + BSD.var.dist + +.if ${MK_BIND} != "no" +_BIND.chroot.dist= BIND.chroot.dist +.if ${MK_BIND_LIBS} != "no" +_BIND.include.dist= BIND.include.dist +.endif +.endif +.if ${MK_GROFF} != "no" +_BSD.groff.dist= BSD.groff.dist +.endif +.if ${MK_SENDMAIL} != "no" +_BSD.sendmail.dist= BSD.sendmail.dist +.endif + +NO_OBJ= +FILESDIR= /etc/mtree + +.include <bsd.prog.mk> diff --git a/etc/mtree/README b/etc/mtree/README new file mode 100644 index 0000000..1b2b0d4 --- /dev/null +++ b/etc/mtree/README @@ -0,0 +1,50 @@ +$FreeBSD$ + +Note: If you modify these files, please keep hier(7) updated! + +These files are used to create empty file hierarchies for building the +system into. Some notes about working with them are placed here to try +and keep them in good working order. + + a) The files use 4 space indentation, and other than in the header + comments, should not contain any tabs. An indentation of 4 is + preferable to the standard indentation of 8 because the indentation + of levels in these files can become quite deep causing the line to + overflow 80 characters. + + This also matches with the files generated when using the + mtree -c option, which was implemented that way for the same reason. + + b) Only directories should be listed here. + + c) The listing should be kept in filename sorted order. + + d) Sanity checking changes to these files can be done by following + this procedure (the sed -e is ugly, but fixing mtree -c to + not emit the trailing white space would be even uglier): + + mkdir /tmp/MTREE + mtree -deU -f BSD.X.dist -p /tmp/MTREE + mtree -cdin -k uname,gname,mode -p /tmp/MTREE | \ + sed -e 's/ *$//' >BSD.X.new + diff -u BSD.X.dist BSD.X.new + rm -r /tmp/MTREE + + Note that you will get some differences about /set lines, + and uname= gname= on certain directory areas, mainly man page + sections. This is caused by mtree not having a look ahead + mechanism for making better selections for these as it + traverses the hierarchy. + + The BSD.X.new file should NOT be committed, as it will be missing + the correct header, and important keywords like ``nochange''. + Simply use the diff for a sanity check to make sure things are in + the correct order and correctly indented. + + e) Further sanity checking of the system builds with DESTDIR=/someplace + are more complicated, but can often catch missing entries in these + files. I tend to run this more complete sanity check shortly after + the target date for a new release is announced. + + If you want details on it bug me about it via email to + rgrimes@FreeBSD.org. diff --git a/etc/namedb/Makefile b/etc/namedb/Makefile new file mode 100644 index 0000000..3a5e1f6 --- /dev/null +++ b/etc/namedb/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +SUBDIR= master + +FILES= named.conf named.root + +NO_OBJ= +FILESDIR= /etc/namedb +FILESMODE= 644 + +.include <bsd.prog.mk> diff --git a/etc/namedb/master/Makefile b/etc/namedb/master/Makefile new file mode 100644 index 0000000..7907bf3 --- /dev/null +++ b/etc/namedb/master/Makefile @@ -0,0 +1,9 @@ +# $FreeBSD$ + +FILES= empty.db localhost-forward.db localhost-reverse.db + +NO_OBJ= +FILESDIR= /etc/namedb/master +FILESMODE= 644 + +.include <bsd.prog.mk> diff --git a/etc/namedb/master/empty.db b/etc/namedb/master/empty.db new file mode 100644 index 0000000..070f663 --- /dev/null +++ b/etc/namedb/master/empty.db @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA @ nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + +@ NS @ + +; Silence a BIND warning +@ A 127.0.0.1 diff --git a/etc/namedb/master/localhost-forward.db b/etc/namedb/master/localhost-forward.db new file mode 100644 index 0000000..9156d2f --- /dev/null +++ b/etc/namedb/master/localhost-forward.db @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + + A 127.0.0.1 + AAAA ::1 diff --git a/etc/namedb/master/localhost-reverse.db b/etc/namedb/master/localhost-reverse.db new file mode 100644 index 0000000..ceabe05 --- /dev/null +++ b/etc/namedb/master/localhost-reverse.db @@ -0,0 +1,13 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + +1.0.0 PTR localhost. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. + diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf new file mode 100644 index 0000000..f1669ab --- /dev/null +++ b/etc/namedb/named.conf @@ -0,0 +1,294 @@ +// $FreeBSD$ +// +// Refer to the named.conf(5) and named(8) man pages, and the documentation +// in /usr/share/doc/bind9 for more details. +// +// If you are going to set up an authoritative server, make sure you +// understand the hairy details of how DNS works. Even with +// simple mistakes, you can break connectivity for affected parties, +// or cause huge amounts of useless Internet traffic. + +options { + // All file and path names are relative to the chroot directory, + // if any, and should be fully qualified. + directory "/etc/namedb/working"; + pid-file "/var/run/named/pid"; + dump-file "/var/dump/named_dump.db"; + statistics-file "/var/stats/named.stats"; + +// If named is being used only as a local resolver, this is a safe default. +// For named to be accessible to the network, comment this option, specify +// the proper IP address, or delete this option. + listen-on { 127.0.0.1; }; + +// If you have IPv6 enabled on this system, uncomment this option for +// use as a local resolver. To give access to the network, specify +// an IPv6 address, or the keyword "any". +// listen-on-v6 { ::1; }; + +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + +// If you've got a DNS server around at your upstream provider, enter +// its IP address here, and enable the line below. This will make you +// benefit from its cache, thus reduce overall DNS traffic in the Internet. +/* + forwarders { + 127.0.0.1; + }; +*/ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "/etc/namedb/auto_forward.conf"; + + /* + Modern versions of BIND use a random UDP port for each outgoing + query by default in order to dramatically reduce the possibility + of cache poisoning. All users are strongly encouraged to utilize + this feature, and to configure their firewalls to accommodate it. + + AS A LAST RESORT in order to get around a restrictive firewall + policy you can try enabling the option below. Use of this option + will significantly reduce your ability to withstand cache poisoning + attacks, and should be avoided if at all possible. + + Replace NNNNN in the example with a number between 49160 and 65530. + */ + // query-source address * port NNNNN; +}; + +// If you enable a local name server, don't forget to enter 127.0.0.1 +// first in your /etc/resolv.conf so this server will be queried. +// Also, make sure to enable it in /etc/rc.conf. + +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "/etc/namedb/named.root"; }; + +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + On the other hand, this method requires more monitoring than the + hints file to be sure that an unexpected failure mode has not + incapacitated your server. Name servers that are serving a lot + of clients will benefit more from this approach than individual + hosts. Use with caution. + + To use this mechanism, uncomment the entries below, and comment + the hint zone above. + + As documented at http://dns.icann.org/services/axfr/ these zones: + "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET + are availble for AXFR from these servers on IPv4 and IPv6: + xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org +*/ +/* +zone "." { + type slave; + file "/etc/namedb/slave/root.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; +}; +zone "arpa" { + type slave; + file "/etc/namedb/slave/arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; +}; +*/ + +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) +zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address (RFC 6303) +zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912, 5735 and 6303) +zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// Private Use Networks (RFCs 1918, 5735 and 6303) +zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// Link-local/APIPA (RFCs 3927, 5735 and 6303) +zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IETF protocol assignments (RFCs 5735 and 5736) +zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) +zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IPv6 Example Range for Documentation (RFCs 3849 and 6303) +zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// Domain Names for Documentation and Testing (BCP 32) +zone "test" { type master; file "/etc/namedb/master/empty.db"; }; +zone "example" { type master; file "/etc/namedb/master/empty.db"; }; +zone "invalid" { type master; file "/etc/namedb/master/empty.db"; }; +zone "example.com" { type master; file "/etc/namedb/master/empty.db"; }; +zone "example.net" { type master; file "/etc/namedb/master/empty.db"; }; +zone "example.org" { type master; file "/etc/namedb/master/empty.db"; }; + +// Router Benchmark Testing (RFCs 2544 and 5735) +zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IANA Reserved - Old Class E Space (RFC 5735) +zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IPv6 ULA (RFCs 4193 and 6303) +zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IPv6 Link Local (RFCs 4291 and 6303) +zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) +zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; }; + +// NB: Do not use the IP addresses below, they are faked, and only +// serve demonstration/documentation purposes! +// +// Example slave zone config entries. It can be convenient to become +// a slave at least for the zone your own domain is in. Ask +// your network administrator for the IP address of the responsible +// master name server. +// +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. +// +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. +// +// NB: Don't blindly enable the examples below. :-) Use actual names +// and addresses instead. + +/* An example dynamic zone +key "exampleorgkey" { + algorithm hmac-md5; + secret "sf87HJqjkqh8ac87a02lla=="; +}; +zone "example.org" { + type master; + allow-update { + key "exampleorgkey"; + }; + file "/etc/namedb/dynamic/example.org"; +}; +*/ + +/* Example of a slave reverse zone +zone "1.168.192.in-addr.arpa" { + type slave; + file "/etc/namedb/slave/1.168.192.in-addr.arpa"; + masters { + 192.168.1.1; + }; +}; +*/ diff --git a/etc/namedb/named.root b/etc/namedb/named.root new file mode 100644 index 0000000..1c8facf --- /dev/null +++ b/etc/namedb/named.root @@ -0,0 +1,92 @@ +; +; $FreeBSD$ +; + +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.root +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jun 8, 2011 +; related version of root zone: 2011060800 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/etc/netconfig b/etc/netconfig new file mode 100644 index 0000000..109f2e3 --- /dev/null +++ b/etc/netconfig @@ -0,0 +1,19 @@ +# $FreeBSD$ +# +# The network configuration file. This file is currently only used in +# conjunction with the (TI-) RPC code in the C library, unlike its +# use in SVR4. +# +# Entries consist of: +# +# <network_id> <semantics> <flags> <protofamily> <protoname> \ +# <device> <nametoaddr_libs> +# +# The <device> and <nametoaddr_libs> fields are always empty in FreeBSD. +# +udp6 tpi_clts v inet6 udp - - +tcp6 tpi_cots_ord v inet6 tcp - - +udp tpi_clts v inet udp - - +tcp tpi_cots_ord v inet tcp - - +rawip tpi_raw - inet - - - +local tpi_cots_ord - loopback - - - diff --git a/etc/netstart b/etc/netstart new file mode 100755 index 0000000..b66505a --- /dev/null +++ b/etc/netstart @@ -0,0 +1,65 @@ +#!/bin/sh - +# +# Copyright (c) 1993 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# From: @(#)netstart 5.9 (Berkeley) 3/30/91 +# + +# This file is NOT called by any of the other scripts - it has been +# obsoleted by /etc/rc.d/* and is provided here only for user +# convenience (if you're sitting in single user mode and wish to start +# the network by hand, this script will do it for you). +# + +. /etc/rc.subr + +load_rc_config 'XXX' +_start=quietstart + +/etc/rc.d/devd ${_start} +/etc/rc.d/hostid ${_start} +/etc/rc.d/hostname ${_start} +/etc/rc.d/ipmon ${_start} +/etc/rc.d/ipfilter ${_start} +/etc/rc.d/ipnat ${_start} +/etc/rc.d/ipfs ${_start} +/etc/rc.d/sppp ${_start} +# /etc/rc.d/atm1 ${_start} +# . /etc/rc.d/atm2.sh ${_start} +# . /etc/rc.d/atm3.sh ${_start} +/etc/rc.d/netif ${_start} +/etc/rc.d/ipsec ${_start} +/etc/rc.d/dhclient ${_start} +/etc/rc.d/ppp ${_start} +/etc/rc.d/ipfw ${_start} +/etc/rc.d/routing ${_start} +/etc/rc.d/mroute6d ${_start} +/etc/rc.d/route6d ${_start} +/etc/rc.d/mrouted ${_start} +/etc/rc.d/routed ${_start} +/etc/rc.d/nisdomain ${_start} + +exit 0 diff --git a/etc/network.subr b/etc/network.subr new file mode 100644 index 0000000..c1faf59 --- /dev/null +++ b/etc/network.subr @@ -0,0 +1,1411 @@ +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Subroutines commonly used from network startup scripts. +# Requires that rc.conf be loaded first. +# + +# ifn_start ifn +# Bring up and configure an interface. If some configuration is +# applied, print the interface configuration. +# +ifn_start() +{ + local ifn cfg + ifn="$1" + cfg=1 + + [ -z "$ifn" ] && err 1 "ifn_start called without an interface" + + ifscript_up ${ifn} && cfg=0 + ifconfig_up ${ifn} && cfg=0 + afexists inet && ipv4_up ${ifn} && cfg=0 + afexists inet6 && ipv6_up ${ifn} && cfg=0 + afexists ipx && ipx_up ${ifn} && cfg=0 + childif_create ${ifn} && cfg=0 + + return $cfg +} + +# ifn_stop ifn +# Shutdown and de-configure an interface. If action is taken, +# print the interface name. +# +ifn_stop() +{ + local ifn cfg + ifn="$1" + cfg=1 + + [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" + + afexists ipx && ipx_down ${ifn} && cfg=0 + afexists inet6 && ipv6_down ${ifn} && cfg=0 + afexists inet && ipv4_down ${ifn} && cfg=0 + ifconfig_down ${ifn} && cfg=0 + ifscript_down ${ifn} && cfg=0 + childif_destroy ${ifn} && cfg=0 + + return $cfg +} + +# ifconfig_up if +# Evaluate ifconfig(8) arguments for interface $if and +# run ifconfig(8) with those arguments. It returns 0 if +# arguments were found and executed or 1 if the interface +# had no arguments. Pseudo arguments DHCP and WPA are handled +# here. +# +ifconfig_up() +{ + local _cfg _ipv6_opts ifconfig_args + _cfg=1 + + # Make sure lo0 always comes up. + if [ "$1" = "lo0" ]; then + _cfg=0 + fi + + # ifconfig_IF + ifconfig_args=`ifconfig_getargs $1` + if [ -n "${ifconfig_args}" ]; then + eval ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # inet6 specific + if afexists inet6; then + if checkyesno ipv6_activate_all_interfaces; then + _ipv6_opts="-ifdisabled" + elif [ "$1" != "lo0" ]; then + _ipv6_opts="ifdisabled" + fi + + # backward compatibility: $ipv6_enable + case $ipv6_enable in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + _ipv6_opts="${_ipv6_opts} accept_rtadv" + ;; + esac + + case $ipv6_cpe_wanif in + $1) + _ipv6_opts="${_ipv6_opts} -no_radr accept_rtadv" + ;; + esac + + if [ -n "${_ipv6_opts}" ]; then + ifconfig $1 inet6 ${_ipv6_opts} + fi + + # ifconfig_IF_ipv6 + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + # backward compatibility: inet6 keyword + case "${ifconfig_args}" in + :*|[0-9a-fA-F]*:*) + warn "\$ifconfig_$1_ipv6 needs " \ + "\"inet6\" keyword for an IPv6 address." + ifconfig_args="inet6 ${ifconfig_args}" + ;; + esac + ifconfig $1 inet6 -ifdisabled + eval ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # backward compatiblity: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ifconfig $1 inet6 -ifdisabled + eval ifconfig $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + if [ ${_cfg} -eq 0 ]; then + ifconfig $1 up + fi + + if wpaif $1; then + /etc/rc.d/wpa_supplicant start $1 + _cfg=0 # XXX: not sure this should count + fi + + if dhcpif $1; then + if [ $_cfg -ne 0 ] ; then + ifconfig $1 up + fi + if syncdhcpif $1; then + /etc/rc.d/dhclient start $1 + fi + _cfg=0 + fi + + return $_cfg +} + +# ifconfig_down if +# returns 1 if wpa_supplicant or dhclient was stopped or +# the interface exists. +# +ifconfig_down() +{ + local _cfg + _cfg=1 + + if wpaif $1; then + /etc/rc.d/wpa_supplicant stop $1 + _cfg=0 + fi + + if dhcpif $1; then + /etc/rc.d/dhclient stop $1 + _cfg=0 + fi + + if ifexists $1; then + ifconfig $1 down + _cfg=0 + fi + + return $_cfg +} + +# get_if_var if var [default] +# Return the value of the pseudo-hash corresponding to $if where +# $var is a string containg the sub-string "IF" which will be +# replaced with $if after the characters defined in _punct are +# replaced with '_'. If the variable is unset, replace it with +# $default if given. +get_if_var() +{ + local _if _punct _punct_c _var _default prefix suffix + + if [ $# -ne 2 -a $# -ne 3 ]; then + err 3 'USAGE: get_if_var name var [default]' + fi + + _if=$1 + _punct=". - / +" + for _punct_c in $_punct; do + _if=`ltr ${_if} ${_punct_c} '_'` + done + _var=$2 + _default=$3 + + prefix=${_var%%IF*} + suffix=${_var##*IF} + eval echo \${${prefix}${_if}${suffix}-${_default}} +} + +# _ifconfig_getargs if [af] +# Prints the arguments for the supplied interface to stdout. +# Returns 1 if empty. In general, ifconfig_getargs should be used +# outside this file. +_ifconfig_getargs() +{ + local _ifn _af + _ifn=$1 + _af=${2+_$2} + + if [ -z "$_ifn" ]; then + return 1 + fi + + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" +} + +# ifconfig_getargs if [af] +# Takes the result from _ifconfig_getargs and removes pseudo +# args such as DHCP and WPA. +ifconfig_getargs() +{ + local _tmpargs _arg _args + _tmpargs=`_ifconfig_getargs $1 $2` + if [ $? -eq 1 ]; then + return 1 + fi + _args= + + for _arg in $_tmpargs; do + case $_arg in + [Dd][Hh][Cc][Pp]) ;; + [Nn][Oo][Aa][Uu][Tt][Oo]) ;; + [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; + [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; + [Ww][Pp][Aa]) ;; + *) + _args="$_args $_arg" + ;; + esac + done + + echo $_args +} + +# autoif +# Returns 0 if the interface should be automatically configured at +# boot time and 1 otherwise. +autoif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Nn][Oo][Aa][Uu][Tt][Oo]) + return 1 + ;; + esac + done + + return 0 +} + +# dhcpif if +# Returns 0 if the interface is a DHCP interface and 1 otherwise. +dhcpif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + if noafif $1; then + return 1 + fi + + for _arg in $_tmpargs; do + case $_arg in + [Dd][Hh][Cc][Pp]) + return 0 + ;; + [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 0 + ;; + [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 0 + ;; + esac + done + + return 1 +} + +# syncdhcpif +# Returns 0 if the interface should be configured synchronously and +# 1 otherwise. +syncdhcpif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + if noafif $1; then + return 1 + fi + + for _arg in $_tmpargs; do + case $_arg in + [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 1 + ;; + [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 0 + ;; + esac + done + + checkyesno synchronous_dhclient +} + +# wpaif if +# Returns 0 if the interface is a WPA interface and 1 otherwise. +wpaif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Ww][Pp][Aa]) + return 0 + ;; + esac + done + + return 1 +} + +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + local _af + _af=$1 + + case ${_af} in + inet|inet6) + check_kern_features ${_af} + ;; + ipx) + ${SYSCTL_N} net.ipx > /dev/null 2>&1 + ;; + atm) + if [ -x /sbin/atmconfig ]; then + /sbin/atmconfig diag list > /dev/null 2>&1 + else + return 1 + fi + ;; + *) + err 1 "afexists(): Unsupported address family: $_af" + ;; + esac +} + +# noafif if +# Returns 0 if the interface has no af configuration and 1 otherwise. +noafif() +{ + local _if + _if=$1 + + case $_if in + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + ipfw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 0 + ;; + esac + + return 1 +} + +# ipv6if if +# Returns 0 if the interface should be configured for IPv6 and +# 1 otherwise. +ipv6if() +{ + local _if _tmpargs i + _if=$1 + + if ! afexists inet6; then + return 1 + fi + + # lo0 is always IPv6-enabled + case $_if in + lo0) + return 0 + ;; + esac + + case "${ipv6_network_interfaces}" in + $_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo]) + # True if $ifconfig_IF_ipv6 is defined. + _tmpargs=`_ifconfig_getargs $_if ipv6` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + + # backward compatibility: True if $ipv6_ifconfig_IF is defined. + _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + ;; + esac + + return 1 +} + +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration; 1 otherwise. +ipv6_autoconfif() +{ + local _if _tmpargs _arg + _if=$1 + + case $_if in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac + if noafif $_if; then + return 1 + fi + if ! ipv6if $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + _tmpargs=`get_if_var $_if ipv6_prefix_IF` + if [ -n "${_tmpargs}" ]; then + return 1 + fi + # backward compatibility: $ipv6_enable + case $ipv6_enable in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + return 0 + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + # backward compatibility: $ipv6_ifconfig_IF + _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + return 1 +} + +# ifexists if +# Returns 0 if the interface exists and 1 otherwise. +ifexists() +{ + [ -z "$1" ] && return 1 + ifconfig -n $1 > /dev/null 2>&1 +} + +# ipv4_up if +# add IPv4 addresses to the interface $if +ipv4_up() +{ + local _if _ret + _if=$1 + _ret=1 + + # Add 127.0.0.1/8 to lo0 unless otherwise specified. + if [ "${_if}" = "lo0" ]; then + ifconfig_args=`get_if_var ${_if} ifconfig_IF` + if [ -z "${ifconfig_args}" ]; then + ifconfig ${_if} inet 127.0.0.1/8 alias + fi + fi + ifalias_up ${_if} inet && _ret=0 + ipv4_addrs_common ${_if} alias && _ret=0 + + return $_ret +} + +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + local _if _ret + _if=$1 + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ifalias_up ${_if} inet6 && _ret=0 + ipv6_prefix_hostid_addr_common ${_if} alias && _ret=0 + ipv6_accept_rtadv_up ${_if} && _ret=0 + + # wait for DAD + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + + return $_ret +} + +# ipv4_down if +# remove IPv4 addresses from the interface $if +ipv4_down() +{ + local _if _ifs _ret inetList oldifs _inet + _if=$1 + _ifs="^" + _ret=1 + + inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet in $inetList ; do + # get rid of extraneous line + [ -z "$_inet" ] && break + + _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet} delete + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + ifalias_down ${_if} inet && _ret=0 + ipv4_addrs_common ${_if} -alias && _ret=0 + + return $_ret +} + +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + local _if _ifs _ret inetList oldifs _inet6 + _if=$1 + _ifs="^" + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} && _ret=0 + ipv6_prefix_hostid_addr_common ${_if} -alias && _ret=0 + ifalias_down ${_if} inet6 && _ret=0 + + inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + [ -z "$_inet6" ] && break + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + +# ipv4_addrs_common if action +# Evaluate the ifconfig_if_ipv4 arguments for interface $if and +# use $action to add or remove IPv4 addresses from $if. +ipv4_addrs_common() +{ + local _ret _if _action _cidr _cidr_addr + local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount + _ret=1 + _if=$1 + _action=$2 + + # get ipv4-addresses + cidr_addr=`get_if_var $_if ipv4_addrs_IF` + + for _cidr in ${cidr_addr}; do + _ipaddr=${_cidr%%/*} + _netmask="/"${_cidr##*/} + _range=${_ipaddr##*.} + _ipnet=${_ipaddr%.*} + _iplow=${_range%-*} + _iphigh=${_range#*-} + + # clear netmask when removing aliases + if [ "${_action}" = "-alias" ]; then + _netmask="" + fi + + _ipcount=${_iplow} + while [ "${_ipcount}" -le "${_iphigh}" ]; do + eval "ifconfig ${_if} ${_action} ${_ipnet}.${_ipcount}${_netmask}" + _ipcount=$((${_ipcount}+1)) + _ret=0 + + # only the first ipaddr in a subnet need the real netmask + if [ "${_action}" != "-alias" ]; then + _netmask="/32" + fi + done + done + + return $_ret +} + +# ifalias_up if af +# Configure aliases for network interface $if. +# It returns 0 if at least one alias was configured or +# 1 if there were none. +# +ifalias_up() +{ + local _ret + _ret=1 + + case "$2" in + inet) + _ret=`ifalias_ipv4_up "$1"` + ;; + inet6) + _ret=`ifalias_ipv6_up "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_up if +# Helper function for ifalias_up(). Handles IPv4. +# +ifalias_ipv4_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ifalias_ipv6_up if +# Helper function for ifalias_up(). Handles IPv6. +# +ifalias_ipv6_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ + " Use ifconfig_$1_aliasN instead." + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ifalias_down if af +# Remove aliases for network interface $if. +# It returns 0 if at least one alias was removed or +# 1 if there were none. +# +ifalias_down() +{ + local _ret + _ret=1 + + case "$2" in + inet) + _ret=`ifalias_ipv4_down "$1"` + ;; + inet6) + _ret=`ifalias_ipv6_down "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_down if +# Helper function for ifalias_down(). Handles IPv4. +# +ifalias_ipv4_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ifalias_ipv6_down if +# Helper function for ifalias_down(). Handles IPv6. +# +ifalias_ipv6_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0 + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ + " Use ifconfig_$1_aliasN instead." + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ipv6_prefix_hostid_addr_common if action +# Add or remove IPv6 prefix + hostid addr on the interface $if +# +ipv6_prefix_hostid_addr_common() +{ + local _if _action prefix laddr hostid j address + _if=$1 + _action=$2 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + laddr=`network6_getladdr ${_if}` + hostid=${laddr#fe80::} + hostid=${hostid%\%*} + + for j in ${prefix}; do + address=$j\:${hostid} + ifconfig ${_if} inet6 ${address} prefixlen 64 ${_action} + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ifconfig ${_if} inet6 $j:: prefixlen 64 \ + ${_action} anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router +# Solicitation message +ipv6_accept_rtadv_up() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 accept_rtadv up + if ! checkyesno rtsold_enable; then + rtsol ${rtsol_flags} $1 + fi + fi +} + +# ipv6_accept_rtadv_down if +# Disable accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 -accept_rtadv + fi +} + +# ifscript_up if +# Evaluate a startup script for the $if interface. +# It returns 0 if a script was found and processed or +# 1 if no script was found. +# +ifscript_up() +{ + if [ -r /etc/start_if.$1 ]; then + . /etc/start_if.$1 + return 0 + else + return 1 + fi +} + +# ifscript_down if +# Evaluate a shutdown script for the $if interface. +# It returns 0 if a script was found and processed or +# 1 if no script was found. +# +ifscript_down() +{ + if [ -r /etc/stop_if.$1 ]; then + . /etc/stop_if.$1 + return 0 + else + return 1 + fi +} + +# clone_up +# Create cloneable interfaces. +# +clone_up() +{ + local _prefix _list ifn + _prefix= + _list= + + # create_args_IF + for ifn in ${cloned_interfaces}; do + ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` + if [ $? -eq 0 ]; then + _list="${_list}${_prefix}${ifn}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + debug "Cloned: ${_list}" +} + +# clone_down +# Destroy cloned interfaces. Destroyed interfaces are echoed to +# standard output. +# +clone_down() +{ + local _prefix _list ifn + _prefix= + _list= + + for ifn in ${cloned_interfaces}; do + ifconfig -n ${ifn} destroy + if [ $? -eq 0 ]; then + _list="${_list}${_prefix}${ifn}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + debug "Destroyed clones: ${_list}" +} + +# childif_create +# Create and configure child interfaces. Return 0 if child +# interfaces are created. +# +childif_create() +{ + local cfg child child_vlans child_wlans create_args debug_flags ifn i + cfg=1 + ifn=$1 + + # Create wireless interfaces + child_wlans=`get_if_var $ifn wlans_IF` + + for child in ${child_wlans}; do + create_args="wlandev $ifn `get_if_var $child create_args_IF`" + debug_flags="`get_if_var $child wlandebug_IF`" + + if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then + ifconfig $child create ${create_args} && cfg=0 + if [ -n "${debug_flags}" ]; then + wlandebug -i $child ${debug_flags} + fi + else + i=`ifconfig wlan create ${create_args}` + if [ -n "${debug_flags}" ]; then + wlandebug -i $i ${debug_flags} + fi + ifconfig $i name $child && cfg=0 + fi + if autoif $child; then + ifn_start $child + fi + done + + # Create vlan interfaces + child_vlans=`get_if_var $ifn vlans_IF` + + if [ -n "${child_vlans}" ]; then + load_kld if_vlan + fi + + for child in ${child_vlans}; do + if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then + child="${ifn}.${child}" + create_args=`get_if_var $child create_args_IF` + ifconfig $child create ${create_args} && cfg=0 + else + create_args="vlandev $ifn `get_if_var $child create_args_IF`" + if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then + ifconfig $child create ${create_args} && cfg=0 + else + i=`ifconfig vlan create ${create_args}` + ifconfig $i name $child && cfg=0 + fi + fi + if autoif $child; then + ifn_start $child + fi + done + + return ${cfg} +} + +# childif_destroy +# Destroy child interfaces. +# +childif_destroy() +{ + local cfg child child_vlans child_wlans ifn + cfg=1 + + child_wlans=`get_if_var $ifn wlans_IF` + for child in ${child_wlans}; do + if ! ifexists $child; then + continue + fi + ifconfig -n $child destroy && cfg=0 + done + + child_vlans=`get_if_var $ifn vlans_IF` + for child in ${child_vlans}; do + if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then + child="${ifn}.${child}" + fi + if ! ifexists $child; then + continue + fi + ifconfig -n $child destroy && cfg=0 + done + + return ${cfg} +} + +# ng_mkpeer +# Create netgraph nodes. +# +ng_mkpeer() +{ + ngctl -f - 2> /dev/null <<EOF +mkpeer $* +msg dummy nodeinfo +EOF +} + +# ng_create_one +# Create netgraph nodes. +# +ng_create_one() +{ + local t + + ng_mkpeer $* | while read line; do + t=`expr "${line}" : '.* name="\([a-z]*[0-9]*\)" .*'` + if [ -n "${t}" ]; then + echo ${t} + return + fi + done +} + +# gif_up +# Create gif(4) tunnel interfaces. +gif_up() +{ + local i peers + + for i in ${gif_interfaces}; do + peers=`get_if_var $i gifconfig_IF` + case ${peers} in + '') + continue + ;; + *) + if expr $i : 'gif[0-9][0-9]*$' >/dev/null 2>&1; then + ifconfig $i create >/dev/null 2>&1 + else + gif=`ifconfig gif create` + ifconfig $gif name $i + fi + ifconfig $i tunnel ${peers} + ifconfig $i up + ;; + esac + done +} + +# ng_fec_create ifn +# Configure Fast EtherChannel for interface $ifn. Returns 0 if +# FEC arguments were found and configured; returns !0 otherwise. +ng_fec_create() +{ + local req_iface iface bogus + req_iface="$1" + + ngctl shutdown ${req_iface}: > /dev/null 2>&1 + + bogus="" + while true; do + iface=`ng_create_one fec dummy fec` + if [ -z "${iface}" ]; then + exit 2 + fi + if [ "${iface}" = "${req_iface}" ]; then + break + fi + bogus="${bogus} ${iface}" + done + + for iface in ${bogus}; do + ngctl shutdown ${iface}: + done +} + +# fec_up +# Create Fast EtherChannel interfaces. +fec_up() +{ + local i j + + for i in ${fec_interfaces}; do + ng_fec_create $i + for j in `get_if_var $i fecconfig_IF`; do + case ${j} in + '') + continue + ;; + *) + ngctl msg ${i}: add_iface "\"${j}\"" + ;; + esac + done + done +} + +# ipx_up ifn +# Configure any IPX addresses for interface $ifn. Returns 0 if +# IPX arguments were found and configured; returns 1 otherwise. +# +ipx_up() +{ + local ifn + ifn="$1" + + # ifconfig_IF_ipx + ifconfig_args=`_ifconfig_getargs $ifn ipx` + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} + return 0 + fi + + return 1 +} + +# ipx_down ifn +# Remove IPX addresses for interface $ifn. Returns 0 if IPX +# addresses were found and unconfigured. It returns 1, otherwise. +# +ipx_down() +{ + local _if _ifs _ret ipxList oldifs _ipx + _if=$1 + _ifs="^" + _ret=1 + ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" + oldifs="$IFS" + + IFS="$_ifs" + for _ipx in $ipxList ; do + # get rid of extraneous line + [ -z "$_ipx" ] && break + + _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_ipx} delete + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + +# ifnet_rename +# Rename all requested interfaces. +# +ifnet_rename() +{ + local _if _ifname + + # ifconfig_IF_name + for _if in `ifconfig -l`; do + _ifname=`get_if_var $_if ifconfig_IF_name` + if [ ! -z "$_ifname" ]; then + ifconfig $_if name $_ifname + fi + done + + return 0 +} + +# list_net_interfaces type +# List all network interfaces. The type of interface returned +# can be controlled by the type argument. The type +# argument can be any of the following: +# nodhcp - all interfaces, excluding DHCP configured interfaces +# dhcp - list only DHCP configured interfaces +# noautoconf - all interfaces, excluding IPv6 Stateless +# Address Autoconf configured interfaces +# autoconf - list only IPv6 Stateless Address Autoconf +# configured interfaces +# If no argument is specified all network interfaces are output. +# Note that the list will include cloned interfaces if applicable. +# Cloned interfaces must already exist to have a chance to appear +# in the list if ${network_interfaces} is set to `auto'. +# +list_net_interfaces() +{ + local type _tmplist _list _autolist _lo _if + type=$1 + + # Get a list of ALL the interfaces and make lo0 first if it's there. + # + _tmplist= + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + _autolist="`ifconfig -l`" + _lo= + for _if in ${_autolist} ; do + if autoif $_if; then + if [ "$_if" = "lo0" ]; then + _lo="lo0 " + else + _tmplist="${_tmplist} ${_if}" + fi + fi + done + _tmplist="${_lo}${_tmplist# }" + ;; + *) + _tmplist="${network_interfaces} ${cloned_interfaces}" + + # lo0 is effectively mandatory, so help prevent foot-shooting + # + case "$_tmplist" in + lo0|'lo0 '*|*' lo0'|*' lo0 '*) ;; # This is fine, do nothing + *) _tmplist="lo0 ${_tmplist}" ;; + esac + ;; + esac + + _list= + case "$type" in + nodhcp) + for _if in ${_tmplist} ; do + if ! dhcpif $_if && \ + [ -n "`_ifconfig_getargs $_if`" ]; then + _list="${_list# } ${_if}" + fi + done + ;; + dhcp) + for _if in ${_tmplist} ; do + if dhcpif $_if; then + _list="${_list# } ${_if}" + fi + done + ;; + noautoconf) + for _if in ${_tmplist} ; do + if ! ipv6_autoconfif $_if && \ + [ -n "`_ifconfig_getargs $_if ipv6`" ]; then + _list="${_list# } ${_if}" + fi + done + ;; + autoconf) + for _if in ${_tmplist} ; do + if ipv6_autoconfif $_if; then + _list="${_list# } ${_if}" + fi + done + ;; + *) + _list=${_tmplist} + ;; + esac + + echo $_list + + return 0 +} + +# get_default_if -address_family +# Get the interface of the default route for the given address family. +# The -address_family argument must be suitable passing to route(8). +# +get_default_if() +{ + local routeget oldifs defif line + defif= + oldifs="$IFS" + IFS=" +" + for line in `route -n get $1 default 2>/dev/null`; do + case $line in + *interface:*) + defif=${line##*: } + ;; + esac + done + IFS=${oldifs} + + echo $defif +} + +# hexdigit arg +# Echo decimal number $arg (single digit) in hexadecimal format. +hexdigit() +{ + printf '%x\n' "$1" +} + +# hexprint arg +# Echo decimal number $arg (multiple digits) in hexadecimal format. +hexprint() +{ + printf '%x\n' "$1" +} + +is_wired_interface() +{ + local media + + case `ifconfig $1 2>/dev/null` in + *media:?Ethernet*) media=Ethernet ;; + esac + + test "$media" = "Ethernet" +} + +# network6_getladdr if [flag] +# Echo link-local address from $if if any. +# If flag is defined, tentative ones will be excluded. +network6_getladdr() +{ + local proto addr rest + ifconfig $1 2>/dev/null | while read proto addr rest; do + case ${proto} in + inet6) + case ${addr} in + fe80::*) + if [ -z "$2" ]; then + echo ${addr} + return + fi + case ${rest} in + *tentative*) + continue + ;; + *) + echo ${addr} + return + esac + esac + esac + done +} diff --git a/etc/networks b/etc/networks new file mode 100644 index 0000000..a6b15d4 --- /dev/null +++ b/etc/networks @@ -0,0 +1,17 @@ +# $FreeBSD$ +# @(#)networks 5.1 (Berkeley) 6/30/90 +# +# Your Local Networks Database +# +your-net 127 # your comment +your-netmask 255.255.255 # subnet mask for your-net + +# +# Your subnets +# +subnet1 127.0.1 alias1 # comment 1 +subnet2 127.0.2 alias2 # comment 2 + +# +# Internet networks (from nic.ddn.mil) +# diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf new file mode 100644 index 0000000..67aa117 --- /dev/null +++ b/etc/newsyslog.conf @@ -0,0 +1,38 @@ +# configuration file for newsyslog +# $FreeBSD$ +# +# Entries which do not specify the '/pid_file' field will cause the +# syslogd process to be signalled when that log file is rotated. This +# action is only appropriate for log files which are written to by the +# syslogd process (ie, files listed in /etc/syslog.conf). If there +# is no process which needs to be signalled when a given log file is +# rotated, then the entry for that file should include the 'N' flag. +# +# The 'flags' field is one or more of the letters: BCDGJNUXZ or a '-'. +# +# Note: some sites will want to select more restrictive protections than the +# defaults. In particular, it may be desirable to switch many of the 644 +# entries to 640 or 600. For example, some sites will consider the +# contents of maillog, messages, and lpd-errs to be confidential. In the +# future, these defaults may change to more conservative ones. +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 * JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 * JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC +/var/log/sendmail.st 640 10 * 168 B +/var/log/utx.log 644 3 * @01T05 B +/var/log/weekly.log 640 5 1 $W6D0 JN +/var/log/xferlog 600 7 100 * JC diff --git a/etc/nls.alias b/etc/nls.alias new file mode 100644 index 0000000..805c34a --- /dev/null +++ b/etc/nls.alias @@ -0,0 +1,4 @@ +# $FreeBSD$ + +POSIX C +en_US.US-ASCII C diff --git a/etc/nscd.conf b/etc/nscd.conf new file mode 100644 index 0000000..19a8b5b --- /dev/null +++ b/etc/nscd.conf @@ -0,0 +1,12 @@ +# +# Default caching daemon configuration file +# $FreeBSD$ +# + +enable-cache passwd yes +enable-cache group yes +enable-cache hosts yes +enable-cache services yes +enable-cache protocols yes +enable-cache rpc yes +enable-cache networks yes diff --git a/etc/nsmb.conf b/etc/nsmb.conf new file mode 100644 index 0000000..e5f2258 --- /dev/null +++ b/etc/nsmb.conf @@ -0,0 +1,56 @@ +# $FreeBSD$ +# +# smbfs lookups configuration files in next order: +# 1. ~/.nsmbrc +# 2. /etc/nsmb.conf - if this file found it will +# override values with same keys from user files. +# +# +# This file consist from a set of sections. Each section started by section name +# surrounded with square brackets: +# [section_name] +# +# End of the section marked either by new section or by the end of file. +# Each section can contain zero or more parameters: +# [section_name] +# key=value +# +# where 'key' represents parameter name and 'value' a value assigned +# to this parameter. +# +# SMB library uses next forms of section names (please note that the section +# name should be in upper case when it refers to server, user or share): +# A) [default] +# B) [SERVER] +# C) [SERVER:USER] +# D) [SERVER:USER:SHARE] +# +# Here is the map of possible keywords: +# +# keyword/section A B C D Comment +# +# addr - + - - IP or IPX address of SMB server +# charsets + + + + local:remote charset pair +# nbns + + - - address of NetBIOS name server (WINS) +# nbscope + + - - NetBIOS scope +# nbtimeout + + - - timeout for NetBIOS name servers +# password - - + + a plain text password used to access to the given share +# retry_count + + - - number of retries before connection marked as broken +# timeout + + - - SMB request timeout +# workgroup + + + + name of workgroup +# + +# A simple configuration example: + +# First, define a workgroup. +#[default] +#workgroup=SALES + +# The 'FSERVER' is an NT server. +#[FSERVER] +#charsets=koi8-r:cp866 +#addr=fserv.coolcorp.com + +#[FSERVER:JOE] +# use persistent password cache for user 'joe' +#password=$$1767877DF diff --git a/etc/nsswitch.conf b/etc/nsswitch.conf new file mode 100644 index 0000000..c95b9a4 --- /dev/null +++ b/etc/nsswitch.conf @@ -0,0 +1,15 @@ +# +# nsswitch.conf(5) - name service switch configuration file +# $FreeBSD$ +# +group: compat +group_compat: nis +hosts: files dns +networks: files +passwd: compat +passwd_compat: nis +shells: files +services: compat +services_compat: nis +protocols: files +rpc: files diff --git a/etc/ntp.conf b/etc/ntp.conf new file mode 100644 index 0000000..9f99a8d --- /dev/null +++ b/etc/ntp.conf @@ -0,0 +1,64 @@ +# +# $FreeBSD$ +# +# Default NTP servers for the FreeBSD operating system. +# +# Don't forget to enable ntpd in /etc/rc.conf with: +# ntpd_enable="YES" +# +# The driftfile is by default /var/db/ntpd.drift, check +# /etc/defaults/rc.conf on how to change the location. +# + +# +# The following three servers will give you a random set of three +# NTP servers geographically close to you. +# See http://www.pool.ntp.org/ for details. Note, the pool encourages +# users with a static IP and good upstream NTP servers to add a server +# to the pool. See http://www.pool.ntp.org/join.html if you are interested. +# +# The option `iburst' is used for faster initial synchronisation. +# The option `maxpoll 9' is used to prevent PLL/FLL flipping on FreeBSD. +# +server 0.freebsd.pool.ntp.org iburst maxpoll 9 +server 1.freebsd.pool.ntp.org iburst maxpoll 9 +server 2.freebsd.pool.ntp.org iburst maxpoll 9 +#server 3.freebsd.pool.ntp.org iburst maxpoll 9 + +# +# If you want to pick yourself which country's public NTP server +# you want sync against, comment out the above servers, uncomment +# the next ones and replace CC with the country's abbreviation. +# Make sure that the hostnames resolve to a proper IP address! +# +# server 0.CC.pool.ntp.org iburst maxpoll 9 +# server 1.CC.pool.ntp.org iburst maxpoll 9 +# server 2.CC.pool.ntp.org iburst maxpoll 9 + +# +# Security: Only accept NTP traffic from the following hosts. +# The following configuration example only accepts traffic from the +# above defined servers. +# +# Please note that this example doesn't work for the servers in +# the pool.ntp.org domain since they return multiple A records. +# (This is the reason that by default they are commented out) +# +#restrict default ignore +#restrict 0.pool.ntp.org nomodify nopeer noquery notrap +#restrict 1.pool.ntp.org nomodify nopeer noquery notrap +#restrict 2.pool.ntp.org nomodify nopeer noquery notrap +#restrict 127.0.0.1 +#restrict -6 ::1 +#restrict 127.127.1.0 + +# +# If a server loses sync with all upstream servers, NTP clients +# no longer follow that server. The local clock can be configured +# to provide a time source when this happens, but it should usually +# be configured on just one server on a network. For more details see +# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock +# The use of Orphan Mode may be preferable. +# +#server 127.127.1.0 +#fudge 127.127.1.0 stratum 10 diff --git a/etc/opieaccess b/etc/opieaccess new file mode 100644 index 0000000..ed57ef1 --- /dev/null +++ b/etc/opieaccess @@ -0,0 +1,13 @@ +# $FreeBSD$ +# +# This file controls whether UNIX passwords are to be permitted. Rules +# are matched in order, and the search terminates when the first matching +# rule has been found. Default action is "deny". See opieaccess(5) for +# more information. +# +# Each rule has the form: +# +# permit address netmask +# deny address netmask +# +#permit 127.0.0.1 255.255.255.255 diff --git a/etc/pam.d/Makefile b/etc/pam.d/Makefile new file mode 100644 index 0000000..f3795b3 --- /dev/null +++ b/etc/pam.d/Makefile @@ -0,0 +1,24 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= README \ + atrun \ + cron \ + ftpd \ + imap \ + kde \ + login \ + other \ + passwd pop3 \ + rsh \ + sshd su system \ + telnetd \ + xdm + +FILESDIR= /etc/pam.d +FILESMODE= 644 +FILESMODE_README= 444 +LINKS= ${FILESDIR}/ftpd ${FILESDIR}/ftp + +.include <bsd.prog.mk> diff --git a/etc/pam.d/README b/etc/pam.d/README new file mode 100644 index 0000000..7b8f958 --- /dev/null +++ b/etc/pam.d/README @@ -0,0 +1,62 @@ + +This directory contains configuration files for the Pluggable +Authentication Modules (PAM) library. + +Each file details the module chain for a single service, and must be +named after that service. If no configuration file is found for a +particular service, the /etc/pam.d/other is used instead. If that +file does not exist, /etc/pam.conf is searched for entries matching +the specified service or, failing that, the "other" service. + +See the pam(8) manual page for an explanation of the workings of the +PAM library and descriptions of the various files and modules. Below +is a summary of the format for the pam.conf and /etc/pam.d/* files. + +Configuration lines take the following form: + +module-type control-flag module-path arguments + +Comments are introduced with a hash mark ('#'). Blank lines and lines +consisting entirely of comments are ignored. + +The meanings of the different fields are as follows: + + module-type: + auth: prompt for a password to authenticate that the user is + who they say they are, and set any credentials. + account: non-authentication based authorization, based on time, + resources, etc. + session: housekeeping before and/or after login. + password: update authentication tokens. + + control-flag: How libpam handles success or failure of the module. + required: success is required; on failure all remaining + modules are run, but the request will be denied. + requisite: success is required, and on failure no remaining + modules are run. + sufficient: success is sufficient, and if no previous required + module failed, no remaining modules are run. + binding: success is sufficient; on failure all remaining + modules are run, but the request will be denied. + optional: ignored unless the other modules return PAM_IGNORE. + + arguments: Module-specific options, plus some generic ones: + debug: syslog debug info. + no_warn: return no warning messages to the application. + Remove this to feed back to the user the + reason(s) they are being rejected. + use_first_pass: try authentication using password from the + preceding auth module. + try_first_pass: first try authentication using password from + the preceding auth module, and if that fails + prompt for a new password. + use_mapped_pass: convert cleartext password to a crypto key. + expose_account: allow printing more info about the user when + prompting. + +Note that having a "sufficient" module as the last entry for a +particular service and module type may result in surprising behaviour. +To get the intended semantics, add a "required" entry listing the +pam_deny module at the end of the chain. + +$FreeBSD$ diff --git a/etc/pam.d/atrun b/etc/pam.d/atrun new file mode 100644 index 0000000..6829469 --- /dev/null +++ b/etc/pam.d/atrun @@ -0,0 +1,10 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "atrun" service +# + +# Note well: enabling pam_nologin for atrun will currently result +# in jobs discarded, not just delayed, during a no-login period. +#account required pam_nologin.so +account required pam_unix.so diff --git a/etc/pam.d/convert.pl b/etc/pam.d/convert.pl new file mode 100644 index 0000000..f4c0676 --- /dev/null +++ b/etc/pam.d/convert.pl @@ -0,0 +1,87 @@ +#!/usr/bin/perl -w +#- +# Copyright (c) 2001,2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +use strict; +use Fcntl; +use vars qw(%SERVICES); + +MAIN:{ + my $line; + my $service; + my $version; + my $type; + local *FILE; + + while (<>) { + chomp(); + s/\s*$//; + next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/; + $line = $1.$3; + $line .= "\t" x ((16 - length($line) + 7) / 8); + $line .= $4; + push(@{$SERVICES{$2}->{$3}}, $line); + } + + foreach $service (keys(%SERVICES)) { + $version = '$' . 'FreeBSD' . '$'; + if (sysopen(FILE, $service, O_RDONLY)) { + while (<FILE>) { + next unless (m/(\$[F]reeBSD.*?\$)/); + $version = $1; + last; + } + close(FILE); + } + sysopen(FILE, $service, O_RDWR|O_CREAT|O_TRUNC) + or die("$service: $!\n"); + print(FILE "#\n"); + print(FILE "# $version\n"); + print(FILE "#\n"); + print(FILE "# PAM configuration for the \"$service\" service\n"); + print(FILE "#\n"); + foreach $type (qw(auth account session password)) { + next unless exists($SERVICES{$service}->{$type}); + print(FILE "\n"); + print(FILE "# $type\n"); + print(FILE join("\n", @{$SERVICES{$service}->{$type}}, "")); + } + close(FILE); + warn("$service\n"); + } + + exit(0); +} diff --git a/etc/pam.d/cron b/etc/pam.d/cron new file mode 100644 index 0000000..55a3d10 --- /dev/null +++ b/etc/pam.d/cron @@ -0,0 +1,9 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "cron" service +# + +# account +account required pam_nologin.so +account required pam_unix.so diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd new file mode 100644 index 0000000..0d0b076 --- /dev/null +++ b/etc/pam.d/ftpd @@ -0,0 +1,20 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "ftpd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_unix.so + +# session +session required pam_permit.so diff --git a/etc/pam.d/imap b/etc/pam.d/imap new file mode 100644 index 0000000..2d5efd0 --- /dev/null +++ b/etc/pam.d/imap @@ -0,0 +1,14 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "imap" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_nologin.so +account required pam_unix.so diff --git a/etc/pam.d/kde b/etc/pam.d/kde new file mode 100644 index 0000000..f7d54f6 --- /dev/null +++ b/etc/pam.d/kde @@ -0,0 +1,19 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "kde" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so diff --git a/etc/pam.d/login b/etc/pam.d/login new file mode 100644 index 0000000..287036d --- /dev/null +++ b/etc/pam.d/login @@ -0,0 +1,20 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "login" service +# + +# auth +auth sufficient pam_self.so no_warn +auth include system + +# account +account requisite pam_securetty.so +account required pam_nologin.so +account include system + +# session +session include system + +# password +password include system diff --git a/etc/pam.d/other b/etc/pam.d/other new file mode 100644 index 0000000..110aa00 --- /dev/null +++ b/etc/pam.d/other @@ -0,0 +1,25 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "other" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +password required pam_permit.so diff --git a/etc/pam.d/passwd b/etc/pam.d/passwd new file mode 100644 index 0000000..e655083 --- /dev/null +++ b/etc/pam.d/passwd @@ -0,0 +1,11 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "passwd" service +# + +# passwd(1) does not use the auth, account or session services. + +# password +#password requisite pam_passwdqc.so enforce=users +password required pam_unix.so no_warn try_first_pass nullok diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3 new file mode 100644 index 0000000..c59e39b --- /dev/null +++ b/etc/pam.d/pop3 @@ -0,0 +1,14 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "pop3" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_nologin.so +account required pam_unix.so diff --git a/etc/pam.d/rsh b/etc/pam.d/rsh new file mode 100644 index 0000000..9e562e0 --- /dev/null +++ b/etc/pam.d/rsh @@ -0,0 +1,18 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "rsh" service +# + +# auth +auth required pam_rhosts.so no_warn + +# account +account required pam_nologin.so +account required pam_unix.so + +# session +session required pam_permit.so + +# password +password required pam_deny.so diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd new file mode 100644 index 0000000..b4707c0 --- /dev/null +++ b/etc/pam.d/sshd @@ -0,0 +1,26 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "sshd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_permit.so + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/su b/etc/pam.d/su new file mode 100644 index 0000000..88ce8b0 --- /dev/null +++ b/etc/pam.d/su @@ -0,0 +1,17 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "su" service +# + +# auth +auth sufficient pam_rootok.so no_warn +auth sufficient pam_self.so no_warn +auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser +auth include system + +# account +account include system + +# session +session required pam_permit.so diff --git a/etc/pam.d/system b/etc/pam.d/system new file mode 100644 index 0000000..b8b7101 --- /dev/null +++ b/etc/pam.d/system @@ -0,0 +1,25 @@ +# +# $FreeBSD$ +# +# System-wide defaults +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +# account +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/telnetd b/etc/pam.d/telnetd new file mode 100644 index 0000000..fb2f523 --- /dev/null +++ b/etc/pam.d/telnetd @@ -0,0 +1,26 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "telnetd" service +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/xdm b/etc/pam.d/xdm new file mode 100644 index 0000000..2a7db08 --- /dev/null +++ b/etc/pam.d/xdm @@ -0,0 +1,22 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "xdm" service +# + +# auth +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +account required pam_nologin.so +#account required pam_krb5.so +account required pam_unix.so + +# session +#session required pam_ssh.so want_agent +session required pam_lastlog.so no_fail + +# password +password required pam_deny.so diff --git a/etc/pccard_ether b/etc/pccard_ether new file mode 100755 index 0000000..841c1a0 --- /dev/null +++ b/etc/pccard_ether @@ -0,0 +1,126 @@ +#!/bin/sh - +# +# $FreeBSD$ +# +# pccard_ether interfacename [start|stop|restart] +# +# example: pccard_ether fxp0 start +# + +. /etc/rc.subr +. /etc/network.subr + +name="pccard_ether" +start_precmd="checkauto" +start_cmd="pccard_ether_start" +stop_precmd="checkauto" +stop_cmd="pccard_ether_stop" +restart_precmd="checkauto" +restart_cmd="pccard_ether_restart" + +setup_routes() +{ + # Add default route into $static_routes + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Add private route for this interface into $static_routes + eval ifx_routes=\$static_routes_${ifn} + if [ -n "${ifx_routes}" ]; then + static_routes="${ifx_routes} ${static_routes}" + fi + + # Set up any static routes if specified + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi +} + +remove_routes() +{ + # Delete static route if specified + eval ifx_routes=\$static_routes_${ifn} + if [ -n "${ifx_routes}" ]; then + for i in ${ifx_routes}; do + eval route_args=\$route_${i} + route delete ${route_args} + done + fi +} + +checkauto() +{ + if [ -z "$rc_force" ]; then + # Ignore interfaces with the NOAUTO keyword + autoif $ifn || exit 0 + fi +} + +pccard_ether_start() +{ + ifexists $ifn || exit 1 + + if [ -z "$rc_force" ]; then + for uif in `ifconfig -ul`; do + if [ "${uif}" = "${ifn}" ]; then + # Interface is already up, so ignore it. + exit 0 + fi + done + fi + + /etc/rc.d/netif quietstart $ifn + + # Do route configuration if needed. + # XXX: should probably do this by calling rc.d/routing. + if [ -n "`ifconfig_getargs $ifn`" ]; then + if ! dhcpif $ifn; then + setup_routes + fi + fi + + # XXX: IPv6 setup should be done in some way. +} + +pccard_ether_stop() +{ + if [ -n "`ifconfig_getargs $ifn`" ]; then + if ! dhcpif $ifn; then + remove_routes + fi + fi + + /etc/rc.d/netif quietstop $ifn + + # clean ARP table + ifexists $ifn && arp -d -i $ifn -a +} + +pccard_ether_restart() +{ + # Hand implemented because the default implementation runs + # the equivalent of "$0 start; $0 stop" and this script + # doesn't support that syntax + pccard_ether_stop + pccard_ether_start +} + +ifn=$1 +shift +if [ -z "$*" ]; then + args="start" +else + args=$* +fi + +load_rc_config pccard_ether +run_rc_command $args diff --git a/etc/periodic/Makefile b/etc/periodic/Makefile new file mode 100644 index 0000000..8fb56df --- /dev/null +++ b/etc/periodic/Makefile @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= daily security weekly monthly + +.include <bsd.subdir.mk> diff --git a/etc/periodic/Makefile.inc b/etc/periodic/Makefile.inc new file mode 100644 index 0000000..a05341c --- /dev/null +++ b/etc/periodic/Makefile.inc @@ -0,0 +1,5 @@ +# $FreeBSD$ + +BINDIR= /etc/periodic/${.CURDIR:T} +NO_OBJ= +FILESMODE= 755 diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks new file mode 100755 index 0000000..b4ebf30 --- /dev/null +++ b/etc/periodic/daily/100.clean-disks @@ -0,0 +1,55 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Remove garbage files more than $daily_clean_disks_days days old +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_disks_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_disks_days" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_days is not' + rc=2 + elif [ -z "$daily_clean_disks_files" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_files is not' + rc=2 + else + echo "" + echo "Cleaning disks:" + set -f noglob + args="-name "`echo "$daily_clean_disks_files" | + sed -e 's/^[ ]*//' \ + -e 's/[ ]*$//' \ + -e 's/[ ][ ]*/ -o -name /g'` + + case "$daily_clean_disks_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(find / \( ! -fstype local -o -fstype rdonly \) -prune -o \ + \( $args \) -atime +$daily_clean_disks_days \ + -execdir rm -df {} \; $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + set -f glob + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps new file mode 100755 index 0000000..eef3bc6 --- /dev/null +++ b/etc/periodic/daily/110.clean-tmps @@ -0,0 +1,60 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Perform temporary directory cleaning so that long-lived systems +# don't end up with excessively old files there. +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_tmps_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_tmps_days" ] + then + echo '$daily_clean_tmps_enable is set but' \ + '$daily_clean_tmps_days is not' + rc=2 + else + echo "" + echo "Removing old temporary files:" + + set -f noglob + args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days" + args="${args} -ctime +$daily_clean_tmps_days" + dargs="-empty -mtime +$daily_clean_tmps_days" + [ -n "$daily_clean_tmps_ignore" ] && { + args="$args "`echo " ${daily_clean_tmps_ignore% }" | + sed 's/[ ][ ]*/ ! -name /g'` + dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" | + sed 's/[ ][ ]*/ ! -name /g'` + } + case "$daily_clean_tmps_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(for dir in $daily_clean_tmps_dirs + do + [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { + find -d . -type f $args -delete $print + find -d . ! -name . -type d $dargs -delete $print + } | sed "s,^\\., $dir," + done | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + set -f glob + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve new file mode 100755 index 0000000..d5b34a1 --- /dev/null +++ b/etc/periodic/daily/120.clean-preserve @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Remove stale files in /var/preserve +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_preserve_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_preserve_days" ] + then + echo '$daily_clean_preserve_enable is set but' \ + '$daily_clean_preserve_days is not' + rc=2 + elif [ ! -d /var/preserve ] + then + echo '$daily_clean_preserve_enable is set but /var/preserve' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Removing stale files from /var/preserve:" + + if cd /var/preserve + then + case "$daily_clean_preserve_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs new file mode 100755 index 0000000..b7890db --- /dev/null +++ b/etc/periodic/daily/130.clean-msgs @@ -0,0 +1,35 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Remove system messages +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_msgs_enable" in + [Yy][Ee][Ss]) + if [ ! -d /var/msgs ] + then + echo '$daily_clean_msgs_enable is set but /var/msgs' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Cleaning out old system announcements:" + + [ -n "$daily_clean_msgs_days" ] && + arg=-${daily_clean_msgs_days#-} || arg= + msgs -c $arg && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho new file mode 100755 index 0000000..9645d7e --- /dev/null +++ b/etc/periodic/daily/140.clean-rwho @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Remove stale files in /var/rwho +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_rwho_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_rwho_days" ] + then + echo '$daily_clean_rwho_enable is enabled but' \ + '$daily_clean_rwho_days is not set' + rc=2 + elif [ ! -d /var/rwho ] + then + echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Removing stale files from /var/rwho:" + + case "$daily_clean_rwho_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + if cd /var/rwho + then + rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat new file mode 100755 index 0000000..460d1a2 --- /dev/null +++ b/etc/periodic/daily/150.clean-hoststat @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Remove stale persistent host status files +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ]; then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_hoststat_enable" in + [Yy][Ee][Ss]) + if [ -z "$(hoststat 2>&1)" ]; then + rc=2 + else + echo "" + echo "Removing stale entries from sendmail host status cache:" + rc=0 + purgestat || rc=1 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd new file mode 100755 index 0000000..5c585af --- /dev/null +++ b/etc/periodic/daily/200.backup-passwd @@ -0,0 +1,77 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_backup_passwd_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/master.passwd ] + then + echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/group ] + then + echo '$daily_backup_passwd_enable" is set but /etc/group' \ + "doesn't exist" + rc=2 + else + bak=/var/backups + rc=0 + + echo "" + echo "Backup passwd and group files:" + + if [ ! -f $bak/master.passwd.bak ] + then + rc=1 + echo "no $bak/master.passwd.bak" + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 + fi + + if ! cmp -s $bak/master.passwd.bak /etc/master.passwd + then + [ $rc -lt 1 ] && rc=1 + echo "$host passwd diffs:" + diff -I '^#' $bak/master.passwd.bak /etc/master.passwd |\ + sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' + mv $bak/master.passwd.bak $bak/master.passwd.bak2 + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 + fi + + if [ ! -f $bak/group.bak ] + then + [ $rc -lt 1 ] && rc=1 + echo "no $bak/group.bak" + cp -p /etc/group $bak/group.bak || rc=3 + fi + + if ! cmp -s $bak/group.bak /etc/group + then + [ $rc -lt 1 ] && rc=1 + echo "$host group diffs:" + diff $bak/group.bak /etc/group + mv $bak/group.bak $bak/group.bak2 + cp -p /etc/group $bak/group.bak || rc=3 + fi + + if [ -f /etc/group ] + then + echo "" + echo "Verifying group file syntax:" + chkgrp /etc/group || rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases new file mode 100755 index 0000000..fe17038 --- /dev/null +++ b/etc/periodic/daily/210.backup-aliases @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_backup_aliases_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/mail/aliases ] + then + echo '$daily_backup_aliases_enable is enabled but' \ + "/etc/mail/aliases doesn't exist" + rc=2 + else + bak=/var/backups + rc=0 + + echo "" + echo "Backing up mail aliases:" + + if [ ! -f $bak/aliases.bak ] + then + echo "no $bak/aliases.bak" + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 + fi + + if ! cmp -s $bak/aliases.bak /etc/mail/aliases + then + [ $rc -lt 1 ] && rc=1 + echo "$host aliases diffs:" + diff -u $bak/aliases.bak /etc/mail/aliases + mv $bak/aliases.bak $bak/aliases.bak2 + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/220.backup-pkgdb b/etc/periodic/daily/220.backup-pkgdb new file mode 100755 index 0000000..82bf0b3 --- /dev/null +++ b/etc/periodic/daily/220.backup-pkgdb @@ -0,0 +1,51 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 + +case "$daily_backup_pkgdb_enable" in + [Yy][Ee][Ss]) + bak="${daily_backup_pkgdb_dir:-/var/backups}" + bak_file="${bak}/pkgdb.bak.tbz" + + pkg_dbdir=`make -f/usr/share/mk/bsd.port.mk -V PKG_DBDIR 2>/dev/null` || + pkg_dbdir=/var/db/pkg + + if [ ! -d "$bak" ] + then + install -d -o root -g wheel -m 750 $bak || { + echo '$daily_backup_pkgdb_enable is enabled but' \ + "$daily_backup_pkgdb_dir doesn't exist" ; + exit 2 ; } + fi + + echo '' + echo 'Backing up package db directory:' + + new_bak_file=`mktemp ${bak_file}-XXXXX` + + if tar -cjHf "${new_bak_file}" "$pkg_dbdir" 2>/dev/null; then + chmod 644 "${new_bak_file}" + + if [ -e "${bak_file}.2" -a -e "${bak_file}" ]; then + unlink "${bak_file}.2" + mv "${bak_file}" "${bak_file}.2" + fi + [ -e "${bak_file}" ] && mv "${bak_file}" "${bak_file}.2" + mv "${new_bak_file}" "${bak_file}" + else + rc=3 + fi ;; +esac + +exit $rc diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar new file mode 100755 index 0000000..cc12097 --- /dev/null +++ b/etc/periodic/daily/300.calendar @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# `calendar -a' needs to die. Why? Because it's a bad idea, particular +# with networked home directories, but also in general. If you want the +# output of `calendar' mailed to you, set up a cron job to do it, +# or run it from your ~/.profile or ~/.login. +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_calendar_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Running calendar:" + + calendar -a && rc=0 || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting new file mode 100755 index 0000000..d11745d --- /dev/null +++ b/etc/periodic/daily/310.accounting @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_accounting_enable" in + [Yy][Ee][Ss]) + if [ ! -f /var/account/acct ] + then + echo '$daily_accounting_enable is set but /var/account/acct' \ + "doesn't exist" + rc=2 + elif [ -z "$daily_accounting_save" ] + then + echo '$daily_accounting_enable is set but ' \ + '$daily_accounting_save is not' + rc=2 + else + echo "" + echo "Rotating accounting logs and gathering statistics:" + + cd /var/account + rc=0 + + n=$(( $daily_accounting_save - 1 )) + for f in acct.*; do + case "$f" in acct.\*) continue ;; esac # No files match + m=${f%.gz} ; m=${m#acct.} + [ $m -ge $n ] && { rm $f || rc=3; } + done + + m=$n + n=$(($n - 1)) + while [ $n -ge 0 ] + do + [ -f acct.$n.gz ] && { mv -f acct.$n.gz acct.$m.gz || rc=3; } + [ -f acct.$n ] && { mv -f acct.$n acct.$m || rc=3; } + m=$n + n=$(($n - 1)) + done + + /etc/rc.d/accounting rotate_log || rc=3 + + rm -f acct.merge && cp acct.0 acct.merge || rc=3 + sa -s $daily_accounting_flags /var/account/acct.merge || rc=3 + rm acct.merge + + case "$daily_accounting_compress" in + [Yy][Ee][Ss]) + gzip -f acct.0 || rc=3;; + esac + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news new file mode 100755 index 0000000..ec06437 --- /dev/null +++ b/etc/periodic/daily/330.news @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Expire news articles +# (This is present only for backwards compatibility, usually the news +# system handles this on its own). + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_news_expire_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/news.expire ] + then + echo '$daily_news_expire_enable is set but /etc/news.expire' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Running news.expire:" + + /etc/news.expire && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks new file mode 100755 index 0000000..dc525a5 --- /dev/null +++ b/etc/periodic/daily/400.status-disks @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_disks_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Disk status:" + + df $daily_status_disks_df_flags && rc=1 || rc=3 + + # display which filesystems need backing up + if ! [ -f /etc/fstab ]; then + export PATH_FSTAB=/dev/null + fi + + echo "" + dump W || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/404.status-zfs b/etc/periodic/daily/404.status-zfs new file mode 100755 index 0000000..81cc3e4 --- /dev/null +++ b/etc/periodic/daily/404.status-zfs @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_zfs_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking status of zfs pools:' + + out=`zpool status -x` + echo "$out" + # zpool status -x always exits with 0, so we have to interpret its + # output to see what's going on. + if [ "$out" = "all pools are healthy" \ + -o "$out" = "no pools available" ]; then + rc=0 + else + rc=1 + fi + ;; + + *) + rc=0 + ;; +esac + +exit $rc diff --git a/etc/periodic/daily/405.status-ata-raid b/etc/periodic/daily/405.status-ata-raid new file mode 100755 index 0000000..f217839 --- /dev/null +++ b/etc/periodic/daily/405.status-ata-raid @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_ata_raid_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking status of ATA raid partitions:' + + rc=0 + for raid in `find /dev/ -name 'ar[0-9]*' -type c | egrep '[0-9]$' \ + | egrep -v 's[0-9]' | cut -d / -f 3` + do + status=`/sbin/atacontrol status $raid` + echo $status + raid_rc=`echo $status | grep -v READY | wc -l` + [ $rc -eq 0 ] && [ $raid_rc -gt 0 ] && rc=3 + done + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/406.status-gmirror b/etc/periodic/daily/406.status-gmirror new file mode 100755 index 0000000..8fc698c --- /dev/null +++ b/etc/periodic/daily/406.status-gmirror @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_gmirror_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking status of gmirror(8) devices:' + + if gmirror status; then + components="$(gmirror status -s | fgrep -v COMPLETE)" + if [ "${components}" ]; then + rc=3 + else + rc=0 + fi + else + rc=2 + fi + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/407.status-graid3 b/etc/periodic/daily/407.status-graid3 new file mode 100755 index 0000000..52750f7 --- /dev/null +++ b/etc/periodic/daily/407.status-graid3 @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_graid3_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking status of graid3(8) devices:' + + if graid3 status; then + components="$(graid3 status -s | fgrep -v COMPLETE)" + if [ "${components}" ]; then + rc=3 + else + rc=0 + fi + else + rc=2 + fi + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/408.status-gstripe b/etc/periodic/daily/408.status-gstripe new file mode 100755 index 0000000..ff74f76 --- /dev/null +++ b/etc/periodic/daily/408.status-gstripe @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_gstripe_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking status of gstripe(8) devices:' + + if gstripe status; then + components="$(gstripe status -s | fgrep -v UP)" + if [ "${components}" ]; then + rc=3 + else + rc=0 + fi + else + rc=2 + fi + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/409.status-gconcat b/etc/periodic/daily/409.status-gconcat new file mode 100755 index 0000000..7dfa918 --- /dev/null +++ b/etc/periodic/daily/409.status-gconcat @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_gconcat_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking status of gconcat(8) devices:' + + if gconcat status; then + components="$(gconcat status -s | fgrep -v UP)" + if [ "${components}" ]; then + rc=3 + else + rc=0 + fi + else + rc=2 + fi + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network new file mode 100755 index 0000000..8399cf7 --- /dev/null +++ b/etc/periodic/daily/420.status-network @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_network_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Network interface status:" + + case "$daily_status_network_usedns" in + [Yy][Ee][Ss]) + netstat -i && rc=0 || rc=3;; + *) + netstat -in && rc=0 || rc=3;; + esac;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho new file mode 100755 index 0000000..4476136 --- /dev/null +++ b/etc/periodic/daily/430.status-rwho @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_rwho_enable" in + [Yy][Ee][Ss]) + rwho=$(echo /var/rwho/*) + if [ -f "${rwho%% *}" ] + then + echo "" + echo "Local network system status:" + prog=ruptime + else + echo "" + echo "Local system status:" + prog=uptime + fi + rc=$($prog | tee /dev/stderr | wc -l) + if [ $? -eq 0 ] + then + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq new file mode 100755 index 0000000..d17fe4e --- /dev/null +++ b/etc/periodic/daily/440.status-mailq @@ -0,0 +1,66 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_mailq_enable" in + [Yy][Ee][Ss]) + if [ ! -x /usr/bin/mailq ] + then + echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + "isn't executable" + rc=2 + else + echo "" + echo "Mail in local queue:" + + rc=$(case "$daily_status_mailq_shorten" in + [Yy][Ee][Ss]) + mailq | + egrep -e '^[[:space:]]+[^[:space:]]+@' | + sort | + uniq -c | + sort -nr | + awk '$1 >= 1 {print $1, $2}';; + *) + mailq;; + esac | tee /dev/stderr | + egrep -v '(mqueue is empty|Total requests)' | wc -l) + [ $rc -gt 0 ] && rc=1 || rc=0 + + case "$daily_status_include_submit_mailq" in + [Yy][Ee][Ss]) + if [ -f /etc/mail/submit.cf ] + then + echo "" + echo "Mail in submit queue:" + + rc_submit=$(case "$daily_status_mailq_shorten" in + [Yy][Ee][Ss]) + mailq -Ac | + egrep -e '^[[:space:]]+[^[:space:]]+@' | + sort | + uniq -c | + sort -nr | + awk '$1 >= 1 {print $1, $2}';; + *) + mailq -Ac;; + esac | tee /dev/stderr | + egrep -v '(mqueue is empty|Total requests)' | wc -l) + [ $rc_submit -gt 0 ] && rc=1 + fi;; + esac + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security new file mode 100755 index 0000000..362bf3d --- /dev/null +++ b/etc/periodic/daily/450.status-security @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_security_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Security check:" + + case "$daily_status_security_inline" in + [Yy][Ee][Ss]) + export security_output="";; + *) + export security_output="${daily_status_security_output}" + case "${daily_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; + *) + echo " (output mailed separately)" + rc=0;; + esac;; + esac + + periodic security || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects new file mode 100755 index 0000000..ce63364 --- /dev/null +++ b/etc/periodic/daily/460.status-mail-rejects @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_mail_rejects_shorten" in +[Yy][Ee][Ss]) shorten='cut -d" " -f2,3';; +*) shorten=cat;; +esac + +case "$daily_status_mail_rejects_enable" in + [Yy][Ee][Ss]) + if [ ! -d /etc/mail ] + then + echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + "doesn't exist" + rc=2 + elif [ ! -f /var/log/maillog ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + "/var/log/maillog doesn't exist" + rc=2 + elif [ "$daily_status_mail_rejects_logs" -le 0 ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + '$daily_status_mail_rejects_logs is not greater than zero' + rc=2 + else + echo + echo Checking for rejected mail hosts: + + yesterday=$(date -v-1d '+%b %e') + today=$(date '+%b %e') + n=$(($daily_status_mail_rejects_logs - 2)) + rc=$({ + while [ $n -ge 0 ] + do + if [ -f /var/log/maillog.$n ] + then + cat /var/log/maillog.$n + elif [ -f /var/log/maillog.$n.gz ] + then + zcat -fc /var/log/maillog.$n.gz + elif [ -f /var/log/maillog.$n.bz2 ] + then + bzcat -fc /var/log/maillog.$n.bz2 + fi + n=$(($n - 1)) + done + cat /var/log/maillog + } | sed -Ene "/^$today/q" -e "/^$yesterday/{"' + s/.*ruleset=check_relay,.* relay=([^,]+), reject=([^ ]*).*/\2 check_relay \1/p + t end + s/.*ruleset=check_rcpt,.* arg1=<?([^>,]+).* reject=([^ ]+) .* ([^ ]+)/\2 check_rcpt \1 \3/p + t end + s/.*ruleset=check_([^,]+),.* arg1=<?([^@]+@)?([^>,]+).* reject=([^ ]+) .* ([^ ]+)/\4 check_\1 \3 \5/p + :end + }' | eval $shorten | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/470.status-named b/etc/periodic/daily/470.status-named new file mode 100755 index 0000000..987029e --- /dev/null +++ b/etc/periodic/daily/470.status-named @@ -0,0 +1,62 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +catmsgs() { + find /var/log -name 'messages.*' -mtime -2 | + sort -t. -r -n -k 2,2 | + while read f + do + case $f in + *.gz) zcat -f $f;; + *.bz2) bzcat -f $f;; + esac + done + [ -f /var/log/messages ] && cat /var/log/messages +} + +case "$daily_status_named_enable" in + [Yy][Ee][Ss]) + echo + echo 'Checking for denied zone transfers (AXFR and IXFR):' + + start=`date -v-1d '+%b %e'` + rc=$(catmsgs | + fgrep -E "^$start.*named\[[[:digit:]]+\]: transfer of .*failed .*: REFUSED" | + sed -e "s/.*transfer of \'\(.*\)\/IN\' from \(.*\)#[0-9]*: .*/\1 from \2/" | + sort -f | uniq -ic | ( + usedns=0 + case "$daily_status_named_usedns" in + '') ;; + [yY][eE][sS]) usedns=1 ;; + esac + + while read line ;do + ipaddr=`echo "$line" | sed -e 's/^.*from //'` + if [ $usedns -eq 1 ]; then + name=`host "${ipaddr}" 2>/dev/null | \ + sed 's/.*domain name pointer \(.*\)\./\1/'` + fi + if [ -n "${name}" ]; then + echo "${line} (${name})" + else + echo "${line}" + fi + done ) | \ + tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/480.status-ntpd b/etc/periodic/daily/480.status-ntpd new file mode 100755 index 0000000..1eb8011 --- /dev/null +++ b/etc/periodic/daily/480.status-ntpd @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 + +case "$daily_status_ntpd_enable" in + [Yy][Ee][Ss]) + echo "" + echo "NTP status:" + + synchronized=$(ntpq -p | tee /dev/stderr | grep '^\*') + if [ -z "$synchronized" ]; then + rc=1 + fi + ;; +esac + +exit $rc diff --git a/etc/periodic/daily/490.status-pkg-changes b/etc/periodic/daily/490.status-pkg-changes new file mode 100755 index 0000000..60e3e8c --- /dev/null +++ b/etc/periodic/daily/490.status-pkg-changes @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ]; then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_pkg_changes_enable" in + [Yy][Ee][Ss]) + if [ ! -f /usr/sbin/pkg_info ]; then + echo '$daily_status_pkg_changes_enable is enabled but' \ + "/usr/sbin/pkg_info doesn't exist" + rc=2 + else + bak=/var/backups + rc=0 + + if [ -f $bak/pkg_info.bak ]; then + mv -f $bak/pkg_info.bak $bak/pkg_info.bak2 + fi + /usr/sbin/pkg_info > $bak/pkg_info.bak + + cmp -sz $bak/pkg_info.bak $bak/pkg_info.bak2 + if [ $? -eq 1 ]; then + echo "" + echo "Changes in installed packages:" + diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \ + | grep '^[-+][^-+]' | sort -k 1.2 + fi + fi + ;; + + *) + rc=0 + ;; +esac + +exit $rc diff --git a/etc/periodic/daily/500.queuerun b/etc/periodic/daily/500.queuerun new file mode 100755 index 0000000..f46c246 --- /dev/null +++ b/etc/periodic/daily/500.queuerun @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_queuerun_enable" in + [Yy][Ee][Ss]) + if [ ! -x /usr/sbin/sendmail ] + then + echo '$daily_queuerun_enable is set but /usr/sbin/sendmail' \ + "isn't executable" + rc=2 + else + /usr/sbin/sendmail -q >/dev/null 2>&1 & + case "$daily_submit_queuerun" in + [Yy][Ee][Ss]) + if [ -f /etc/mail/submit.cf ] + then + /usr/sbin/sendmail -q -Ac >/dev/null 2>&1 & + fi;; + esac + rc=0 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/daily/800.scrub-zfs b/etc/periodic/daily/800.scrub-zfs new file mode 100755 index 0000000..ee0e52a --- /dev/null +++ b/etc/periodic/daily/800.scrub-zfs @@ -0,0 +1,98 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# + +newline=" +" # A single newline + +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +: ${daily_scrub_zfs_default_threshold=35} + +case "$daily_scrub_zfs_enable" in + [Yy][Ee][Ss]) + echo + echo 'Scrubbing of zfs pools:' + + if [ -z "${daily_scrub_zfs_pools}" ]; then + daily_scrub_zfs_pools="$(zpool list -H -o name)" + fi + + rc=0 + for pool in ${daily_scrub_zfs_pools}; do + # sanity check + _status=$(zpool list "${pool}" 2> /dev/null) + if [ $? -ne 0 ]; then + rc=2 + echo " WARNING: pool '${pool}' specified in" + echo " '/etc/periodic.conf:daily_scrub_zfs_pools'" + echo " does not exist" + continue + fi + _status=${_status##*$newline} + case ${_status} in + *FAULTED*) + rc=3 + echo "Skipping faulted pool: ${pool}" + continue ;; + esac + + # determine how many days shall be between scrubs + eval _pool_threshold=\${daily_scrub_zfs_$(echo "${pool}"|tr ".:-" "_")_threshold} + if [ -z "${_pool_threshold}" ];then + _pool_threshold=${daily_scrub_zfs_default_threshold} + fi + + _last_scrub=$(zpool history ${pool} | \ + egrep "^[0-9\.\:\-]{19} zpool scrub ${pool}\$" | tail -1 |\ + cut -d ' ' -f 1) + if [ -z "${_last_scrub}" ]; then + # creation time of the pool if no scrub was done + _last_scrub=$(zpool history ${pool} | \ + sed -ne '2s/ .*$//p') + fi + + # Now minus last scrub (both in seconds) converted to days. + _scrub_diff=$(expr -e \( $(date +%s) - \ + $(date -j -f %F.%T ${_last_scrub} +%s) \) / 60 / 60 / 24) + if [ ${_scrub_diff} -lt ${_pool_threshold} ]; then + echo " skipping scrubbing of pool '${pool}':" + echo " last scrubbing is ${_scrub_diff} days ago, threshold is set to ${_pool_threshold} days" + continue + fi + + _status="$(zpool status ${pool} | grep scrub:)" + case "${_status}" in + *"scrub in progress"*) + echo " scrubbing of pool '${pool}' already in progress, skipping:" + ;; + *"none requested"*) + echo " starting first scrub (since reboot) of pool '${pool}':" + zpool scrub ${pool} + [ $rc -eq 0 ] && rc=1 + ;; + *) + echo " starting scrub of pool '${pool}':" + zpool scrub ${pool} + [ $rc -eq 0 ] && rc=1 + ;; + esac + + echo " consult 'zpool status ${pool}' for the result" + done + ;; + + *) + rc=0 + ;; +esac + +exit $rc diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local new file mode 100755 index 0000000..3173475 --- /dev/null +++ b/etc/periodic/daily/999.local @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Run the old /etc/daily.local script. This is really for backwards +# compatibility more than anything else. +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 +for script in $daily_local +do + echo '' + case "$script" in + /*) + if [ -f "$script" ] + then + echo "Running $script:" + + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 + fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; + esac +done + +exit $rc diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile new file mode 100644 index 0000000..b324f70 --- /dev/null +++ b/etc/periodic/daily/Makefile @@ -0,0 +1,65 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= 100.clean-disks \ + 110.clean-tmps \ + 120.clean-preserve \ + 200.backup-passwd \ + 220.backup-pkgdb \ + 330.news \ + 400.status-disks \ + 405.status-ata-raid \ + 406.status-gmirror \ + 407.status-graid3 \ + 408.status-gstripe \ + 409.status-gconcat \ + 420.status-network \ + 450.status-security \ + 999.local + +# NB: keep these sorted by MK_* knobs + +.if ${MK_ACCT} != "no" +FILES+= 310.accounting +.endif + +.if ${MK_BIND_NAMED} != "no" +FILES+= 470.status-named +.endif + +.if ${MK_CALENDAR} != "no" +FILES+= 300.calendar +.endif + +.if ${MK_MAIL} != "no" +FILES+= 130.clean-msgs +.endif + +.if ${MK_NTP} != "no" +FILES+= 480.status-ntpd +.endif + +.if ${MK_PKGTOOLS} != "no" +FILES+= 490.status-pkg-changes +.endif + +.if ${MK_RCMDS} != "no" +FILES+= 140.clean-rwho \ + 430.status-rwho +.endif + +.if ${MK_SENDMAIL} != "no" +FILES+= 150.clean-hoststat \ + 210.backup-aliases \ + 440.status-mailq \ + 460.status-mail-rejects \ + 500.queuerun +.endif + +.if ${MK_ZFS} != "no" +FILES+= 404.status-zfs \ + 800.scrub-zfs +.endif + +.include <bsd.prog.mk> diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting new file mode 100755 index 0000000..46f153d --- /dev/null +++ b/etc/periodic/monthly/200.accounting @@ -0,0 +1,51 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +oldmask=$(umask) +umask 066 +case "$monthly_accounting_enable" in + [Yy][Ee][Ss]) + W=/var/log/utx.log + rc=0 + remove=NO + if [ ! -f $W.0 ] + then + if [ -f $W.0.gz ] + then + remove=YES + zcat $W.0.gz > $W.0 || rc=1 + elif [ -f $W.0.bz2 ] + then + remove=YES + bzcat $W.0.bz2 > $W.0 || rc=1 + else + echo '$monthly_accounting_enable is set but' \ + "$W.0 doesn't exist" + rc=2 + fi + fi + if [ $rc -eq 0 ] + then + echo "" + echo "Doing login accounting:" + + rc=$(ac -p -w $W.0 | sort -nr -k 2 | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 + fi + [ $remove = YES ] && rm -f $W.0;; + + *) rc=0;; +esac + +umask $oldmask +exit $rc diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local new file mode 100755 index 0000000..4e7c2b9 --- /dev/null +++ b/etc/periodic/monthly/999.local @@ -0,0 +1,35 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 +for script in $monthly_local +do + echo '' + case "$script" in + /*) + if [ -f "$script" ] + then + echo "Running $script:" + + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 + fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; + esac +done + +exit $rc diff --git a/etc/periodic/monthly/Makefile b/etc/periodic/monthly/Makefile new file mode 100644 index 0000000..77c1d66 --- /dev/null +++ b/etc/periodic/monthly/Makefile @@ -0,0 +1,13 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= 999.local + +# NB: keep these sorted by MK_* knobs + +.if ${MK_UTMPX} != "no" +FILES+= 200.accounting +.endif + +.include <bsd.prog.mk> diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid new file mode 100755 index 0000000..5b93b20 --- /dev/null +++ b/etc/periodic/security/100.chksetuid @@ -0,0 +1,58 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +case "$daily_status_security_chksetuid_enable" in + [Yy][Ee][Ss]) + echo "" + echo 'Checking setuid files and devices:' + MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` + find -sx $MP /dev/null -type f \ + \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ + \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | + check_diff setuid - "${host} setuid diffs:" + rc=$? + ;; + *) + rc=0 + ;; +esac + +exit $rc diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm new file mode 100755 index 0000000..68d1e7b --- /dev/null +++ b/etc/periodic/security/110.neggrpperm @@ -0,0 +1,54 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 + +case "$daily_status_security_neggrpperm_enable" in + [Yy][Ee][Ss]) + echo "" + echo 'Checking negative group permissions:' + MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` + n=$(find -sx $MP /dev/null -type f \ + \( \( ! -perm +010 -and -perm +001 \) -or \ + \( ! -perm +020 -and -perm +002 \) -or \ + \( ! -perm +040 -and -perm +004 \) \) \ + -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l) + [ $n -gt 0 ] && rc=1 || rc=0 + ;; +esac + +exit $rc diff --git a/etc/periodic/security/200.chkmounts b/etc/periodic/security/200.chkmounts new file mode 100755 index 0000000..17b114e --- /dev/null +++ b/etc/periodic/security/200.chkmounts @@ -0,0 +1,62 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Show changes in the way filesystems are mounted +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +ignore="${daily_status_security_chkmounts_ignore}" +rc=0 + +case "$daily_status_security_chkmounts_enable" in + [Yy][Ee][Ss]) + case "$daily_status_security_noamd" in + [Yy][Ee][Ss]) + ignore="${ignore}|^amd:" + esac + [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat + if ! [ -f /etc/fstab ]; then + export PATH_FSTAB=/dev/null + fi + mount -p | sort | ${cmd} | + check_diff mount - "${host} changes in mounted filesystems:" + rc=$?;; + *) rc=0;; +esac + +exit "$rc" diff --git a/etc/periodic/security/300.chkuid0 b/etc/periodic/security/300.chkuid0 new file mode 100755 index 0000000..32cc16c --- /dev/null +++ b/etc/periodic/security/300.chkuid0 @@ -0,0 +1,51 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_security_chkuid0_enable" in + [Yy][Ee][Ss]) + echo "" + echo 'Checking for uids of 0:' + n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd | + tee /dev/stderr | + sed -e '/^root 0$/d' -e '/^toor 0$/d' | + wc -l) + [ $n -gt 0 ] && rc=1 || rc=0;; + *) rc=0;; +esac + +exit "$rc" diff --git a/etc/periodic/security/400.passwdless b/etc/periodic/security/400.passwdless new file mode 100755 index 0000000..42ece04 --- /dev/null +++ b/etc/periodic/security/400.passwdless @@ -0,0 +1,48 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_security_passwdless_enable" in + [Yy][Ee][Ss]) + echo "" + echo 'Checking for passwordless accounts:' + n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | + tee /dev/stderr | wc -l) + [ $n -gt 0 ] && rc=1 || rc=0;; + *) rc=0;; +esac + +exit "$rc" diff --git a/etc/periodic/security/410.logincheck b/etc/periodic/security/410.logincheck new file mode 100755 index 0000000..f6cf405 --- /dev/null +++ b/etc/periodic/security/410.logincheck @@ -0,0 +1,52 @@ +#!/bin/sh - +# +# Copyright (c) 2006 Tom Rhodes +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_security_logincheck_enable" in + [Yy][Ee][Ss]) + echo "" + echo 'Checking login.conf permissions:' + if [ -G /etc/login.conf -a -O /etc/login.conf ]; then + n=0 + else + echo "Bad ownership of /etc/login.conf" + n=1 + fi + [ $n -gt 0 ] && rc=1 || rc=0;; + *) rc=0;; +esac + +exit "$rc" diff --git a/etc/periodic/security/460.chkportsum b/etc/periodic/security/460.chkportsum new file mode 100755 index 0000000..3a39c84 --- /dev/null +++ b/etc/periodic/security/460.chkportsum @@ -0,0 +1,68 @@ +#!/bin/sh - +# +# Copyright (c) 2010 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +echo "" +echo 'Checking for ports with mismatched checksums:' + +case "${daily_status_security_chkportsum_enable}" in + [Yy][Ee][Ss]) + set -f + pkg_info -ga 2>/dev/null | \ + while IFS= read -r line; do + set -- $line + case $1 in + Information) + case $2 in + for) name="${3%%:}" ;; + *) name='??' ;; + esac + ;; + Mismatched|'') ;; + *) [ -n "${name}" ] && + echo "${name}: ${line%% fails the original MD5 checksum}" + ;; + esac + done + ;; + *) + rc=0 + ;; +esac + +exit $rc diff --git a/etc/periodic/security/500.ipfwdenied b/etc/periodic/security/500.ipfwdenied new file mode 100755 index 0000000..6a6fb8b4 --- /dev/null +++ b/etc/periodic/security/500.ipfwdenied @@ -0,0 +1,53 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +case "$daily_status_security_ipfwdenied_enable" in + [Yy][Ee][Ss]) + TMP=`mktemp -t security` + if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then + check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:" + fi + rc=$? + rm -f ${TMP};; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/510.ipfdenied b/etc/periodic/security/510.ipfdenied new file mode 100755 index 0000000..2058d2b --- /dev/null +++ b/etc/periodic/security/510.ipfdenied @@ -0,0 +1,53 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +case "$daily_status_security_ipfdenied_enable" in + [Yy][Ee][Ss]) + TMP=`mktemp -t security` + if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then + check_diff new_only ipf ${TMP} "${host} ipf denied packets:" + fi + rc=$? + rm -f ${TMP};; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/520.pfdenied b/etc/periodic/security/520.pfdenied new file mode 100755 index 0000000..5e51393 --- /dev/null +++ b/etc/periodic/security/520.pfdenied @@ -0,0 +1,53 @@ +#!/bin/sh - +# +# Copyright (c) 2004 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +case "$daily_status_security_pfdenied_enable" in + [Yy][Ee][Ss]) + TMP=`mktemp -t security` + if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then + check_diff new_only pf ${TMP} "${host} pf denied packets:" + fi + rc=$? + rm -f ${TMP};; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit new file mode 100755 index 0000000..daa0f86 --- /dev/null +++ b/etc/periodic/security/550.ipfwlimit @@ -0,0 +1,68 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Show ipfw rules which have reached the log limit +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 + +case "$daily_status_security_ipfwlimit_enable" in + [Yy][Ee][Ss]) + IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null` + if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then + exit 0 + fi + TMP=`mktemp -t security` + ipfw -a list | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk \ + '{if ($6 == "logamount") { + if ($2 > $7) + {print $0}} + }' > ${TMP} + + if [ -s "${TMP}" ]; then + rc=1 + echo "" + echo 'ipfw log limit reached:' + cat ${TMP} + fi + rm -f ${TMP};; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/610.ipf6denied b/etc/periodic/security/610.ipf6denied new file mode 100755 index 0000000..6c64d92 --- /dev/null +++ b/etc/periodic/security/610.ipf6denied @@ -0,0 +1,53 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +case "$daily_status_security_ipf6denied_enable" in + [Yy][Ee][Ss]) + TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then + check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:" + fi + rc=$? + rm -f ${TMP};; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/700.kernelmsg b/etc/periodic/security/700.kernelmsg new file mode 100755 index 0000000..fb5ed63 --- /dev/null +++ b/etc/periodic/security/700.kernelmsg @@ -0,0 +1,53 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Show kernel log messages +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/periodic/security/security.functions + +rc=0 + +case "$daily_status_security_kernelmsg_enable" in + [Yy][Ee][Ss]) + dmesg 2>/dev/null | + check_diff new_only dmesg - "${host} kernel log messages:" + rc=$?;; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail new file mode 100755 index 0000000..767b959 --- /dev/null +++ b/etc/periodic/security/800.loginfail @@ -0,0 +1,68 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Show login failures +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +LOG="${daily_status_security_logdir}" + +yesterday=`date -v-1d "+%b %e "` + +catmsgs() { + find ${LOG} -name 'auth.log.*' -mtime -2 | + sort -t. -r -n -k 2,2 | + while read f + do + case $f in + *.gz) zcat -f $f;; + *.bz2) bzcat -f $f;; + esac + done + [ -f ${LOG}/auth.log ] && cat $LOG/auth.log +} + +case "$daily_status_security_loginfail_enable" in + [Yy][Ee][Ss]) + echo "" + echo "${host} login failures:" + n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | + tee /dev/stderr | wc -l) + [ $n -gt 0 ] && rc=1 || rc=0;; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/900.tcpwrap b/etc/periodic/security/900.tcpwrap new file mode 100755 index 0000000..55f7709 --- /dev/null +++ b/etc/periodic/security/900.tcpwrap @@ -0,0 +1,68 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Show tcp_wrapper warning messages +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +LOG="${daily_status_security_logdir}" + +yesterday=`date -v-1d "+%b %e "` + +catmsgs() { + find ${LOG} -name 'messages.*' -mtime -2 | + sort -t. -r -n -k 2,2 | + while read f + do + case $f in + *.gz) zcat -f $f;; + *.bz2) bzcat -f $f;; + esac + done + [ -f ${LOG}/messages ] && cat $LOG/messages +} + +case "$daily_status_security_tcpwrap_enable" in + [Yy][Ee][Ss]) + echo "" + echo "${host} refused connections:" + n=$(catmsgs | grep -i "^$yesterday.*refused connect" | + tee /dev/stderr | wc -l) + [ $n -gt 0 ] && rc=1 || rc=0;; + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/Makefile b/etc/periodic/security/Makefile new file mode 100644 index 0000000..fbcd454 --- /dev/null +++ b/etc/periodic/security/Makefile @@ -0,0 +1,36 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= 100.chksetuid \ + 110.neggrpperm \ + 200.chkmounts \ + 300.chkuid0 \ + 400.passwdless \ + 410.logincheck \ + 700.kernelmsg \ + 800.loginfail \ + 900.tcpwrap \ + security.functions + +# NB: keep these sorted by MK_* knobs + +.if ${MK_IPFILTER} != "no" +FILES+= 510.ipfdenied +FILES+= 610.ipf6denied +.endif + +.if ${MK_IPFW} != "no" +FILES+= 500.ipfwdenied \ + 550.ipfwlimit +.endif + +.if ${MK_PF} != "no" +FILES+= 520.pfdenied +.endif + +.if ${MK_PKGTOOLS} != "no" +FILES+= 460.chkportsum +.endif + +.include <bsd.prog.mk> diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions new file mode 100644 index 0000000..f5b8dcd --- /dev/null +++ b/etc/periodic/security/security.functions @@ -0,0 +1,78 @@ +#!/bin/sh +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Show differences in the output of an audit command +# + +LOG="${daily_status_security_logdir}" +rc=0 + +# Usage: COMMAND | check_diff [new_only] LABEL - MSG +# COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG +# if $1 is new_only, show only the 'new' part of the diff. +# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files. + +check_diff() { + rc=0 + if [ "$1" = "new_only" ]; then + shift + filter="grep '^[>+]'" + else + filter="cat" + fi + label="$1"; shift + tmpf="$1"; shift + msg="$1"; shift + + if [ "${tmpf}" = "-" ]; then + tmpf=`mktemp -t security` + cat > ${tmpf} + fi + + if [ ! -f ${LOG}/${label}.today ]; then + rc=1 + echo "" + echo "No ${LOG}/${label}.today" + cp ${tmpf} ${LOG}/${label}.today || rc=3 + fi + + if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then + [ $rc -lt 1 ] && rc=1 + echo "" + echo "${msg}" + diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \ + ${tmpf} | eval "${filter}" + mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3 + mv ${tmpf} ${LOG}/${label}.today || rc=3 + fi + + rm -f ${tmpf} + exit ${rc} +} diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate new file mode 100755 index 0000000..4079f5e --- /dev/null +++ b/etc/periodic/weekly/310.locate @@ -0,0 +1,32 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_locate_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Rebuilding locate database:" + + locdb=/var/db/locate.database + + touch $locdb && rc=0 || rc=3 + chown nobody $locdb || rc=3 + chmod 644 $locdb || rc=3 + + cd / + echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3 + chmod 444 $locdb || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis new file mode 100755 index 0000000..dfc218a --- /dev/null +++ b/etc/periodic/weekly/320.whatis @@ -0,0 +1,51 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_whatis_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Rebuilding whatis database:" + + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] + then + echo "manpath failed to find any manpage directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 + + # Build whatis(1) database(s) for original, non-localized + # manpages. + /usr/libexec/makewhatis.local "${MANPATH}" || rc=3 + + # Build whatis(1) database(s) for localized manpages. + if [ X"${man_locales}" != X ] + then + for i in ${man_locales} + do + LC_ALL=$i /usr/libexec/makewhatis.local -a \ + -L "${MANPATH}" || rc=3 + done + fi + fi + else + rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman new file mode 100755 index 0000000..1ba2f7e --- /dev/null +++ b/etc/periodic/weekly/330.catman @@ -0,0 +1,58 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_catman_enable" in + [Yy][Ee][Ss]) + if [ ! -d /usr/share/man/cat1 ] + then + echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Reformatting manual pages:" + + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] + then + echo "manpath failed to find any manpath directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 + + # Preformat original, non-localized manpages + echo /usr/libexec/catman.local -r "$MANPATH" | + su -fm man || rc=3 + + # Preformat localized manpages. + if [ -n "$man_locales" ] + then + for i in $man_locales + do + echo /usr/libexec/catman.local -Lr \ + "$MANPATH" | LC_ALL=$i su -fm man || rc=3 + done + fi + fi + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid new file mode 100755 index 0000000..11a5f53 --- /dev/null +++ b/etc/periodic/weekly/340.noid @@ -0,0 +1,29 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_noid_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Check for files with an unknown user or group:" + + rc=$(find -H ${weekly_noid_dirs:-/} \ + \( ! -fstype local -prune -or -name \* \) -and \ + \( -nogroup -o -nouser \) -print | sed 's/^/ /' | + tee /dev/stderr | wc -l) + [ $rc -gt 1 ] && rc=1 + ;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg new file mode 100755 index 0000000..785c2ff --- /dev/null +++ b/etc/periodic/weekly/400.status-pkg @@ -0,0 +1,33 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_status_pkg_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Check for out of date packages:" + + rc=$(${pkg_version:-pkg_version} -v ${pkg_version_index} | + sed -n -e 's/^\([^ ]*\) *< */ \1 /p' \ + -e '/^[^ ]*-\([^ ]*\) *\* *multiple versions.*[ ,]\1[,)].*/d' \ + -e 's/^\([^ ]*\) *\* *multiple versions.*\((.*\)/ \1 needs updating \2/p' \ + -e 's/^\(bsdpan-[^ ]*\) *? *unknown in index/ \1 may be outdated - check CPAN version manually/p' \ + -e 's/^\([^ ]*-[^ ]*\) *? *unknown in index/ \1 is obsolete/p' \ + -e 's/^\([^ ]*-[^ ]*\) *? *\(orphaned:.*\)$/ \1 was \2/p' | + tee /dev/stderr | + wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local new file mode 100755 index 0000000..3951bb5 --- /dev/null +++ b/etc/periodic/weekly/999.local @@ -0,0 +1,35 @@ +#!/bin/sh - +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +rc=0 +for script in $weekly_local +do + echo '' + case "$script" in + /*) + if [ -f "$script" ] + then + echo "Running $script:" + + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 + fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; + esac +done + +exit $rc diff --git a/etc/periodic/weekly/Makefile b/etc/periodic/weekly/Makefile new file mode 100644 index 0000000..7f2eae2 --- /dev/null +++ b/etc/periodic/weekly/Makefile @@ -0,0 +1,22 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= 340.noid \ + 999.local + +# NB: keep these sorted by MK_* knobs + +.if ${MK_LOCATE} != "no" +FILES+= 310.locate +.endif + +.if ${MK_MAN_UTILS} != "no" +FILES+= 320.whatis 330.catman +.endif + +.if ${MK_PKGTOOLS} != "no" +FILES+= 400.status-pkg +.endif + +.include <bsd.prog.mk> diff --git a/etc/pf.os b/etc/pf.os new file mode 100644 index 0000000..00873a7 --- /dev/null +++ b/etc/pf.os @@ -0,0 +1,690 @@ +# $FreeBSD$ +# $OpenBSD: pf.os,v 1.25 2010/10/18 15:55:27 deraadt Exp $ +# passive OS fingerprinting +# ------------------------- +# +# SYN signatures. Those signatures work for SYN packets only (duh!). +# +# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> +# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# +# This fingerprint database is adapted from Michal Zalewski's p0f passive +# operating system package. The last database sync was from a Nov 3 2003 +# p0f.fp. +# +# +# Each line in this file specifies a single fingerprint. Please read the +# information below carefully before attempting to append any signatures +# reported as UNKNOWN to this file to avoid mistakes. +# +# We use the following set metrics for fingerprinting: +# +# - Window size (WSS) - a highly OS dependent setting used for TCP/IP +# performance control (max. amount of data to be sent without ACK). +# Some systems use a fixed value for initial packets. On other +# systems, it is a multiple of MSS or MTU (MSS+40). In some rare +# cases, the value is just arbitrary. +# +# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number +# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn' +# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the +# value of nn is not fixed (unlikely), just copy the Snn or Tnn token +# literally. If you know this device has a simple stack and a fixed +# MTU, you can however multiply S value by MSS, or T value by MSS+40, +# and put it instead of Snn or Tnn. +# +# If WSS otherwise looks like a fixed value (for example a multiple +# of two), or if you can confirm the value is fixed, please quote +# it literally. If there's no apparent pattern in WSS chosen, you +# should consider wildcarding this value. +# +# - Overall packet size - a function of all IP and TCP options and bugs. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Initial TTL - We check the actual TTL of a received packet. It can't +# be higher than the initial TTL, and also shouldn't be dramatically +# lower (maximum distance is defined as 40 hops). +# +# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally. +# You need to determine the initial TTL. The best way to do it is to +# check the documentation for a remote system, or check its settings. +# A fairly good method is to simply round the observed TTL up to +# 32, 64, 128, or 255, but it should be noted that some obscure devices +# might not use round TTLs (in particular, some shoddy appliances use +# "original" initial TTL settings). If not sure, you can see how many +# hops you're away from the remote party with traceroute or mtr. +# +# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU +# discovery. Others do not bother. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f +# uses it to determine link type of the remote host. +# +# NEW SIGNATURE: Always wildcard this value, except for rare cases when +# you have an appliance with a fixed value, know the system supports only +# a very limited number of network interface types, or know the system +# is using a value it pulled out of nowhere. Specific unique MSS +# can be used to tell Google crawlbots from the rest of the population. +# +# - Window scaling (WSCALE) - this feature is used to scale WSS. +# It extends the size of a TCP/IP window to 32 bits. Some modern +# systems implement this feature. +# +# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set +# to zero or other low value. There's usually no need to wildcard this +# parameter. +# +# - Timestamp - some systems that implement timestamps set them to +# zero in the initial SYN. This case is detected and handled appropriately. +# +# - Selective ACK permitted - a flag set by systems that implement +# selective ACK functionality. +# +# - The sequence of TCP all options (MSS, window scaling, selective ACK +# permitted, timestamp, NOP). Other than the options previously +# discussed, p0f also checks for timestamp option (a silly +# extension to broadcast your uptime ;-), NOP options (used for +# header padding) and sackOK option (selective ACK feature). +# +# NEW SIGNATURE: Copy the sequence literally. +# +# To wildcard any value (except for initial TTL or TCP options), replace +# it with '*'. You can also use a modulo operator to match any values +# that divide by nnn - '%nnn'. +# +# Fingerprint entry format: +# +# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details +# +# wwww - window size (can be *, %nnn, Snn or Tnn). The special values +# "S" and "T" which are a multiple of MSS or a multiple of MTU +# respectively. +# ttt - initial TTL +# D - don't fragment bit (0 - not set, 1 - set) +# ss - overall SYN packet size +# OOO - option value and order specification (see below) +# OS - OS genre (Linux, Solaris, Windows) +# Version - OS Version (2.0.27 on x86, etc) +# Subtype - OS subtype or patchlevel (SP3, lo0) +# details - Generic OS details +# +# If OS genre starts with '*', p0f will not show distance, link type +# and timestamp data. It is useful for userland TCP/IP stacks of +# network scanners and so on, where many settings are randomized or +# bogus. +# +# If OS genre starts with @, it denotes an approximate hit for a group +# of operating systems (signature reporting still enabled in this case). +# Use this feature at the end of this file to catch cases for which +# you don't have a precise match, but can tell it's Windows or FreeBSD +# or whatnot by looking at, say, flag layout alone. +# +# Option block description is a list of comma or space separated +# options in the order they appear in the packet: +# +# N - NOP option +# Wnnn - window scaling option, value nnn (or * or %nnn) +# Mnnn - maximum segment size option, value nnn (or * or %nnn) +# S - selective ACK OK +# T - timestamp +# T0 - timestamp with a zero value +# +# To denote no TCP options, use a single '.'. +# +# Please report any additions to this file, or any inaccuracies or +# problems spotted, to the maintainers: lcamtuf@coredump.cx, +# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet +# capture of the relevant SYN packet(s) +# +# A test and submission page is available at +# http://lcamtuf.coredump.cx/p0f-help/ +# +# +# WARNING WARNING WARNING +# ----------------------- +# +# Do not add a system X as OS Y just because NMAP says so. It is often +# the case that X is a NAT firewall. While nmap is talking to the +# device itself, p0f is fingerprinting the guy behind the firewall +# instead. +# +# When in doubt, use common sense, don't add something that looks like +# a completely different system as Linux or FreeBSD or LinkSys router. +# Check DNS name, establish a connection to the remote host and look +# at SYN+ACK - does it look similar? +# +# Some users tweak their TCP/IP settings - enable or disable RFC1323 +# functionality, enable or disable timestamps or selective ACK, +# disable PMTU discovery, change MTU and so on. Always compare a new rule +# to other fingerprints for this system, and verify the system isn't +# "customized" before adding it. It is OK to add signature variants +# caused by a commonly used software (personal firewalls, security +# packages, etc), but it makes no sense to try to add every single +# possible /proc/sys/net/ipv4 tweak on Linux or so. +# +# KEEP IN MIND: Some packet firewalls configured to normalize outgoing +# traffic (OpenBSD pf with "scrub" enabled, for example) will, well, +# normalize packets. Signatures will not correspond to the originating +# system (and probably not quite to the firewall either). +# +# NOTE: Try to keep this file in some reasonable order, from most to +# least likely systems. This will speed up operation. Also keep most +# generic and broad rules near the end. +# + +########################## +# Standard OS signatures # +########################## + +# ----------------- AIX --------------------- + +# AIX is first because its signatures are close to NetBSD, MacOS X and +# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes... +# This is a shoddy hack, though. + +45046:64:0:44:M*: AIX:4.3::AIX 4.3 +16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier + +16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1 + +# ----------------- Linux ------------------- + +# S1:64:0:44:M*:A: Linux:1.2::Linux 1.2.x (XXX quirks support) +512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x +16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x + +# Endian snafu! Nelson says "ha-ha": +2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac +64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac + + +S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) + +S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) +S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer +S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7 +S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7 +S4:64:1:60:M*,S,T,N,W7: Linux:2.6:8:Linux 2.6.8 and newer (?) + +S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4) +S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 +S3:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4) +S4:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4) + +S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer +S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 +S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 + +# Popular cluster config scripts disable timestamps and +# selective ACK: +S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster + +# This needs to be investigated. On some systems, WSS +# is selected as a multiple of MTU instead of MSS. I got +# many submissions for this for many late versions of 2.4: +T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon) + +# This happens only over loopback, but let's make folks happy: +32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local) +S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local) + +# Opera visitors: +16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?) +32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?) + +# Some fairly common mods: +S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps +S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps + + +# ----------------- FreeBSD ----------------- + +16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2 +16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2 +16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2 +16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) +57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9 + +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X) +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X) +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2 +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2 + +# XXX need quirks support +# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1) +# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2) +# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3) +# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323) + +# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) + +# ----------------- NetBSD ------------------ + +16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3 +65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera) +16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6 +16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) +65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) +65535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF) +32768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization) + +# ----------------- OpenBSD ----------------- + +16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) +16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8 +16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df) +57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 +57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) + +65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) + +16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9 +16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df) + +# ----------------- Solaris ----------------- + +S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 +S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 +S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 + +S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 +S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 +S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9 +S44:255:1:44:M*: Solaris:2.7::Solaris 7 + +4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x + +S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta) +32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203 + +# ----------------- IRIX -------------------- + +49152:64:0:44:M*: IRIX:6.4::IRIX 6.4 +61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5 +49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) +49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) + +61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 +49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 + +49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27 + + +# ----------------- Tru64 ------------------- + +32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4) +32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0 +8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6) +61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack) + +# ----------------- OpenVMS ----------------- + +6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack) + +# ----------------- MacOS ------------------- + +# XXX Need EOL tcp opt support +# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic + +# XXX some of these use EOL too +16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP) +32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2 +65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4) + + +# ----------------- Windows ----------------- + +# Windows TCP/IP stack is a mess. For most recent XP, 2000 and +# even 98, the patchlevel, not the actual OS version, is more +# relevant to the signature. They share the same code, so it would +# seem. Luckily for us, almost all Windows 9x boxes have an +# awkward MSS of 536, which I use to tell one from another +# in most difficult cases. + +8192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows) +S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95 +8192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b + +# There were so many tweaking tools and so many stack versions for +# Windows 98 it is no longer possible to tell them from each other +# without some very serious research. Until then, there's an insane +# number of signatures, for your amusement: + +S44:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL) +8192:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL) +%8192:64:1:48:M536,N,N,S: Windows:98::Windows 98 +%8192:128:1:48:M536,N,N,S: Windows:98::Windows 98 +S4:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S6:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S12:64:1:48:M*,N,N,S: Windows:98::Windows 98 +T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 +32767:64:1:48:M*,N,N,S: Windows:98::Windows 98 +37300:64:1:48:M*,N,N,S: Windows:98::Windows 98 +46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323) +65535:64:1:44:M*: Windows:98:noSack:Windows 98 (no sack) +S16:128:1:48:M*,N,N,S: Windows:98::Windows 98 +S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 +S26:128:1:48:M*,N,N,S: Windows:98::Windows 98 +T30:128:1:48:M*,N,N,S: Windows:98::Windows 98 +32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98 +60352:128:1:48:M*,N,N,S: Windows:98::Windows 98 +60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98 + +# What's with 1414 on NT? +T31:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a +64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a +8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older) + +# Windows XP and 2000. Most of the signatures that were +# either dubious or non-specific (no service pack data) +# were deleted and replaced with generics at the end. + +65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 +65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 +%8192:128:1:48:M*,N,N,S: Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222) +%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222) +S20:128:1:48:M*,N,N,S: Windows:2000::Windows 2000/XP SP3 +S20:128:1:48:M*,N,N,S: Windows:XP:SP3:Windows 2000/XP SP3 +S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP 1 +S45:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP 1 +40320:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4 + +S6:128:1:48:M*,N,N,S: Windows:2000:SP2:Windows XP, 2000 SP2+ +S6:128:1:48:M*,N,N,S: Windows:XP::Windows XP, 2000 SP2+ +S12:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1 +S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows Pro SP1, 2000 SP3 +S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3 +64512:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows SP1, 2000 SP3 +64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP3 +32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4 +32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4 + +# Odds, ends, mods: + +S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco +S52:128:1:48:M1260,N,N,S: Windows:XP:cisco:Windows XP/2000 via Cisco +65520:128:1:48:M*,N,N,S: Windows:XP::Windows XP bare-bone +16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm? +2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server + +44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?) +S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2 +32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS + + +# No need to be more specific, it passes: +# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk +# there is an equiv similar generic sig w/o the quirk + +# ----------------- HP/UX ------------------- + +32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20 +32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0 +32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11 +32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11 + +# Whoa. Hardcore WSS. +0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) + +# ----------------- RiscOS ------------------ + +# We don't yet support the ?12 TCP option +#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36 +12288:32:0:44:M536: RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10 + +# XXX quirk +# 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00 + + + +# ----------------- BSD/OS ------------------ + +# Once again, power of two WSS is also shared by MacOS X with DF set +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF) +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2) + + +# ---------------- NewtonOS ----------------- + +4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1 + +# ---------------- NeXTSTEP ----------------- + +S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3 +S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 + +# ------------------ BeOS ------------------- + +1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1 +12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x + +# ------------------ OS/400 ----------------- + +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5 +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5 +4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032 + +# XXX quirk +# 28672:64:0:44:M1460:A:OS/390:? + +# ------------------ ULTRIX ----------------- + +16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5 + +# ------------------- QNX ------------------- + +S16:64:0:44:M512: QNX:::QNX demodisk + +# ------------------ Novell ----------------- + +16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0 +6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11 +6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ? + +6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3 + + +# ----------------- SCO ------------------ +S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 +S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3 +S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0 + +# ------------------- DOS ------------------- + +2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 +T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro) + +# ------------------ OS/2 ------------------- + +S56:64:0:44:M512: OS/2:4::OS/2 4 +28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0 + +# ----------------- TOPS-20 ----------------- + +# Another hardcore MSS, one of the ACK leakers hunted down. +# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7 +0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7 + +# ----------------- FreeMiNT ---------------- + +S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari) + +# ------------------ AMIGA ------------------ + +# XXX TCP option 12 +# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack + +# ------------------ Plan9 ------------------ + +65535:255:0:48:M1460,W0,N: Plan9:4::Plan9 edition 4 + +# ----------------- AMIGAOS ----------------- + +16384:64:1:48:M1560,N,N,S: AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX + +########################################### +# Appliance / embedded / other signatures # +########################################### + +# ---------- Firewalls / routers ------------ + +S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) +S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) +4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x + +# XXX TCP option 12 +# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3 +# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026 + +S4:64:1:60:W0,N,S,T,M1460: FortiNet:FortiGate:50:FortiNet FortiGate 50 + +8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway + +S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router + + + +# ------- Switches and other stuff ---------- + +4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc +S8:255:0:44:M*: Cisco:12008::Cisco 12008 +60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch +64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client + + +# ---------- Caches and whatnots ------------ + +S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache + +32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x +16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1 +65535:64:0:64:M1460,N,N,S,N,W*,N,N,T: NetApp:5.3-5.5::NetApp 5.3-5.5 +65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow +8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1 +20480:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:4.1::NetApp NetCache4.1 + +65535:64:0:60:M1460,N,W0,N,N,T: CacheFlow:4.1::CacheFlow CacheOS 4.1 +8192:64:0:60:M1380,N,N,N,N,N,N,T: CacheFlow:1.1::CacheFlow CacheOS 1.1 + +S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine + +27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based) + +65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler +S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg + +16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) + +65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200 + +32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine + +# ----------- Embedded systems -------------- + +S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C +S5:255:0:44:M536: PalmOS:3::PalmOS 3/4 +S5:255:0:44:M536: PalmOS:4::PalmOS 3/4 +S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 +2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) +S29:255:0:44:M536: PalmOS:5::PalmOS 5.0 +16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie) +S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo) + +S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 + +8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?) +8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?) +S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?) +S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?) + + +# Perhaps S4? +5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10 + +32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 + +S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0 + +4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0 +T5:64:0:44:M536: Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027) +S22:64:1:44:M1460: Sony:PS2::Sony Playstation 2 (SOCOM?) + +S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 + +3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0 + +#################### +# Fancy signatures # +#################### + +1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1) +2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2) +3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) +4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) + +# Requires quirks support +# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1) +# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2) +# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3) +# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4) + +1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) +2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) +3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) +4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) + +32767:64:0:40:.: *NAST:::NASTsyn scan + +# Requires quirks support +# 12345:255:0:40:.:A:-p0f:sendsyn utility + + +##################################### +# Generic signatures - just in case # +##################################### + +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x + +*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) +*:128:1:48:M536,N,N,S: @Windows:98::Windows 98 +*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000 +*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000 + + diff --git a/etc/phones b/etc/phones new file mode 100644 index 0000000..fbeddf6 --- /dev/null +++ b/etc/phones @@ -0,0 +1,8 @@ +# $FreeBSD$ +# From: @(#)phones 5.2 (Berkeley) 6/30/90 +# +# phones -- remote host phone number data base +# see tip(1), phones(5) +# examples: +#system1 9=2225551212 +#system2 9995551212 diff --git a/etc/portsnap.conf b/etc/portsnap.conf new file mode 100644 index 0000000..c209445 --- /dev/null +++ b/etc/portsnap.conf @@ -0,0 +1,35 @@ +# $FreeBSD$ + +# Default directory where compressed snapshots are stored. +# WORKDIR=/var/db/portsnap + +# Default location of the ports tree (target for "update" and "extract"). +# PORTSDIR=/usr/ports + +# Server or server pool from which to fetch updates. You can change +# this to point at a specific server if you want, but in most cases +# using a "nearby" server won't provide a measurable improvement in +# performance. +SERVERNAME=portsnap.FreeBSD.org + +# Trusted keyprint. Changing this is a Bad Idea unless you've received +# a PGP-signed email from <security-officer@FreeBSD.org> telling you to +# change it and explaining why. +KEYPRINT=9b5feee6d69f170e3dd0a2c8e469ddbd64f13f978f2f3aede40c98633216c330 + +# Example of ignoring parts of the ports tree. If you know that you +# absolutely will not need certain parts of the tree, this will save +# some bandwidth and disk space. See the manual page for more details. +# +# WARNING: Working with an incomplete ports tree is not supported and +# can cause problems due to missing dependencies. If you have REFUSE +# directives and experience problems, remove them and update your tree +# before asking for help on the mailing lists. +# +# REFUSE arabic chinese french german hebrew hungarian japanese +# REFUSE korean polish portuguese russian ukrainian vietnamese + +# List of INDEX files to build and the DESCRIBE file to use for each +INDEX INDEX-7 DESCRIBE.7 +INDEX INDEX-8 DESCRIBE.8 +INDEX INDEX-9 DESCRIBE.9 diff --git a/etc/ppp/ppp.conf b/etc/ppp/ppp.conf new file mode 100644 index 0000000..2b63834 --- /dev/null +++ b/etc/ppp/ppp.conf @@ -0,0 +1,37 @@ +################################################################# +# PPP Sample Configuration File +# Originally written by Toshiharu OHNO +# Simplified 5/14/1999 by wself@cdrom.com +# +# See /usr/share/examples/ppp/ for some examples +# +# $FreeBSD$ +################################################################# + +default: + set log Phase Chat LCP IPCP CCP tun command + ident user-ppp VERSION + + # Ensure that "device" references the correct serial port + # for your modem. (cuau0 = COM1, cuau1 = COM2) + # + set device /dev/cuau1 + + set speed 115200 + set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ + \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" + set timeout 180 # 3 minute idle timer (the default) + enable dns # request DNS info (for resolv.conf) + +papchap: + # + # edit the next three lines and replace the items in caps with + # the values which have been assigned by your ISP. + # + + set phone PHONE_NUM + set authname USERNAME + set authkey PASSWORD + + set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 + add default HISADDR # Add a (sticky) default route diff --git a/etc/printcap b/etc/printcap new file mode 100644 index 0000000..5319a0e --- /dev/null +++ b/etc/printcap @@ -0,0 +1,54 @@ +# @(#)printcap 5.3 (Berkeley) 6/30/90 +# $FreeBSD$ + +# +# This enables a simple local "raw" printer, hooked up to the first +# parallel port. No kind of filtering is done, so everything you pass +# to the "lpr" command will be printed unmodified. +# +# Remember, for further print queues you're going to add, you have +# to choose different spool directories (the "sd" capability below), +# otherwise you will greatly confuse lpd. +# +# For some advanced printing, have a look at the "apsfilter" package. +# It plugs into the lpd system, allowing you to print a variety of +# different file types by converting everything to PostScript(tm) +# format. For more information about apsfilter visit +# +# http://www.apsfilter.org/ +# +# If you don't have a PostScript(tm) printer, don't panic, but do +# also install the latest "ghostscript" package for best printer support. +# +# Do also refer to the "printing" section of the handbook. +# +# http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/printing.html +# +# A local copy can be found under +# +# /usr/share/doc/handbook/handbook.{html,latin1}. +# +# Banner pages are now suppressed by default. Remove the :sh: capability +# to turn them back on. +# +#lp|local line printer:\ +# :sh:\ +# :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs: +# +# Sample remote printer. The physical printer is on machine "lphost". +# You can perform any kind of local filtering directly. If you need +# local filters (e.g. LF -> CR-LF conversion for HP printers), create +# a filter script that sends the proper escape sequence to the printer +# and then concatenates stdin to stdout. +# +#remote|sample remote printer:\ +# :sh:\ +# :rm=lphost:sd=/var/spool/output/lphost:lf=/var/log/lpd-errs:\ +# :if=/usr/local/libexec/if-script: +# +# Simple Russian printer with hardware CP866 character set, output filter +# used for KOI8-R -> CP866 conversion +# +#lp|Russian local line printer:\ +# :sh:of=/usr/libexec/lpr/ru/koi2alt:\ +# :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs: diff --git a/etc/profile b/etc/profile new file mode 100644 index 0000000..23c993c --- /dev/null +++ b/etc/profile @@ -0,0 +1,18 @@ +# $FreeBSD$ +# +# System-wide .profile file for sh(1). +# +# Uncomment this to give you the default 4.2 behavior, where disk +# information is shown in K-Blocks +# BLOCKSIZE=K; export BLOCKSIZE +# +# For the setting of languages and character sets please see +# login.conf(5) and in particular the charset and lang options. +# For full locales list check /usr/share/locale/* +# You should also read the setlocale(3) man page for information +# on how to achieve more precise control of locale settings. +# +# Check system messages +# msgs -q +# Allow terminal messages +# mesg y diff --git a/etc/protocols b/etc/protocols new file mode 100644 index 0000000..a27b226 --- /dev/null +++ b/etc/protocols @@ -0,0 +1,151 @@ +# +# Internet protocols +# +# $FreeBSD$ +# from: @(#)protocols 5.1 (Berkeley) 4/17/89 +# +# See also http://www.iana.org/assignments/protocol-numbers +# +ip 0 IP # internet protocol, pseudo protocol number +#hopopt 0 HOPOPT # hop-by-hop options for ipv6 +icmp 1 ICMP # internet control message protocol +igmp 2 IGMP # internet group management protocol +ggp 3 GGP # gateway-gateway protocol +ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') +st2 5 ST2 # ST2 datagram mode (RFC 1819) (officially ``ST'') +tcp 6 TCP # transmission control protocol +cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk> +egp 8 EGP # exterior gateway protocol +igp 9 IGP # any private interior gateway (Cisco: for IGRP) +bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring +nvp 11 NVP-II # Network Voice Protocol +pup 12 PUP # PARC universal packet protocol +argus 13 ARGUS # ARGUS +emcon 14 EMCON # EMCON +xnet 15 XNET # Cross Net Debugger +chaos 16 CHAOS # Chaos +udp 17 UDP # user datagram protocol +mux 18 MUX # Multiplexing protocol +dcn 19 DCN-MEAS # DCN Measurement Subsystems +hmp 20 HMP # host monitoring protocol +prm 21 PRM # packet radio measurement protocol +xns-idp 22 XNS-IDP # Xerox NS IDP +trunk-1 23 TRUNK-1 # Trunk-1 +trunk-2 24 TRUNK-2 # Trunk-2 +leaf-1 25 LEAF-1 # Leaf-1 +leaf-2 26 LEAF-2 # Leaf-2 +rdp 27 RDP # "reliable datagram" protocol +irtp 28 IRTP # Internet Reliable Transaction Protocol +iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4 +netblt 30 NETBLT # Bulk Data Transfer Protocol +mfe-nsp 31 MFE-NSP # MFE Network Services Protocol +merit-inp 32 MERIT-INP # MERIT Internodal Protocol +dccp 33 DCCP # Datagram Congestion Control Protocol +3pc 34 3PC # Third Party Connect Protocol +idpr 35 IDPR # Inter-Domain Policy Routing Protocol +xtp 36 XTP # Xpress Tranfer Protocol +ddp 37 DDP # Datagram Delivery Protocol +idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto +tp++ 39 TP++ # TP++ Transport Protocol +il 40 IL # IL Transport Protocol +ipv6 41 IPV6 # ipv6 +sdrp 42 SDRP # Source Demand Routing Protocol +ipv6-route 43 IPV6-ROUTE # routing header for ipv6 +ipv6-frag 44 IPV6-FRAG # fragment header for ipv6 +idrp 45 IDRP # Inter-Domain Routing Protocol +rsvp 46 RSVP # Resource ReSerVation Protocol +gre 47 GRE # Generic Routing Encapsulation +dsr 48 DSR # Dynamic Source Routing Protocol +bna 49 BNA # BNA +esp 50 ESP # encapsulating security payload +ah 51 AH # authentication header +i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA +swipe 53 SWIPE # IP with Encryption +narp 54 NARP # NBMA Address Resolution Protocol +mobile 55 MOBILE # IP Mobility +tlsp 56 TLSP # Transport Layer Security Protocol +skip 57 SKIP # SKIP +ipv6-icmp 58 IPV6-ICMP icmp6 # ICMP for IPv6 +ipv6-nonxt 59 IPV6-NONXT # no next header for ipv6 +ipv6-opts 60 IPV6-OPTS # destination options for ipv6 +# 61 # any host internal protocol +cftp 62 CFTP # CFTP +# 63 # any local network +sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK +kryptolan 65 KRYPTOLAN # Kryptolan +rvd 66 RVD # MIT Remote Virtual Disk Protocol +ippc 67 IPPC # Internet Pluribus Packet Core +# 68 # any distributed filesystem +sat-mon 69 SAT-MON # SATNET Monitoring +visa 70 VISA # VISA Protocol +ipcv 71 IPCV # Internet Packet Core Utility +cpnx 72 CPNX # Computer Protocol Network Executive +cphb 73 CPHB # Computer Protocol Heart Beat +wsn 74 WSN # Wang Span Network +pvp 75 PVP # Packet Video Protocol +br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring +sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary +wb-mon 78 WB-MON # WIDEBAND Monitoring +wb-expak 79 WB-EXPAK # WIDEBAND EXPAK +iso-ip 80 ISO-IP # ISO Internet Protocol +vmtp 81 VMTP # Versatile Message Transport +secure-vmtp 82 SECURE-VMTP # SECURE-VMTP +vines 83 VINES # VINES +ttp 84 TTP # TTP +nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP +dgp 86 DGP # Dissimilar Gateway Protocol +tcf 87 TCF # TCF +eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) +ospf 89 OSPFIGP # Open Shortest Path First IGP +sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol +larp 91 LARP # Locus Address Resolution Protocol +mtp 92 MTP # Multicast Transport Protocol +ax.25 93 AX.25 # AX.25 Frames +ipip 94 IPIP # Yet Another IP encapsulation +micp 95 MICP # Mobile Internetworking Control Pro. +scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. +etherip 97 ETHERIP # Ethernet-within-IP Encapsulation +encap 98 ENCAP # Yet Another IP encapsulation +# 99 # any private encryption scheme +gmtp 100 GMTP # GMTP +ifmp 101 IFMP # Ipsilon Flow Management Protocol +pnni 102 PNNI # PNNI over IP +pim 103 PIM # Protocol Independent Multicast +aris 104 ARIS # ARIS +scps 105 SCPS # SCPS +qnx 106 QNX # QNX +a/n 107 A/N # Active Networks +ipcomp 108 IPComp # IP Payload Compression Protocol +snp 109 SNP # Sitara Networks Protocol +compaq-peer 110 Compaq-Peer # Compaq Peer Protocol +ipx-in-ip 111 IPX-in-IP # IPX in IP +carp 112 CARP vrrp # Common Address Redundancy Protocol +pgm 113 PGM # PGM Reliable Transport Protocol +# 114 # any 0-hop protocol +l2tp 115 L2TP # Layer Two Tunneling Protocol +ddx 116 DDX # D-II Data Exchange +iatp 117 IATP # Interactive Agent Transfer Protocol +stp 118 STP # Schedule Transfer Protocol +srp 119 SRP # SpectraLink Radio Protocol +uti 120 UTI # UTI +smp 121 SMP # Simple Message Protocol +sm 122 SM # SM +ptp 123 PTP # Performance Transparency Protocol +isis 124 ISIS # ISIS over IPv4 +fire 125 FIRE +crtp 126 CRTP # Combat Radio Transport Protocol +crudp 127 CRUDP # Combat Radio User Datagram +sscopmce 128 SSCOPMCE +iplt 129 IPLT +sps 130 SPS # Secure Packet Shield +pipe 131 PIPE # Private IP Encapsulation within IP +sctp 132 SCTP # Stream Control Transmission Protocol +fc 133 FC # Fibre Channel +rsvp-e2e-ignore 134 RSVP-E2E-IGNORE # Aggregation of RSVP for IP reservations +mobility-header 135 Mobility-Header # Mobility Support in IPv6 +udplite 136 UDPLite # The UDP-Lite Protocol +mpls-in-ip 137 MPLS-IN-IP # Encapsulating MPLS in IP +# 138-254 # Unassigned +pfsync 240 PFSYNC # PF Synchronization +# 255 # Reserved +divert 258 DIVERT # Divert pseudo-protocol [non IANA] @@ -0,0 +1,118 @@ +#!/bin/sh +# +# Copyright (c) 2000-2004 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# @(#)rc 5.27 (Berkeley) 6/5/91 +# $FreeBSD$ +# + +# System startup script run by init on autoboot +# or after single-user. +# Output and error are redirected to console by init, +# and the console is the controlling terminal. + +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file +# first before contemplating any changes here. If you do need to change +# this file for some reason, we would like to know about it. + +stty status '^T' + +# Set shell to ignore SIGINT (2), but not children; +# shell catches SIGQUIT (3) and returns to single user. +# +trap : 2 +trap "echo 'Boot interrupted'; exit 1" 3 + +HOME=/ +PATH=/sbin:/bin:/usr/sbin:/usr/bin +export HOME PATH + +if [ "$1" = autoboot ]; then + autoboot=yes + _boot="faststart" + rc_fast=yes # run_rc_command(): do fast booting +else + autoboot=no + _boot="quietstart" +fi + +dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` +if [ ${dlv:=0} -ne 0 -o -f /etc/diskless ]; then + sh /etc/rc.initdiskless +fi + +# Run these after determining whether we are booting diskless in order +# to minimize the number of files that are needed on a diskless system, +# and to make the configuration file variables available to rc itself. +# +. /etc/rc.subr +load_rc_config 'XXX' + +skip="-s nostart" +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + skip="$skip -s nojail" + if [ "$early_late_divider" = "FILESYSTEMS" ]; then + early_late_divider=NETWORKING + fi +fi + +# Do a first pass to get everything up to $early_late_divider so that +# we can do a second pass that includes $local_startup directories +# +files=`rcorder ${skip} /etc/rc.d/* 2>/dev/null` + +_rc_elem_done=' ' +for _rc_elem in ${files}; do + run_rc_script ${_rc_elem} ${_boot} + _rc_elem_done="${_rc_elem_done}${_rc_elem} " + + case "$_rc_elem" in + */${early_late_divider}) break ;; + esac +done + +unset files local_rc + +# Now that disks are mounted, for each dir in $local_startup +# search for init scripts that use the new rc.d semantics. +# +case ${local_startup} in +[Nn][Oo] | '') ;; +*) find_local_scripts_new ;; +esac + +files=`rcorder ${skip} /etc/rc.d/* ${local_rc} 2>/dev/null` +for _rc_elem in ${files}; do + case "$_rc_elem_done" in + *" $_rc_elem "*) continue ;; + esac + + run_rc_script ${_rc_elem} ${_boot} +done + +echo '' +date +exit 0 diff --git a/etc/rc.bsdextended b/etc/rc.bsdextended new file mode 100644 index 0000000..b933a96 --- /dev/null +++ b/etc/rc.bsdextended @@ -0,0 +1,138 @@ +#!/bin/sh +# +# Copyright (c) 2004 Tom Rhodes +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +#### +# Sample startup policy for the mac_bsdextended(4) security module. +# +# Suck in the system configuration variables. +#### +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +#### +# Set ugidfw(8) to CMD: +#### +CMD=/usr/sbin/ugidfw + +#### +# WARNING: recommended reading is the handbook's MAC +# chapter and the ugidfw(8) manual page. You can +# lock yourself out of the system very quickly by setting +# incorrect values here. These are only examples. +#### + +#### +# Build a generic list of rules here, these should be +# modified before using this script. +# +# For apache to read user files, the ruleadd must give +# it permissions by default. +#### +#${CMD} add subject uid 80 object not uid 80 mode rxws; +#${CMD} add subject gid 80 object not gid 80 mode rxws; + +#### +# majordomo compat: +#${CMD} add subject uid 54 object not uid 54 mode rxws; +#${CMD} add subject gid 26 object gid 54 mode rxws; + +#### +# This is for root: +${CMD} add subject uid 0 object not uid 0 mode arxws; +${CMD} add subject gid 0 object not gid 0 mode arxws; + +#### +# And for majordomo: +#${CMD} add subject uid 54 object not uid 54 mode rxws; +#${CMD} add subject gid 54 object not gid 54 mode rxws; + +#### +# And for bin: +${CMD} add subject uid 3 object not uid 3 mode rxws; +${CMD} add subject gid 7 object not gid 7 mode rxws; + +#### +# And for mail/pop: +#${CMD} add subject uid 68 object not uid 68 mode rxws; +#${CMD} add subject gid 6 object not gid 6 mode arxws; + +#### +# And for smmsp: +${CMD} add subject uid 25 object not uid 25 mode rxws; +${CMD} add subject gid 25 object not gid 25 mode rxws; + +#### +# And for mailnull: +${CMD} add subject uid 26 object not uid 26 mode rxws; +${CMD} add subject gid 26 object not gid 26 mode rxws; + +#### +# For cyrus: +#${CMD} add subject uid 60 object not uid 60 mode rxws; +#${CMD} add subject gid 60 object not gid 60 mode rxws; + +#### +# For stunnel: +#${CMD} add subject uid 1018 object not uid 1018 mode rxws; +#${CMD} add subject gid 1018 object not gid 1018 mode rxws; + +#### +# For the nobody account: +${CMD} add subject uid 65534 object not uid 65534 mode rxws; +${CMD} add subject gid 65534 object not gid 65534 mode rxws; + +#### +# NOTICE: The next script adds a rule to allow +# access their mailbox which is owned by GID `6'. +# Removing this will give mailbox lock issues. +for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`; + do ${CMD} add subject uid $x object gid 6 mode arwxs; +done; + +#### +# Use some script to get a list of users and +# add all users to mode n for all other users. This +# will isolate all users from other user home directories while +# permitting them to use commands and browse the system. +for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`; + do ${CMD} add subject not uid $x object uid $x mode n; +done; + +### +# Do the same thing but only for group ids in place of +# user IDs. +for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $3 }' /etc/passwd`; + do ${CMD} add subject not gid $x object uid $x mode n; +done; diff --git a/etc/rc.d/DAEMON b/etc/rc.d/DAEMON new file mode 100755 index 0000000..a656a88 --- /dev/null +++ b/etc/rc.d/DAEMON @@ -0,0 +1,10 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: DAEMON +# REQUIRE: NETWORKING SERVERS + +# This is a dummy dependency, to ensure that general purpose daemons +# are run _after_ the above are. diff --git a/etc/rc.d/FILESYSTEMS b/etc/rc.d/FILESYSTEMS new file mode 100755 index 0000000..ba2a2d6 --- /dev/null +++ b/etc/rc.d/FILESYSTEMS @@ -0,0 +1,12 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: FILESYSTEMS +# REQUIRE: root mountcritlocal zfs + +# This is a dummy dependency, for services which require file systems +# to be mounted before starting. It also serves as the default early / +# late divider; after this point, rc.d directories are rescanned to +# catch scripts from other file systems than /. diff --git a/etc/rc.d/LOGIN b/etc/rc.d/LOGIN new file mode 100755 index 0000000..2b45ba8 --- /dev/null +++ b/etc/rc.d/LOGIN @@ -0,0 +1,13 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: LOGIN +# REQUIRE: DAEMON + +# This is a dummy dependency to ensure user services such as xdm, +# inetd, cron and kerberos are started after everything else, in case +# the administrator has increased the system security level and +# wants to delay user logins until the system is (almost) fully +# operational. diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile new file mode 100644 index 0000000..0a0ff0a --- /dev/null +++ b/etc/rc.d/Makefile @@ -0,0 +1,68 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ + abi accounting addswap adjkerntz amd \ + apm apmd archdep atm1 atm2 atm3 auditd \ + bgfsck bluetooth bootparams bridge bsnmpd bthidd \ + ccd cleanvar cleartmp cron \ + ddb defaultroute devd devfs dhclient \ + dmesg dumpon \ + encswap \ + faith fsck ftp-proxy ftpd \ + gbde geli geli2 gptboot gssd \ + hastd hcsecd \ + hostapd hostid hostid_save hostname \ + inetd initrandom \ + ip6addrctl ipfilter ipfs ipfw ipmon \ + ipnat ipsec \ + jail \ + kadmind kerberos keyserv kld kldxref kpasswdd \ + ldconfig local localpkg lockd lpd \ + mixer motd mountcritlocal mountcritremote mountlate \ + mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ + named natd netif netoptions netwait \ + newsyslog nfsclient nfscbd nfsd \ + nfsuserd nisdomain nsswitch ntpd ntpdate \ + othermta \ + pf pflog pfsync \ + powerd power_profile ppp pppoed pwcheck \ + quota \ + random rarpd rctl resolv rfcomm_pppd_server root \ + route6d routed routing rpcbind rtadvd rtsold rwho \ + savecore sdpd securelevel sendmail \ + serial sppp statd static_arp static_ndp stf swap1 \ + syscons sysctl syslogd \ + timed tmp \ + ugidfw \ + var virecover \ + watchdogd wpa_supplicant \ + ypbind yppasswdd ypserv \ + ypset ypupdated ypxfrd \ + zfs zvol + +.if ${MK_IPX} != "no" +FILES+= ipxrouted +.endif + +.if ${MK_OFED} != "no" +FILES+= opensm +.endif + +.if ${MK_OPENSSH} != "no" +FILES+= sshd +.endif + +.if ${MK_NS_CACHING} != "no" +FILES+= nscd +.endif + +.if ${MK_BLUETOOTH} != "no" +FILES+= ubthidhci +.endif + +FILESDIR= /etc/rc.d +FILESMODE= ${BINMODE} + +.include <bsd.prog.mk> diff --git a/etc/rc.d/NETWORKING b/etc/rc.d/NETWORKING new file mode 100755 index 0000000..71cf26d --- /dev/null +++ b/etc/rc.d/NETWORKING @@ -0,0 +1,12 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: NETWORKING NETWORK +# REQUIRE: netif netoptions routing ppp ipfw stf faith +# REQUIRE: defaultroute routed mrouted route6d mroute6d resolv bridge +# REQUIRE: static_arp static_ndp + +# This is a dummy dependency, for services which require networking +# to be operational before starting. diff --git a/etc/rc.d/SERVERS b/etc/rc.d/SERVERS new file mode 100755 index 0000000..3398487 --- /dev/null +++ b/etc/rc.d/SERVERS @@ -0,0 +1,10 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: SERVERS +# REQUIRE: mountcritremote abi ldconfig savecore + +# This is a dummy dependency, for early-start servers relying on +# some basic configuration. diff --git a/etc/rc.d/abi b/etc/rc.d/abi new file mode 100755 index 0000000..3765b05 --- /dev/null +++ b/etc/rc.d/abi @@ -0,0 +1,64 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: abi +# REQUIRE: archdep +# KEYWORD: nojail + +. /etc/rc.subr + +name="abi" +start_cmd="${name}_start" +stop_cmd=":" + +sysv_start() +{ + echo -n ' sysvipc' + load_kld sysvmsg + load_kld sysvsem + load_kld sysvshm +} + +linux_start() +{ + local _tmpdir + + echo -n ' linux' + load_kld -e 'linux(aout|elf)' linux + if [ -x /compat/linux/sbin/ldconfigDisabled ]; then + _tmpdir=`mktemp -d -t linux-ldconfig` + /compat/linux/sbin/ldconfig -C ${_tmpdir}/ld.so.cache + if ! cmp -s ${_tmpdir}/ld.so.cache /compat/linux/etc/ld.so.cache; then + cat ${_tmpdir}/ld.so.cache > /compat/linux/etc/ld.so.cache + fi + rm -rf ${_tmpdir} + fi +} + +svr4_start() +{ + echo -n ' svr4' + load_kld -m svr4elf svr4 +} + +abi_start() +{ + local _echostop + + _echostop= + if checkyesno sysvipc_enable || checkyesno linux_enable || checkyesno svr4_enable; then + echo -n 'Additional ABI support:' + _echostop=yes + fi + + checkyesno sysvipc_enable && sysv_start + checkyesno linux_enable && linux_start + checkyesno svr4_enable && svr4_start + + [ -n "${_echostop}" ] && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/accounting b/etc/rc.d/accounting new file mode 100755 index 0000000..502ffe6 --- /dev/null +++ b/etc/rc.d/accounting @@ -0,0 +1,75 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: accounting +# REQUIRE: mountcritremote +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="accounting" +rcvar=`set_rcvar` +accounting_command="/usr/sbin/accton" +accounting_file="/var/account/acct" + +extra_commands="rotate_log" + +start_cmd="accounting_start" +stop_cmd="accounting_stop" +rotate_log_cmd="accounting_rotate_log" + +accounting_start() +{ + local _dir + + _dir="${accounting_file%/*}" + if [ ! -d "$_dir" ]; then + if ! mkdir -p "$_dir"; then + err 1 "Could not create $_dir." + fi + fi + + if [ ! -e "$accounting_file" ]; then + echo -n "Creating accounting file ${accounting_file}" + touch "$accounting_file" + echo '.' + fi + chmod 644 "$accounting_file" + + echo "Turning on accounting." + ${accounting_command} ${accounting_file} +} + +accounting_stop() +{ + echo "Turning off accounting." + ${accounting_command} +} + +accounting_rotate_log() +{ + local _dir _file + + _dir="${accounting_file%/*}" + cd $_dir + + if checkyesno accounting_enable; then + _file=`mktemp newacct-XXXXX` + chmod 644 $_file + ${accounting_command} ${_dir}/${_file} + fi + + mv ${accounting_file} ${accounting_file}.0 + + if checkyesno accounting_enable; then + ln $_file ${accounting_file##*/} + ${accounting_command} ${accounting_file} + unlink $_file + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap new file mode 100755 index 0000000..79bf1f1 --- /dev/null +++ b/etc/rc.d/addswap @@ -0,0 +1,33 @@ +#!/bin/sh +# +# Add additional swap files +# +# $FreeBSD$ +# + +# PROVIDE: addswap +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="addswap" +start_cmd="addswap_start" +stop_cmd=":" + +addswap_start() +{ + case ${swapfile} in + [Nn][Oo] | '') + ;; + *) + if [ -w "${swapfile}" ]; then + echo "Adding ${swapfile} as additional swap" + mdev=`mdconfig -a -t vnode -f ${swapfile}` && swapon /dev/${mdev} + fi + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz new file mode 100755 index 0000000..77e1e9d --- /dev/null +++ b/etc/rc.d/adjkerntz @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: adjkerntz +# REQUIRE: FILESYSTEMS random +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="adjkerntz" +start_cmd="adjkerntz -i" +stop_cmd=":" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/amd b/etc/rc.d/amd new file mode 100755 index 0000000..8105aeb --- /dev/null +++ b/etc/rc.d/amd @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: amd +# REQUIRE: rpcbind ypset nfsclient cleanvar ldconfig +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="amd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="amd_precmd" +command_args="&" +extra_commands="reload" + +amd_precmd() +{ + if ! checkyesno nfs_client_enable; then + force_depend nfsclient || return 1 + fi + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + rc_flags="${rc_flags} `echo $(eval ${amd_map_program})`" + ;; + esac + + case "${amd_flags}" in + '') + if [ ! -r /etc/amd.conf ]; then + warn 'amd will not load without arguments' + return 1 + fi + ;; + *) + rc_flags="-p ${rc_flags}" + command_args="> /var/run/amd.pid 2> /dev/null" + ;; + esac + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/apm b/etc/rc.d/apm new file mode 100755 index 0000000..3d15701 --- /dev/null +++ b/etc/rc.d/apm @@ -0,0 +1,46 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: apm +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="apm" +rcvar=`set_rcvar` +start_precmd="apm_precmd" +command="/usr/sbin/${name}" +start_cmd="${command} -e enable" +stop_cmd="${command} -e disable" +status_cmd="apm_status" + +apm_precmd() +{ + case `${SYSCTL_N} hw.machine_arch` in + i386) + return 0 + ;; + esac + return 1 +} + +apm_status() +{ + case `${command} -s` in + 1) + echo "APM is enabled." + return 0 + ;; + 0) + echo "APM is disabled" + ;; + esac + return 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/apmd b/etc/rc.d/apmd new file mode 100755 index 0000000..c2d6967 --- /dev/null +++ b/etc/rc.d/apmd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: apmd +# REQUIRE: DAEMON apm +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="apmd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="apmd_prestart" + +apmd_prestart() +{ + case `${SYSCTL_N} hw.machine_arch` in + i386) + # Enable apm if it is not already enabled + if ! checkyesno apm_enable && \ + ! /etc/rc.d/apm forcestatus 1>/dev/null 2>&1 + then + force_depend apm || return 1 + fi + + # Warn user about acpi apm compatibility support which + # does not work with apmd. + if [ ! -e /dev/apmctl ]; then + warn "/dev/apmctl not found; kernel is missing apm(4)" + fi + ;; + *) + return 1 + ;; + esac + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/archdep b/etc/rc.d/archdep new file mode 100755 index 0000000..157df8b --- /dev/null +++ b/etc/rc.d/archdep @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: archdep +# REQUIRE: mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="archdep" +start_cmd="archdep_start" +stop_cmd=":" + +archdep_start() +{ + local _arch + + _arch=`${SYSCTL_N} hw.machine_arch` + case $_arch in + i386) + # SCO binary emulation + # + if checkyesno ibcs2_enable; then + echo -n 'Initial i386 initialization:' + echo -n ' ibcs2' + load_kld ibcs2 + case ${ibcs2_loaders} in + [Nn][Oo]) + ;; + *) + for i in ${ibcs2_loaders}; do + load_kld ibcs2_$i + done + ;; + esac + echo '.' + fi + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm1 b/etc/rc.d/atm1 new file mode 100755 index 0000000..da50df0 --- /dev/null +++ b/etc/rc.d/atm1 @@ -0,0 +1,176 @@ +#!/bin/sh +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: atm1 +# REQUIRE: root +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="atm" +rcvar="atm_enable" +start_cmd="atm_start" +stop_cmd=":" + +# ATM networking startup script +# +# Initial interface configuration. +# N.B. /usr is not mounted. +# +atm_start() +{ + if [ -n "${natm_interfaces}" ] ; then + # Load the HARP pseudo interface + load_kld if_harp || return 1 + + # Load all the NATM drivers that we need + for natm in ${natm_interfaces} ; do + ifconfig ${natm} up + done + fi + + # Load loadable HARP drivers + for dev in ${atm_load} ; do + load_kld ${dev} || return 1 + done + + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + idt[0-9] | idt[0-9][0-9]) + echo "${dev} " + ;; + + # NATM interfaces per pseudo driver + en[0-9] | en[0-9][0-9]) + echo "${dev} " + ;; + fatm[0-9] | fatm[0-9][0-9]) + echo "${dev} " + ;; + hatm[0-9] | hatm[0-9][0-9]) + echo "${dev} " + ;; + patm[0-9] | patm[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` + + if [ -z "${atmdev}" ]; then + echo 'No ATM adapters found' + return 0 + fi + + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld + fi + + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo ' missing network interface definition' + continue + fi + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue + else + echo ' missing signalling manager definition' + continue + fi + + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo ' missing NSAP prefix for UNI interface' + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi + + atm_phy="${atm_phy} ${phy}" + echo '.' + done + + echo -n 'Starting initial ATM daemons:' + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n ' ilmid' + ilmid + ;; + esac + + echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm2 b/etc/rc.d/atm2 new file mode 100755 index 0000000..ffb63c3 --- /dev/null +++ b/etc/rc.d/atm2 @@ -0,0 +1,97 @@ +#!/bin/sh +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: atm2 +# REQUIRE: atm1 netif +# BEFORE: routing +# KEYWORD: nojail + +# +# Additional ATM interface configuration +# +. /etc/rc.subr + +name="atm2" +rcvar="atm_enable" +start_cmd="atm2_start" +stop_cmd=":" + +atm2_start() +{ + # Configure network interfaces + + # get a list of physical interfaces + atm_phy=`atm show stat int | { read junk ; read junk ; \ + while read dev junk ; do + case ${dev} in + en[0-9] | en[0-9][0-9]) + ;; + *) + echo "${dev} " + ;; + esac + done ; }` + + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + # skip unused physical interfaces + if [ $# -lt 2 ] ; then + continue + fi + + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=$((${netindx} + 1)) + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue + fi + done + done + echo '.' + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm3 b/etc/rc.d/atm3 new file mode 100755 index 0000000..4dbd128 --- /dev/null +++ b/etc/rc.d/atm3 @@ -0,0 +1,93 @@ +#!/bin/sh +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Start ATM daemons + +# PROVIDE: atm3 +# REQUIRE: atm2 +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="atm3" +rcvar="atm_enable" +start_cmd="atm3_start" +stop_cmd=":" + +atm3_start() +{ + echo -n 'Starting ATM daemons:' + + # Get a list of network interfaces + atm_nif=`atm sh netif | { read junk ; \ + while read dev junk ; do + echo "${dev} " + done + }` + + for net in ${atm_nif} ; do + eval atmarp_args=\$atm_arpserver_${net} + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + warn "${net}: local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + ;; + esac + done + + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n ' scspd' + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n ' atmarpd' + atmarpd ${atm_atmarpd} + fi + echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/auditd b/etc/rc.d/auditd new file mode 100755 index 0000000..4d0760c --- /dev/null +++ b/etc/rc.d/auditd @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Start up for the Audit daemon. +# + +# PROVIDE: auditd +# REQUIRE: syslogd +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="auditd" +stop_cmd="auditd_stop" +command="/usr/sbin/${name}" +rcvar="auditd_enable" +command_args="${auditd_flags}" +required_files="/etc/security/audit_class /etc/security/audit_control + /etc/security/audit_event /etc/security/audit_user + /etc/security/audit_warn" + +auditd_stop() +{ + + /usr/sbin/audit -t + sleep 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bgfsck b/etc/rc.d/bgfsck new file mode 100755 index 0000000..3715354 --- /dev/null +++ b/etc/rc.d/bgfsck @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bgfsck +# REQUIRE: cron devfs syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="background-fsck" +rcvar="background_fsck" +start_cmd="bgfsck_start" +stop_cmd=":" + +bgfsck_start () +{ + if [ -z "${rc_force}" ]; then + background_fsck_delay=${background_fsck_delay:=0} + else + background_fsck_delay=0 + fi + if [ ${background_fsck_delay} -lt 0 ]; then + echo "Background file system checks delayed indefinitly" + return 0 + fi + + bgfsck_msg='Starting background file system checks' + if [ "${background_fsck_delay}" -gt 0 ]; then + bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds" + fi + if [ -z "${rc_force}" ]; then + check_startmsgs && echo "${bgfsck_msg}." + fi + + (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \ + logger -p daemon.notice -t fsck & +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bluetooth b/etc/rc.d/bluetooth new file mode 100755 index 0000000..183f835 --- /dev/null +++ b/etc/rc.d/bluetooth @@ -0,0 +1,365 @@ +#!/bin/sh +# +# Copyright (c) 2005 Maksim Yevmenkin <m_evmenkin@yahoo.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# PROVIDE: bluetooth +# REQUIRE: DAEMON +# KEYWORD: nojail nostart + +. /etc/rc.subr + +name="bluetooth" +rcvar= +start_cmd="bluetooth_start" +stop_cmd="bluetooth_stop" +required_modules="ng_bluetooth ng_hci ng_l2cap ng_btsocket" + +############################################################################## +# Read and parse Bluetooth device configuration file +############################################################################## + +bluetooth_read_conf() +{ + local _err _file _line _namespace + + _file=$1 + _namespace=$2 + _err=0 + + if [ ! -e $_file ]; then + return 0 + fi + + if [ ! -f $_file -o ! -r $_file ]; then + err 1 "Bluetooth configuration file $_file is not a file or not readable" + fi + + while read _line + do + case "$_line" in + \#*) + continue + ;; + + *) + if [ -z "$_line" ]; then + continue; + fi + + + if expr "$_line" : "[a-zA-Z0-9_]*=" > /dev/null 2>&1; then + eval "${_namespace}${_line}" + else + warn "Unable to parse line \"$_line\" in $_file" + _err=1 + fi + ;; + esac + done < $_file + + return $_err +} + +############################################################################## +# Setup Bluetooth stack. Create and connect nodes +############################################################################## + +bluetooth_setup_stack() +{ + dev=$1 + shift + hook=$1 + shift + + # Setup HCI + ngctl mkpeer ${dev}: hci ${hook} drv \ + > /dev/null 2>&1 || return 1 + + ngctl name ${dev}:${hook} ${dev}hci \ + > /dev/null 2>&1 || return 1 + + ngctl msg ${dev}hci: set_debug ${bluetooth_device_hci_debug_level} \ + > /dev/null 2>&1 || return 1 + + # Setup L2CAP + ngctl mkpeer ${dev}hci: l2cap acl hci \ + > /dev/null 2>&1 || return 1 + + ngctl name ${dev}hci:acl ${dev}l2cap \ + > /dev/null 2>&1 || return 1 + + ngctl msg ${dev}l2cap: set_debug ${bluetooth_device_l2cap_debug_level} \ + > /dev/null 2>&1 || return 1 + + # Connect HCI node to the Bluetooth sockets layer + ngctl connect ${dev}hci: btsock_hci_raw: raw ${dev}raw \ + > /dev/null 2>&1 || return 1 + + # Connect L2CAP node to Bluetooth sockets layer + ngctl connect ${dev}l2cap: btsock_l2c_raw: ctl ${dev}ctl \ + > /dev/null 2>&1 || return 1 + + ngctl connect ${dev}l2cap: btsock_l2c: l2c ${dev}l2c \ + > /dev/null 2>&1 || return 1 + + # Initilalize HCI node + ${hccontrol} -n ${dev}hci reset \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_bd_addr \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_local_supported_features \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_buffer_size \ + > /dev/null 2>&1 || return 1 + + if checkyesno bluetooth_device_discoverable; then + if checkyesno bluetooth_device_connectable; then + ${hccontrol} -n ${dev}hci write_scan_enable 3 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_scan_enable 1 \ + > /dev/null 2>&1 || return 1 + fi + else + if checkyesno bluetooth_device_connectable; then + ${hccontrol} -n ${dev}hci write_scan_enable 2 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_scan_enable 0 \ + > /dev/null 2>&1 || return 1 + fi + fi + + + ${hccontrol} -n ${dev}hci write_class_of_device ${bluetooth_device_class} \ + > /dev/null 2>&1 || return 1 + + if checkyesno bluetooth_device_authentication_enable; then + ${hccontrol} -n ${dev}hci write_authentication_enable 1 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_authentication_enable 0 \ + > /dev/null 2>&1 || return 1 + fi + + case "${bluetooth_device_encryption_mode}" in + [Nn][Oo][Nn][Ee]|0) + ${hccontrol} -n ${dev}hci write_encryption_mode 0 \ + > /dev/null 2>&1 || return 1 + ;; + + [Pp][2][Pp]|1) + ${hccontrol} -n ${dev}hci write_encryption_mode 1 \ + > /dev/null 2>&1 || return 1 + ;; + + [Al][Ll][Ll]|2) + ${hccontrol} -n ${dev}hci write_encryption_mode 2 \ + > /dev/null 2>&1 || return 1 + ;; + + *) + warn "Unsupported encryption mode ${bluetooth_device_encryption_mode} for device ${dev}" + return 1 + ;; + esac + + if checkyesno bluetooth_device_role_switch; then + ${hccontrol} -n ${dev}hci write_node_role_switch 1 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_node_role_switch 0 \ + > /dev/null 2>&1 || return 1 + fi + + ${hccontrol} -n ${dev}hci change_local_name "${bluetooth_device_local_name}" \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci initialize \ + > /dev/null 2>&1 || return 1 + + return 0 +} + +############################################################################## +# Shutdown Bluetooth stack. Destroy all nodes +############################################################################## + +bluetooth_shutdown_stack() +{ + dev=$1 + + ngctl shutdown ${dev}hci: > /dev/null 2>&1 + ngctl shutdown ${dev}l2cap: > /dev/null 2>&1 + + return 0 +} + +############################################################################## +# bluetooth_start() +############################################################################## + +bluetooth_start() +{ + local _file + + dev=$1 + + # Try to figure out device type by looking at device name + case "${dev}" in + # uartX - serial/UART Bluetooth device + uart*) + load_kld ng_h4 || return 1 + + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'uart\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get uart unit number: ${dev}" + fi + + ${hcseriald} -f /dev/cuau${unit} -n ${dev} + sleep 1 # wait a little bit + + if [ ! -f "/var/run/hcseriald.${dev}.pid" ]; then + err 1 "Unable to start hcseriald on ${dev}" + fi + ;; + + # 3Com Bluetooth Adapter 3CRWB60-A + btccc*) + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'btccc\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get bt3c unit number: ${dev}" + fi + ;; + + # USB Bluetooth adapters + ubt*) + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'ubt\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get ubt unit number: ${dev}" + fi + ;; + + # Unknown + *) + err 1 "Unsupported device: ${dev}" + ;; + esac + + # Be backward compatible and setup reasonable defaults + bluetooth_device_authentication_enable="0" + bluetooth_device_class="ff:01:0c" + bluetooth_device_connectable="1" + bluetooth_device_discoverable="1" + bluetooth_device_encryption_mode="0" + bluetooth_device_hci_debug_level="3" + bluetooth_device_l2cap_debug_level="3" + bluetooth_device_local_name="`/usr/bin/uname -n` (${dev})" + bluetooth_device_role_switch="1" + + # Load default device configuration parameters + _file="/etc/defaults/bluetooth.device.conf" + + if ! bluetooth_read_conf $_file bluetooth_device_ ; then + err 1 "Unable to read default Bluetooth configuration from $_file" + fi + + # Load device specific overrides + _file="/etc/bluetooth/$dev.conf" + + if ! bluetooth_read_conf $_file bluetooth_device_ ; then + err 1 "Unable to read Bluetooth device configuration from $_file" + fi + + # Setup stack + if ! bluetooth_setup_stack ${dev} ${hook} ; then + bluetooth_shutdown_stack $dev + err 1 "Unable to setup Bluetooth stack for device ${dev}" + fi + + return 0 +} + +############################################################################## +# bluetooth_stop() +############################################################################## + +bluetooth_stop() +{ + dev=$1 + + # Try to figure out device type by looking at device name + case "${dev}" in + # uartX - serial/UART Bluetooth device + uart*) + if [ -f "/var/run/hcseriald.${dev}.pid" ]; then + kill `cat /var/run/hcseriald.${dev}.pid` + sleep 1 # wait a little bit + fi + ;; + + # 3Com Bluetooth Adapter 3CRWB60-A + btccc*) + ;; + + # USB Bluetooth adapters + ubt*) + ;; + + # Unknown + *) + err 1 "Unsupported device: ${dev}" + ;; + esac + + bluetooth_shutdown_stack ${dev} + + return 0 +} + +############################################################################## +# Start here +############################################################################## + +load_rc_config $name +hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +hcseriald="${bluetooth_hcseriald:-/usr/sbin/hcseriald}" + +run_rc_command $* + diff --git a/etc/rc.d/bootparams b/etc/rc.d/bootparams new file mode 100755 index 0000000..1081bbf --- /dev/null +++ b/etc/rc.d/bootparams @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bootparams +# REQUIRE: rpcbind DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="bootparamd" +rcvar=`set_rcvar` +required_files="/etc/bootparams" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bridge b/etc/rc.d/bridge new file mode 100755 index 0000000..2c3bfd0 --- /dev/null +++ b/etc/rc.d/bridge @@ -0,0 +1,93 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: bridge +# REQUIRE: netif faith ppp stf +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="bridge" +start_cmd="bridge_start" +stop_cmd="bridge_stop" +cmd="" + +glob_int () { + case "$1" in + $2 ) true ;; + * ) false ;; + esac +} + +bridge_test () { + bridge=$1 + iface=$2 + + eval interfaces=\$autobridge_${bridge} + if [ -n "${interfaces}" ]; then + for i in ${interfaces}; do + if glob_int $iface $i ; then + ifconfig $bridge $cmd $iface > /dev/null 2>&1 + return + fi + done + fi +} + +autobridge() +{ + if [ -n "${autobridge_interfaces}" ]; then + if [ -z "$iflist" ]; then + # We're operating as a general network start routine. + iflist="`list_net_interfaces`" + fi + + for br in ${autobridge_interfaces}; do + for i in $iflist; do + bridge_test $br $i + done + done + fi +} + +bridge_start() +{ + cmd="addm" + autobridge +} + +bridge_stop() +{ + cmd="deletem" + autobridge +} + +iflist=$2 + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd new file mode 100755 index 0000000..c24a08f --- /dev/null +++ b/etc/rc.d/bsnmpd @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bsnmpd +# REQUIRE: NETWORKING syslogd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="bsnmpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/snmpd.pid" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bthidd b/etc/rc.d/bthidd new file mode 100755 index 0000000..907305e --- /dev/null +++ b/etc/rc.d/bthidd @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bthidd +# REQUIRE: DAEMON hcsecd +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="bthidd" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +rcvar=`set_rcvar` +start_precmd="bthidd_prestart" + +bthidd_prestart() +{ + load_kld -m kbdmux kbdmux + load_kld -m vkbd vkbd + load_kld -m ng_btsocket ng_btsocket + return 0 +} + +load_rc_config $name +config="${bthidd_config:-/etc/bluetooth/${name}.conf}" +hids="${bthidd_hids:-/var/db/${name}.hids}" +command_args="-c ${config} -H ${hids} -p ${pidfile}" +required_files="${config}" + +run_rc_command "$1" diff --git a/etc/rc.d/ccd b/etc/rc.d/ccd new file mode 100755 index 0000000..1188148 --- /dev/null +++ b/etc/rc.d/ccd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="ccd" +start_cmd="ccd_start" +stop_cmd=":" + +ccd_start() +{ + if [ -f /etc/ccd.conf ]; then + echo "Configuring CCD devices." + ccdconfig -C + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/cleanvar b/etc/rc.d/cleanvar new file mode 100755 index 0000000..490b5c5 --- /dev/null +++ b/etc/rc.d/cleanvar @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cleanvar +# REQUIRE: FILESYSTEMS var + +. /etc/rc.subr + +name="cleanvar" +rcvar=`set_rcvar` + +start_precmd="${name}_prestart" +start_cmd="${name}_start" +stop_cmd=":" + +extra_commands="reload" +reload_cmd="${name}_start" + +purgedir() +{ + local dir file + + if [ $# -eq 0 ]; then + purgedir . + else + for dir + do + ( + cd "$dir" && for file in .* * + do + # Skip over logging sockets + [ -S "$file" -a "$file" = "log" ] && continue + [ -S "$file" -a "$file" = "logpriv" ] && continue + [ ."$file" = .. -o ."$file" = ... ] && continue + if [ -d "$file" -a ! -L "$file" ] + then + purgedir "$file" + else + rm -f -- "$file" + fi + done + ) + done + fi +} + +cleanvar_prestart() +{ + # These files must be removed only the first time this script is run + # on boot. + # + rm -f /var/run/clean_var /var/spool/lock/clean_var +} + +cleanvar_start () +{ + if [ -d /var/run -a ! -f /var/run/clean_var ]; then + purgedir /var/run + # And an initial utmpx active session file + (cd /var/run && cp /dev/null utx.active && chmod 644 utx.active) + >/var/run/clean_var + fi + if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then + purgedir /var/spool/lock + >/var/spool/lock/clean_var + fi + rm -rf /var/spool/uucp/.Temp/* +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/cleartmp b/etc/rc.d/cleartmp new file mode 100755 index 0000000..0d84987 --- /dev/null +++ b/etc/rc.d/cleartmp @@ -0,0 +1,60 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cleartmp +# REQUIRE: mountcritremote tmp +# BEFORE: DAEMON + +. /etc/rc.subr + +name="cleartmp" +# Disguise rcvar for the start method to run irrespective of its setting. +rcvar1=`set_rcvar clear_tmp` +start_cmd="${name}_start" +stop_cmd=":" + +cleartmp_start() +{ + # Make /tmp location variable for easier debugging. + local tmp="/tmp" + + # X related directories to create in /tmp. + local x11_socket_dirs="${tmp}/.X11-unix ${tmp}/.XIM-unix \ + ${tmp}/.ICE-unix ${tmp}/.font-unix" + + if checkyesno ${rcvar1}; then + check_startmsgs && echo "Clearing ${tmp}." + + # This is not needed for mfs, but doesn't hurt anything. + # Things to note: + # + The dot in ${tmp}/. is important. + # + Put -prune before -exec so find never descends + # into a directory that was already passed to rm -rf. + # + "--" in rm arguments isn't strictly necessary, but + # it can prevent foot-shooting in future. + # + /tmp/lost+found is preserved, but its contents are removed. + # + lost+found and quota.* in subdirectories are removed. + # + .sujournal and .snap are preserved. + find -x ${tmp}/. ! -name . \ + ! \( -name .sujournal -type f -user root \) \ + ! \( -name .snap -type d -user root \) \ + ! \( -name lost+found -type d -user root \) \ + ! \( \( -name quota.user -or -name quota.group \) \ + -type f -user root \) \ + -prune -exec rm -rf -- {} + + elif checkyesno clear_tmp_X; then + # Remove X lock files, since they will prevent you from + # restarting X. Remove other X related directories. + check_startmsgs && echo "Clearing ${tmp} (X related)." + rm -rf ${tmp}/.X[0-9]-lock ${x11_socket_dirs} + fi + if checkyesno clear_tmp_X; then + # Create X related directories with proper permissions. + mkdir -m 1777 ${x11_socket_dirs} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/cron b/etc/rc.d/cron new file mode 100755 index 0000000..cc87d42 --- /dev/null +++ b/etc/rc.d/cron @@ -0,0 +1,23 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cron +# REQUIRE: LOGIN cleanvar +# BEFORE: securelevel +# KEYWORD: shutdown + +. /etc/rc.subr + +name="cron" +rcvar="`set_rcvar`" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" + +load_rc_config $name +if checkyesno cron_dst +then + cron_flags="$cron_flags -s" +fi +run_rc_command "$1" diff --git a/etc/rc.d/ddb b/etc/rc.d/ddb new file mode 100755 index 0000000..51e24ea --- /dev/null +++ b/etc/rc.d/ddb @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ddb +# REQUIRE: dumpon +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="ddb" +rcvar=`set_rcvar` +command="/sbin/${name}" +start_precmd="ddb_prestart" +stop_cmd=":" + +ddb_prestart() +{ + # Silently exit if ddb is not enabled + if [ -z "`sysctl -Nq debug.ddb.scripting.scripts`" ]; then + return 1 + fi +} + +load_rc_config $name + +required_files="${ddb_config}" +command_args="${ddb_config}" + +run_rc_command "$1" diff --git a/etc/rc.d/defaultroute b/etc/rc.d/defaultroute new file mode 100755 index 0000000..ea54c83 --- /dev/null +++ b/etc/rc.d/defaultroute @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Wait for the default route to be up if DHCP is in use +# +# $FreeBSD$ +# + +# PROVIDE: defaultroute +# REQUIRE: devd faith netif stf +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="defaultroute" +start_cmd="defaultroute_start" +stop_cmd=":" + +# Does any interface have a carrier? +defaultroute_carrier() +{ + local carrier nocarrier + + carrier=1 + for _if in ${dhcp_interfaces}; do + output=`/sbin/ifconfig ${_if}` + nocarrier=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` + [ -z "${nocarrier}" ] && carrier=0 + done + return ${carrier} +} + +defaultroute_start() +{ + local nl waited + + afexists inet || return 0 + + # Return without waiting if we don't have dhcp interfaces or + # if none of the dhcp interfaces is plugged in. + dhcp_interfaces=`list_net_interfaces dhcp` + [ -z "${dhcp_interfaces}" ] && return + + # Wait for a default route + waited=0 + while [ ${waited} -lt ${defaultroute_delay} ]; do + defif=`get_default_if -inet` + if [ -n "${defif}" ]; then + if [ ${waited} -ne 0 ]; then + echo -n "($defif)" + nl=1 + fi + break + fi + if [ ${waited} -eq 0 ]; then + echo -n "Waiting ${defaultroute_delay}s for the default route interface: " + else + echo -n . + fi + if [ ${waited} -eq ${defaultroute_carrier_delay} ] && ! defaultroute_carrier; then + echo -n "(no carrier)" + break + fi + nl=1 + sleep 1 + waited=$(($waited + 1)) + done + + [ -n "$nl" ] && echo +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/devd b/etc/rc.d/devd new file mode 100755 index 0000000..e257da6 --- /dev/null +++ b/etc/rc.d/devd @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: devd +# REQUIRE: netif +# BEFORE: NETWORKING mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="devd" +rcvar=`set_rcvar` +command="/sbin/${name}" + +start_precmd=${name}_prestart +stop_precmd=find_pidfile + +find_pidfile() +{ + if get_pidfile_from_conf pid-file /etc/devd.conf; then + pidfile="$_pidfile_from_conf" + else + pidfile="/var/run/${name}.pid" + fi +} + +devd_prestart () +{ + find_pidfile + + # If devd is disabled, turn it off in the kernel to avoid memory leaks. + if ! checkyesno ${rcvar}; then + $SYSCTL hw.bus.devctl_disable=1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/devfs b/etc/rc.d/devfs new file mode 100755 index 0000000..82278af --- /dev/null +++ b/etc/rc.d/devfs @@ -0,0 +1,70 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: devfs +# REQUIRE: mountcritremote +# BEFORE: SERVERS securelevel +# KEYWORD: nojail + +. /etc/rc.subr + +name="devfs" +start_cmd='devfs_start' +stop_cmd=':' + +devfs_start() +{ + if [ -n "$devfs_system_ruleset" -o -n "$devfs_set_rulesets" ]; then + devfs_init_rulesets + if [ -n "$devfs_system_ruleset" ]; then + devfs_set_ruleset $devfs_system_ruleset /dev + devfs_apply_ruleset $devfs_system_ruleset /dev + fi + if [ -n "$devfs_set_rulesets" ]; then + local _dir_set + local _dir + local _set + for _dir_set in $devfs_set_rulesets; do + _dir=${_dir_set%=*} + _set=${_dir_set#*=} + devfs_set_ruleset $_set $_dir + devfs_apply_ruleset $_set $_dir + done + fi + fi + read_devfs_conf +} + +read_devfs_conf() +{ + if [ -r /etc/devfs.conf ]; then + cd /dev + while read action devicelist parameter; do + case "${action}" in + l*) for device in ${devicelist}; do + if [ ! -e ${parameter} ]; then + ln -fs ${device} ${parameter} + fi + done + ;; + o*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chown ${parameter} ${device} + fi + done + ;; + p*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chmod ${parameter} ${device} + fi + done + ;; + esac + done < /etc/devfs.conf + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/dhclient b/etc/rc.d/dhclient new file mode 100755 index 0000000..adba369 --- /dev/null +++ b/etc/rc.d/dhclient @@ -0,0 +1,57 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dhclient +# KEYWORD: nojail nostart + +. /etc/rc.subr +. /etc/network.subr + +ifn="$2" + +name="dhclient" +rcvar= +pidfile="/var/run/${name}.${ifn}.pid" +start_precmd="dhclient_prestart" +stop_precmd="dhclient_pre_check" + +# rc_force check can only be done at the run_rc_command +# time, so we're testing it in the pre* hooks. +dhclient_pre_check() +{ + if [ -z "${rc_force}" ] && ! dhcpif $ifn; then + err 1 "'$ifn' is not a DHCP-enabled interface" + fi +} + +dhclient_prestart() +{ + dhclient_pre_check + + # Interface-specific flags (see rc.subr for $flags setting) + specific=$(get_if_var $ifn dhclient_flags_IF) + if [ -z "$flags" -a -n "$specific" ]; then + rc_flags=$specific + fi + + background_dhclient=$(get_if_var $ifn background_dhclient_IF $background_dhclient) + if checkyesno background_dhclient; then + rc_flags="${rc_flags} -b" + fi + + rc_flags="${rc_flags} ${ifn}" +} + +load_rc_config $name +load_rc_config network + +if [ -z $ifn ] ; then + # only complain if a command was specified but no interface + if [ -n "$1" ] ; then + err 1 "$0: no interface specified" + fi +fi + +run_rc_command "$1" diff --git a/etc/rc.d/dmesg b/etc/rc.d/dmesg new file mode 100755 index 0000000..c6cdca3 --- /dev/null +++ b/etc/rc.d/dmesg @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dmesg +# REQUIRE: mountcritremote cleanvar +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="dmesg" +rcvar=`set_rcvar` +dmesg_file="/var/run/dmesg.boot" +start_cmd="do_dmesg" +stop_cmd=":" + +do_dmesg() +{ + rm -f ${dmesg_file} + ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} ) +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/dumpon b/etc/rc.d/dumpon new file mode 100755 index 0000000..ce5fc1c --- /dev/null +++ b/etc/rc.d/dumpon @@ -0,0 +1,69 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dumpon +# REQUIRE: zvol +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="dumpon" +start_cmd="dumpon_start" +stop_cmd="dumpon_stop" + +dumpon_try() +{ + if /sbin/dumpon "${1}" ; then + # Make a symlink in devfs for savecore + ln -fs "${1}" /dev/dumpdev + return 0 + fi + warn "unable to specify $1 as a dump device" + return 1 +} + +dumpon_start() +{ + # Enable dumpdev so that savecore can see it. Enable it + # early so a crash early in the boot process can be caught. + # + case ${dumpdev} in + [Nn][Oo] | '') + ;; + [Aa][Uu][Tt][Oo]) + dev=$(/bin/kenv -q dumpdev) + if [ -n "${dev}" ] ; then + dumpon_try "${dev}" + return $? + fi + while read dev mp type more ; do + [ "${type}" = "swap" ] || continue + [ -c "${dev}" ] || continue + dumpon_try "${dev}" 2>/dev/null && return 0 + done </etc/fstab + echo "No suitable dump device was found." 1>&2 + return 1 + ;; + *) + dumpon_try "${dumpdev}" + ;; + esac +} + +dumpon_stop() +{ + case ${dumpdev} in + [Nn][Oo] | '') + ;; + *) + rm -f /dev/dumpdev + /sbin/dumpon -v off + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap new file mode 100755 index 0000000..6221998 --- /dev/null +++ b/etc/rc.d/encswap @@ -0,0 +1,57 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: initrandom +# KEYWORD: nojail + +. /etc/rc.subr + +name="encswap" +start_cmd="encswap_attach" +stop_cmd="encswap_detach" + +encswap_attach() +{ + while read device mountpoint type options rest ; do + case ":${device}:${type}:${options}" in + :#*) + continue + ;; + *.bde:swap:sw) + passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q` + device="${device%.bde}" + gbde init "${device}" -P "${passphrase}" || return 1 + gbde attach "${device}" -p "${passphrase}" || return 1 + ;; + *.eli:swap:sw) + device="${device%.eli}" + geli onetime ${geli_swap_flags} "${device}" || return 1 + ;; + esac + done < /etc/fstab +} + +encswap_detach() +{ + while read device mountpoint type options rest ; do + case ":${device}:${type}:${options}" in + :#*) + continue + ;; + *.bde:swap:sw) + device="${device%.bde}" + gbde detach "${device}" + ;; + *.eli:swap:sw) + # Nothing here, because geli swap devices should be + # created with the auto-detach-on-last-close option. + ;; + esac + done < /etc/fstab +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/faith b/etc/rc.d/faith new file mode 100755 index 0000000..4790ebd --- /dev/null +++ b/etc/rc.d/faith @@ -0,0 +1,75 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \ + " faith0." + ${SYSCTL} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + check_startmsgs && ifconfig faith0 + ;; + esac +} + +faith_down() +{ + echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0." + ifconfig faith0 destroy + ${SYSCTL} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/fsck b/etc/rc.d/fsck new file mode 100755 index 0000000..c1fe155 --- /dev/null +++ b/etc/rc.d/fsck @@ -0,0 +1,78 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: fsck +# REQUIRE: localswap +# KEYWORD: nojail + +. /etc/rc.subr + +name="fsck" +start_cmd="fsck_start" +stop_cmd=":" + +fsck_start() +{ + if [ "$autoboot" = no ]; then + echo "Fast boot: skipping disk checks." + elif [ ! -r /etc/fstab ]; then + echo "Warning! No /etc/fstab: skipping disk checks." + elif [ "$autoboot" = yes ]; then + # During fsck ignore SIGQUIT + trap : 3 + + check_startmsgs && echo "Starting file system checks:" + if checkyesno background_fsck; then + fsck -F -p + else + fsck -p + fi + + case $? in + 0) + ;; + 2) + stop_boot + ;; + 4) + echo "Rebooting..." + reboot + echo "Reboot failed; help!" + stop_boot + ;; + 8) + if checkyesno fsck_y_enable; then + echo "File system preen failed, trying fsck -y ${fsck_y_flags}" + fsck -y ${fsck_y_flags} + case $? in + 0) + ;; + *) + echo "Automatic file system check failed; help!" + stop_boot + ;; + esac + else + echo "Automatic file system check failed; help!" + stop_boot + fi + ;; + 12) + echo "Boot interrupted." + stop_boot + ;; + 130) + stop_boot + ;; + *) + echo "Unknown error; help!" + stop_boot + ;; + esac + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ftp-proxy b/etc/rc.d/ftp-proxy new file mode 100755 index 0000000..6712e68 --- /dev/null +++ b/etc/rc.d/ftp-proxy @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ftp-proxy +# REQUIRE: DAEMON pf +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ftpproxy" +rcvar=`set_rcvar` +command="/usr/sbin/ftp-proxy" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ftpd b/etc/rc.d/ftpd new file mode 100755 index 0000000..338d735 --- /dev/null +++ b/etc/rc.d/ftpd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ftpd +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ftpd" +rcvar=`set_rcvar` +command="/usr/libexec/${name}" +pidfile="/var/run/${name}.pid" +start_precmd=ftpd_prestart + +ftpd_prestart() +{ + rc_flags="-D ${rc_flags}" + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gbde b/etc/rc.d/gbde new file mode 100755 index 0000000..6117b86 --- /dev/null +++ b/etc/rc.d/gbde @@ -0,0 +1,119 @@ +#!/bin/sh +# +# This file, originally written by Garrett A. Wollman, is in the public +# domain. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="gbde" +start_precmd="find_gbde_devices start" +stop_precmd="find_gbde_devices stop" +start_cmd="gbde_start" +stop_cmd="gbde_stop" + +find_gbde_devices() +{ + case "${gbde_devices-auto}" in + [Aa][Uu][Tt][Oo]) + gbde_devices="" + ;; + *) + return 0 + ;; + esac + + case "$1" in + start) + fstab="/etc/fstab" + ;; + stop) + fstab=$(mktemp /tmp/mtab.XXXXXX) + mount -p >${fstab} + ;; + esac + + # + # We can't use "mount -p | while ..." because when a shell loop + # is the target of a pipe it executes in a subshell, and so can't + # modify variables in the script. + # + while read device mountpt type options dump pass; do + case "$device" in + *.bde) + # Ignore swap devices + case "$type" in + swap) + continue + ;; + esac + + case "$options" in + *noauto*) + if checkyesno gbde_autoattach_all; then + gbde_devices="${gbde_devices} ${device}" + fi + ;; + *) + gbde_devices="${gbde_devices} ${device}" + ;; + esac + ;; + esac + done <${fstab} + + case "$1" in + stop) + rm -f ${fstab} + ;; + esac + + return 0 +} + +gbde_start() +{ + for device in $gbde_devices; do + parent=${device%.bde} + parent=${parent#/dev/} + parent_=`ltr ${parent} '/' '_'` + eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}" + if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then + echo "Configuring Disk Encryption for ${parent}." + + count=1 + while [ ${count} -le ${gbde_attach_attempts} ]; do + if [ -e "${lock}" ]; then + gbde attach ${parent} -l ${lock} + else + gbde attach ${parent} + fi + if [ -e "/dev/${parent}.bde" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}." + count=$((${count} + 1)) + done + fi + done +} + +gbde_stop() +{ + for device in $gbde_devices; do + parent=${device%.bde} + parent=${parent#/dev/} + if [ -e "/dev/${parent}.bde" ]; then + umount "/dev/${parent}.bde" 2>/dev/null + gbde detach "${parent}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/geli b/etc/rc.d/geli new file mode 100755 index 0000000..736b10a --- /dev/null +++ b/etc/rc.d/geli @@ -0,0 +1,90 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: initrandom +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli" +start_precmd='[ -n "$(geli_make_list)" ]' +start_cmd="geli_start" +stop_cmd="geli_stop" +required_modules="geom_eli:g_eli" + +geli_start() +{ + devices=`geli_make_list` + + if [ -z "${geli_tries}" ]; then + if [ -n "${geli_attach_attempts}" ]; then + # Compatibility with rc.d/gbde. + geli_tries=${geli_attach_attempts} + else + geli_tries=`${SYSCTL_N} kern.geom.eli.tries` + fi + fi + + for provider in ${devices}; do + provider_=`ltr ${provider} '/' '_'` + + eval "flags=\${geli_${provider_}_flags}" + if [ -z "${flags}" ]; then + flags=${geli_default_flags} + fi + if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then + echo "Configuring Disk Encryption for ${provider}." + count=1 + while [ ${count} -le ${geli_tries} ]; do + geli attach ${flags} ${provider} + if [ -e "/dev/${provider}.eli" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${geli_tries}." + count=$((count+1)) + done + fi + done +} + +geli_stop() +{ + devices=`geli_make_list` + + for provider in ${devices}; do + if [ -e "/dev/${provider}.eli" ]; then + umount "/dev/${provider}.eli" 2>/dev/null + geli detach "${provider}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/geli2 b/etc/rc.d/geli2 new file mode 100755 index 0000000..4726de0 --- /dev/null +++ b/etc/rc.d/geli2 @@ -0,0 +1,58 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: geli2 +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli2" +start_cmd="geli2_start" +stop_cmd=":" + +geli2_start() +{ + devices=`geli_make_list` + + for provider in ${devices}; do + provider_=`ltr ${provider} '/' '_'` + + eval "autodetach=\${geli_${provider_}_autodetach}" + if [ -z "${autodetach}" ]; then + autodetach=${geli_autodetach} + fi + if checkyesno autodetach && [ -e "/dev/${provider}.eli" ]; then + geli detach -l ${provider} + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gptboot b/etc/rc.d/gptboot new file mode 100755 index 0000000..abfcaa1 --- /dev/null +++ b/etc/rc.d/gptboot @@ -0,0 +1,77 @@ +#!/bin/sh +# +# Copyright (c) 2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: gptboot +# REQUIRE: mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="gptboot" +rcvar=`set_rcvar` +start_cmd="gptboot_report" + +gptboot_report() +{ + gpart show | \ + egrep '(^=>| freebsd-ufs .*(\[|,)(bootfailed|bootonce)(,|\]))' | \ + sed 's/^=>//' | \ + egrep -v '(\[|,)bootme(,|\])' | \ + while read start size pos type attrs rest; do + case "${pos}" in + [0-9]*) + if [ -n "${disk}" ]; then + part="${disk}p${pos}" + echo "${attrs}" | egrep -q '(\[|,)bootfailed(,|\])' + bootfailed=$? + echo "${attrs}" | egrep -q '(\[|,)bootonce(,|\])' + bootonce=$? + if [ ${bootfailed} -eq 0 ]; then + logger -t gptboot -p local0.notice "Boot from ${part} failed." + gpart unset -a bootfailed -i ${pos} ${disk} >/dev/null + elif [ ${bootonce} -eq 0 ]; then + # We want to log success after all failures. + echo -n "Boot from ${part} succeeded." + gpart unset -a bootonce -i ${pos} ${disk} >/dev/null + fi + fi + ;; + *) + if [ "${type}" = "GPT" ]; then + disk="${pos}" + else + disk="" + fi + ;; + esac + done | logger -t gptboot -p local0.notice +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gssd b/etc/rc.d/gssd new file mode 100755 index 0000000..3788307 --- /dev/null +++ b/etc/rc.d/gssd @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: gssd +# REQUIRE: root +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="gssd" + +load_rc_config $name +rcvar="gssd_enable" +command="${gssd:-/usr/sbin/${name}}" +eval ${name}_flags=\"${gssd_flags}\" +run_rc_command "$1" diff --git a/etc/rc.d/hastd b/etc/rc.d/hastd new file mode 100755 index 0000000..b9d9516 --- /dev/null +++ b/etc/rc.d/hastd @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hastd +# REQUIRE: NETWORKING syslogd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hastd" +rcvar=`set_rcvar` +pidfile="/var/run/${name}.pid" +command="/sbin/${name}" +hastctl="/sbin/hastctl" +required_files="/etc/hast.conf" +stop_precmd="hastd_stop_precmd" +required_modules="geom_gate:g_gate" +extra_commands="reload" + +hastd_stop_precmd() +{ + ${hastctl} role init all +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/hcsecd b/etc/rc.d/hcsecd new file mode 100755 index 0000000..fd6a925 --- /dev/null +++ b/etc/rc.d/hcsecd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hcsecd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hcsecd" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +rcvar=`set_rcvar` +required_modules="ng_btsocket" + +load_rc_config $name +config="${hcsecd_config:-/etc/bluetooth/${name}.conf}" +command_args="-f ${config}" +required_files="${config}" + +run_rc_command "$1" diff --git a/etc/rc.d/hostapd b/etc/rc.d/hostapd new file mode 100755 index 0000000..5f8203e --- /dev/null +++ b/etc/rc.d/hostapd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hostapd +# REQUIRE: mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hostapd" +command="/usr/sbin/${name}" +rcvar=`set_rcvar` + +conf_file="/etc/${name}.conf" +pidfile="/var/run/${name}.pid" + +command_args="-P ${pidfile} -B ${conf_file}" +required_files="${conf_file}" +required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" +extra_commands="reload" + +load_rc_config ${name} +run_rc_command "$1" diff --git a/etc/rc.d/hostid b/etc/rc.d/hostid new file mode 100755 index 0000000..c4545bd --- /dev/null +++ b/etc/rc.d/hostid @@ -0,0 +1,103 @@ +#!/bin/sh +# +# Copyright (c) 2007 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: hostid +# REQUIRE: sysctl +# KEYWORD: nojail + +. /etc/rc.subr + +name="hostid" +start_cmd="hostid_start" +stop_cmd=":" +reset_cmd="hostid_reset" +extra_commands="reset" +rcvar="hostid_enable" + +hostid_set() +{ + uuid=$1 + # Generate hostid based on hostuuid - take first four bytes from md5(uuid). + id=`echo -n $uuid | /sbin/md5` + id="0x${id%????????????????????????}" + + # Set both kern.hostuuid and kern.hostid. + # + check_startmsgs && echo "Setting hostuuid: ${uuid}." + ${SYSCTL} kern.hostuuid="${uuid}" >/dev/null + check_startmsgs && echo "Setting hostid: ${id}." + ${SYSCTL} kern.hostid=${id} >/dev/null +} + +hostid_hardware() +{ + uuid=`kenv -q smbios.system.uuid` + x="[0-9a-f]" + y=$x$x$x$x + case "${uuid}" in + $y$y-$y-$y-$y-$y$y$y) + echo "${uuid}" + ;; + esac +} + +hostid_generate() +{ + # First look for UUID in hardware. + uuid=`hostid_hardware` + if [ -z ${uuid} ]; then + # If not found, fall back to software-generated UUID. + uuid=`uuidgen` + fi + hostid_set $uuid +} + +hostid_reset() +{ + hostid_generate + # Store newly generated UUID in ${hostid_file}. + echo $uuid > ${hostid_file} + if [ $? -ne 0 ]; then + warn "could not store hostuuid in ${hostid_file}." + fi +} + +hostid_start() +{ + # If ${hostid_file} already exists, we take UUID from there. + if [ -r ${hostid_file} ]; then + hostid_set `cat ${hostid_file}` + else + # No hostid file, generate UUID. + hostid_generate + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/hostid_save b/etc/rc.d/hostid_save new file mode 100755 index 0000000..fca0521 --- /dev/null +++ b/etc/rc.d/hostid_save @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hostid_save +# REQUIRE: root +# KEYWORD: nojail + +. /etc/rc.subr + +name="hostid_save" +start_cmd="hostid_save" +stop_cmd=":" +rcvar="hostid_enable" + +hostid_save() +{ + if [ ! -r ${hostid_file} ]; then + $SYSCTL_N kern.hostuuid > ${hostid_file} + if [ $? -ne 0 ]; then + warn "could not store hostuuid in ${hostid_file}." + fi + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/hostname b/etc/rc.d/hostname new file mode 100755 index 0000000..142dc47 --- /dev/null +++ b/etc/rc.d/hostname @@ -0,0 +1,81 @@ +#!/bin/sh +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: hostname +# REQUIRE: FILESYSTEMS +# BEFORE: netif + +. /etc/rc.subr +. /etc/network.subr + +name="hostname" +start_cmd="hostname_start" +stop_cmd=":" + +hostname_start() +{ + # If we are not inside a jail, set the host name if it is not already set. + # If we are inside a jail, set the host name even if it is already set, + # but first check if it is permitted. + # + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then + return + fi + elif [ -n "`/bin/hostname -s`" ]; then + return + else + # If we're not in a jail and rc.conf doesn't specify a + # hostname, see if we can get one from kenv. + # + if [ -z "${hostname}" -a \ + -n "`/bin/kenv dhcp.host-name 2> /dev/null`" ]; then + hostname=`/bin/kenv dhcp.host-name` + fi + fi + + # Have we got a hostname yet? + # + if [ -z "${hostname}" ]; then + # Null hostname is probably OK if DHCP is in use. + # + if [ -z "`list_net_interfaces dhcp`" ]; then + warn "\$hostname is not set -- see ${rcvar_manpage}." + fi + return + fi + + # All right, it is safe to invoke hostname(1) now. + # + check_startmsgs && echo -n "Setting hostname: ${hostname}" + /bin/hostname "${hostname}" + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/inetd b/etc/rc.d/inetd new file mode 100755 index 0000000..fc00f38 --- /dev/null +++ b/etc/rc.d/inetd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: inetd +# REQUIRE: DAEMON LOGIN cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="inetd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom new file mode 100755 index 0000000..fcc047b --- /dev/null +++ b/etc/rc.d/initrandom @@ -0,0 +1,82 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: initrandom +# REQUIRE: dumpon ddb +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="initrandom" +start_cmd="initrandom_start" +stop_cmd=":" + +feed_dev_random() +{ + if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then + cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null + fi +} + +initrandom_start() +{ + soft_random_generator=`sysctl kern.random 2>/dev/null` + + echo -n 'Entropy harvesting:' + + if [ \! -z "${soft_random_generator}" ] ; then + + if [ -w /dev/random ]; then + if checkyesno harvest_interrupt; then + ${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null + echo -n ' interrupts' + else + ${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null + fi + + if checkyesno harvest_ethernet; then + ${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null + echo -n ' ethernet' + else + ${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null + fi + + if checkyesno harvest_p_to_p; then + ${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null + echo -n ' point_to_point' + else + ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null + fi + fi + + # XXX temporary until we can improve the entropy + # harvesting rate. + # Entropy below is not great, but better than nothing. + # This unblocks the generator at startup + ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ + | dd of=/dev/random bs=8k 2>/dev/null + cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null + + # First pass at reseeding /dev/random. + # + case ${entropy_file} in + [Nn][Oo] | '') + ;; + *) + if [ -w /dev/random ]; then + feed_dev_random "${entropy_file}" + fi + ;; + esac + + echo -n ' kickstart' + fi + + echo '.' +} + +load_rc_config random +run_rc_command "$1" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl new file mode 100755 index 0000000..d38018c --- /dev/null +++ b/etc/rc.d/ip6addrctl @@ -0,0 +1,102 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ip6addrctl +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="ip6addrctl" +rcvar=`set_rcvar` +start_cmd="ip6addrctl_start" +stop_cmd="ip6addrctl_stop" +extra_commands="status prefer_ipv6 prefer_ipv4" +status_cmd="ip6addrctl" +prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" +prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" +config_file="/etc/ip6addrctl.conf" + +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer ip6addrctl_policy + +ip6addrctl_prefer_ipv6() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl add ::1/128 50 0 + ip6addrctl add ::/0 40 1 + ip6addrctl add 2002::/16 30 2 + ip6addrctl add ::/96 20 3 + ip6addrctl add ::ffff:0:0/96 10 4 + checkyesno ip6addrctl_verbose && ip6addrctl +} + +ip6addrctl_prefer_ipv4() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl add ::ffff:0:0/96 50 0 + ip6addrctl add ::1/128 40 1 + ip6addrctl add ::/0 30 2 + ip6addrctl add 2002::/16 20 3 + ip6addrctl add ::/96 10 4 + checkyesno ip6addrctl_verbose && ip6addrctl +} + +ip6addrctl_start() +{ + afexists inet6 || return 0 + + # install the policy of the address selection algorithm. + case "${ip6addrctl_policy}" in + [Aa][Uu][Tt][Oo]) + if [ -r "${config_file}" -a -s "${config_file}" ]; then + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl install "${config_file}" + checkyesno ip6addrctl_verbose && ip6addrctl + else + if checkyesno ipv6_activate_all_interfaces; then + ip6addrctl_prefer_ipv6 + else + ip6addrctl_prefer_ipv4 + fi + fi + ;; + ipv4_prefer) + ip6addrctl_prefer_ipv4 + ;; + ipv6_prefer) + ip6addrctl_prefer_ipv6 + ;; + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + # Backward compatibility when ipv6_prefer=YES + ip6addrctl_prefer_ipv6 + ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + # Backward compatibility when ipv6_prefer=NO + ip6addrctl_prefer_ipv4 + ;; + *) + warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ + " \"ipv4_prefer\" is used instead." + ip6addrctl_prefer_ipv4 + ;; + esac +} + +ip6addrctl_stop() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter new file mode 100755 index 0000000..b6bdb4b --- /dev/null +++ b/etc/rc.d/ipfilter @@ -0,0 +1,92 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfilter +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipfilter" +rcvar=`set_rcvar` +load_rc_config $name +stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" + +start_precmd="$stop_precmd" +start_cmd="ipfilter_start" +stop_cmd="ipfilter_stop" +reload_precmd="$stop_precmd" +reload_cmd="ipfilter_reload" +resync_precmd="$stop_precmd" +resync_cmd="ipfilter_resync" +status_precmd="$stop_precmd" +status_cmd="ipfilter_status" +extra_commands="reload resync" +required_modules="ipl:ipfilter" + +ipfilter_start() +{ + echo "Enabling ipfilter." + if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then + ${ipfilter_program:-/sbin/ipf} -E + fi + ${ipfilter_program:-/sbin/ipf} -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} \ + -f "${ipfilter_rules}" ${ipfilter_flags} + fi + ${ipfilter_program:-/sbin/ipf} -6 -Fa + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + fi +} + +ipfilter_stop() +{ + # XXX - The ipf -D command is not effective for 'lkm's + if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then + echo "Saving firewall state tables" + ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} + echo "Disabling ipfilter." + ${ipfilter_program:-/sbin/ipf} -D + fi +} + +ipfilter_reload() +{ + echo "Reloading ipfilter rules." + + ${ipfilter_program:-/sbin/ipf} -I -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I \ + -f "${ipfilter_rules}" ${ipfilter_flags} + if [ $? -ne 0 ]; then + err 1 'Load of rules into alternate set failed; aborting reload' + fi + fi + ${ipfilter_program:-/sbin/ipf} -I -6 -Fa + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + if [ $? -ne 0 ]; then + err 1 'Load of IPv6 rules into alternate set failed; aborting reload' + fi + fi + ${ipfilter_program:-/sbin/ipf} -s + +} + +ipfilter_resync() +{ + ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} +} + +ipfilter_status() +{ + ${ipfilter_program:-/sbin/ipf} -V +} + +run_rc_command "$1" diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs new file mode 100755 index 0000000..9b5ccac --- /dev/null +++ b/etc/rc.d/ipfs @@ -0,0 +1,51 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfs +# REQUIRE: ipnat +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ipfs" +rcvar=`set_rcvar` +start_cmd="ipfs_start" +stop_cmd="ipfs_stop" +start_precmd="ipfs_prestart" + +ipfs_prestart() +{ + # Do not continue if either ipnat or ipfilter is not enabled or + # if the ipfilter module is not loaded. + # + if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} + +ipfs_start() +{ + if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then + ${ipfs_program} -R ${rc_flags} + rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf + fi +} + +ipfs_stop() +{ + if [ ! -d /var/db/ipf ]; then + mkdir /var/db/ipf + chmod 700 /var/db/ipf + chown root:wheel /var/db/ipf + fi + ${ipfs_program} -W ${rc_flags} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw new file mode 100755 index 0000000..4beb609 --- /dev/null +++ b/etc/rc.d/ipfw @@ -0,0 +1,110 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfw +# REQUIRE: ppp +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="ipfw" +rcvar="firewall_enable" +start_cmd="ipfw_start" +start_precmd="ipfw_prestart" +start_postcmd="ipfw_poststart" +stop_cmd="ipfw_stop" +required_modules="ipfw" + +set_rcvar_obsolete ipv6_firewall_enable + +ipfw_prestart() +{ + if checkyesno dummynet_enable; then + required_modules="$required_modules dummynet" + fi + + if checkyesno firewall_nat_enable; then + if ! checkyesno natd_enable; then + required_modules="$required_modules ipfw_nat" + fi + fi +} + +ipfw_start() +{ + local _firewall_type + + _firewall_type=$1 + + # set the firewall rules script if none was specified + [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall + + if [ -r "${firewall_script}" ]; then + /bin/sh "${firewall_script}" "${_firewall_type}" + echo 'Firewall rules loaded.' + elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then + echo 'Warning: kernel has firewall functionality, but' \ + ' firewall rules are not enabled.' + echo ' All ip services are disabled.' + fi + + # Firewall logging + # + if checkyesno firewall_logging; then + echo 'Firewall logging enabled.' + sysctl net.inet.ip.fw.verbose=1 >/dev/null + fi +} + +ipfw_poststart() +{ + local _coscript + + # Start firewall coscripts + # + for _coscript in ${firewall_coscripts} ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstart + fi + done + + # Enable the firewall + # + if ! ${SYSCTL} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then + warn "failed to enable IPv4 firewall" + fi + if afexists inet6; then + if ! ${SYSCTL} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1 + then + warn "failed to enable IPv6 firewall" + fi + fi +} + +ipfw_stop() +{ + local _coscript + + # Disable the firewall + # + ${SYSCTL} net.inet.ip.fw.enable=0 + if afexists inet6; then + ${SYSCTL} net.inet6.ip6.fw.enable=0 + fi + + # Stop firewall coscripts + # + for _coscript in `reverse_list ${firewall_coscripts}` ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstop + fi + done +} + +load_rc_config $name +firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" + +run_rc_command $* diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon new file mode 100755 index 0000000..cbed453 --- /dev/null +++ b/etc/rc.d/ipmon @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipmon +# REQUIRE: FILESYSTEMS hostname sysctl cleanvar ipfilter +# BEFORE: SERVERS +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipmon" +rcvar=`set_rcvar` +command="/sbin/${name}" +start_precmd="ipmon_precmd" + +ipmon_precmd() +{ + # Continue only if ipfilter or ipnat is enabled and the + # ipfilter module is loaded. + # + if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipnat b/etc/rc.d/ipnat new file mode 100755 index 0000000..6bf2e08 --- /dev/null +++ b/etc/rc.d/ipnat @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipnat +# REQUIRE: ipfilter +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipnat" +rcvar=`set_rcvar` +load_rc_config $name +start_cmd="ipnat_start" +stop_cmd="${ipnat_program} -F -C" +reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}" +extra_commands="reload" +required_files="${ipnat_rules}" +required_modules="ipl:ipfilter" + +ipnat_start() +{ + echo "Installing NAT rules." + ${ipnat_program} -CF -f ${ipnat_rules} ${ipnat_flags} +} + +run_rc_command "$1" diff --git a/etc/rc.d/ipsec b/etc/rc.d/ipsec new file mode 100755 index 0000000..0ad5490 --- /dev/null +++ b/etc/rc.d/ipsec @@ -0,0 +1,59 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipsec +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipsec" +rcvar=`set_rcvar` +start_precmd="ipsec_prestart" +start_cmd="ipsec_start" +stop_precmd="test -f $ipsec_file" +stop_cmd="ipsec_stop" +reload_cmd="ipsec_reload" +extra_commands="reload" +ipsec_program="/sbin/setkey" +# ipsec_file is set by rc.conf + +ipsec_prestart() +{ + if [ ! -f "$ipsec_file" ]; then + warn "$ipsec_file not readable; ipsec start aborted." + stop_boot + return 1 + fi + return 0 +} + +ipsec_start() +{ + echo "Installing ipsec manual keys/policies." + ${ipsec_program} -f $ipsec_file +} + +ipsec_stop() +{ + echo "Clearing ipsec manual keys/policies." + + # Still not 100% sure if we would like to do this. + # It is very questionable to do this during shutdown session + # since it can hang any of the remaining IPv4/v6 sessions. + # + ${ipsec_program} -F + ${ipsec_program} -FP +} + +ipsec_reload() +{ + echo "Reloading ipsec manual keys/policies." + ${ipsec_program} -f "$ipsec_file" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipxrouted b/etc/rc.d/ipxrouted new file mode 100755 index 0000000..04d3586 --- /dev/null +++ b/etc/rc.d/ipxrouted @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipxrouted +# REQUIRE: SERVERS +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipxrouted" +rcvar=`set_rcvar` +command="/usr/sbin/IPXrouted" +command_args="> /dev/null 2>&1" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/jail b/etc/rc.d/jail new file mode 100755 index 0000000..09170bd --- /dev/null +++ b/etc/rc.d/jail @@ -0,0 +1,742 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: jail +# REQUIRE: LOGIN cleanvar +# BEFORE: securelevel +# KEYWORD: nojail shutdown + +# WARNING: This script deals with untrusted data (the data and +# processes inside the jails) and care must be taken when changing the +# code related to this! If you have any doubt whether a change is +# correct and have security impact, please get the patch reviewed by +# the FreeBSD Security Team prior to commit. + +. /etc/rc.subr + +name="jail" +rcvar=`set_rcvar` + +start_precmd="jail_prestart" +start_cmd="jail_start" +stop_cmd="jail_stop" + +# init_variables _j +# Initialize the various jail variables for jail _j. +# +init_variables() +{ + _j="$1" + + if [ -z "$_j" ]; then + warn "init_variables: you must specify a jail" + return + fi + + eval _rootdir=\"\$jail_${_j}_rootdir\" + _devdir="${_rootdir}/dev" + _fdescdir="${_devdir}/fd" + _procdir="${_rootdir}/proc" + eval _hostname=\"\$jail_${_j}_hostname\" + eval _ip=\"\$jail_${_j}_ip\" + eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" + eval _exec=\"\$jail_${_j}_exec\" + + i=0 + while : ; do + eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\" + [ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break + i=$((i + 1)) + done + + eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" + + i=1 + while : ; do + eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\" + [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break + i=$((i + 1)) + done + + i=0 + while : ; do + eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\" + [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break + i=$((i + 1)) + done + + i=0 + while : ; do + eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\" + [ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break + i=$((i + 1)) + done + + eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" + + i=0 + while : ; do + eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\" + [ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break + i=$((i + 1)) + done + + if [ -n "${_exec}" ]; then + # simple/backward-compatible execution + _exec_start="${_exec}" + _exec_stop="" + else + # flexible execution + if [ -z "${_exec_start}" ]; then + _exec_start="/bin/sh /etc/rc" + if [ -z "${_exec_stop}" ]; then + _exec_stop="/bin/sh /etc/rc.shutdown" + fi + fi + fi + + # The default jail ruleset will be used by rc.subr if none is specified. + eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" + eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" + [ -z "${_devfs}" ] && _devfs="NO" + eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" + [ -z "${_fdescfs}" ] && _fdescfs="NO" + eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" + [ -z "${_procfs}" ] && _procfs="NO" + + eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" + [ -z "${_mount}" ] && _mount="NO" + # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified. + eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" + [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" + eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" + [ -z "${_flags}" ] && _flags="-l -U root" + eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\" + [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" + eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" + + # Debugging aid + # + debug "$_j devfs enable: $_devfs" + debug "$_j fdescfs enable: $_fdescfs" + debug "$_j procfs enable: $_procfs" + debug "$_j mount enable: $_mount" + debug "$_j hostname: $_hostname" + debug "$_j ip: $_ip" + jail_show_addresses ${_j} + debug "$_j interface: $_interface" + debug "$_j fib: $_fib" + debug "$_j root: $_rootdir" + debug "$_j devdir: $_devdir" + debug "$_j fdescdir: $_fdescdir" + debug "$_j procdir: $_procdir" + debug "$_j ruleset: $_ruleset" + debug "$_j fstab: $_fstab" + + i=0 + while : ; do + eval out=\"\${_exec_prestart${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec pre-start #${i}: ${out}" + i=$((i + 1)) + done + + debug "$_j exec start: $_exec_start" + + i=1 + while : ; do + eval out=\"\${_exec_afterstart${i}:-''}\" + + if [ -z "$out" ]; then + break; + fi + + debug "$_j exec after start #${i}: ${out}" + i=$((i + 1)) + done + + i=0 + while : ; do + eval out=\"\${_exec_poststart${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec post-start #${i}: ${out}" + i=$((i + 1)) + done + + i=0 + while : ; do + eval out=\"\${_exec_prestop${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec pre-stop #${i}: ${out}" + i=$((i + 1)) + done + + debug "$_j exec stop: $_exec_stop" + + i=0 + while : ; do + eval out=\"\${_exec_poststop${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec post-stop #${i}: ${out}" + i=$((i + 1)) + done + + debug "$_j flags: $_flags" + debug "$_j consolelog: $_consolelog" + + if [ -z "${_hostname}" ]; then + err 3 "$name: No hostname has been defined for ${_j}" + fi + if [ -z "${_rootdir}" ]; then + err 3 "$name: No root directory has been defined for ${_j}" + fi +} + +# set_sysctl rc_knob mib msg +# If the mib sysctl is set according to what rc_knob +# specifies, this function does nothing. However if +# rc_knob is set differently than mib, then the mib +# is set accordingly and msg is displayed followed by +# an '=" sign and the word 'YES' or 'NO'. +# +set_sysctl() +{ + _knob="$1" + _mib="$2" + _msg="$3" + + _current=`${SYSCTL} -n $_mib 2>/dev/null` + if checkyesno $_knob ; then + if [ "$_current" -ne 1 ]; then + echo -n " ${_msg}=YES" + ${SYSCTL} 1>/dev/null ${_mib}=1 + fi + else + if [ "$_current" -ne 0 ]; then + echo -n " ${_msg}=NO" + ${SYSCTL} 1>/dev/null ${_mib}=0 + fi + fi +} + +# is_current_mountpoint() +# Is the directory mount point for a currently mounted file +# system? +# +is_current_mountpoint() +{ + local _dir _dir2 + + _dir=$1 + + _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'` + [ ! -d "${_dir}" ] && return 1 + _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'` + [ "${_dir}" = "${_dir2}" ] + return $? +} + +# is_symlinked_mountpoint() +# Is a mount point, or any of its parent directories, a symlink? +# +is_symlinked_mountpoint() +{ + local _dir + + _dir=$1 + + [ -L "$_dir" ] && return 0 + [ "$_dir" = "/" ] && return 1 + is_symlinked_mountpoint `dirname $_dir` + return $? +} + +# secure_umount +# Try to unmount a mount point without being vulnerable to +# symlink attacks. +# +secure_umount() +{ + local _dir + + _dir=$1 + + if is_current_mountpoint ${_dir}; then + umount -f ${_dir} >/dev/null 2>&1 + else + debug "Nothing mounted on ${_dir} - not unmounting" + fi +} + + +# jail_umount_fs +# This function unmounts certain special filesystems in the +# currently selected jail. The caller must call the init_variables() +# routine before calling this one. +# +jail_umount_fs() +{ + local _device _mountpt _rest + + if checkyesno _fdescfs; then + if [ -d "${_fdescdir}" ] ; then + secure_umount ${_fdescdir} + fi + fi + if checkyesno _devfs; then + if [ -d "${_devdir}" ] ; then + secure_umount ${_devdir} + fi + fi + if checkyesno _procfs; then + if [ -d "${_procdir}" ] ; then + secure_umount ${_procdir} + fi + fi + if checkyesno _mount; then + [ -f "${_fstab}" ] || warn "${_fstab} does not exist" + tail -r ${_fstab} | while read _device _mountpt _rest; do + case ":${_device}" in + :#* | :) + continue + ;; + esac + secure_umount ${_mountpt} + done + fi +} + +# jail_mount_fstab() +# Mount file systems from a per jail fstab while trying to +# secure against symlink attacks at the mount points. +# +# If we are certain we cannot secure against symlink attacks we +# do not mount all of the file systems (since we cannot just not +# mount the file system with the problematic mount point). +# +# The caller must call the init_variables() routine before +# calling this one. +# +jail_mount_fstab() +{ + local _device _mountpt _rest + + while read _device _mountpt _rest; do + case ":${_device}" in + :#* | :) + continue + ;; + esac + if is_symlinked_mountpoint ${_mountpt}; then + warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}" + return + fi + done <${_fstab} + mount -a -F "${_fstab}" +} + +# jail_show_addresses jail +# Debug print the input for the given _multi aliases +# for a jail for init_variables(). +# +jail_show_addresses() +{ + local _j _type alias + _j="$1" + alias=0 + + if [ -z "${_j}" ]; then + warn "jail_show_addresses: you must specify a jail" + return + fi + + while : ; do + eval _addr=\"\$jail_${_j}_ip_multi${alias}\" + if [ -n "${_addr}" ]; then + debug "${_j} ip_multi${alias}: $_addr" + alias=$((${alias} + 1)) + else + break + fi + done +} + +# jail_extract_address argument +# The second argument is the string from one of the _ip +# or the _multi variables. In case of a comma separated list +# only one argument must be passed in at a time. +# The function alters the _type, _iface, _addr and _mask variables. +# +jail_extract_address() +{ + local _i + _i=$1 + + if [ -z "${_i}" ]; then + warn "jail_extract_address: called without input" + return + fi + + # Check if we have an interface prefix given and split into + # iFace and rest. + case "${_i}" in + *\|*) # ifN|.. prefix there + _iface=${_i%%|*} + _r=${_i##*|} + ;; + *) _iface="" + _r=${_i} + ;; + esac + + # In case the IP has no interface given, check if we have a global one. + _iface=${_iface:-${_interface}} + + # Set address, cut off any prefix/netmask/prefixlen. + _addr=${_r} + _addr=${_addr%%[/ ]*} + + # Theoretically we can return here if interface is not set, + # as we only care about the _mask if we call ifconfig. + # This is not done because we may want to santize IP addresses + # based on _type later, and optionally change the type as well. + + # Extract the prefix/netmask/prefixlen part by cutting off the address. + _mask=${_r} + _mask=`expr "${_mask}" : "${_addr}\(.*\)"` + + # Identify type {inet,inet6}. + case "${_addr}" in + *\.*\.*\.*) _type="inet" ;; + *:*) _type="inet6" ;; + *) warn "jail_extract_address: type not identified" + ;; + esac + + # Handle the special /netmask instead of /prefix or + # "netmask xxx" case for legacy IP. + # We do NOT support shortend class-full netmasks. + if [ "${_type}" = "inet" ]; then + case "${_mask}" in + /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;; + *) ;; + esac + + # In case _mask is still not set use /32. + _mask=${_mask:-/32} + + elif [ "${_type}" = "inet6" ]; then + # In case _maske is not set for IPv6, use /128. + _mask=${_mask:-/128} + fi +} + +# jail_handle_ips_option {add,del} input +# Handle a single argument imput which can be a comma separated +# list of addresses (theoretically with an option interface and +# prefix/netmask/prefixlen). +# +jail_handle_ips_option() +{ + local _x _action _type _i + _action=$1 + _x=$2 + + if [ -z "${_x}" ]; then + # No IP given. This can happen for the primary address + # of each address family. + return + fi + + # Loop, in case we find a comma separated list, we need to handle + # each argument on its own. + while [ ${#_x} -gt 0 ]; do + case "${_x}" in + *,*) # Extract the first argument and strip it off the list. + _i=`expr "${_x}" : '^\([^,]*\)'` + _x=`expr "${_x}" : "^[^,]*,\(.*\)"` + ;; + *) _i=${_x} + _x="" + ;; + esac + + _type="" + _iface="" + _addr="" + _mask="" + jail_extract_address "${_i}" + + # make sure we got an address. + case "${_addr}" in + "") continue ;; + *) ;; + esac + + # Append address to list of addresses for the jail command. + case "${_addrl}" in + "") _addrl="${_addr}" ;; + *) _addrl="${_addrl},${_addr}" ;; + esac + + # Configure interface alias if requested by a given interface + # and if we could correctly parse everything. + case "${_iface}" in + "") continue ;; + esac + case "${_type}" in + inet) ;; + inet6) ;; + *) warn "Could not determine address family. Not going" \ + "to ${_action} address '${_addr}' for ${_jail}." + continue + ;; + esac + case "${_action}" in + add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias + ;; + del) # When removing the IP, ignore the _mask. + ifconfig ${_iface} ${_type} ${_addr} -alias + ;; + esac + done +} + +# jail_ips {add,del} +# Extract the comma separated list of addresses and return them +# for the jail command. +# Handle more than one address via the _multi option as well. +# If an interface is given also add/remove an alias for the +# address with an optional netmask. +# +jail_ips() +{ + local _action + _action=$1 + + case "${_action}" in + add) ;; + del) ;; + *) warn "jail_ips: invalid action '${_action}'" + return + ;; + esac + + # Handle addresses. + jail_handle_ips_option ${_action} "${_ip}" + # Handle jail_xxx_ip_multi<N> + alias=0 + while : ; do + eval _x=\"\$jail_${_jail}_ip_multi${alias}\" + case "${_x}" in + "") break ;; + *) jail_handle_ips_option ${_action} "${_x}" + alias=$((${alias} + 1)) + ;; + esac + done +} + +jail_prestart() +{ + if checkyesno jail_parallel_start; then + command_args='&' + fi +} + +jail_start() +{ + echo -n 'Configuring jails:' + set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \ + set_hostname_allow + set_sysctl jail_socket_unixiproute_only \ + security.jail.socket_unixiproute_only unixiproute_only + set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \ + sysvipc_allow + echo '.' + + echo -n 'Starting jails:' + _tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \ + err 3 "$name: Can't create temp dir, exiting..." + for _jail in ${jail_list} + do + init_variables $_jail + if [ -f /var/run/jail_${_jail}.id ]; then + echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" + continue; + fi + _addrl="" + jail_ips "add" + if [ -n "${_fib}" ]; then + _setfib="setfib -F '${_fib}'" + else + _setfib="" + fi + if checkyesno _mount; then + info "Mounting fstab for jail ${_jail} (${_fstab})" + if [ ! -f "${_fstab}" ]; then + err 3 "$name: ${_fstab} does not exist" + fi + jail_mount_fstab + fi + if checkyesno _devfs; then + # If devfs is already mounted here, skip it. + df -t devfs "${_devdir}" >/dev/null + if [ $? -ne 0 ]; then + if is_symlinked_mountpoint ${_devdir}; then + warn "${_devdir} has symlink as parent - not starting jail ${_jail}" + continue + fi + info "Mounting devfs on ${_devdir}" + devfs_mount_jail "${_devdir}" ${_ruleset} + # Transitional symlink for old binaries + if [ ! -L "${_devdir}/log" ]; then + __pwd="`pwd`" + cd "${_devdir}" + ln -sf ../var/run/log log + cd "$__pwd" + fi + fi + + # XXX - It seems symlinks don't work when there + # is a devfs(5) device of the same name. + # Jail console output + # __pwd="`pwd`" + # cd "${_devdir}" + # ln -sf ../var/log/console console + # cd "$__pwd" + fi + if checkyesno _fdescfs; then + if is_symlinked_mountpoint ${_fdescdir}; then + warn "${_fdescdir} has symlink as parent, not mounting" + else + info "Mounting fdescfs on ${_fdescdir}" + mount -t fdescfs fdesc "${_fdescdir}" + fi + fi + if checkyesno _procfs; then + if is_symlinked_mountpoint ${_procdir}; then + warn "${_procdir} has symlink as parent, not mounting" + else + info "Mounting procfs onto ${_procdir}" + if [ -d "${_procdir}" ] ; then + mount -t procfs proc "${_procdir}" + fi + fi + fi + _tmp_jail=${_tmp_dir}/jail.$$ + + i=0 + while : ; do + eval out=\"\${_exec_prestart${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + + eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ + \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \ + </dev/null + + if [ "$?" -eq 0 ] ; then + _jail_id=$(head -1 ${_tmp_jail}) + i=1 + while : ; do + eval out=\"\${_exec_afterstart${i}:-''}\" + + if [ -z "$out" ]; then + break; + fi + + jexec "${_jail_id}" ${out} + i=$((i + 1)) + done + + echo -n " $_hostname" + tail +2 ${_tmp_jail} >${_consolelog} + echo ${_jail_id} > /var/run/jail_${_jail}.id + + i=0 + while : ; do + eval out=\"\${_exec_poststart${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + else + jail_umount_fs + jail_ips "del" + echo " cannot start jail \"${_jail}\": " + tail +2 ${_tmp_jail} + fi + rm -f ${_tmp_jail} + done + rmdir ${_tmp_dir} + echo '.' +} + +jail_stop() +{ + echo -n 'Stopping jails:' + for _jail in ${jail_list} + do + if [ -f "/var/run/jail_${_jail}.id" ]; then + _jail_id=$(cat /var/run/jail_${_jail}.id) + if [ ! -z "${_jail_id}" ]; then + init_variables $_jail + + i=0 + while : ; do + eval out=\"\${_exec_prestop${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + + if [ -n "${_exec_stop}" ]; then + eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \ + >> ${_consolelog} 2>&1 + fi + killall -j ${_jail_id} -TERM > /dev/null 2>&1 + sleep 1 + killall -j ${_jail_id} -KILL > /dev/null 2>&1 + jail_umount_fs + echo -n " $_hostname" + + i=0 + while : ; do + eval out=\"\${_exec_poststop${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + fi + jail_ips "del" + rm /var/run/jail_${_jail}.id + else + echo " cannot stop jail ${_jail}. No jail id in /var/run" + fi + done + echo '.' +} + +load_rc_config $name +cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +if [ -n "$*" ]; then + jail_list="$*" +fi + +run_rc_command "${cmd}" diff --git a/etc/rc.d/kadmind b/etc/rc.d/kadmind new file mode 100755 index 0000000..1e07938 --- /dev/null +++ b/etc/rc.d/kadmind @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kadmin +# REQUIRE: kerberos +# BEFORE: DAEMON + +. /etc/rc.subr + +name="kadmind5" +load_rc_config $name +rcvar="kadmind5_server_enable" +unset start_cmd +command="${kadmind5_server}" +command_args="&" +required_vars="kerberos5_server_enable" + +run_rc_command "$1" diff --git a/etc/rc.d/kerberos b/etc/rc.d/kerberos new file mode 100755 index 0000000..3eeb32a --- /dev/null +++ b/etc/rc.d/kerberos @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kerberos +# REQUIRE: NETWORKING + +. /etc/rc.subr + +name="kerberos5" +rcvar="kerberos5_server_enable" + +load_rc_config $name +command="${kerberos5_server}" +kerberos5_flags="${kerberos5_server_flags}" +run_rc_command "$1" diff --git a/etc/rc.d/keyserv b/etc/rc.d/keyserv new file mode 100755 index 0000000..d1eaaee --- /dev/null +++ b/etc/rc.d/keyserv @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Start keyserv if we are running Secure RPC + +# PROVIDE: keyserv +# REQUIRE: ypset +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="keyserv" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="keyserv_prestart" + +keyserv_prestart() +{ + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kld b/etc/rc.d/kld new file mode 100755 index 0000000..946ec69 --- /dev/null +++ b/etc/rc.d/kld @@ -0,0 +1,53 @@ +#!/bin/sh + +# Copyright (c) 2011 Douglas Barton +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +# PROVIDE: kld +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="kld" + +start_cmd="${name}_start" +stop_cmd=':' + +kld_start() +{ + [ -n "$kld_list" ] || return + + local _kld + + echo 'Loading kernel modules:' + for _kld in $kld_list ; do + load_kld -e ${_kld}.ko $_kld + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kldxref b/etc/rc.d/kldxref new file mode 100755 index 0000000..40140cc --- /dev/null +++ b/etc/rc.d/kldxref @@ -0,0 +1,35 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kldxref +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +rcvar="kldxref_enable" +name="kldxref" +stop_cmd=":" +start_cmd="kldxref_start" + +kldxref_start () { + if [ -n "$kldxref_module_path" ]; then + MODULE_PATHS="$kldxref_module_path" + else + MODULE_PATHS=`sysctl -n kern.module_path` + fi + IFS=';' + for MODULE_DIR in $MODULE_PATHS; do + if [ ! -f "$MODULE_DIR/linker.hints" ] || + checkyesno kldxref_clobber; then + echo "Building $MODULE_DIR/linker.hints" + kldxref "$MODULE_DIR" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kpasswdd b/etc/rc.d/kpasswdd new file mode 100755 index 0000000..d7f40ac --- /dev/null +++ b/etc/rc.d/kpasswdd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kpasswdd +# REQUIRE: kadmin +# BEFORE: DAEMON + +. /etc/rc.subr + +name="kpasswdd" +load_rc_config $name +rcvar="kpasswdd_server_enable" +unset start_cmd +command="${kpasswdd_server}" +command_args="&" +required_vars="kadmind5_server_enable" + +run_rc_command "$1" diff --git a/etc/rc.d/ldconfig b/etc/rc.d/ldconfig new file mode 100755 index 0000000..54114a6 --- /dev/null +++ b/etc/rc.d/ldconfig @@ -0,0 +1,83 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ldconfig +# REQUIRE: mountcritremote cleanvar +# BEFORE: DAEMON + +. /etc/rc.subr + +name="ldconfig" +ldconfig_command="/sbin/ldconfig" +start_cmd="ldconfig_start" +stop_cmd=":" + +ldconfig_start() +{ + local _files _ins + + _ins= + ldconfig=${ldconfig_command} + checkyesno ldconfig_insecure && _ins="-i" + if [ -x "${ldconfig_command}" ]; then + _LDC="/lib /usr/lib" + for i in ${ldconfig_local_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfig_paths="${ldconfig_paths} `cat ${_files} | sort -u`" + fi + fi + done + for i in ${ldconfig_paths} /etc/ld-elf.so.conf; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && echo 'ELF ldconfig path:' ${_LDC} + ${ldconfig} -elf ${_ins} ${_LDC} + + case `sysctl -n hw.machine_arch` in + amd64) + for i in ${ldconfig_local32_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfig32_paths="${ldconfig32_paths} `cat ${_files} | sort -u`" + fi + fi + done + _LDC="" + for i in ${ldconfig32_paths}; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && + echo '32-bit compatibility ldconfig path:' ${_LDC} + ${ldconfig} -32 -m ${_ins} ${_LDC} + ;; + esac + + # Legacy aout support for i386 only + case `sysctl -n hw.machine_arch` in + i386) + # Default the a.out ldconfig path. + : ${ldconfig_paths_aout=${ldconfig_paths}} + _LDC="" + for i in /usr/lib/aout ${ldconfig_paths_aout} /etc/ld.so.conf; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && echo 'a.out ldconfig path:' ${_LDC} + ${ldconfig} -aout ${_ins} ${_LDC} + ;; + esac + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/local b/etc/rc.d/local new file mode 100755 index 0000000..61a0852 --- /dev/null +++ b/etc/rc.d/local @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: local +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="local" +start_cmd="local_start" +stop_cmd="local_stop" + +local_start() +{ + if [ -f /etc/rc.local ]; then + echo -n 'Starting local daemons:' + . /etc/rc.local + echo '.' + fi +} + +local_stop() +{ + if [ -f /etc/rc.shutdown.local ]; then + echo -n 'Shutting down local daemons:' + . /etc/rc.shutdown.local + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/localpkg b/etc/rc.d/localpkg new file mode 100755 index 0000000..b3a3f68 --- /dev/null +++ b/etc/rc.d/localpkg @@ -0,0 +1,77 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: localpkg +# REQUIRE: abi +# BEFORE: securelevel +# KEYWORD: shutdown + +. /etc/rc.subr + +name="localpkg" +start_cmd="pkg_start" +stop_cmd="pkg_stop" + +pkg_start() +{ + local initdone + + # For each dir in $local_startup, search for init scripts matching *.sh + # + case ${local_startup} in + [Nn][Oo] | '') + ;; + *) + initdone= + find_local_scripts_old + for script in ${zlist} ${slist}; do + if [ -z "${initdone}" -a -f "${script}" ]; then + echo -n 'Local package initialization:' + initdone=yes + fi + if [ -x "${script}" ]; then + (set -T + trap 'exit 1' 2 + ${script} start) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script}, not executable)" + fi + done + [ -n "${initdone}" ] && echo '.' + ;; + esac +} + +pkg_stop() +{ + local initdone + + case ${local_startup} in + [Nn][Oo] | '') + ;; + *) + initdone= + find_local_scripts_old + for script in `reverse_list ${slist} ${zlist}`; do + if [ -z "${initdone}" -a -f "${script}" ]; then + echo -n 'Shutting down local packages:' + initdone=yes + fi + if [ -x "${script}" ]; then + if [ `sysctl -n debug.bootverbose` -eq 1 ]; then + echo "==>" ${script} + fi + (set -T + trap 'exit 1' 2 + ${script} stop) + fi + done + [ -n "${initdone}" ] && echo '.' + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/lockd b/etc/rc.d/lockd new file mode 100755 index 0000000..135dda7 --- /dev/null +++ b/etc/rc.d/lockd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm +# $FreeBSD$ +# + +# PROVIDE: lockd +# REQUIRE: nfsclient nfsd rpcbind statd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="lockd" +rcvar=rpc_lockd_enable +command="/usr/sbin/rpc.${name}" +start_precmd='lockd_precmd' +stop_precmd='checkyesno nfs_server_enable || checkyesno nfs_client_enable' +status_precmd=$stop_precmd + +# Make sure that we are either an NFS client or server, and that we get +# the correct flags from rc.conf(5). +# +lockd_precmd() +{ + local ret + ret=0 + + if ! checkyesno nfs_server_enable && ! checkyesno nfs_client_enable + then + ret=1 + fi + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || ret=1 + fi + rc_flags=${rpc_lockd_flags} + return ${ret} +} + +load_rc_config $name +run_rc_command $1 diff --git a/etc/rc.d/lpd b/etc/rc.d/lpd new file mode 100755 index 0000000..552e068 --- /dev/null +++ b/etc/rc.d/lpd @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: lpd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="lpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +required_files="/etc/printcap" +start_precmd="chkprintcap" + +chkprintcap() +{ + if checkyesno chkprintcap_enable ; then + /usr/sbin/chkprintcap ${chkprintcap_flags} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mdconfig b/etc/rc.d/mdconfig new file mode 100755 index 0000000..c697c35 --- /dev/null +++ b/etc/rc.d/mdconfig @@ -0,0 +1,197 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mdconfig +# REQUIRE: localswap root + +. /etc/rc.subr + +name="mdconfig" +stop_cmd="mdconfig_stop" +start_cmd="mdconfig_start" +start_precmd='[ -n "${_mdconfig_list}" ]' +required_modules="geom_md:g_md" + +is_readonly() +{ + local _mp _ret + + _mp=$1 + _ret=`mount | while read _line; do + case ${_line} in + *" ${_mp} "*read-only*) + echo "yes" + ;; + + *) + ;; + esac; + done` + + if [ -n "${_ret}" ]; then + return 0 + else + return 1 + fi +} + +init_variables() +{ + local _i + + _fs="" + _mp="" + _dev="/dev/${_md}" + eval _config=\$mdconfig_${_md} + eval _newfs=\$mdconfig_${_md}_newfs + + _type=${_config##*-t\ } + _type=${_type%%\ *} + if [ -z "${_type}" ]; then + err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}" + fi + + if [ "${_type}" = "vnode" ]; then + _file=${_config##*-f\ } + _file=${_file%%\ *} + if [ -z "${_file}" ]; then + err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices" + fi + if [ "${_file}" != "${_file%.uzip}" ]; then + _dev="/dev/${_md}.uzip" + fi + for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done + fi + + # Debugging help. + debug "${_md} config: ${_config}" + debug "${_md} type: ${_type}" + debug "${_md} dev: ${_dev}" + debug "${_md} file: ${_file}" + debug "${_md} fs: ${_fs}" + debug "${_md} newfs flags: ${_newfs}" +} + +mdconfig_start() +{ + local _md _mp _config _type _dev _file _fs _newfs _fsck_cmd + + for _md in ${_mdconfig_list}; do + init_variables ${_md} + # Create md(4) devices of types swap, malloc and vnode if the + # file is on the root partition. + if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then + if [ "${_type}" = "vnode" ]; then + if is_readonly ${_fs}; then + warn "${_fs} is mounted read-only, skipping ${_md}." + continue + fi + if [ "${_file}" != "${_file%.uzip}" ]; then + load_kld -m g_uzip geom_uzip || return 3 + # sleep a bit to allow creation of /dev/mdX.uzip + sleep 2 + fi + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + err 3 "${_md} already exists" + fi + echo "Creating ${_md} device (${_type})." + if ! mdconfig -a ${_config} -u ${_md}; then + echo "Creating ${_md} device failed, moving on." + continue + fi + # Skip fsck for uzip devices. + if [ "${_type}" = "vnode" ]; then + if [ "${_file}" != "${_file%.uzip}" ]; then + _fsck_cmd=":" + elif checkyesno background_fsck; then + _fsck_cmd="fsck -F" + else + _fsck_cmd="fsck" + fi + if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then + echo "Fsck failed on ${_dev}, not mounting the filesystem." + continue + + fi + else + newfs ${_newfs} ${_dev} >/dev/null + fi + if mount -d ${_dev} 2>&1 >/dev/null; then + echo "Mounting ${_dev}." + mount ${_dev} + fi + fi + done +} + +mdconfig_stop() +{ + local _md _mp _config _type _dev _file _fs _newfs _i + + for _md in ${_mdconfig_list}; do + init_variables ${_md} + if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then + for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done + if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then + echo "Device ${_dev} isn't mounted." + else + echo "Umounting ${_dev}." + umount ${_dev} + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + echo "Destroying ${_md}." + mdconfig -d -u ${_md} + fi + fi + done +} + +_mdconfig_cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +[ -n "$*" ] && _mdconfig_list="$*" + +load_rc_config $name + +_mdconfig_unit=0 +if [ -z "${_mdconfig_list}" ]; then + while :; do + eval _mdconfig_config=\$mdconfig_md${_mdconfig_unit} + if [ -z "${_mdconfig_config}" ]; then + break + else + _mdconfig_list="${_mdconfig_list}${_mdconfig_list:+ }md${_mdconfig_unit}" + _mdconfig_unit=$((${_mdconfig_unit} + 1)) + fi + done +fi + +run_rc_command "${_mdconfig_cmd}" diff --git a/etc/rc.d/mdconfig2 b/etc/rc.d/mdconfig2 new file mode 100755 index 0000000..4b1535e --- /dev/null +++ b/etc/rc.d/mdconfig2 @@ -0,0 +1,227 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mdconfig2 +# REQUIRE: mountcritremote +# BEFORE: SERVERS + +. /etc/rc.subr + +name="mdconfig2" +stop_cmd="mdconfig2_stop" +start_cmd="mdconfig2_start" +start_precmd='[ -n "${_mdconfig2_list}" ]' +required_modules="geom_md:g_md" + +is_readonly() +{ + local _mp _ret + + _mp=$1 + _ret=`mount | while read _line; do + case ${_line} in + *" ${_mp} "*read-only*) + echo "yes" + ;; + + *) + ;; + esac; + done` + + if [ -n "${_ret}" ]; then + return 0 + else + return 1 + fi +} + +init_variables() +{ + local _i + + _fs="" + _mp="" + _mounted="no" + _dev="/dev/${_md}" + eval _config=\$mdconfig_${_md} + eval _owner=\$mdconfig_${_md}_owner + eval _perms=\$mdconfig_${_md}_perms + eval _files=\$mdconfig_${_md}_files + eval _populate=\$mdconfig_${_md}_cmd + + _type=${_config##*-t\ } + _type=${_type%%\ *} + if [ -z "${_type}" ]; then + err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}" + fi + + if [ "${_type}" = "vnode" ]; then + _file=${_config##*-f\ } + _file=${_file%%\ *} + if [ -z "${_file}" ]; then + err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices" + fi + + if [ "${_file}" != "${_file%.uzip}" ]; then + _dev="/dev/${_md}.uzip" + fi + for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done + fi + + # Debugging help. + debug "${_md} config: ${_config}" + debug "${_md} type: ${_type}" + debug "${_md} dev: ${_dev}" + debug "${_md} file: ${_file}" + debug "${_md} fs: ${_fs}" + debug "${_md} owner: ${_owner}" + debug "${_md} perms: ${_perms}" + debug "${_md} files: ${_files}" + debug "${_md} populate cmd: ${_populate}" +} + +mdconfig2_start() +{ + local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate _fsck_cmd _i + + for _md in ${_mdconfig2_list}; do + init_variables ${_md} + if [ ! -r ${_file} ]; then + err 3 "${_file} doesn't exist" + continue + fi + # First pass: create md(4) vnode devices from files stored on + # non-root partition. Swap and malloc md(4) devices have already + # been created. + if [ "${_type}" = "vnode" -a "${_fs}" != "/" ]; then + if [ "${_file}" != "${_file%.uzip}" ]; then + load_kld -m g_uzip geom_uzip || return 3 + fi + if is_readonly ${_fs}; then + warn "${_fs} is mounted read-only, skipping ${_md}." + continue + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + err 3 "${_md} already exists" + fi + echo "Creating ${_md} device (${_type})." + if ! mdconfig -a ${_config} -u ${_md}; then + echo "Creating ${_md} device failed, moving on." + continue + fi + # Skip fsck for uzip devices. + if [ "${_file}" != "${_file%.uzip}" ]; then + _fsck_cmd=":" + elif checkyesno background_fsck; then + _fsck_cmd="fsck -F" + else + _fsck_cmd="fsck" + fi + if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then + echo "Fsck failed on ${_dev}, not mounting the filesystem." + continue + fi + if mount -d ${_dev} >/dev/null 2>&1; then + echo "Mounting ${_dev}." + mount ${_dev} + fi + fi + + for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done + if [ ! -z "${_mp}" -a "${_mp}" = "${_mp%%%}" ]; then + _mounted="yes" + fi + + if checkyesno _mounted; then + # Second pass: change permissions and ownership. + [ -z "${_owner}" ] || chown -f ${_owner} ${_dev} ${_mp} + [ -z "${_perms}" ] || chmod -f ${_perms} ${_dev} ${_mp} + + # Third pass: populate with foreign files. + if [ -n "${_files}" -o -n "${_populate}" ]; then + echo "Populating ${_dev}." + fi + if [ -n "${_files}" ]; then + cp -Rp ${_files} ${_mp} + fi + if [ -n "${_populate}" ]; then + eval ${_populate} + fi + fi + done +} + +mdconfig2_stop() +{ + local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate + + for _md in ${_mdconfig2_list}; do + init_variables ${_md} + if [ "${_type}" = "vnode" ]; then + for i in `df ${_dev} 2>/dev/null`; do _mp=$i; done + if [ ! -r "${_file}" -o "${_fs}" = "/" ]; then + continue + fi + if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then + echo "Device ${_dev} isn't mounted." + else + echo "Umounting ${_dev}." + umount ${_dev} + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + echo "Destroying ${_md}." + mdconfig -d -u ${_md} + fi + fi + done +} + +_mdconfig2_cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +[ -n "$*" ] && _mdconfig2_list="$*" + +load_rc_config $name + +_mdconfig2_unit=0 +if [ -z "${_mdconfig2_list}" ]; then + while :; do + eval _mdconfig2_config=\$mdconfig_md${_mdconfig2_unit} + if [ -z "${_mdconfig2_config}" ]; then + break + else + _mdconfig2_list="${_mdconfig2_list}${_mdconfig2_list:+ }md${_mdconfig2_unit}" + _mdconfig2_unit=$((${_mdconfig2_unit} + 1)) + fi + done +fi + +run_rc_command "${_mdconfig2_cmd}" diff --git a/etc/rc.d/mixer b/etc/rc.d/mixer new file mode 100755 index 0000000..cc7fb2d --- /dev/null +++ b/etc/rc.d/mixer @@ -0,0 +1,103 @@ +#!/bin/sh - +# +# Copyright (c) 2004 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mixer +# REQUIRE: cleanvar +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mixer" +rcvar="mixer_enable" +stop_cmd="mixer_stop" +start_cmd="mixer_start" +reload_cmd="mixer_start" +extra_commands="reload" + +# +# List current mixer devices to stdout. +# +list_mixers() +{ + ( cd /dev ; ls mixer* 2>/dev/null ) +} + +# +# Save state of an individual mixer specified as $1 +# +mixer_save() +{ + local dev + + dev="/dev/${1}" + if [ -r ${dev} ]; then + /usr/sbin/mixer -f ${dev} -s > /var/db/${1}-state 2>/dev/null + fi +} + +# +# Restore the state of an individual mixer specified as $1 +# +mixer_restore() +{ + local file dev + + dev="/dev/${1}" + file="/var/db/${1}-state" + if [ -r ${dev} -a -r ${file} ]; then + /usr/sbin/mixer -f ${dev} `cat ${file}` > /dev/null + fi +} + +# +# Restore state of all mixers +# +mixer_start() +{ + local mixer + + for mixer in `list_mixers`; do + mixer_restore ${mixer} + done +} + +# +# Save the state of all mixers +# +mixer_stop() +{ + local mixer + + for mixer in `list_mixers`; do + mixer_save ${mixer} + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/motd b/etc/rc.d/motd new file mode 100755 index 0000000..8256d96 --- /dev/null +++ b/etc/rc.d/motd @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="motd" +rcvar="update_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + check_startmsgs && echo -n 'Updating motd:' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + cp $T /etc/motd + chmod ${PERMS} /etc/motd + } + rm -f $T + + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountcritlocal b/etc/rc.d/mountcritlocal new file mode 100755 index 0000000..06bf464 --- /dev/null +++ b/etc/rc.d/mountcritlocal @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountcritlocal +# REQUIRE: root hostid_save mdconfig +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mountcritlocal" +start_cmd="mountcritlocal_start" +stop_cmd=sync + +mountcritlocal_start() +{ + local err + + # Set up the list of network filesystem types for which mounting + # should be delayed until after network initialization. + case ${extra_netfs_types} in + [Nn][Oo]) + ;; + *) + netfs_types="${netfs_types} ${extra_netfs_types}" + ;; + esac + + # Mount everything except nfs filesystems. + check_startmsgs && echo -n 'Mounting local file systems:' + mount_excludes='no' + for i in ${netfs_types}; do + fstype=${i%:*} + mount_excludes="${mount_excludes}${fstype}," + done + mount_excludes=${mount_excludes%,} + mount -a -t ${mount_excludes} + err=$? + check_startmsgs && echo '.' + + case ${err} in + 0) + ;; + *) + echo 'Mounting /etc/fstab filesystems failed,' \ + ' startup aborted' + stop_boot true + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountcritremote b/etc/rc.d/mountcritremote new file mode 100755 index 0000000..62e5079 --- /dev/null +++ b/etc/rc.d/mountcritremote @@ -0,0 +1,79 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountcritremote +# REQUIRE: NETWORKING FILESYSTEMS cleanvar ipsec netwait +# KEYWORD: nojail + +. /etc/rc.subr + +name="mountcritremote" +stop_cmd=":" +start_cmd="mountcritremote_start" +start_precmd="mountcritremote_precmd" + +# Mount NFS filesystems if present in /etc/fstab +# +# XXX When the vfsload() issues with nfsclient support and related sysctls +# have been resolved, this block can be removed, and the condition that +# skips nfs in the following block (for "other network filesystems") can +# be removed. +# +mountcritremote_precmd() +{ + case "`mount -d -a -t nfs 2> /dev/null`" in + *mount_nfs*) + # Handle absent nfs client support + load_kld -m nfs nfscl || return 1 + ;; + esac + return 0 +} + +mountcritremote_start() +{ + # Mount nfs filesystems. + # + case "`/sbin/mount -d -a -t nfs`" in + '') + ;; + *) + echo -n 'Mounting NFS file systems:' + mount -a -t nfs + echo '.' + ;; + esac + + # Mount other network filesystems if present in /etc/fstab. + case ${extra_netfs_types} in + [Nn][Oo]) + ;; + *) + netfs_types="${netfs_types} ${extra_netfs_types}" + ;; + esac + + for i in ${netfs_types}; do + fstype=${i%:*} + fsdecr=${i#*:} + + [ "${fstype}" = "nfs" ] && continue + + case "`mount -d -a -t ${fstype}`" in + *mount_${fstype}*) + echo -n "Mounting ${fsdecr} file systems:" + mount -a -t ${fstype} + echo '.' + ;; + esac + done + + # Cleanup /var again just in case it's a network mount. + /etc/rc.d/cleanvar quietreload + rm -f /var/run/clean_var /var/spool/lock/clean_var +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountd b/etc/rc.d/mountd new file mode 100755 index 0000000..017418d --- /dev/null +++ b/etc/rc.d/mountd @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountd +# REQUIRE: NETWORKING rpcbind quota +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mountd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/exports" +start_precmd="mountd_precmd" +extra_commands="reload" + +mountd_precmd() +{ + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + # mountd flags will differ depending on rc.conf settings + # + if checkyesno nfs_server_enable ; then + if checkyesno weak_mountd_authentication; then + rc_flags="${mountd_flags} -n" + fi + else + if checkyesno mountd_enable; then + checkyesno weak_mountd_authentication && rc_flags="-n" + fi + fi + + # If oldnfs_server_enable is yes, force use of the old NFS server + # + if checkyesno oldnfs_server_enable; then + rc_flags="-o ${rc_flags}" + fi + + if checkyesno zfs_enable; then + rc_flags="${rc_flags} /etc/exports /etc/zfs/exports" + fi + + rm -f /var/db/mountdtab + ( umask 022 ; > /var/db/mountdtab ) + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountlate b/etc/rc.d/mountlate new file mode 100755 index 0000000..5b8ff73 --- /dev/null +++ b/etc/rc.d/mountlate @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountlate +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="mountlate" +start_cmd="mountlate_start" +stop_cmd=":" + +mountlate_start() +{ + local err latefs + + # Mount "late" filesystems. + # + err=0 + latefs= + # / (root) fs is always remounted, so remove from list + latefs="`/sbin/mount -d -a -l | grep -v ' /$'`" + case ${latefs} in + '') + ;; + *) + echo -n 'Mounting late file systems:' + mount -a -l + err=$? + echo '.' + ;; + esac + + case ${err} in + 0) + ;; + *) + echo 'Mounting /etc/fstab filesystems failed,' \ + ' startup aborted' + stop_boot true + ;; + esac + + # If we booted a special kernel remove the record + # so we will boot the default kernel next time. + if [ -x /sbin/nextboot ]; then + /sbin/nextboot -D + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/moused b/etc/rc.d/moused new file mode 100755 index 0000000..fd2c447 --- /dev/null +++ b/etc/rc.d/moused @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: moused +# REQUIRE: DAEMON cleanvar +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="moused" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_cmd="moused_start" +pidprefix="/var/run/moused" +pidfile="${pidprefix}.pid" +pidarg= +load_rc_config $name + +# Set the pid file and variable name. The second argument, if it exists, is +# expected to be the mouse device. +# +if [ -n "$2" ]; then + eval moused_$2_enable=\${moused_$2_enable-${moused_nondefault_enable}} + rcvar=`set_rcvar moused_$2` + pidfile="${pidprefix}.$2.pid" + pidarg="-I $pidfile" +fi + +moused_start() +{ + local ms myflags myport mytype + + # Set the mouse device and get any related variables. If + # a moused device has been specified on the commandline, then + # rc.conf(5) variables defined for that device take precedence + # over the generic moused_* variables. The only exception is + # the moused_port variable, which if not defined sets it to the + # passed in device name. + # + ms=$1 + if [ -n "$ms" ]; then + eval myflags=\${moused_${ms}_flags-$moused_flags} + eval myport=\${moused_${ms}_port-/dev/$ms} + eval mytype=\${moused_${ms}_type-$moused_type} + else + ms="default" + myflags="$moused_flags" + myport="$moused_port" + mytype="$moused_type" + fi + + check_startmsgs && echo -n "Starting ${ms} moused" + /usr/sbin/moused ${myflags} -p ${myport} -t ${mytype} ${pidarg} + check_startmsgs && echo '.' + + mousechar_arg= + case ${mousechar_start} in + [Nn][Oo] | '') + ;; + *) + mousechar_arg="-M ${mousechar_start}" + ;; + esac + + for ttyv in /dev/ttyv* ; do + vidcontrol < ${ttyv} ${mousechar_arg} -m on + done +} + +run_rc_command $* diff --git a/etc/rc.d/mroute6d b/etc/rc.d/mroute6d new file mode 100755 index 0000000..047f241 --- /dev/null +++ b/etc/rc.d/mroute6d @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mroute6d +# REQUIRE: netif routing +# BEFORE: NETWORKING +# KEYWORD: nojail + +. /etc/rc.subr + +name="mroute6d" +rcvar=`set_rcvar` +command="/usr/local/sbin/pim6dd" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mrouted b/etc/rc.d/mrouted new file mode 100755 index 0000000..2eb9144 --- /dev/null +++ b/etc/rc.d/mrouted @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mrouted +# REQUIRE: netif routing cleanvar +# KEYWORD: nojail + +. /etc/rc.subr + +name="mrouted" +rcvar=`set_rcvar` +command="/usr/local/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/msgs b/etc/rc.d/msgs new file mode 100755 index 0000000..6031acc --- /dev/null +++ b/etc/rc.d/msgs @@ -0,0 +1,13 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: msgs +# REQUIRE: LOGIN + +# Make a bounds file for msgs(1) if there isn't one already +# +if [ -d /var/msgs -a ! -f /var/msgs/bounds -a ! -L /var/msgs/bounds ]; then + echo 0 > /var/msgs/bounds +fi diff --git a/etc/rc.d/named b/etc/rc.d/named new file mode 100755 index 0000000..676de76 --- /dev/null +++ b/etc/rc.d/named @@ -0,0 +1,301 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: named +# REQUIRE: SERVERS cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="named" +rcvar=named_enable + +extra_commands="reload" + +start_precmd="named_prestart" +start_postcmd="named_poststart" +reload_cmd="named_reload" +stop_cmd="named_stop" +stop_postcmd="named_poststop" + +# If running in a chroot cage, ensure that the appropriate files +# exist inside the cage, as well as helper symlinks into the cage +# from outside. +# +# As this is called after the is_running and required_dir checks +# are made in run_rc_command(), we can safely assume ${named_chrootdir} +# exists and named isn't running at this point (unless forcestart +# is used). +# +chroot_autoupdate() +{ + local file + + # Create (or update) the chroot directory structure + # + if [ -r /etc/mtree/BIND.chroot.dist ]; then + mtree -deU -f /etc/mtree/BIND.chroot.dist \ + -p ${named_chrootdir} + else + warn "/etc/mtree/BIND.chroot.dist missing," + warn "chroot directory structure not updated" + fi + + # Create (or update) the configuration directory symlink + # + if [ ! -L "${named_conf%/*}" ]; then + if [ -d "${named_conf%/*}" ]; then + warn "named chroot: ${named_conf%/*} is a directory!" + elif [ -e "${named_conf%/*}" ]; then + warn "named chroot: ${named_conf%/*} exists!" + else + ln -s ${named_confdir} ${named_conf%/*} + fi + else + # Make sure it points to the right place. + ln -shf ${named_confdir} ${named_conf%/*} + fi + + # Mount a devfs in the chroot directory if needed + # + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null + devfs_domount ${named_chrootdir}/dev devfsrules_hide_all + devfs -m ${named_chrootdir}/dev rule apply path null unhide + devfs -m ${named_chrootdir}/dev rule apply path random unhide + else + if [ -c ${named_chrootdir}/dev/null -a \ + -c ${named_chrootdir}/dev/random ]; then + info "named chroot: using pre-mounted devfs." + else + err 1 "named chroot: devfs cannot be mounted from" \ + "within a jail. Thus a chrooted named cannot" \ + "be run from within a jail." \ + "To run named without chrooting it, set" \ + "named_chrootdir=\"\" in /etc/rc.conf." + fi + fi + + # Copy and/or update key files to the chroot /etc + # + for file in localtime protocols services; do + if [ -r /etc/$file ]; then + cmp -s /etc/$file "${named_chrootdir}/etc/$file" || + cp -p /etc/$file "${named_chrootdir}/etc/$file" + fi + done +} + +# Make symlinks to the correct pid file +# +make_symlinks() +{ + checkyesno named_symlink_enable && + ln -fs "${named_chrootdir}${pidfile}" ${pidfile} +} + +named_poststart () { + make_symlinks + + if checkyesno named_wait; then + until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve $named_wait_host" + sleep 1 + done + fi +} + +named_reload() +{ + ${command%/named}/rndc reload +} + +find_pidfile() +{ + if get_pidfile_from_conf pid-file $named_conf; then + pidfile="$_pidfile_from_conf" + else + pidfile="/var/run/named/pid" + fi +} + +named_stop() +{ + find_pidfile + + # This duplicates an undesirably large amount of code from the stop + # routine in rc.subr in order to use rndc to shut down the process, + # and to give it a second chance in case rndc fails. + rc_pid=$(check_pidfile $pidfile $command) + if [ -z "$rc_pid" ]; then + [ -n "$rc_fast" ] && return 0 + _run_rc_notrunning + return 1 + fi + echo 'Stopping named.' + if ${command%/named}/rndc stop 2>/dev/null; then + wait_for_pids $rc_pid + else + echo -n 'rndc failed, trying kill: ' + kill -TERM $rc_pid + wait_for_pids $rc_pid + fi +} + +named_poststop() +{ + if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi + fi +} + +create_file () { + if [ -e "$1" ]; then + unlink $1 + fi + > $1 + chown root:wheel $1 + chmod 644 $1 +} + +named_prestart() +{ + find_pidfile + + if [ -n "$named_pidfile" ]; then + warn 'named_pidfile: now determined from the conf file' + fi + + command_args="-u ${named_uid:=root}" + + if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then + case "$named_flags" in + -c*|*' -c'*) ;; # No need to add it + *) command_args="-c $named_conf $command_args" ;; + esac + fi + + local line nsip firstns + + # Is the user using a sandbox? + # + if [ -n "$named_chrootdir" ]; then + rc_flags="$rc_flags -t $named_chrootdir" + checkyesno named_chroot_autoupdate && chroot_autoupdate + else + named_symlink_enable=NO + fi + + # Create an rndc.key file for the user if none exists + # + confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \ + -c ${named_confdir}/rndc.key" + if [ -s "${named_confdir}/rndc.conf" ]; then + unset confgen_command + fi + if [ -s "${named_confdir}/rndc.key" ]; then + case `stat -f%Su ${named_confdir}/rndc.key` in + root|$named_uid) ;; + *) $confgen_command ;; + esac + else + $confgen_command + fi + + local checkconf + + checkconf="${command%/named}/named-checkconf" + if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then + checkconf="$checkconf -t $named_chrootdir" + fi + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${named_confdir}/auto_forward.conf" ] && + create_file ${named_confdir}/auto_forward.conf + + $checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "$line" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "$firstns" ]; then + if [ ! "$nsip" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "$nsip" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo $line + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${named_confdir}/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${named_confdir}/auto_forward.conf" ] && + unlink ${named_confdir}/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${named_confdir}/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${named_confdir}/auto_forward.conf" ] && + create_file ${named_confdir}/auto_forward.conf + fi + + $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' +} + +load_rc_config $name + +# Updating the following variables requires that rc.conf be loaded first +# +required_dirs="$named_chrootdir" # if it is set, it must exist + +named_confdir="${named_chrootdir}${named_conf%/*}" + +run_rc_command "$1" diff --git a/etc/rc.d/natd b/etc/rc.d/natd new file mode 100755 index 0000000..e22353a --- /dev/null +++ b/etc/rc.d/natd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: natd +# KEYWORD: nostart nojail + +. /etc/rc.subr +. /etc/network.subr + +name="natd" +rcvar=`set_rcvar` +command="/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_precmd="natd_precmd" +required_modules="ipdivert" + +natd_precmd() +{ + if [ -n "${natd_interface}" ]; then + dhcp_list="`list_net_interfaces dhcp`" + for ifn in ${dhcp_list}; do + case "${natd_interface}" in + ${ifn}) + rc_flags="$rc_flags -dynamic" + ;; + esac + done + + if echo "${natd_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + rc_flags="$rc_flags -a ${natd_interface}" + else + rc_flags="$rc_flags -n ${natd_interface}" + fi + fi + + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/netif b/etc/rc.d/netif new file mode 100755 index 0000000..01da302 --- /dev/null +++ b/etc/rc.d/netif @@ -0,0 +1,158 @@ +#!/bin/sh +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: netif +# REQUIRE: atm1 cleanvar FILESYSTEMS serial sppp sysctl +# REQUIRE: ipfilter ipfs +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="network" +start_cmd="network_start" +stop_cmd="network_stop" +cloneup_cmd="clone_up" +clonedown_cmd="clone_down" +extra_commands="cloneup clonedown" +cmdifn= + +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer + +network_start() +{ + # Set the list of interfaces to work on. + # + cmdifn=$* + + if [ -z "$cmdifn" ]; then + # + # We're operating as a general network start routine. + # + + # disable SIGINT (Ctrl-c) when running at startup + trap : 2 + + # Create cloned interfaces + clone_up + + # Create Fast EtherChannel interfaces + fec_up + + # Create IPv6<-->IPv4 tunnels + gif_up + + # Rename interfaces. + ifnet_rename + fi + + # Configure the interface(s). + network_common ifn_start + + if [ -f /etc/rc.d/ipfilter ] ; then + # Resync ipfilter + /etc/rc.d/ipfilter quietresync + fi + if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then + /etc/rc.d/bridge start $cmdifn + fi +} + +network_stop() +{ + # Set the list of interfaces to work on. + # + cmdifn=$* + + # Deconfigure the interface(s) + network_common ifn_stop +} + +# network_common routine +# Common configuration subroutine for network interfaces. This +# routine takes all the preparatory steps needed for configuriing +# an interface and then calls $routine. +network_common() +{ + local _cooked_list _fail _func _ok _str + + _func= + + if [ -z "$1" ]; then + err 1 "network_common(): No function name specified." + else + _func="$1" + fi + + # Set the scope of the command (all interfaces or just one). + # + _cooked_list= + if [ -n "$cmdifn" ]; then + # Don't check that the interface(s) exist. We need to run + # the down code even when the interface doesn't exist to + # kill off wpa_supplicant. + # XXXBED: is this really true or does wpa_supplicant die? + # if so, we should get rid of the devd entry + _cooked_list="$cmdifn" + else + _cooked_list="`list_net_interfaces`" + fi + + _fail= + _ok= + for ifn in ${_cooked_list}; do + if ${_func} ${ifn} $2; then + _ok="${_ok} ${ifn}" + else + _fail="${_fail} ${ifn}" + fi + done + + _str= + if [ -n "${_ok}" ]; then + case ${_func} in + ifn_start) + _str='Starting' + ;; + ifn_stop) + _str='Stopping' + ;; + esac + echo "${_str} Network:${_ok}." + if check_startmsgs; then + for ifn in ${_ok}; do + /sbin/ifconfig ${ifn} + done + fi + fi + + debug "The following interfaces were not configured: $_fail" +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions new file mode 100755 index 0000000..1547ade --- /dev/null +++ b/etc/rc.d/netoptions @@ -0,0 +1,125 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: netoptions +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="netoptions" +start_cmd="netoptions_start" +stop_cmd=: + +_netoptions_initdone= +netoptions_init() +{ + if [ -z "${_netoptions_initdone}" ]; then + echo -n 'Additional TCP/IP options:' + _netoptions_initdone=yes + fi +} + +netoptions_start() +{ + local _af + + for _af in inet inet6; do + afexists ${_af} && eval netoptions_${_af} + done + [ -n "${_netoptions_initdone}" ] && echo '.' +} + +netoptions_inet() +{ + case ${log_in_vain} in + [12]) + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null + ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null + ;; + *) + ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null + ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null + ;; + esac + + if checkyesno tcp_extensions; then + ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null + else + netoptions_init + echo -n " rfc1323 extensions=${tcp_extensions}" + ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null + fi + + if checkyesno tcp_keepalive; then + ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null + else + netoptions_init + echo -n " TCP keepalive=${tcp_keepalive}" + ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null + fi + + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" + ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null + else + ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null + fi + + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac + + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac +} + +netoptions_inet6() +{ + if checkyesno ipv6_ipv4mapping; then + netoptions_init + echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" + ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null + else + ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null + fi + + if checkyesno ipv6_privacy; then + netoptions_init + echo -n " IPv6 Privacy Addresses" + ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null + ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null + fi + + case $ipv6_cpe_wanif in + ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null + ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null + ;; + *) + netoptions_init + echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" + ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null + ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null + ;; + esac +} + +load_rc_config $name +run_rc_command $1 diff --git a/etc/rc.d/netwait b/etc/rc.d/netwait new file mode 100755 index 0000000..1d3556a --- /dev/null +++ b/etc/rc.d/netwait @@ -0,0 +1,98 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: netwait +# REQUIRE: NETWORKING +# KEYWORD: nojail +# +# The netwait script is intended to be used by systems which have +# statically-configured IP addresses in rc.conf(5). If your system +# uses DHCP, you should use synchronous_dhclient="YES" in your +# /etc/rc.conf instead of using netwait. + +. /etc/rc.subr + +name="netwait" +rcvar=`set_rcvar` + +start_cmd="${name}_start" +stop_cmd=":" + +netwait_start() +{ + local ip rc count output link + + if [ -z "${netwait_ip}" ]; then + err 1 "You must define one or more IP addresses in netwait_ip" + fi + + if [ ${netwait_timeout} -lt 1 ]; then + err 1 "netwait_timeout must be >= 1" + fi + + # Handle SIGINT (Ctrl-C); force abort of while() loop + trap break SIGINT + + if [ -n "${netwait_if}" ]; then + echo -n "Waiting for $netwait_if to have link" + + count=1 + while [ ${count} -le ${netwait_if_timeout} ]; do + if output=`/sbin/ifconfig ${netwait_if} 2>/dev/null`; then + link=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` + if [ -z "${link}" ]; then + echo '.' + break + fi + else + echo '' + err 1 "ifconfig ${netwait_if} failed" + fi + sleep 1 + count=$((count+1)) + done + if [ -n "${link}" ]; then + # Restore default SIGINT handler + trap - SIGINT + + echo '' + warn "Interface still has no link. Continuing with startup, but" + warn "be aware you may not have a fully functional networking" + warn "layer at this point." + return + fi + fi + + # Handle SIGINT (Ctrl-C); force abort of while() loop + trap break SIGINT + + for ip in ${netwait_ip}; do + echo -n "Waiting for ${ip} to respond to ICMP" + + count=1 + while [ ${count} -le ${netwait_timeout} ]; do + /sbin/ping -t 1 -c 1 -o ${ip} >/dev/null 2>&1 + rc=$? + + if [ $rc -eq 0 ]; then + # Restore default SIGINT handler + trap - SIGINT + + echo '.' + return + fi + count=$((count+1)) + done + echo ': No response from host.' + done + + # Restore default SIGINT handler + trap - SIGINT + + warn "Exhausted IP list. Continuing with startup, but be aware you may" + warn "not have a fully functional networking layer at this point." +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/newsyslog b/etc/rc.d/newsyslog new file mode 100755 index 0000000..ab8f2d3 --- /dev/null +++ b/etc/rc.d/newsyslog @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: newsyslog +# REQUIRE: cleanvar mountcritremote + +. /etc/rc.subr + +name="newsyslog" +rcvar=`set_rcvar` +required_files="/etc/newsyslog.conf" +command="/usr/sbin/${name}" +start_cmd="newsyslog_start" +stop_cmd=":" + +newsyslog_start() +{ + check_startmsgs && echo -n 'Creating and/or trimming log files' + ${command} ${rc_flags} + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nfscbd b/etc/rc.d/nfscbd new file mode 100755 index 0000000..8fecfe9 --- /dev/null +++ b/etc/rc.d/nfscbd @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfscbd +# REQUIRE: NETWORKING nfsuserd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfscbd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +sig_stop="USR1" + +load_rc_config $name + +run_rc_command "$1" diff --git a/etc/rc.d/nfsclient b/etc/rc.d/nfsclient new file mode 100755 index 0000000..fa7906d --- /dev/null +++ b/etc/rc.d/nfsclient @@ -0,0 +1,50 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsclient +# REQUIRE: NETWORKING mountcritremote rpcbind +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsclient" +rcvar="nfs_client_enable" +start_cmd="nfsclient_start" +stop_cmd="unmount_all" +required_modules="nfscl:nfs" + +nfsclient_start() +{ + # + # Set some nfs client related sysctls + # + + if [ -n "${nfs_access_cache}" ]; then + check_startmsgs && + echo "NFS access cache time=${nfs_access_cache}" + if ! sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null; then + warn "failed to set access cache timeout" + fi + fi + if [ -n "${nfs_bufpackets}" ]; then + if ! sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null; then + warn "failed to set vfs.nfs.bufpackets" + fi + fi + + unmount_all +} + +unmount_all() +{ + # If /var/db/mounttab exists, some nfs-server has not been + # successfully notified about a previous client shutdown. + # If there is no /var/db/mounttab, we do nothing. + if [ -f /var/db/mounttab ]; then + rpc.umntall -k + fi +} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nfsd b/etc/rc.d/nfsd new file mode 100755 index 0000000..e1fd968 --- /dev/null +++ b/etc/rc.d/nfsd @@ -0,0 +1,78 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsd +# REQUIRE: mountd hostname gssd nfsuserd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsd" +rcvar=`set_rcvar nfs_server` +command="/usr/sbin/${name}" + +load_rc_config $name +start_precmd="nfsd_precmd" +sig_stop="USR1" + +nfsd_precmd() +{ + if checkyesno oldnfs_server_enable; then + rc_flags="-o ${nfs_server_flags}" + + # Load the module now, so that the vfs.nfsrv sysctl + # oids are available. + load_kld nfsserver + + if checkyesno nfs_reserved_port_only; then + echo 'NFS on reserved port only=YES' + sysctl vfs.nfsrv.nfs_privport=1 > /dev/null + else + sysctl vfs.nfsrv.nfs_privport=0 > /dev/null + fi + else + rc_flags="${nfs_server_flags}" + + # Load the modules now, so that the vfs.nfsd sysctl + # oids are available. + load_kld nfsd + + if checkyesno nfs_reserved_port_only; then + echo 'NFS on reserved port only=YES' + sysctl vfs.nfsd.nfs_privport=1 > /dev/null + else + sysctl vfs.nfsd.nfs_privport=0 > /dev/null + fi + + if checkyesno nfsv4_server_enable; then + sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null + if ! checkyesno nfsuserd_enable && \ + ! /etc/rc.d/nfsuserd forcestatus 1>/dev/null 2>&1 + then + if ! force_depend nfsuserd; then + err 1 "Cannot run nfsuserd" + fi + fi + else + echo 'NFSv4 is disabled' + sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null + fi + fi + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + if ! checkyesno mountd_enable && \ + ! /etc/rc.d/mountd forcestatus 1>/dev/null 2>&1 + then + force_depend mountd || return 1 + fi + return 0 +} + +run_rc_command "$1" diff --git a/etc/rc.d/nfsuserd b/etc/rc.d/nfsuserd new file mode 100755 index 0000000..278c666 --- /dev/null +++ b/etc/rc.d/nfsuserd @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsuserd +# REQUIRE: NETWORKING +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsuserd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +sig_stop="USR1" + +load_rc_config $name + +run_rc_command "$1" diff --git a/etc/rc.d/nisdomain b/etc/rc.d/nisdomain new file mode 100755 index 0000000..9763a9a --- /dev/null +++ b/etc/rc.d/nisdomain @@ -0,0 +1,54 @@ +#!/bin/sh +# +# Copyright (c) 1993 - 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: nisdomain +# REQUIRE: SERVERS rpcbind +# BEFORE: ypset ypbind ypserv ypxfrd + +. /etc/rc.subr + +name="nisdomain" +start_cmd="nisdomain_start" +stop_cmd=":" + +nisdomain_start() +{ + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo]|'') + ;; + *) + domainname ${nisdomainname} + echo "Setting NIS domain: `/bin/domainname`." + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nscd b/etc/rc.d/nscd new file mode 100755 index 0000000..42041a7 --- /dev/null +++ b/etc/rc.d/nscd @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nscd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable nscd: +# +# nscd_enable="YES" +# +# See nscd(8) for flags +# + +. /etc/rc.subr + +name="nscd" +rcvar=`set_rcvar` + +command=/usr/sbin/nscd +extra_commands="flush" +flush_cmd="${command} -I all" + +# usage: _nscd_set_option <option name> <default value> +# +_nscd_set_option() { + local _optname _defoptval _nscd_opt_val _cached_opt_val + _optname=$1 + _defoptval=$2 + + _nscd_opt_val=$(eval "echo \$nscd_${_optname}") + _cached_opt_val=$(eval "echo \$cached_${_optname}") + + if [ -n "$_cached_opt_val" -a "$_nscd_opt_val" != "$_defoptval" ]; then + warn "You should use nscd_${_optname} instead of" \ + "cached_${_optname}" + setvar "nscd_${_optname}" "$_cached_opt_val" + else + setvar "nscd_${_optname}" "${_nscd_opt_val:-$_defoptval}" + fi +} + + +load_rc_config $name +_nscd_set_option "enable" "NO" +_nscd_set_option "pidfile" "/var/run/nscd.pid" +_nscd_set_option "flags" "" +run_rc_command "$1" + diff --git a/etc/rc.d/nsswitch b/etc/rc.d/nsswitch new file mode 100755 index 0000000..caca52f --- /dev/null +++ b/etc/rc.d/nsswitch @@ -0,0 +1,103 @@ +#!/bin/sh +# +# Copyright (c) 1993 - 2004 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: nsswitch +# REQUIRE: root +# BEFORE: NETWORK + +. /etc/rc.subr + +name="nsswitch" +start_cmd="nsswitch_start" +stop_cmd=":" + +generate_host_conf() +{ + local _cont _sources + + nsswitch_conf=$1; shift; + host_conf=$1; shift; + + _cont=0 + _sources="" + while read line; do + line=${line##[ ]} + case $line in + hosts:*) + ;; + *) + if [ $_cont -ne 1 ]; then + continue + fi + ;; + esac + if [ "${line%\\}" = "${line}\\" ]; then + _cont=1 + fi + line=${line#hosts:} + line=${line%\\} + line=${line%%#*} + _sources="${_sources}${_sources:+ }$line" + done < $nsswitch_conf + + echo "# Auto-generated from nsswitch.conf" > $host_conf + for _s in ${_sources}; do + case $_s in + files) + echo "hosts" >> $host_conf + ;; + dns) + echo "dns" >> $host_conf + ;; + nis) + echo "nis" >> $host_conf + ;; + cache | *=*) + ;; + *) + echo "Warning: unrecognized source [$_s]" >&2 + ;; + esac + done +} + +nsswitch_start() +{ + # Generate host.conf for compatibility + # + if [ ! -f "/etc/host.conf" -o \ + "/etc/host.conf" -ot "/etc/nsswitch.conf" ] + then + echo 'Generating host.conf.' + generate_host_conf /etc/nsswitch.conf /etc/host.conf + fi + +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd new file mode 100755 index 0000000..b7b009c --- /dev/null +++ b/etc/rc.d/ntpd @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ntpd +# REQUIRE: DAEMON ntpdate cleanvar devfs +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ntpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_precmd="ntpd_precmd" + +load_rc_config $name + +ntpd_precmd() +{ + rc_flags="-c ${ntpd_config} ${ntpd_flags}" + + if checkyesno ntpd_sync_on_start; then + rc_flags="-g $rc_flags" + fi + + if [ -z "$ntpd_chrootdir" ]; then + return 0; + fi + + # If running in a chroot cage, ensure that the appropriate files + # exist inside the cage, as well as helper symlinks into the cage + # from outside. + # + # As this is called after the is_running and required_dir checks + # are made in run_rc_command(), we can safely assume ${ntpd_chrootdir} + # exists and ntpd isn't running at this point (unless forcestart + # is used). + # + if [ ! -c "${ntpd_chrootdir}/dev/clockctl" ]; then + rm -f "${ntpd_chrootdir}/dev/clockctl" + ( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" ) + fi + ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift + + # Change run_rc_commands()'s internal copy of $ntpd_flags + # + rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags" +} + +run_rc_command "$1" diff --git a/etc/rc.d/ntpdate b/etc/rc.d/ntpdate new file mode 100755 index 0000000..3f93e27 --- /dev/null +++ b/etc/rc.d/ntpdate @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ntpdate +# REQUIRE: NETWORKING syslogd named +# KEYWORD: nojail + +. /etc/rc.subr + +name="ntpdate" +rcvar=`set_rcvar` +stop_cmd=":" +start_cmd="ntpdate_start" + +ntpdate_start() +{ + if [ -z "$ntpdate_hosts" -a -f ${ntpdate_config} ]; then + ntpdate_hosts=`awk ' + /^server[ \t]*127.127/ {next} + /^(server|peer)/ { + if ($2 ~/^-/) {print $3} + else {print $2}} + ' < ${ntpdate_config}` + fi + if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then + echo "Setting date via ntp." + ${ntpdate_program:-ntpdate} $rc_flags $ntpdate_hosts + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/opensm b/etc/rc.d/opensm new file mode 100755 index 0000000..310476b --- /dev/null +++ b/etc/rc.d/opensm @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: opensm +# BEFORE: netif +# REQUIRE: FILESYSTEMS + +. /etc/rc.subr + +name="opensm" +start_cmd="opensm_start" +rcvar="opensm_enable" + +command=/usr/bin/opensm +command_args="-B" + +opensm_start() +{ + for guid in `ibstat | grep "Port GUID" | cut -d ':' -f2`; do + [ -z "${rc_quiet}" ] && echo "Starting ${guid} opensm." + ${command} ${command_args} -g ${guid} >> /dev/null + done +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/othermta b/etc/rc.d/othermta new file mode 100755 index 0000000..7ab3e63 --- /dev/null +++ b/etc/rc.d/othermta @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mail +# REQUIRE: LOGIN + +# XXX - TEMPORARY SCRIPT UNTIL YOU WRITE YOUR OWN REPLACEMENT. +# +. /etc/rc.subr + +load_rc_config 'XXX' + +if [ -n "${mta_start_script}" ]; then + [ "${mta_start_script}" != "/etc/rc.sendmail" ] && \ + sh ${mta_start_script} "$1" +fi diff --git a/etc/rc.d/pf b/etc/rc.d/pf new file mode 100755 index 0000000..3180a2c --- /dev/null +++ b/etc/rc.d/pf @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pf +# REQUIRE: FILESYSTEMS netif pflog pfsync +# BEFORE: routing +# KEYWORD: nojail + +. /etc/rc.subr + +name="pf" +rcvar=`set_rcvar` +load_rc_config $name +start_cmd="pf_start" +stop_cmd="pf_stop" +check_cmd="pf_check" +reload_cmd="pf_reload" +resync_cmd="pf_resync" +status_cmd="pf_status" +extra_commands="check reload resync" +required_files="$pf_rules" +required_modules="pf" + +pf_start() +{ + check_startmsgs && echo -n 'Enabling pf' + $pf_program -F all > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags + if ! $pf_program -s info | grep -q "Enabled" ; then + $pf_program -eq + fi + check_startmsgs && echo '.' +} + +pf_stop() +{ + if $pf_program -s info | grep -q "Enabled" ; then + echo -n 'Disabling pf' + $pf_program -dq + echo '.' + fi +} + +pf_check() +{ + echo "Checking pf rules." + $pf_program -n -f "$pf_rules" +} + +pf_reload() +{ + echo "Reloading pf rules." + $pf_program -n -f "$pf_rules" || return 1 + # Flush everything but existing state entries that way when + # rules are read in, it doesn't break established connections. + $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags +} + +pf_resync() +{ + $pf_program -f "$pf_rules" $pf_flags +} + +pf_status() +{ + $pf_program -s info +} + +run_rc_command "$1" diff --git a/etc/rc.d/pflog b/etc/rc.d/pflog new file mode 100755 index 0000000..001ad38 --- /dev/null +++ b/etc/rc.d/pflog @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pflog +# REQUIRE: FILESYSTEMS netif cleanvar +# KEYWORD: nojail + +. /etc/rc.subr + +name="pflog" +rcvar=`set_rcvar` +command="/sbin/pflogd" +pidfile="/var/run/pflogd.pid" +start_precmd="pflog_prestart" +stop_postcmd="pflog_poststop" +extra_commands="reload resync" + +# for backward compatibility +resync_cmd="pflog_resync" + +pflog_prestart() +{ + load_kld pflog || return 1 + + # set pflog0 interface to up state + if ! ifconfig pflog0 up; then + warn 'could not bring up pflog0.' + return 1 + fi + + # prepare the command line for pflogd + rc_flags="-f $pflog_logfile $rc_flags" + + # report we're ready to run pflogd + return 0 +} + +pflog_poststop() +{ + if ! ifconfig pflog0 down; then + warn 'could not bring down pflog0.' + return 1 + fi + return 0 +} + +# for backward compatibility +pflog_resync() +{ + run_rc_command reload +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync new file mode 100755 index 0000000..8be8928 --- /dev/null +++ b/etc/rc.d/pfsync @@ -0,0 +1,55 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pfsync +# REQUIRE: FILESYSTEMS netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="pfsync" +rcvar=`set_rcvar` +start_precmd="pfsync_prestart" +start_cmd="pfsync_start" +stop_cmd="pfsync_stop" +required_modules="pf" + +pfsync_prestart() +{ + # XXX Currently pfsync cannot be a module as it must register + # a network protocol in a static kernel table. + if ! kldstat -q -m pfsync; then + warn "pfsync(4) must be statically compiled in the kernel." + return 1 + fi + + case "$pfsync_syncdev" in + '') + warn "pfsync_syncdev is not set." + return 1 + ;; + esac + return 0 +} + +pfsync_start() +{ + local _syncpeer + + echo "Enabling pfsync." + if [ -n "${pfsync_syncpeer}" ]; then + _syncpeer="syncpeer ${pfsync_syncpeer}" + fi + ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up +} + +pfsync_stop() +{ + echo "Disabling pfsync." + ifconfig pfsync0 -syncdev down +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/power_profile b/etc/rc.d/power_profile new file mode 100755 index 0000000..03d36be --- /dev/null +++ b/etc/rc.d/power_profile @@ -0,0 +1,97 @@ +#!/bin/sh +# +# Modify the power profile based on AC line state. This script is +# usually called from devd(8). +# +# Arguments: 0x00 (AC offline, economy) or 0x01 (AC online, performance) +# +# $FreeBSD$ +# + +# PROVIDE: power_profile +# REQUIRE: FILESYSTEMS syslogd +# KEYWORD: nojail nostart + +. /etc/rc.subr + +name="power_profile" +stop_cmd=':' +LOGGER="logger -t power_profile -p daemon.notice" + +# Set a given sysctl node to a value. +# +# Variables: +# $node: sysctl node to set with the new value +# $value: HIGH for the highest performance value, LOW for the best +# economy value, or the value itself. +# $highest_value: maximum value for this sysctl, when $value is "HIGH" +# $lowest_value: minimum value for this sysctl, when $value is "LOW" +# +sysctl_set () +{ + # Check if the node exists + if [ -z "$(sysctl -n ${node} 2> /dev/null)" ]; then + return + fi + + # Get the new value, checking for special types HIGH or LOW + case ${value} in + [Hh][Ii][Gg][Hh]) + value=${highest_value} + ;; + [Ll][Oo][Ww]) + value=${lowest_value} + ;; + [Nn][Oo][Nn][Ee]) + return + ;; + *) + ;; + esac + + # Set the desired value + if [ -n "${value}" ]; then + if ! sysctl ${node}=${value} > /dev/null 2>&1; then + warn "unable to set ${node}=${value}" + fi + fi +} + +if [ $# -ne 1 ]; then + err 1 "Usage: $0 [0x00|0x01]" +fi +load_rc_config $name + +# Find the next state (performance or economy). +state=$1 +case ${state} in +0x01 | '') + ${LOGGER} "changed to 'performance'" + profile="performance" + ;; +0x00) + ${LOGGER} "changed to 'economy'" + profile="economy" + ;; +*) + echo "Usage: $0 [0x00|0x01]" + exit 1 +esac + +# Set the various sysctls based on the profile's values. +node="hw.acpi.cpu.cx_lowest" +highest_value="C1" +lowest_value="`(sysctl -n dev.cpu.0.cx_supported | \ + awk '{ print "C" split($0, a) }' -) 2> /dev/null`" +eval value=\$${profile}_cx_lowest +sysctl_set + +node="dev.cpu.0.freq" +highest_value="`(sysctl -n dev.cpu.0.freq_levels | \ + awk '{ split($0, a, "[/ ]"); print a[1] }' -) 2> /dev/null`" +lowest_value="`(sysctl -n dev.cpu.0.freq_levels | \ + awk '{ split($0, a, "[/ ]"); print a[length(a) - 1] }' -) 2> /dev/null`" +eval value=\$${profile}_cpu_freq +sysctl_set + +exit 0 diff --git a/etc/rc.d/powerd b/etc/rc.d/powerd new file mode 100755 index 0000000..e59d979 --- /dev/null +++ b/etc/rc.d/powerd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: powerd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="powerd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +stop_postcmd=powerd_poststop + +powerd_poststop() +{ + sysctl dev.cpu.0.freq=`sysctl -n dev.cpu.0.freq_levels | + sed -e 's:/.*::'` > /dev/null +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ppp b/etc/rc.d/ppp new file mode 100755 index 0000000..84d6bc4 --- /dev/null +++ b/etc/rc.d/ppp @@ -0,0 +1,134 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ppp +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="ppp" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_cmd="ppp_start" +stop_cmd="ppp_stop" +start_postcmd="ppp_poststart" + +ppp_start_profile() +{ + local _ppp_profile _ppp_mode _ppp_nat _ppp_unit + local _ppp_profile_cleaned _punct _punct_c + + _ppp_profile=$1 + _ppp_profile_cleaned=$1 + _punct=". - / +" + for _punct_c in $_punct; do + _ppp_profile_cleaned=`ltr ${_ppp_profile_cleaned} ${_punct_c} '_'` + done + + # Check for ppp profile mode override. + # + eval _ppp_mode=\$ppp_${_ppp_profile_cleaned}_mode + if [ -z "$_ppp_mode" ]; then + _ppp_mode=$ppp_mode + fi + + # Check for ppp profile nat override. + # + eval _ppp_nat=\$ppp_${_ppp_profile_cleaned}_nat + if [ -z "$_ppp_nat" ]; then + _ppp_nat=$ppp_nat + fi + + # Establish ppp mode. + # + if [ "${_ppp_mode}" != "ddial" -a "${_ppp_mode}" != "direct" \ + -a "${_ppp_mode}" != "dedicated" \ + -a "${_ppp_mode}" != "background" ]; then + _ppp_mode="auto" + fi + + rc_flags="-quiet -${_ppp_mode}" + + # Switch on NAT mode? + # + case ${_ppp_nat} in + [Yy][Ee][Ss]) + rc_flags="$rc_flags -nat" + ;; + esac + + # Check for hard wired unit + eval _ppp_unit=\$ppp_${_ppp_profile_cleaned}_unit + if [ -n "${_ppp_unit}" ]; then + _ppp_unit="-unit${_ppp_unit}" + fi + rc_flags="$rc_flags $_ppp_unit" + + # Run! + # + su -m $ppp_user -c "$command ${rc_flags} ${_ppp_profile}" +} + +ppp_start() +{ + local _ppp_profile _p + + _ppp_profile=$* + if [ -z "${_ppp_profile}" ]; then + _ppp_profile=$ppp_profile + fi + + echo -n "Starting PPP profile:" + + for _p in $_ppp_profile; do + echo -n " $_p" + ppp_start_profile $_p + done + + echo "." +} + +ppp_poststart() +{ + # Re-Sync ipfilter and pf so they pick up any new network interfaces + # + if [ -f /etc/rc.d/ipfilter ]; then + /etc/rc.d/ipfilter quietresync + fi + if [ -f /etc/rc.d/pf ]; then + /etc/rc.d/pf quietresync + fi +} + +ppp_stop_profile() { + local _ppp_profile + + _ppp_profile=$1 + + /bin/pkill -f "^${command}.*[[:space:]]${_ppp_profile}\$" || \ + echo -n "(not running)" +} + +ppp_stop() { + local _ppp_profile _p + + _ppp_profile=$* + if [ -z "${_ppp_profile}" ]; then + _ppp_profile=$ppp_profile + fi + + echo -n "Stopping PPP profile:" + + for _p in $_ppp_profile; do + echo -n " $_p" + ppp_stop_profile $_p + done + + echo "." +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/pppoed b/etc/rc.d/pppoed new file mode 100755 index 0000000..c939112 --- /dev/null +++ b/etc/rc.d/pppoed @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pppoed +# REQUIRE: NETWORKING +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="pppoed" +rcvar="`set_rcvar`" +start_cmd="pppoed_start" +# XXX stop_cmd will not be straightforward +stop_cmd=":" + +pppoed_start() +{ + local _opts + + if [ -n "${pppoed_provider}" ]; then + pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" + fi + echo 'Starting pppoed' + _opts=$-; set -f + /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} + set +f; set -${_opts} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/pwcheck b/etc/rc.d/pwcheck new file mode 100755 index 0000000..a8df716 --- /dev/null +++ b/etc/rc.d/pwcheck @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pwcheck +# REQUIRE: mountcritremote syslogd +# BEFORE: DAEMON + +. /etc/rc.subr + +name="pwcheck" +start_cmd="pwcheck_start" +stop_cmd=":" + +pwcheck_start() +{ + # check the password temp/lock file + # + if [ -f /etc/ptmp ]; then + logger -s -p auth.err \ + "password file may be incorrect -- /etc/ptmp exists" + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/quota b/etc/rc.d/quota new file mode 100755 index 0000000..edc90ef --- /dev/null +++ b/etc/rc.d/quota @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Enable/Check the quotas (must be after ypbind if using NIS) + +# PROVIDE: quota +# REQUIRE: mountcritremote ypset +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="quota" +rcvar=`set_rcvar` +load_rc_config $name +start_cmd="quota_start" +stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" + +quota_start() +{ + if checkyesno check_quotas; then + echo -n 'Checking quotas:' + quotacheck ${quotacheck_flags} + echo ' done.' + fi + + echo -n 'Enabling quotas:' + quotaon ${quotaon_flags} + echo ' done.' +} + +run_rc_command "$1" diff --git a/etc/rc.d/random b/etc/rc.d/random new file mode 100755 index 0000000..160b1d4 --- /dev/null +++ b/etc/rc.d/random @@ -0,0 +1,93 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: random +# REQUIRE: var initrandom +# BEFORE: netif +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="random" +start_cmd="random_start" +stop_cmd="random_stop" + +feed_dev_random() +{ + if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then + cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null + fi +} + +random_start() +{ + # Reseed /dev/random with previously stored entropy. + case ${entropy_dir} in + [Nn][Oo]) + ;; + *) + entropy_dir=${entropy_dir:-/var/db/entropy} + if [ -d "${entropy_dir}" ]; then + if [ -w /dev/random ]; then + for seedfile in ${entropy_dir}/*; do + feed_dev_random "${seedfile}" + done + fi + fi + ;; + esac + + case ${entropy_file} in + [Nn][Oo] | '') + ;; + *) + if [ -w /dev/random ]; then + feed_dev_random "${entropy_file}" + feed_dev_random /var/db/entropy-file + fi + ;; + esac +} + +random_stop() +{ + # Write some entropy so when the machine reboots /dev/random + # can be reseeded + # + case ${entropy_file} in + [Nn][Oo] | '') + ;; + *) + echo -n 'Writing entropy file:' + rm -f ${entropy_file} 2> /dev/null + oumask=`umask` + umask 077 + if touch ${entropy_file} 2> /dev/null; then + entropy_file_confirmed="${entropy_file}" + else + # Try this as a reasonable alternative for read-only + # roots, diskless workstations, etc. + rm -f /var/db/entropy-file 2> /dev/null + if touch /var/db/entropy-file 2> /dev/null; then + entropy_file_confirmed=/var/db/entropy-file + fi + fi + case ${entropy_file_confirmed} in + '') + warn 'write failed (read-only fs?)' + ;; + *) + dd if=/dev/random of=${entropy_file_confirmed} \ + bs=4096 count=1 2> /dev/null + echo '.' + ;; + esac + umask ${oumask} + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rarpd b/etc/rc.d/rarpd new file mode 100755 index 0000000..3602c87 --- /dev/null +++ b/etc/rc.d/rarpd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rarpd +# REQUIRE: DAEMON cleanvar +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rarpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/ethers" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rctl b/etc/rc.d/rctl new file mode 100755 index 0000000..4fa0579 --- /dev/null +++ b/etc/rc.d/rctl @@ -0,0 +1,39 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rctl +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rctl" +start_cmd="rctl_start" +stop_cmd="rctl_stop" + +rctl_start() +{ + if [ -f /etc/rctl.conf ]; then + while read var comments + do + case ${var} in + \#*|'') + ;; + *) + rctl -a "${var}" + ;; + esac + done < /etc/rctl.conf + fi +} + +rctl_stop() +{ + + rctl -r : +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/resolv b/etc/rc.d/resolv new file mode 100755 index 0000000..aa7921f --- /dev/null +++ b/etc/rc.d/resolv @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: resolv +# REQUIRE: netif var +# KEYWORD: nojail + +. /etc/rc.subr + +name="resolv" +stop_cmd=':' + +load_rc_config $name + +# if the info is available via dhcp/kenv +# build the resolv.conf +# +if [ -n "`/bin/kenv dhcp.domain-name-servers 2> /dev/null`" ]; then + interface="`/bin/kenv boot.netif.name`" + ( + if [ -n "`/bin/kenv dhcp.domain-name 2> /dev/null`" ]; then + echo domain `/bin/kenv dhcp.domain-name` + fi + + set -- `/bin/kenv dhcp.domain-name-servers` + for ns in `IFS=','; echo $*`; do + echo nameserver $ns + done + ) | /sbin/resolvconf -a ${interface}:dhcp4 +fi + diff --git a/etc/rc.d/rfcomm_pppd_server b/etc/rc.d/rfcomm_pppd_server new file mode 100755 index 0000000..f666684 --- /dev/null +++ b/etc/rc.d/rfcomm_pppd_server @@ -0,0 +1,122 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rfcomm_pppd_server +# REQUIRE: DAEMON sdpd +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rfcomm_pppd_server" +rcvar=`set_rcvar` +command="/usr/sbin/rfcomm_pppd" +start_cmd="rfcomm_pppd_server_start" +stop_cmd="rfcomm_pppd_server_stop" +required_modules="ng_btsocket" + +rfcomm_pppd_server_start_profile() +{ + local _profile _profile_cleaned _punct _punct_c + local _bdaddr _channel _x + + _profile=$1 + _profile_cleaned=$1 + + _punct=". - / +" + for _punct_c in ${_punct} ; do + _profile_cleaned=`ltr ${_profile_cleaned} ${_punct_c} '_'` + done + + rc_flags="" + + # Check for RFCOMM PPP profile bdaddr override + # + eval _bdaddr=\$rfcomm_pppd_server_${_profile_cleaned}_bdaddr + if [ -n "${_bdaddr}" ]; then + rc_flags="${rc_flags} -a ${_bdaddr}" + fi + + # Check for RFCOMM PPP profile channel override + # + eval _channel=\$rfcomm_pppd_server_${_profile_cleaned}_channel + if [ -z "${_channel}" ]; then + _channel=1 + fi + rc_flags="${rc_flags} -C ${_channel}" + + # Check for RFCOMM PPP profile register SP override + # + eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_sp + if [ -n "${_x}" ]; then + if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_sp" ; then + rc_flags="${rc_flags} -S" + fi + fi + + # Check for RFCOMM PPP profile register DUN override + # + eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_dun + if [ -n "${_x}" ]; then + if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_dun" ; then + rc_flags="${rc_flags} -D" + fi + fi + + # Run! + # + $command -s ${rc_flags} -l ${_profile} +} + +rfcomm_pppd_server_stop_profile() +{ + local _profile + + _profile=$1 + + /bin/pkill -f "^${command}.*[[:space:]]${_profile}\$" || \ + echo -n "(not running)" +} + +rfcomm_pppd_server_start() +{ + local _profile _p + + _profile=$* + if [ -z "${_profile}" ]; then + _profile=${rfcomm_pppd_server_profile} + fi + + echo -n "Starting RFCOMM PPP profile:" + + for _p in ${_profile} ; do + echo -n " ${_p}" + rfcomm_pppd_server_start_profile ${_p} + done + + echo "." +} + +rfcomm_pppd_server_stop() +{ + local _profile _p + + _profile=$* + if [ -z "${_profile}" ]; then + _profile=${rfcomm_pppd_server_profile} + fi + + echo -n "Stopping RFCOMM PPP profile:" + + for _p in ${_profile} ; do + echo -n " ${_p}" + rfcomm_pppd_server_stop_profile ${_p} + done + + echo "." +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/root b/etc/rc.d/root new file mode 100755 index 0000000..6bddb17 --- /dev/null +++ b/etc/rc.d/root @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: root +# REQUIRE: fsck +# KEYWORD: nojail + +. /etc/rc.subr + +name="root" +start_cmd="root_start" +stop_cmd=":" + +root_start() +{ + # root normally must be read/write, but if this is a BOOTP NFS + # diskless boot it does not have to be. + # + case ${root_rw_mount} in + [Nn][Oo] | '') + ;; + *) + if ! mount -uw /; then + echo 'Mounting root filesystem rw failed, startup aborted' + stop_boot true + fi + ;; + esac + + umount -a >/dev/null 2>&1 + + # If we booted a special kernel remove the record + # so we will boot the default kernel next time. + if [ -x /sbin/nextboot ]; then + /sbin/nextboot -D > /dev/null 2>&1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/route6d b/etc/rc.d/route6d new file mode 100755 index 0000000..a94c3e4 --- /dev/null +++ b/etc/rc.d/route6d @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: route6d +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr + +name="route6d" +rcvar=`set_rcvar` + +set_rcvar_obsolete ipv6_router_enable route6d_enable +set_rcvar_obsolete ipv6_router route6d_program +set_rcvar_obsolete ipv6_router_flags route6d_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/routed b/etc/rc.d/routed new file mode 100755 index 0000000..c0bd5f7 --- /dev/null +++ b/etc/rc.d/routed @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: routed +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr + +name="routed" +desc="network RIP and router discovery routing daemon" +rcvar=`set_rcvar` + +set_rcvar_obsolete router_enable routed_enable +set_rcvar_obsolete router routed_program +set_rcvar_obsolete router_flags routed_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/routing b/etc/rc.d/routing new file mode 100755 index 0000000..616a19c --- /dev/null +++ b/etc/rc.d/routing @@ -0,0 +1,361 @@ +#!/bin/sh +# +# Configure routing and miscellaneous network tunables +# +# $FreeBSD$ +# + +# PROVIDE: routing +# REQUIRE: faith netif ppp stf +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="routing" +start_cmd="routing_start doall" +stop_cmd="routing_stop" +extra_commands="options static" +static_cmd="routing_start static" +options_cmd="routing_start options" + +afcheck() +{ + case $_af in + ""|inet|inet6|ipx|atm) + ;; + *) + err 1 "Unsupported address family: $_af." + ;; + esac +} + +routing_start() +{ + local _cmd _af _a + _cmd=$1 + _af=$2 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + setroutes $_cmd $_af + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a && setroutes $_cmd $_a + done + ;; + esac +} + +routing_stop() +{ + local _af _a + _af=$1 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + eval static_${_af} delete + eval routing_stop_${_af} + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a || continue + eval static_${_a} delete + eval routing_stop_${_a} + done + ;; + esac +} + +setroutes() +{ + case $1 in + static) + static_$2 add + ;; + options) + options_$2 + ;; + doall) + static_$2 add + options_$2 + ;; + esac +} + +routing_stop_inet() +{ + route -n flush -inet +} + +routing_stop_inet6() +{ + local i + + route -n flush -inet6 + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done +} + +routing_stop_atm() +{ + return 0 +} + +routing_stop_ipx() +{ + return 0 +} + +static_inet() +{ + local _action + _action=$1 + + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} + done + fi +} + +static_inet6() +{ + local _action i + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${ipv6_route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow link-local unicast packets without outgoing scope + # identifiers. However, if you set "ipv6_default_interface", + # for the host case, you will allow to omit the identifiers. + # Under this configuration, the packets will go to the default + # interface. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + + case ${ipv6_default_interface} in + '') + ;; + *) + # Disable installing the default interface when we act + # as router to avoid conflict between the default + # router list and the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} inet6 defaultif + sysctl net.inet6.ip6.use_defaultzone=1 + fi + ;; + esac +} + +static_atm() +{ + local _action i route_args + _action=$1 + + if [ -n "${natm_static_routes}" ]; then + for i in ${natm_static_routes}; do + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} + done + fi +} + +static_ipx() +{ + : +} + +ropts_init() +{ + if [ -z "${_ropts_initdone}" ]; then + echo -n "Additional $1 routing options:" + _ropts_initdone=yes + fi +} + +options_inet() +{ + _ropts_initdone= + if checkyesno icmp_bmcastecho; then + ropts_init inet + echo -n ' broadcast ping responses=YES' + ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null + fi + + if checkyesno icmp_drop_redirect; then + ropts_init inet + echo -n ' ignore ICMP redirect=YES' + ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null + fi + + if checkyesno icmp_log_redirect; then + ropts_init inet + echo -n ' log ICMP redirect=YES' + ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null + fi + + if checkyesno gateway_enable; then + ropts_init inet + echo -n ' gateway=YES' + ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null + else + ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null + fi + + if checkyesno forward_sourceroute; then + ropts_init inet + echo -n ' do source routing=YES' + ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null + else + ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null + fi + + if checkyesno accept_sourceroute; then + ropts_init inet + echo -n ' accept source routing=YES' + ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null + else + ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null + fi + + if checkyesno arpproxy_all; then + ropts_init inet + echo -n ' ARP proxyall=YES' + ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null + else + ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null + fi + + [ -n "${_ropts_initdone}" ] && echo '.' +} + +options_inet6() +{ + _ropts_initdone= + + if checkyesno ipv6_gateway_enable; then + ropts_init inet6 + echo -n ' gateway=YES' + ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null + else + ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null + fi + + [ -n "${_ropts_initdone}" ] && echo '.' +} + +options_atm() +{ + _ropts_initdone= + + [ -n "${_ropts_initdone}" ] && echo '.' +} + +options_ipx() +{ + _ropts_initdone= + + if checkyesno ipxgateway_enable; then + ropts_init ipx + echo -n ' gateway=YES' + ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null + else + ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null + fi + + [ -n "${_ropts_initdone}" ] && echo '.' +} + +load_rc_config $name +run_rc_command "$@" diff --git a/etc/rc.d/rpcbind b/etc/rc.d/rpcbind new file mode 100755 index 0000000..94f4580 --- /dev/null +++ b/etc/rc.d/rpcbind @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rpcbind +# REQUIRE: NETWORKING ntpdate syslogd named +# KEYWORD: shutdown + +. /etc/rc.subr + +name="rpcbind" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" + +stop_postcmd='/bin/rm -f /var/run/rpcbind.*' + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rtadvd b/etc/rc.d/rtadvd new file mode 100755 index 0000000..2ead892 --- /dev/null +++ b/etc/rc.d/rtadvd @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rtadvd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr +. /etc/network.subr + +name="rtadvd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="rtadvd_precmd" + +rtadvd_precmd() +{ + # This should be enabled with a great care. + # You may want to fine-tune /etc/rtadvd.conf. + # + # And if you wish your rtadvd to receive and process + # router renumbering messages, specify your Router Renumbering + # security policy by -R option. + # + # See `man 3 ipsec_set_policy` for IPsec policy specification + # details. + # (CAUTION: This enables your routers prefix renumbering + # from another machine, so if you enable this, do it with + # enough care.) + # + # If specific interfaces haven't been specified, + # get a list of interfaces and enable it on them + # + case ${rtadvd_interfaces} in + [Aa][Uu][Tt][Oo]|'') + for i in `list_net_interfaces`; do + case $i in + lo0) continue ;; + esac + if ipv6if $i; then + rtadvd_interfaces="${rtadvd_interfaces} ${i}" + fi + done + ;; + esac + command_args="${rtadvd_interfaces}" + + # Enable Router Renumbering, unicast case + # (use correct src/dst addr) + # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" ${ipv6_network_interfaces} + # Enable Router Renumbering, multicast case + # (use correct src addr) + # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" ${ipv6_network_interfaces} + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rtsold b/etc/rc.d/rtsold new file mode 100755 index 0000000..64a83e3 --- /dev/null +++ b/etc/rc.d/rtsold @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rtsold +# REQUIRE: netif +# BEFORE: NETWORKING +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="rtsold" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_postcmd="rtsold_poststart" + +rtsold_poststart() +{ + # wait for DAD + sleep $(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1)) +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rwho b/etc/rc.d/rwho new file mode 100755 index 0000000..e088d99 --- /dev/null +++ b/etc/rc.d/rwho @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rwho +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="rwhod" +rcvar="`set_rcvar`" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/savecore b/etc/rc.d/savecore new file mode 100755 index 0000000..4efb7db --- /dev/null +++ b/etc/rc.d/savecore @@ -0,0 +1,76 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: savecore +# REQUIRE: dumpon ddb syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="savecore" +start_cmd="savecore_start" +start_precmd="savecore_prestart" +stop_cmd=":" + +savecore_prestart() +{ + # Quit if we have no dump device + case ${dumpdev} in + [Nn][Oo] | '') + debug 'No dump device. Quitting.' + return 1 + ;; + [Aa][Uu][Tt][Oo]) + dumpdev=`/bin/realpath /dev/dumpdev` + ;; + esac + + # If there is no crash directory set it now + case ${dumpdir} in + '') + dumpdir='/var/crash' + ;; + [Nn][Oo]) + dumpdir='NO' + ;; + esac + + if [ ! -c "${dumpdev}" ]; then + warn "Dump device does not exist. Savecore not run." + return 1 + fi + + if [ ! -d "${dumpdir}" ]; then + warn "Dump directory does not exist. Savecore not run." + return 1 + fi + return 0 +} + +savecore_start() +{ + local dev + + case "${dumpdev}" in + [Aa][Uu][Tt][Oo]) + dev= + ;; + *) + dev="${dumpdev}" + ;; + esac + + if savecore -C "${dumpdir}" "${dev}" >/dev/null; then + savecore ${savecore_flags} ${dumpdir} ${dumpdev} + if checkyesno crashinfo_enable; then + ${crashinfo_program} -d ${dumpdir} + fi + else + check_startmsgs && echo 'No core dumps found.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sdpd b/etc/rc.d/sdpd new file mode 100755 index 0000000..acaf380 --- /dev/null +++ b/etc/rc.d/sdpd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sdpd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="sdpd" +command="/usr/sbin/${name}" +rcvar=`set_rcvar` +required_modules="ng_btsocket" + +load_rc_config $name +control="${sdpd_control:-/var/run/sdp}" +group="${sdpd_groupname:-nobody}" +user="${sdpd_username:-nobody}" +command_args="-c ${control} -g ${group} -u ${user}" + +run_rc_command "$1" diff --git a/etc/rc.d/securelevel b/etc/rc.d/securelevel new file mode 100755 index 0000000..f179004 --- /dev/null +++ b/etc/rc.d/securelevel @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: securelevel + +. /etc/rc.subr + +name="securelevel" +rcvar='kern_securelevel_enable' +start_cmd="securelevel_start" +stop_cmd=":" + +# Last chance to set sysctl variables that failed the first time. +# +/etc/rc.d/sysctl lastload + +securelevel_start() +{ + if [ ${kern_securelevel} -ge 0 ]; then + echo 'Raising kernel security level: ' + ${SYSCTL} kern.securelevel=${kern_securelevel} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sendmail b/etc/rc.d/sendmail new file mode 100755 index 0000000..dfaa8e0 --- /dev/null +++ b/etc/rc.d/sendmail @@ -0,0 +1,99 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mail +# REQUIRE: LOGIN cleanvar +# we make mail start late, so that things like .forward's are not +# processed until the system is fully operational +# KEYWORD: shutdown + +# XXX - Get together with sendmail mantainer to figure out how to +# better handle SENDMAIL_ENABLE and 3rd party MTAs. +# +. /etc/rc.subr + +name="sendmail" +rcvar=`set_rcvar` +required_files="/etc/mail/${name}.cf" +start_precmd="sendmail_precmd" + +load_rc_config $name +command=${sendmail_program:-/usr/sbin/${name}} +pidfile=${sendmail_pidfile:-/var/run/${name}.pid} +procname=${sendmail_procname:-/usr/sbin/${name}} + +case ${sendmail_enable} in +[Nn][Oo][Nn][Ee]) + sendmail_enable="NO" + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" + sendmail_msp_queue_enable="NO" + ;; +esac + +# If sendmail_enable=yes, don't need submit or outbound daemon +if checkyesno sendmail_enable; then + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" +fi + +# If sendmail_submit_enable=yes, don't need outbound daemon +if checkyesno sendmail_submit_enable; then + sendmail_outbound_enable="NO" +fi + +sendmail_precmd() +{ + # Die if there's pre-8.10 custom configuration file. This check is + # mandatory for smooth upgrade. See NetBSD PR 10100 for details. + # + if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then + if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then + warn \ + "${name} was not started; you have multiple copies of sendmail.cf." + return 1 + fi + fi + + # check modifications on /etc/mail/aliases + if checkyesno sendmail_rebuild_aliases; then + if [ -f "/etc/mail/aliases.db" ]; then + if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then + echo \ + "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating" + /usr/bin/newaliases + fi + else + echo \ + "${name}: /etc/mail/aliases.db not present, generating" + /usr/bin/newaliases + fi + fi +} + +run_rc_command "$1" + +required_files= + +if checkyesno sendmail_submit_enable; then + name="sendmail_submit" + rcvar=`set_rcvar` + start_cmd="${command} ${sendmail_submit_flags}" + run_rc_command "$1" +fi + +if checkyesno sendmail_outbound_enable; then + name="sendmail_outbound" + rcvar=`set_rcvar` + start_cmd="${command} ${sendmail_outbound_flags}" + run_rc_command "$1" +fi + +name="sendmail_clientmqueue" +rcvar="sendmail_msp_queue_enable" +start_cmd="${command} ${sendmail_msp_queue_flags}" +pidfile="${sendmail_mspq_pidfile:-/var/spool/clientmqueue/sm-client.pid}" +required_files="/etc/mail/submit.cf" +run_rc_command "$1" diff --git a/etc/rc.d/serial b/etc/rc.d/serial new file mode 100755 index 0000000..d569a0b --- /dev/null +++ b/etc/rc.d/serial @@ -0,0 +1,168 @@ +#!/bin/sh +# +# Copyright (c) 1996 Andrey A. Chernov +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: serial +# REQUIRE: root +# KEYWORD: nojail + +# Change some defaults for serial devices. +# Standard defaults are: +# dtrwait 300 drainwait `sysctl -n kern.drainwait` +# initial cflag from <sys/ttydefaults.h> = cread cs8 hupcl +# initial iflag, lflag and oflag all 0 +# speed 9600 +# special chars from <sys/ttydefaults.h> +# nothing locked +# except for serial consoles the initial iflag, lflag and oflag are from +# <sys/ttydefaults.h> and clocal is locked on. + +default() { + # Reset everything changed by the other functions to initial defaults. + + dc=$1; shift # device name character + drainwait=`sysctl -n kern.drainwait` + + for i in $* + do + comcontrol /dev/tty${dc}${i} dtrwait 300 drainwait $drainwait + stty < /dev/tty${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R + stty < /dev/tty${dc}${i}.lock -clocal -crtscts -hupcl 0 + stty < /dev/cua${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R + stty < /dev/cua${dc}${i}.lock -clocal -crtscts -hupcl 0 + done +} + +maybe() { + # Special settings. + + dc=$1; shift + + for i in $* + do + # Don't use ^R; it breaks bash's ^R when typed ahead. + stty < /dev/tty${dc}${i}.init reprint undef + stty < /dev/cua${dc}${i}.init reprint undef + # Lock clocal off on dialin device for security. + stty < /dev/tty${dc}${i}.lock clocal + # Lock the speeds to use old binaries that don't support them. + # Any legal speed works to lock the initial speed. + stty < /dev/tty${dc}${i}.lock 300 + stty < /dev/cua${dc}${i}.lock 300 + done +} + +modem() { + # Modem that supports CTS and perhaps RTS handshaking. + + dc=$1; shift + + for i in $* + do + # may depend on modem + comcontrol /dev/tty${dc}${i} dtrwait 100 drainwait 180 + # Lock crtscts on. + # Speed reasonable for V42bis. + stty < /dev/tty${dc}${i}.init crtscts 115200 + stty < /dev/tty${dc}${i}.lock crtscts + stty < /dev/cua${dc}${i}.init crtscts 115200 + stty < /dev/cua${dc}${i}.lock crtscts + done +} + +mouse() { + # Mouse on either callin or callout port. + + dc=$1; shift + + for i in $* + do + # Lock clocal on, hupcl off. + # Standard speed for Microsoft mouse. + stty < /dev/tty${dc}${i}.init clocal -hupcl 1200 + stty < /dev/tty${dc}${i}.lock clocal hupcl + stty < /dev/cua${dc}${i}.init clocal -hupcl 1200 + stty < /dev/cua${dc}${i}.lock clocal hupcl + done +} + +terminal() { + # Terminal that supports CTS and perhaps RTS handshaking + # with the cable or terminal arranged so that DCD is on + # at least while the terminal is on. + # Also works for bidirectional communications to another pc + # provided at most one side runs getty. + # Same as modem() except we want a faster speed and no dtrwait. + + dc=$1; shift + + modem ${dc} $* + for i in $* + do + comcontrol /dev/tty${dc}${i} dtrwait 0 + stty < /dev/tty${dc}${i}.init 115200 + stty < /dev/cua${dc}${i}.init 115200 + done +} + +3wire() { + # 3-wire serial terminals. These don't supply carrier, so + # clocal needs to be set, and crtscts needs to be unset. + + dc=$1; shift + + terminal ${dc} $* + for i in $* + do + stty < /dev/tty${dc}${i}.init clocal -crtscts + stty < /dev/cua${dc}${i}.init clocal -crtscts + done +} + +# Don't use anything from this file unless you have some buggy programs +# that require it. + +# Edit the functions and the examples to suit your system. +# $1 is the device identifier, and the remainder of the line +# lists the device numbers. + +# Initialize assorted 8250-16550 (uart) ports. +# maybe u 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v +# mouse u 2 +# modem u 1 +# terminal u 0 +# 3wire u 0 + +# Initialize all ports on a Cyclades-8yo. +# modem c 00 01 02 03 04 05 06 07 + +# Initialize all ports on a Cyclades-16ye. +# modem c 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f + +# Initialize all ports on a Digiboard 8. +# modem D 00 01 02 03 04 05 06 07 diff --git a/etc/rc.d/sppp b/etc/rc.d/sppp new file mode 100755 index 0000000..d4a183b --- /dev/null +++ b/etc/rc.d/sppp @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sppp +# REQUIRE: root +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="sppp" +start_cmd="sppp_start" +stop_cmd=":" + +sppp_start() +{ + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd new file mode 100755 index 0000000..9f00199 --- /dev/null +++ b/etc/rc.d/sshd @@ -0,0 +1,102 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sshd +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="sshd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +keygen_cmd="sshd_keygen" +start_precmd="sshd_precmd" +pidfile="/var/run/${name}.pid" +extra_commands="keygen reload" + +timeout=300 + +user_reseed() +{ + ( + seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` + if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then + warn "Setting entropy source to blocking mode." + echo "====================================================" + echo "Type a full screenful of random junk to unblock" + echo "it and remember to finish with <enter>. This will" + echo "timeout in ${timeout} seconds, but waiting for" + echo "the timeout without typing junk may make the" + echo "entropy source deliver predictable output." + echo "" + echo "Just hit <enter> for fast+insecure startup." + echo "====================================================" + sysctl kern.random.sys.seeded=0 2>/dev/null + read -t ${timeout} junk + echo "${junk}" `sysctl -a` `date` > /dev/random + fi + ) +} + +sshd_keygen() +{ + ( + umask 022 + + # Can't do anything if ssh is not installed + [ -x /usr/bin/ssh-keygen ] || { + warn "/usr/bin/ssh-keygen does not exist." + return 1 + } + + if [ -f /etc/ssh/ssh_host_key ]; then + echo "You already have an RSA host key" \ + "in /etc/ssh/ssh_host_key" + echo "Skipping protocol version 1 RSA Key Generation" + else + /usr/bin/ssh-keygen -t rsa1 -b 1024 \ + -f /etc/ssh/ssh_host_key -N '' + fi + + if [ -f /etc/ssh/ssh_host_dsa_key ]; then + echo "You already have a DSA host key" \ + "in /etc/ssh/ssh_host_dsa_key" + echo "Skipping protocol version 2 DSA Key Generation" + else + /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + fi + + if [ -f /etc/ssh/ssh_host_rsa_key ]; then + echo "You already have an RSA host key" \ + "in /etc/ssh/ssh_host_rsa_key" + echo "Skipping protocol version 2 RSA Key Generation" + else + /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + fi + + if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then + echo "You already have an ECDSA host key" \ + "in /etc/ssh/ssh_host_ecdsa_key" + echo "Skipping protocol version 2 ECDSA Key Generation" + else + /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' + fi + ) +} + +sshd_precmd() +{ + if [ ! -f /etc/ssh/ssh_host_key -o \ + ! -f /etc/ssh/ssh_host_dsa_key -o \ + ! -f /etc/ssh/ssh_host_ecdsa_key -o \ + ! -f /etc/ssh/ssh_host_rsa_key ]; then + user_reseed + run_rc_command keygen + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/statd b/etc/rc.d/statd new file mode 100755 index 0000000..4e4a0a4 --- /dev/null +++ b/etc/rc.d/statd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm Exp +# $FreeBSD$ +# + +# PROVIDE: statd +# REQUIRE: nfsclient nfsd rpcbind +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="statd" +rcvar=rpc_statd_enable +command="/usr/sbin/rpc.${name}" +start_precmd='statd_precmd' +stop_precmd='checkyesno nfs_server_enable || checkyesno nfs_client_enable' +status_precmd=$stop_precmd + +# Make sure that we are either an NFS client or server, and that we get +# the correct flags from rc.conf(5). +# +statd_precmd() +{ + local ret + ret=0 + + if ! checkyesno nfs_server_enable && ! checkyesno nfs_client_enable + then + ret=1 + fi + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || ret=1 + fi + rc_flags=${rpc_statd_flags} + return ${ret} +} + +load_rc_config $name +run_rc_command $1 diff --git a/etc/rc.d/static_arp b/etc/rc.d/static_arp new file mode 100755 index 0000000..6283b56 --- /dev/null +++ b/etc/rc.d/static_arp @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Copyright (c) 2009 Xin LI <delphij@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# Configure static ARP table +# +# $FreeBSD$ +# + +# PROVIDE: static_arp +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="static_arp" +start_cmd="static_arp_start" +stop_cmd="static_arp_stop" + +static_arp_start() +{ + local e arp_args + + if [ -n "${static_arp_pairs}" ]; then + echo -n 'Binding static ARP pair(s):' + for e in ${static_arp_pairs}; do + echo -n " ${e}" + eval arp_args=\$static_arp_${e} + arp -S ${arp_args} >/dev/null 2>&1 + done + echo '.' + fi +} + +static_arp_stop() +{ + local e arp_args + + if [ -n "${static_arp_pairs}" ]; then + echo -n 'Unbinding static ARP pair(s):' + for e in ${static_arp_pairs}; do + echo -n " ${e}" + eval arp_args=\$static_arp_${e} + arp -d ${arp_args%%[ ]*} > /dev/null 2>&1 + done + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/static_ndp b/etc/rc.d/static_ndp new file mode 100755 index 0000000..314adbf --- /dev/null +++ b/etc/rc.d/static_ndp @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Copyright (c) 2011 Xin Li <delphij@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# Configure static NDP table +# +# $FreeBSD$ +# + +# PROVIDE: static_ndp +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="static_ndp" +start_cmd="static_ndp_start" +stop_cmd="static_ndp_stop" + +static_ndp_start() +{ + local e ndp_args + + if [ -n "${static_ndp_pairs}" ]; then + echo -n 'Binding static NDP pair(s):' + for e in ${static_ndp_pairs}; do + echo -n " ${e}" + eval ndp_args=\$static_ndp_${e} + ndp -s ${ndp_args} >/dev/null 2>&1 + done + echo '.' + fi +} + +static_ndp_stop() +{ + local e ndp_args + + if [ -n "${static_ndp_pairs}" ]; then + echo -n 'Unbinding static NDP pair(s):' + for e in ${static_ndp_pairs}; do + echo -n " ${e}" + eval ndp_args=\$static_ndp_${e} + ndp -d ${ndp_args%%[ ]*} > /dev/null 2>&1 + done + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/stf b/etc/rc.d/stf new file mode 100755 index 0000000..feb7b52 --- /dev/null +++ b/etc/rc.d/stf @@ -0,0 +1,78 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring 6to4 tunnel interface: stf0." + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + check_startmsgs && /sbin/ifconfig stf0 + + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing 6to4 tunnel interface: stf0." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/swap1 b/etc/rc.d/swap1 new file mode 100755 index 0000000..71a1908 --- /dev/null +++ b/etc/rc.d/swap1 @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: localswap +# REQUIRE: disks +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swap1" +start_cmd='swapon -aq' +stop_cmd=':' + +load_rc_config swap +run_rc_command "$1" diff --git a/etc/rc.d/syscons b/etc/rc.d/syscons new file mode 100755 index 0000000..f611e3b --- /dev/null +++ b/etc/rc.d/syscons @@ -0,0 +1,263 @@ +#!/bin/sh - +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: syscons +# REQUIRE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="syscons" +extra_commands="setkeyboard" +setkeyboard_cmd="syscons_setkeyboard" +start_precmd="syscons_precmd" +start_cmd="syscons_start" +stop_cmd=":" + +# stdin must be redirected because it might be for a serial console +# +kbddev=/dev/ttyv0 +viddev=/dev/ttyv0 + +_sc_config="syscons" +_sc_initdone= +sc_init() +{ + if [ -z "${_sc_initdone}" ]; then + echo -n "Configuring ${_sc_config}:" + _sc_initdone=yes + fi +} + +# helper +syscons_configure_keyboard() +{ + # keymap + # + case ${keymap} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keymap'; kbdcontrol < ${kbddev} -l ${keymap} + ;; + esac + + # keyrate + # + case ${keyrate} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keyrate'; kbdcontrol < ${kbddev} -r ${keyrate} + ;; + esac + + # keybell + # + case ${keybell} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keybell'; kbdcontrol < ${kbddev} -b ${keybell} + ;; + esac + + # change function keys + # + case ${keychange} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keychange' + set -- ${keychange} + while [ $# -gt 0 ]; do + kbdcontrol <${kbddev} -f "$1" "$2" + shift; shift + done + ;; + esac + + # set this keyboard mode for all virtual terminals + # + if [ -n "${allscreens_kbdflags}" ]; then + sc_init + echo -n ' allscreens_kbd' + for ttyv in /dev/ttyv*; do + kbdcontrol ${allscreens_kbdflags} < ${ttyv} > ${ttyv} 2>&1 + done + fi +} + +syscons_setkeyboard() +{ + kbd=$1 + + if [ -z "${kbd}" ]; then + return 1 + fi + + # Check if the kbdmux(4) is the current active keyboard + kbdcontrol -i < ${kbddev} | grep kbdmux > /dev/null 2>&1 + if [ $? -ne 0 ]; then + kbdcontrol -k ${kbd} < ${kbddev} > /dev/null 2>&1 + fi + + _sc_config="keyboard" + syscons_configure_keyboard + + # Terminate keyboard configuration line and reset global variables. + # + if [ -n "${_sc_initdone}" ]; then + echo '.' + _sc_config="syscons" + _sc_initdone= + fi + +} + +syscons_precmd() +{ + if [ ! -c $kbddev ] + then + return 1 + fi + return 0 +} + +syscons_start() +{ + # keyboard + # + if [ -n "${keyboard}" ]; then + syscons_setkeyboard ${keyboard} + fi + + syscons_configure_keyboard + + # cursor type + # + case ${cursor} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' cursor'; vidcontrol < ${viddev} -c ${cursor} + ;; + esac + + # screen mapping + # + case ${scrnmap} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' scrnmap'; vidcontrol < ${viddev} -l ${scrnmap} + ;; + esac + + # font 8x16 + # + case ${font8x16} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x16'; vidcontrol < ${viddev} -f 8x16 ${font8x16} + ;; + esac + + # font 8x14 + # + case ${font8x14} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x14'; vidcontrol < ${viddev} -f 8x14 ${font8x14} + ;; + esac + + # font 8x8 + # + case ${font8x8} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x8'; vidcontrol < ${viddev} -f 8x8 ${font8x8} + ;; + esac + + # blank time + # + case ${blanktime} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' blanktime'; vidcontrol < ${viddev} -t ${blanktime} + ;; + esac + + # screen saver + # + case ${saver} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' screensaver' + for i in `kldstat | awk '$5 ~ "_saver\.ko$" { print $5 }'`; do + kldunload ${i} + done + load_kld -e _saver ${saver}_saver + ;; + esac + + # set this mode for all virtual screens + # + if [ -n "${allscreens_flags}" ]; then + sc_init + echo -n ' allscreens' + for ttyv in /dev/ttyv*; do + vidcontrol ${allscreens_flags} < ${ttyv} > ${ttyv} 2>&1 + done + fi + + [ -n "${_sc_initdone}" ] && echo '.' +} + +load_rc_config $name +run_rc_command $* + diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl new file mode 100755 index 0000000..34fb3b5 --- /dev/null +++ b/etc/rc.d/sysctl @@ -0,0 +1,59 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sysctl + +. /etc/rc.subr + +name="sysctl" +stop_cmd=":" +start_cmd="sysctl_start" +reload_cmd="sysctl_start" +lastload_cmd="sysctl_start last" +extra_commands="reload lastload" + +# +# Read in a file containing sysctl settings and set things accordingly. +# +parse_file() +{ + if [ -f $1 ]; then + while read var comments + do + case ${var} in + \#*|'') + ;; + *) + mib=${var%=*} + val=${var#*=} + + if current_value=`${SYSCTL} -n ${mib} 2>/dev/null`; then + case ${current_value} in + ${val}) + ;; + *) + if ! sysctl "${var}" >/dev/null 2>&1; then + warn "unable to set ${var}" + fi + ;; + esac + elif [ "$2" = "last" ]; then + warn "sysctl ${mib} does not exist." + fi + ;; + esac + done < $1 + fi +} + +sysctl_start() +{ + + parse_file /etc/sysctl.conf $1 + parse_file /etc/sysctl.conf.local $1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd new file mode 100755 index 0000000..5dcd3e9 --- /dev/null +++ b/etc/rc.d/syslogd @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: syslogd +# REQUIRE: mountcritremote cleanvar newsyslog +# BEFORE: SERVERS + +. /etc/rc.subr + +name="syslogd" +rcvar=`set_rcvar` +pidfile="/var/run/syslog.pid" +command="/usr/sbin/${name}" +required_files="/etc/syslog.conf" +start_precmd="syslogd_precmd" +extra_commands="reload" + +sockfile="/var/run/syslogd.sockets" +evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +altlog_proglist="named" + +syslogd_precmd() +{ + local _l _ldir + + # Transitional symlink for old binaries + # + if [ ! -L /dev/log ]; then + ln -sf /var/run/log /dev/log + fi + rm -f /var/run/log + + # Create default list of syslog sockets to watch + # + ( umask 022 ; > $sockfile ) + + # If running named(8) or ntpd(8) chrooted, added appropriate + # syslog socket to list of sockets to watch. + # + for _l in $altlog_proglist; do + eval _ldir=\$${_l}_chrootdir + if checkyesno `set_rcvar $_l` && [ -n "$_ldir" ]; then + echo "${_ldir}/var/run/log" >> $sockfile + fi + done + + # If other sockets have been provided, change run_rc_command()'s + # internal copy of $syslogd_flags to force use of specific + # syslogd sockets. + # + if [ -s $sockfile ]; then + echo "/var/run/log" >> $sockfile + eval $evalargs + fi + + return 0 +} + +set_socketlist() +{ + local _s _socketargs + + _socketargs= + for _s in `cat $sockfile | tr '\n' ' '` ; do + _socketargs="-l $_s $_socketargs" + done + echo $_socketargs +} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/timed b/etc/rc.d/timed new file mode 100755 index 0000000..d1cf1a2 --- /dev/null +++ b/etc/rc.d/timed @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: timed +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="timed" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp new file mode 100755 index 0000000..dfb439e --- /dev/null +++ b/etc/rc.d/tmp @@ -0,0 +1,71 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: tmp +# REQUIRE: mountcritremote + +. /etc/rc.subr + +name="tmp" +stop_cmd=':' + +load_rc_config $name + +mount_tmpmfs () +{ + if ! /bin/df /tmp | grep -q "^/dev/md[0-9]"; then + mount_md ${tmpsize} /tmp "${tmpmfs_flags}" + chmod 01777 /tmp + fi +} + +# If we do not have a writable /tmp, create a memory +# filesystem for /tmp. If /tmp is a symlink (e.g. to /var/tmp, +# then it should already be writable). +# +case "${tmpmfs}" in +[Aa][Uu][Tt][Oo]) + if _tmpdir=$(mktemp -d -q /tmp/.diskless.XXXXXX); then + rmdir ${_tmpdir} + else + if [ -h /tmp ]; then + echo "*** /tmp is a symlink to a non-writable area!" + echo "dropping into shell, ^D to continue anyway." + /bin/sh + else + mount_tmpmfs + fi + fi + ;; +*) + if checkyesno tmpmfs; then + mount_tmpmfs + fi + ;; +esac diff --git a/etc/rc.d/ubthidhci b/etc/rc.d/ubthidhci new file mode 100755 index 0000000..529f8d6 --- /dev/null +++ b/etc/rc.d/ubthidhci @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ubthidhci +# REQUIRE: DAEMON +# BEFORE: bluetooth +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ubthidhci" +command="/usr/sbin/usbconfig" +rcvar=`set_rcvar` +start_precmd="ubthidhci_prestart" + +ubthidhci_prestart() +{ + + if [ -z ${ubthidhci_busnum} ]; then + warn ubthidhci_busnum is not set + return 1 + fi + if [ -z ${ubthidhci_addr} ]; then + warn ubthidhci_addr is not set + return 1 + fi +} + +load_rc_config $name +# +# We discard the output because: +# 1) we don't want it to show up during boot; and +# 2) the request usually returns an error, but that doesn't mean it failed +# +# NB: 0x40 is UT_VENDOR +command_args="-u ${ubthidhci_busnum} -a ${ubthidhci_addr} do_request 0x40 0 0 0 0 > /dev/null 2>&1" + +run_rc_command "$1" diff --git a/etc/rc.d/ugidfw b/etc/rc.d/ugidfw new file mode 100755 index 0000000..d65d6a3 --- /dev/null +++ b/etc/rc.d/ugidfw @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ + +# PROVIDE: ugidfw +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ugidfw" +rcvar="ugidfw_enable" +start_cmd="ugidfw_start" +stop_cmd="ugidfw_stop" +required_modules="mac_bsdextended" + +ugidfw_load() +{ + if [ -r "${bsdextended_script}" ]; then + . "${bsdextended_script}" + fi +} + +ugidfw_start() +{ + [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended + + if [ -r "${bsdextended_script}" ]; then + ugidfw_load + echo "MAC bsdextended rules loaded." + fi +} + +ugidfw_stop() +{ + # Disable the policy + # + kldunload mac_bsdextended +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/var b/etc/rc.d/var new file mode 100755 index 0000000..0655658 --- /dev/null +++ b/etc/rc.d/var @@ -0,0 +1,109 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: var +# REQUIRE: FILESYSTEMS kld + +. /etc/rc.subr + +name="var" +stop_cmd=':' + +load_rc_config $name + +populate_var() +{ + /usr/sbin/mtree -deU -f /etc/mtree/BSD.var.dist -p /var > /dev/null + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + ;; + *) + /usr/sbin/mtree -deU -f /etc/mtree/BSD.sendmail.dist -p / > /dev/null + ;; + esac +} + +# If we do not have a writable /var, create a memory filesystem for /var +# unless told otherwise by rc.conf. We don't have /usr yet so use mkdir +# instead of touch to test. We want mount to record its mounts so we +# have to make sure /var/db exists before doing the mount -a. +# +case "${varmfs}" in +[Yy][Ee][Ss]) + mount_md ${varsize} /var "${varmfs_flags}" + ;; +[Nn][Oo]) + ;; +*) + if /bin/mkdir -p /var/.diskless 2> /dev/null; then + rmdir /var/.diskless + else + mount_md ${varsize} /var "${varmfs_flags}" + fi +esac + + +# If we have an empty looking /var, populate it, but only if we have +# /usr available. Hopefully, we'll eventually find a workaround, but +# in realistic diskless setups, we're probably ok. +case "${populate_var}" in +[Yy][Ee][Ss]) + populate_var + ;; +[Nn][Oo]) + exit 0 + ;; +*) + if [ -d /var/run -a -d /var/db -a -d /var/empty ] ; then + true + elif [ -x /usr/sbin/mtree ] ; then + populate_var + else + # We need mtree to populate /var so try mounting /usr. + # If this does not work, we can not boot so it is OK to + # try to mount out of order. + mount /usr + if [ ! -x /usr/sbin/mtree ] ; then + exit 1 + else + populate_var + fi + fi + ;; +esac + +# Make sure we have /var/log/utx.lastlogin and /var/log/utx.log files +if [ ! -f /var/log/utx.lastlogin ]; then + cp /dev/null /var/log/utx.lastlogin + chmod 644 /var/log/utx.lastlogin +fi +if [ ! -f /var/log/utx.log ]; then + cp /dev/null /var/log/utx.log + chmod 644 /var/log/utx.log +fi diff --git a/etc/rc.d/virecover b/etc/rc.d/virecover new file mode 100755 index 0000000..77cd9a0 --- /dev/null +++ b/etc/rc.d/virecover @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: virecover +# REQUIRE: mountcritremote ldconfig +# BEFORE: DAEMON +# +# XXX: should require `mail'! + +. /etc/rc.subr + +name="virecover" +rcvar="`set_rcvar`" +stop_cmd=":" +start_cmd="virecover_start" + +virecover_start() +{ + [ -d /var/tmp/vi.recover ] || return + find /var/tmp/vi.recover ! -type f -a ! -type d -delete + vibackup=`echo /var/tmp/vi.recover/vi.*` + if [ "${vibackup}" != '/var/tmp/vi.recover/vi.*' ]; then + echo -n 'Recovering vi editor sessions:' + for i in /var/tmp/vi.recover/vi.*; do + # Only test files that are readable. + if [ ! -r "${i}" ]; then + continue + fi + + # Unmodified nvi editor backup files either have the + # execute bit set or are zero length. Delete them. + if [ -x "${i}" -o ! -s "${i}" ]; then + rm -f "${i}" + fi + done + + # It is possible to get incomplete recovery files, if the editor + # crashes at the right time. + virecovery=`echo /var/tmp/vi.recover/recover.*` + if [ "${virecovery}" != "/var/tmp/vi.recover/recover.*" ]; then + for i in /var/tmp/vi.recover/recover.*; do + # Only test files that are readable. + if [ ! -r "${i}" ]; then + continue + fi + + # Delete any recovery files that are zero length, + # corrupted, or that have no corresponding backup file. + # Else send mail to the user. + recfile=`awk '/^X-vi-recover-path:/{print $2}' < "${i}"` + if [ -n "${recfile}" -a -s "${recfile}" ]; then + sendmail -t < "${i}" + else + rm -f "${i}" + fi + done + fi + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/watchdogd b/etc/rc.d/watchdogd new file mode 100755 index 0000000..e852126 --- /dev/null +++ b/etc/rc.d/watchdogd @@ -0,0 +1,42 @@ +#!/bin/sh + +# Copyright (c) 2003 Sean M. Kelly <smkelly@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: watchdogd +# REQUIRE: DAEMON cleanvar +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="watchdogd" +rcvar="`set_rcvar`" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/wpa_supplicant b/etc/rc.d/wpa_supplicant new file mode 100755 index 0000000..8514efc --- /dev/null +++ b/etc/rc.d/wpa_supplicant @@ -0,0 +1,46 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: wpa_supplicant +# REQUIRE: mountcritremote +# KEYWORD: nojail nostart + +. /etc/rc.subr +. /etc/network.subr + +name="wpa_supplicant" +rcvar= + +ifn="$2" +if [ -z "$ifn" ]; then + return 1 +fi + +is_ndis_interface() +{ + case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in + ndis*) true ;; + *) false ;; + esac +} + +if is_wired_interface ${ifn} ; then + driver="wired" +elif is_ndis_interface ${ifn} ; then + driver="ndis" +else + driver="bsd" +fi + +load_rc_config $name + +command=${wpa_supplicant_program} +conf_file=${wpa_supplicant_conf_file} +pidfile="/var/run/${name}/${ifn}.pid" +command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" +required_files=$conf_file +required_modules="wlan_wep wlan_tkip wlan_ccmp" + +run_rc_command "$1" diff --git a/etc/rc.d/ypbind b/etc/rc.d/ypbind new file mode 100755 index 0000000..4dbf351 --- /dev/null +++ b/etc/rc.d/ypbind @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypbind +# REQUIRE: ypserv +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypbind" +command="/usr/sbin/${name}" +start_precmd="ypbind_precmd" + +load_rc_config $name +rcvar="nis_client_enable" +command_args="${nis_client_flags}" + +ypbind_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/yppasswdd b/etc/rc.d/yppasswdd new file mode 100755 index 0000000..fbb80bc --- /dev/null +++ b/etc/rc.d/yppasswdd @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: yppasswdd +# REQUIRE: ypserv ypset +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="yppasswdd" +command="/usr/sbin/rpc.${name}" +start_precmd="yppasswdd_precmd" + +load_rc_config $name +rcvar="nis_yppasswdd_enable" +command_args="${nis_yppasswdd_flags}" + +yppasswdd_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_server_enable && \ + ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1 + then + force_depend ypserv || return 1 + fi + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/ypserv b/etc/rc.d/ypserv new file mode 100755 index 0000000..8e17fd7 --- /dev/null +++ b/etc/rc.d/ypserv @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypserv +# REQUIRE: rpcbind +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypserv" +rcvar="nis_server_enable" +command="/usr/sbin/${name}" +start_precmd="ypserv_prestart" + +load_rc_config $name +command_args="${nis_server_flags}" + +ypserv_prestart() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi + if [ ! -d /var/yp/$_domain/. ]; then + warn "/var/yp/$_domain is not a directory." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/ypset b/etc/rc.d/ypset new file mode 100755 index 0000000..78c408b --- /dev/null +++ b/etc/rc.d/ypset @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypset +# REQUIRE: ypbind +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypset" +rcvar="nis_ypset_enable" +command="/usr/sbin/${name}" +start_precmd="ypset_precmd" +load_rc_config $name +command_args="${nis_ypset_flags}" + +ypset_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_client_enable && \ + ! /etc/rc.d/ypbind forcestatus 1>/dev/null 2>&1 + then + force_depend ypbind || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/ypupdated b/etc/rc.d/ypupdated new file mode 100755 index 0000000..98ef203 --- /dev/null +++ b/etc/rc.d/ypupdated @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypupdated +# REQUIRE: rpcbind ypserv +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypupdated" +rcvar="rpc_ypupdated_enable" +command="/usr/sbin/rpc.${name}" +start_precmd="rpc_ypupdated_precmd" + +rpc_ypupdated_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_server_enable && \ + ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1 + then + force_depend ypserv || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ypxfrd b/etc/rc.d/ypxfrd new file mode 100755 index 0000000..f125a30 --- /dev/null +++ b/etc/rc.d/ypxfrd @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypxfrd +# REQUIRE: rpcbind ypserv +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypxfrd" +rcvar="nis_ypxfrd_enable" +command="/usr/sbin/rpc.${name}" +start_precmd="ypxfrd_precmd" +load_rc_config $name +command_args="${nis_ypxfrd_flags}" + +ypxfrd_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_server_enable && \ + ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1 + then + force_depend ypserv || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/zfs b/etc/rc.d/zfs new file mode 100755 index 0000000..cabbcf6 --- /dev/null +++ b/etc/rc.d/zfs @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zfs +# REQUIRE: mountcritlocal + +. /etc/rc.subr + +name="zfs" +rcvar="zfs_enable" +start_cmd="zfs_start" +stop_cmd="zfs_stop" +required_modules="zfs" + +zfs_start_jail() +{ + if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + zfs mount -a + fi +} + +zfs_start_main() +{ + zfs mount -a + zfs share -a + if [ ! -r /etc/zfs/exports ]; then + touch /etc/zfs/exports + fi +} + +zfs_start() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + zfs_start_jail + else + zfs_start_main + fi +} + +zfs_stop_jail() +{ + if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + zfs unmount -a + fi +} + +zfs_stop_main() +{ + zfs unshare -a + zfs unmount -a +} + +zfs_stop() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + zfs_stop_jail + else + zfs_stop_main + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/zvol b/etc/rc.d/zvol new file mode 100755 index 0000000..b52f4ce --- /dev/null +++ b/etc/rc.d/zvol @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zvol +# REQUIRE: hostid +# KEYWORD: nojail + +. /etc/rc.subr + +name="zvol" +rcvar="zfs_enable" +start_cmd="zvol_start" +stop_cmd="zvol_stop" +required_modules="zfs" + +zvol_start() +{ + # Enable swap on ZVOLs with property org.freebsd:swap=on. + zfs list -H -o org.freebsd:swap,name -t volume | \ + while read state name; do + case "${state}" in + [oO][nN]) + swapon /dev/zvol/${name} + ;; + esac + done +} + +zvol_stop() +{ + # Disable swap on ZVOLs with property org.freebsd:swap=on. + zfs list -H -o org.freebsd:swap,name -t volume | \ + while read state name; do + case "${state}" in + [oO][nN]) + swapoff /dev/zvol/${name} + ;; + esac + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.firewall b/etc/rc.firewall new file mode 100644 index 0000000..3db984e --- /dev/null +++ b/etc/rc.firewall @@ -0,0 +1,539 @@ +#!/bin/sh - +# Copyright (c) 1996 Poul-Henning Kamp +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Setup system for ipfw(4) firewall service. +# + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +############ +# Define the firewall type in /etc/rc.conf. Valid values are: +# open - will allow anyone in +# client - will try to protect just this machine +# simple - will try to protect a whole network +# closed - totally disables IP services except via lo0 interface +# workstation - will try to protect just this machine using statefull +# firewalling. See below for rc.conf variables used +# UNKNOWN - disables the loading of firewall rules. +# filename - will load the rules in the given filename (full path required) +# +# For ``client'' and ``simple'' the entries below should be customized +# appropriately. + +############ +# +# If you don't know enough about packet filtering, we suggest that you +# take time to read this book: +# +# Building Internet Firewalls, 2nd Edition +# Brent Chapman and Elizabeth Zwicky +# +# O'Reilly & Associates, Inc +# ISBN 1-56592-871-7 +# http://www.ora.com/ +# http://www.oreilly.com/catalog/fire2/ +# +# For a more advanced treatment of Internet Security read: +# +# Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition +# William R. Cheswick, Steven M. Bellowin, Aviel D. Rubin +# +# Addison-Wesley / Prentice Hall +# ISBN 0-201-63466-X +# http://www.pearsonhighered.com/ +# http://www.pearsonhighered.com/educator/academic/product/0,3110,020163466X,00.html +# + +setup_loopback () { + ############ + # Only in rare cases do you want to change these rules + # + ${fwcmd} add 100 pass all from any to any via lo0 + ${fwcmd} add 200 deny all from any to 127.0.0.0/8 + ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add 400 deny all from any to ::1 + ${fwcmd} add 500 deny all from ::1 to any + fi +} + +setup_ipv6_mandatory () { + [ $ipv6_available -eq 0 ] || return 0 + + ############ + # Only in rare cases do you want to change these rules + # + # ND + # + # DAD + ${fwcmd} add pass ipv6-icmp from :: to ff02::/16 + # RS, RA, NS, NA, redirect... + ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10 + ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16 + + # Allow ICMPv6 destination unreach + ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1 + + # Allow NS/NA/toobig (don't filter it out) + ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136 +} + +if [ -n "${1}" ]; then + firewall_type="${1}" +fi + +. /etc/rc.subr +. /etc/network.subr +afexists inet6 +ipv6_available=$? + +############ +# Set quiet mode if requested +# +case ${firewall_quiet} in +[Yy][Ee][Ss]) + fwcmd="/sbin/ipfw -q" + ;; +*) + fwcmd="/sbin/ipfw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fwcmd} -f flush + +setup_loopback +setup_ipv6_mandatory + +############ +# Network Address Translation. All packets are passed to natd(8) +# before they encounter your remaining rules. The firewall rules +# will then be run again on each packet after translation by natd +# starting at the rule number following the divert rule. +# +# For ``simple'' firewall type the divert rule should be put to a +# different place to not interfere with address-checking rules. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface} + fi + ;; + esac + case ${firewall_nat_enable} in + [Yy][Ee][Ss]) + if [ -n "${firewall_nat_interface}" ]; then + if echo "${firewall_nat_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" + else + firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" + fi + ${fwcmd} nat 123 config log ${firewall_nat_flags} + ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface} + fi + ;; + esac +esac + +############ +# If you just configured ipfw in the kernel as a tool to solve network +# problems or you just want to disallow some particular kinds of traffic +# then you will want to change the default policy to open. You can also +# do this as your only action by setting the firewall_type to ``open''. +# +# ${fwcmd} add 65000 pass all from any to any + + +# Prototype setups. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]) + ${fwcmd} add 65000 pass all from any to any + ;; + +[Cc][Ll][Ii][Ee][Nn][Tt]) + ############ + # This is a prototype setup that will protect your system somewhat + # against people from outside your own network. + # + # Configuration: + # firewall_client_net: Network address of local IPv4 network. + # firewall_client_net_ipv6: Network address of local IPv6 network. + ############ + + # set this to your local network + net="$firewall_client_net" + net6="$firewall_client_net_ipv6" + + # Allow limited broadcast traffic from my own net. + ${fwcmd} add pass all from ${net} to 255.255.255.255 + + # Allow any traffic to or from my own net. + ${fwcmd} add pass all from me to ${net} + ${fwcmd} add pass all from ${net} to me + if [ -n "$net6" ]; then + ${fwcmd} add pass all from me to ${net6} + ${fwcmd} add pass all from ${net6} to me + fi + + if [ -n "$net6" ]; then + # Allow any link-local multicast traffic + ${fwcmd} add pass all from fe80::/10 to ff02::/16 + ${fwcmd} add pass all from ${net6} to ff02::/16 + # Allow DHCPv6 + ${fwcmd} add pass udp from fe80::/10 to me 546 + fi + + # Allow TCP through if setup succeeded + ${fwcmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fwcmd} add pass tcp from any to me 25 setup + + # Allow setup of outgoing TCP connections only + ${fwcmd} add pass tcp from me to any setup + + # Disallow setup of all other TCP connections + ${fwcmd} add deny tcp from any to any setup + + # Allow DNS queries out in the world + ${fwcmd} add pass udp from me to any 53 keep-state + + # Allow NTP queries out in the world + ${fwcmd} add pass udp from me to any 123 keep-state + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Ss][Ii][Mm][Pp][Ll][Ee]) + ############ + # This is a prototype setup for a simple firewall. Configure this + # machine as a DNS and NTP server, and point all the machines + # on the inside at this machine for those services. + # + # Configuration: + # firewall_simple_iif: Inside IPv4 network interface. + # firewall_simple_inet: Inside IPv4 network address. + # firewall_simple_oif: Outside IPv4 network interface. + # firewall_simple_onet: Outside IPv4 network address. + # firewall_simple_iif_ipv6: Inside IPv6 network interface. + # firewall_simple_inet_ipv6: Inside IPv6 network prefix. + # firewall_simple_oif_ipv6: Outside IPv6 network interface. + # firewall_simple_onet_ipv6: Outside IPv6 network prefix. + ############ + + # set these to your outside interface network + oif="$firewall_simple_oif" + onet="$firewall_simple_onet" + oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}" + onet6="$firewall_simple_onet_ipv6" + + # set these to your inside interface network + iif="$firewall_simple_iif" + inet="$firewall_simple_inet" + iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}" + inet6="$firewall_simple_inet_ipv6" + + # Stop spoofing + ${fwcmd} add deny all from ${inet} to any in via ${oif} + ${fwcmd} add deny all from ${onet} to any in via ${iif} + if [ -n "$inet6" ]; then + ${fwcmd} add deny all from ${inet6} to any in via ${oif6} + if [ -n "$onet6" ]; then + ${fwcmd} add deny all from ${onet6} to any in \ + via ${iif6} + fi + fi + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} + ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} + ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} + ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} + ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} + ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} + ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} + + # Network Address Translation. This rule is placed here deliberately + # so that it does not interfere with the surrounding address-checking + # rules. If for example one of your internal LAN machines had its IP + # address set to 192.0.2.1 then an incoming packet for it after being + # translated by natd(8) would match the `deny' rule above. Similarly + # an outgoing packet originated from it before being translated would + # match the `deny' rule below. + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add divert natd ip4 from any to any via ${natd_interface} + fi + ;; + esac + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} + ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} + ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} + ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} + ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} + + if [ -n "$inet6" ]; then + # Stop unique local unicast address on the outside interface + ${fwcmd} add deny all from fc00::/7 to any via ${oif6} + ${fwcmd} add deny all from any to fc00::/7 via ${oif6} + + # Stop site-local on the outside interface + ${fwcmd} add deny all from fec0::/10 to any via ${oif6} + ${fwcmd} add deny all from any to fec0::/10 via ${oif6} + + # Disallow "internal" addresses to appear on the wire. + ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \ + via ${oif6} + ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \ + via ${oif6} + + # Disallow packets to malicious IPv4 compatible prefix. + ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6} + ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6} + ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6} + ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6} + ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6} + ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6} + ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6} + ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6} + + ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6} + ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6} + + # Disallow packets to malicious 6to4 prefix. + ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6} + ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6} + ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6} + ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6} + + ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6} + ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6} + ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6} + + ${fwcmd} add deny all from ff05::/16 to any via ${oif6} + ${fwcmd} add deny all from any to ff05::/16 via ${oif6} + fi + + # Allow TCP through if setup succeeded + ${fwcmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fwcmd} add pass tcp from any to me 25 setup + + # Allow access to our DNS + ${fwcmd} add pass tcp from any to me 53 setup + ${fwcmd} add pass udp from any to me 53 + ${fwcmd} add pass udp from me 53 to any + + # Allow access to our WWW + ${fwcmd} add pass tcp from any to me 80 setup + + # Reject&Log all setup of incoming connections from the outside + ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp + if [ -n "$inet6" ]; then + ${fwcmd} add deny log ip6 from any to any in via ${oif6} \ + setup proto tcp + fi + + # Allow setup of any other TCP connection + ${fwcmd} add pass tcp from any to any setup + + # Allow DNS queries out in the world + ${fwcmd} add pass udp from me to any 53 keep-state + + # Allow NTP queries out in the world + ${fwcmd} add pass udp from me to any 123 keep-state + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) + # Configuration: + # firewall_myservices: List of TCP ports on which this host + # offers services. + # firewall_allowservices: List of IPv4 and/or IPv6 addresses + # that have access to + # $firewall_myservices. + # firewall_trusted: List of IPv4 and/or IPv6 addresses + # that have full access to this host. + # Be very careful when setting this. + # This option can seriously degrade + # the level of protection provided by + # the firewall. + # firewall_logdeny: Boolean (YES/NO) specifying if the + # default denied packets should be + # logged (in /var/log/security). + # firewall_nologports: List of TCP/UDP ports for which + # denied incomming packets are not + # logged. + + # Allow packets for which a state has been built. + ${fwcmd} add check-state + + # For services permitted below. + ${fwcmd} add pass tcp from me to any established + + # Allow any connection out, adding state for each. + ${fwcmd} add pass tcp from me to any setup keep-state + ${fwcmd} add pass udp from me to any keep-state + ${fwcmd} add pass icmp from me to any keep-state + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass ipv6-icmp from me to any keep-state + fi + + # Allow DHCP. + ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out + ${fwcmd} add pass udp from any 67 to me 68 in + ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass udp from fe80::/10 to me 546 in + fi + # Some servers will ping the IP while trying to decide if it's + # still in use. + ${fwcmd} add pass icmp from any to any icmptype 8 + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 + fi + + # Allow "mandatory" ICMP in. + ${fwcmd} add pass icmp from any to any icmptype 3,4,11 + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 + fi + + # Add permits for this workstations published services below + # Only IPs and nets in firewall_allowservices is allowed in. + # If you really wish to let anyone use services on your + # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf + # + # Note: We don't use keep-state as that would allow DoS of + # our statetable. + # You can add 'keep-state' to the lines for slightly + # better performance if you fell that DoS of your + # workstation won't be a problem. + # + for i in ${firewall_allowservices} ; do + for j in ${firewall_myservices} ; do + ${fwcmd} add pass tcp from $i to me $j + done + done + + # Allow all connections from trusted IPs. + # Playing with the content of firewall_trusted could seriously + # degrade the level of protection provided by the firewall. + for i in ${firewall_trusted} ; do + ${fwcmd} add pass ip from $i to me + done + + ${fwcmd} add 65000 count ip from any to any + + # Drop packets to ports where we don't want logging + for i in ${firewall_nologports} ; do + ${fwcmd} add deny { tcp or udp } from any to any $i in + done + + # Broadcasts and muticasts + ${fwcmd} add deny ip from any to 255.255.255.255 + ${fwcmd} add deny ip from any to 224.0.0.0/24 in # XXX + + # Noise from routers + ${fwcmd} add deny udp from any to any 520 in + + # Noise from webbrowsing. + # The statefull filter is a bit agressive, and will cause some + # connection teardowns to be logged. + ${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in + + # Deny and (if wanted) log the rest unconditionally. + log="" + if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then + log="log logamount 500" # The default of 100 is too low. + sysctl net.inet.ip.fw.verbose=1 >/dev/null + fi + ${fwcmd} add deny $log ip from any to any + ;; + +[Cc][Ll][Oo][Ss][Ee][Dd]) + ${fwcmd} add 65000 deny ip from any to any + ;; +[Uu][Nn][Kk][Nn][Oo][Ww][Nn]) + ;; +*) + if [ -r "${firewall_type}" ]; then + ${fwcmd} ${firewall_flags} ${firewall_type} + fi + ;; +esac diff --git a/etc/rc.initdiskless b/etc/rc.initdiskless new file mode 100644 index 0000000..e731abb --- /dev/null +++ b/etc/rc.initdiskless @@ -0,0 +1,381 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# On entry to this script the entire system consists of a read-only root +# mounted via NFS. The kernel has run BOOTP and configured an interface +# (otherwise it would not have been able to mount the NFS root!) +# +# We use the contents of /conf to create and populate memory filesystems +# that are mounted on top of this root to implement the writable +# (and host-specific) parts of the root filesystem, and other volatile +# filesystems. +# +# The hierarchy in /conf has the form /conf/T/M/ where M are directories +# for which memory filesystems will be created and filled, +# and T is one of the "template" directories below: +# +# base universal base, typically a replica of the original root; +# default secondary universal base, typically overriding some +# of the files in the original root; +# ${ipba} where ${ipba} is the assigned broadcast IP address +# bcast/${ipba} same as above +# ${class} where ${class} is a list of directories supplied by +# bootp/dhcp through the T134 option. +# ${ipba} and ${class} are typicall used to configure features +# for group of diskless clients, or even individual features; +# ${ip} where ${ip} is the machine's assigned IP address, typically +# used to set host-specific features; +# ip/${ip} same as above +# +# Template directories are scanned in the order they are listed above, +# with each sucessive directory overriding (merged into) the previous one; +# non-existing directories are ignored. The subdirectory forms exist to +# help keep the top level /conf managable in large installations. +# +# The existence of a directory /conf/T/M causes this script to create a +# memory filesystem mounted as /M on the client. +# +# Some files in /conf have special meaning, namely: +# +# Filename Action +# ---------------------------------------------------------------- +# /conf/T/M/remount +# The contents of the file is a mount command. E.g. if +# /conf/1.2.3.4/foo/remount contains "mount -o ro /dev/ad0s3", +# then /dev/ad0s3 will be be mounted on /conf/1.2.3.4/foo/ +# +# /conf/T/M/remount_optional +# If this file exists, then failure to execute the mount +# command contained in /conf/T/M/remount is non-fatal. +# +# /conf/T/M/remount_subdir +# If this file exists, then the behaviour of /conf/T/M/remount +# changes as follows: +# 1. /conf/T/M/remount is invoked to mount the root of the +# filesystem where the configuration data exists on a +# temporary mountpoint. +# 2. /conf/T/M/remount_subdir is then invoked to mount a +# *subdirectory* of the filesystem mounted by +# /conf/T/M/remount on /conf/T/M/. +# +# /conf/T/M/diskless_remount +# The contents of the file points to an NFS filesystem, +# possibly followed by mount_nfs options. If the server name +# is omitted, the script will prepend the root path used when +# booting. E.g. if you booted from foo.com:/path/to/root, +# an entry for /conf/base/etc/diskless_remount could be any of +# foo.com:/path/to/root/etc +# /etc -o ro +# Because mount_nfs understands ".." in paths, it is +# possible to mount from locations above the NFS root with +# paths such as "/../../etc". +# +# /conf/T/M/md_size +# The contents of the file specifies the size of the memory +# filesystem to be created, in 512 byte blocks. +# The default size is 10240 blocks (5MB). E.g. if +# /conf/base/etc/md_size contains "30000" then a 15MB MFS +# will be created. In case of multiple entries for the same +# directory M, the last one in the scanning order is used. +# NOTE: If you only need to create a memory filesystem but not +# initialize it from a template, it is preferrable to specify +# it in fstab e.g. as "md /tmp mfs -s=30m,rw 0 0" +# +# /conf/T/SUBDIR.cpio.gz +# The file is cpio'd into /SUBDIR (and a memory filesystem is +# created for /SUBDIR if necessary). The presence of this file +# prevents the copy from /conf/T/SUBDIR/ +# +# /conf/T/SUBDIR.remove +# The list of paths contained in the file are rm -rf'd +# relative to /SUBDIR. +# +# /conf/diskless_remount +# Similar to /conf/T/M/diskless_remount above, but allows +# all of /conf to be remounted. This can be used to allow +# multiple roots to share the same /conf. +# +# +# You will almost universally want to create the following files under /conf +# +# File Content +# ---------------------------- ---------------------------------- +# /conf/base/etc/md_size size of /etc filesystem +# /conf/base/etc/diskless_remount "/etc" +# /conf/default/etc/rc.conf generic diskless config parameters +# /conf/default/etc/fstab generic diskless fstab e.g. like this +# +# foo:/root_part / nfs ro 0 0 +# foo:/usr_part /usr nfs ro 0 0 +# foo:/home_part /home nfs rw 0 0 +# md /tmp mfs -s=30m,rw 0 0 +# md /var mfs -s=30m,rw 0 0 +# proc /proc procfs rw 0 0 +# +# plus, possibly, overrides for password files etc. +# +# NOTE! /var, /tmp, and /dev will be typically created elsewhere, e.g. +# as entries in the fstab as above. +# Those filesystems should not be specified in /conf. +# +# (end of documentation, now get to the real code) + +dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` + +# DEBUGGING +# log something on stdout if verbose. +o_verbose=0 # set to 1 or 2 if you want more debugging +log() { + [ ${o_verbose} -gt 0 ] && echo "*** $* ***" + [ ${o_verbose} -gt 1 ] && read -p "=== Press enter to continue" foo +} + +# chkerr: +# +# Routine to check for error +# +# checks error code and drops into shell on failure. +# if shell exits, terminates script as well as /etc/rc. +# if remount_optional exists under the mountpoint, skip this check. +# +chkerr() { + lastitem () ( n=$(($# - 1)) ; shift $n ; echo $1 ) + mountpoint="$(lastitem $2)" + [ -r $mountpoint/remount_optional ] && ( echo "$2 failed: ignoring due to remount_optional" ; return ) + case $1 in + 0) + ;; + *) + echo "$2 failed: dropping into /bin/sh" + /bin/sh + # RESUME + ;; + esac +} + +# The list of filesystems to umount after the copy +to_umount="" + +handle_remount() { # $1 = mount point + local nfspt mountopts b + b=$1 + log handle_remount $1 + [ -d $b -a -f $b/diskless_remount ] || return + read nfspt mountopts < $b/diskless_remount + log "nfspt ${nfspt} mountopts ${mountopts}" + # prepend the nfs root if not present + [ `expr "$nfspt" : '\(.\)'` = "/" ] && nfspt="${nfsroot}${nfspt}" + mount_nfs $mountopts $nfspt $b + chkerr $? "mount_nfs $nfspt $b" + to_umount="$b ${to_umount}" +} + +# Create a generic memory disk +# +mount_md() { + /sbin/mdmfs -S -i 4096 -s $1 -M md $2 +} + +# Create the memory filesystem if it has not already been created +# +create_md() { + [ "x`eval echo \\$md_created_$1`" = "x" ] || return # only once + if [ "x`eval echo \\$md_size_$1`" = "x" ]; then + md_size=10240 + else + md_size=`eval echo \\$md_size_$1` + fi + log create_md $1 with size $md_size + mount_md $md_size /$1 + /bin/chmod 755 /$1 + eval md_created_$1=created +} + +# DEBUGGING +# +# set -v + +# Figure out our interface and IP. +# +bootp_ifc="" +bootp_ipa="" +bootp_ipbca="" +class="" +if [ ${dlv:=0} -ne 0 ] ; then + iflist=`ifconfig -l` + for i in ${iflist} ; do + set -- `ifconfig ${i}` + while [ $# -ge 1 ] ; do + if [ "${bootp_ifc}" = "" -a "$1" = "inet" ] ; then + bootp_ifc=${i} ; bootp_ipa=${2} ; shift + fi + if [ "${bootp_ipbca}" = "" -a "$1" = "broadcast" ] ; then + bootp_ipbca=$2; shift + fi + shift + done + if [ "${bootp_ifc}" != "" ] ; then + break + fi + done + # Get the values passed with the T134 bootp cookie. + class="`/sbin/sysctl -qn kern.bootp_cookie`" + + echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca} ${class}" +fi + +log Figure out our NFS root path +# +set -- `mount -t nfs` +while [ $# -ge 1 ] ; do + if [ "$2" = "on" -a "$3" = "/" ]; then + nfsroot="$1" + break + fi + shift +done + +# The list of directories with template files +templates="base default" +if [ -n "${bootp_ipbca}" ]; then + templates="${templates} ${bootp_ipbca} bcast/${bootp_ipbca}" +fi +if [ -n "${class}" ]; then + templates="${templates} ${class}" +fi +if [ -n "${bootp_ipa}" ]; then + templates="${templates} ${bootp_ipa} ip/${bootp_ipa}" +fi + +# If /conf/diskless_remount exists, remount all of /conf. +handle_remount /conf + +# Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca}, +# and /conf/${bootp_ipa}. For each subdirectory found within these +# directories: +# +# - calculate memory filesystem sizes. If the subdirectory (prior to +# NFS remounting) contains the file 'md_size', the contents specified +# in 512 byte sectors will be used to size the memory filesystem. Otherwise +# 8192 sectors (4MB) is used. +# +# - handle NFS remounts. If the subdirectory contains the file +# diskless_remount, the contents of the file is NFS mounted over +# the directory. For example /conf/base/etc/diskless_remount +# might contain 'myserver:/etc'. NFS remounts allow you to avoid +# having to dup your system directories in /conf. Your server must +# be sure to export those filesystems -alldirs, however. +# If the diskless_remount file contains a string beginning with a +# '/' it is assumed that the local nfsroot should be prepended to +# it before attemping to the remount. This allows the root to be +# relocated without needing to change the remount files. +# +log "templates are ${templates}" +for i in ${templates} ; do + for j in /conf/$i/* ; do + [ -d $j ] || continue + + # memory filesystem size specification + subdir=${j##*/} + [ -f $j/md_size ] && eval md_size_$subdir=`cat $j/md_size` + + # remount. Beware, the command is in the file itself! + if [ -f $j/remount ]; then + if [ -f $j/remount_subdir ]; then + k="/conf.tmp/$i/$subdir" + [ -d $k ] || continue + + # Mount the filesystem root where the config data is + # on the temporary mount point. + nfspt=`/bin/cat $j/remount` + $nfspt $k + chkerr $? "$nfspt $k" + + # Now use a nullfs mount to get the data where we + # really want to see it. + remount_subdir=`/bin/cat $j/remount_subdir` + remount_subdir_cmd="mount -t nullfs $k/$remount_subdir" + + $remount_subdir_cmd $j + chkerr $? "$remount_subdir_cmd $j" + + # XXX check order -- we must force $k to be unmounted + # after j, as j depends on k. + to_umount="$j $k ${to_umount}" + else + nfspt=`/bin/cat $j/remount` + $nfspt $j + chkerr $? "$nfspt $j" + to_umount="$j ${to_umount}" # XXX hope it is really a mount! + fi + fi + + # NFS remount + handle_remount $j + done +done + +# - Create all required MFS filesystems and populate them from +# our templates. Support both a direct template and a dir.cpio.gz +# archive. Support dir.remove files containing a list of relative +# paths to remove. +# +# The dir.cpio.gz form is there to make the copy process more efficient, +# so if the cpio archive is present, it prevents the files from dir/ +# from being copied. + +for i in ${templates} ; do + for j in /conf/$i/* ; do + subdir=${j##*/} + if [ -d $j -a ! -f $j.cpio.gz ]; then + create_md $subdir + cp -Rp $j/ /$subdir + fi + done + for j in /conf/$i/*.cpio.gz ; do + subdir=${j%*.cpio.gz} + subdir=${subdir##*/} + if [ -f $j ]; then + create_md $subdir + echo "Loading /$subdir from cpio archive $j" + (cd / ; /rescue/tar -xpf $j) + fi + done + for j in /conf/$i/*.remove ; do + subdir=${j%*.remove} + subdir=${subdir##*/} + if [ -f $j ]; then + # doubly sure it is a memory disk before rm -rf'ing + create_md $subdir + (cd /$subdir; rm -rf `/bin/cat $j`) + fi + done +done + +# umount partitions used to fill the memory filesystems +[ -n "${to_umount}" ] && umount $to_umount diff --git a/etc/rc.resume b/etc/rc.resume new file mode 100755 index 0000000..3b2e970 --- /dev/null +++ b/etc/rc.resume @@ -0,0 +1,72 @@ +#!/bin/sh +# +# Copyright (c) 1999 Mitsuru IWASAKI +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# sample run command file for APM Resume Event + +if [ $# -ne 2 ]; then + echo "Usage: $0 [apm|acpi] [standby,suspend|1-4]" + exit 1 +fi + +subsystem=$1 +state=$2 + +if [ -r /var/run/rc.suspend.pid ]; then + kill -9 `cat /var/run/rc.suspend.pid` + /bin/rm -f /var/run/rc.suspend.pid + echo 'rc.resume: killed rc.suspend that was still around' +fi + +if [ -r /var/run/rc.suspend.tch ]; then + _t=`cat /var/run/rc.suspend.tch` + /sbin/sysctl -n kern.timecounter.hardware=$_t > /dev/null 2>&1 + /bin/rm -f /var/run/rc.suspend.tch +fi + +if [ -r /var/run/moused.pid ]; then + pkill -HUP -F /var/run/moused.pid +fi + +# Turns on a power supply of a card in the slot inactivated. +# See also contrib/pccardq.c (only for PAO users). +# pccardq | awk -F '~' '$5 == "inactive" \ +# { printf("pccardc power %d 1", $1); }' | sh + +# If a device driver has problems resuming, try unloading it before +# suspend and reloading it on resume. Example: +# kldload usb + +# wpa_supplicant(8) doesn't seem to reassociate during resume. Uncomment +# the following to signal it to reassociate. +# /usr/sbin/wpa_cli reassociate + +/usr/bin/logger -t $subsystem resumed at `/bin/date +'%Y%m%d %H:%M:%S'` +/bin/sync && /bin/sync && /bin/sync + +exit 0 diff --git a/etc/rc.sendmail b/etc/rc.sendmail new file mode 100644 index 0000000..b025bc0 --- /dev/null +++ b/etc/rc.sendmail @@ -0,0 +1,277 @@ +#!/bin/sh + +# +# Copyright (c) 2002 Gregory Neil Shapiro. All Rights Reserved. +# Copyright (c) 2000, 2002 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This script is used by /etc/rc at boot time to start sendmail. It +# is meant to be sendmail specific and not a generic script for all +# MTAs. It is only called by /etc/rc if the rc.conf mta_start_script is +# set to /etc/rc.sendmail. This provides the opportunity for other MTAs +# to provide their own startup script. + +# The script is also used by /etc/mail/Makefile to enable the +# start/stop/restart targets. + +# The source for the script can be found in src/etc/sendmail/rc.sendmail. + +if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + +# The sendmail binary +sendmail_program=${sendmail_program:-/usr/sbin/sendmail} + +# The pid is used to stop and restart the running daemon(s). +sendmail_pidfile=${sendmail_pidfile:-/var/run/sendmail.pid} +sendmail_mspq_pidfile=${sendmail_mspq_pidfile:-/var/spool/clientmqueue/sm-client.pid} + +start_mta() +{ + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + ;; + [Yy][Ee][Ss]) + echo -n ' sendmail' + ${sendmail_program} ${sendmail_flags} + ;; + *) + case ${sendmail_submit_enable} in + [Yy][Ee][Ss]) + echo -n ' sendmail-submit' + ${sendmail_program} ${sendmail_submit_flags} + ;; + *) + case ${sendmail_outbound_enable} in + [Yy][Ee][Ss]) + echo -n ' sendmail-outbound' + ${sendmail_program} ${sendmail_outbound_flags} + ;; + esac + ;; + esac + ;; + esac +} + +stop_mta() +{ + # Check to make sure we are configured to start an MTA + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + return + ;; + [Yy][Ee][Ss]) + ;; + *) + case ${sendmail_submit_enable} in + [Yy][Ee][Ss]) + ;; + *) + case ${sendmail_outbound_enable} in + [Yy][Ee][Ss]) + ;; + *) + return + ;; + esac + ;; + esac + ;; + esac + + if [ -r ${sendmail_pidfile} ]; then + echo -n ' sendmail' + kill -TERM `head -1 ${sendmail_pidfile}` + else + echo "$0: stop-mta: ${sendmail_pidfile} not found" + fi +} + +restart_mta() +{ + # Check to make sure we are configured to start an MTA + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + return + ;; + [Yy][Ee][Ss]) + ;; + *) + case ${sendmail_submit_enable} in + [Yy][Ee][Ss]) + ;; + *) + case ${sendmail_outbound_enable} in + [Yy][Ee][Ss]) + ;; + *) + return + ;; + esac + ;; + esac + ;; + esac + if [ -r ${sendmail_pidfile} ]; then + echo -n ' sendmail' + kill -HUP `head -1 ${sendmail_pidfile}` + else + echo "$0: restart-mta: ${sendmail_pidfile} not found" + fi +} + +start_mspq() +{ + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + ;; + *) + if [ -r /etc/mail/submit.cf ]; then + case ${sendmail_msp_queue_enable} in + [Yy][Ee][Ss]) + echo -n ' sendmail-clientmqueue' + ${sendmail_program} ${sendmail_msp_queue_flags} + ;; + esac + fi + ;; + esac +} + +stop_mspq() +{ + # Check to make sure we are configured to start an MSP queue runner + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + return + ;; + *) + if [ -r /etc/mail/submit.cf ]; then + case ${sendmail_msp_queue_enable} in + [Yy][Ee][Ss]) + ;; + *) + return + ;; + esac + fi + ;; + esac + + if [ -r ${sendmail_mspq_pidfile} ]; then + echo -n ' sendmail-clientmqueue' + kill -TERM `head -1 ${sendmail_mspq_pidfile}` + else + echo "$0: stop-mspq: ${sendmail_mspq_pidfile} not found" + fi +} + +restart_mspq() +{ + # Check to make sure we are configured to start an MSP queue runner + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + return + ;; + *) + if [ -r /etc/mail/submit.cf ]; then + case ${sendmail_msp_queue_enable} in + [Yy][Ee][Ss]) + ;; + *) + return + ;; + esac + fi + ;; + esac + + if [ -r ${sendmail_mspq_pidfile} ]; then + echo -n ' sendmail-clientmqueue' + kill -HUP `head -1 ${sendmail_mspq_pidfile}` + else + echo "$0: restart-mspq: ${sendmail_mspq_pidfile} not found" + fi +} + +# If no argument is given, assume we are being called at boot time. +_action=${1:-start} + +case ${_action} in +start) + start_mta + start_mspq + ;; + +stop) + stop_mta + stop_mspq + ;; + +restart) + restart_mta + restart_mspq + ;; + +start-mta) + start_mta + ;; + +stop-mta) + stop_mta + ;; + +restart-mta) + restart_mta + ;; + +start-mspq) + start_mspq + ;; + +stop-mspq) + stop_mspq + ;; + +restart-mspq) + restart_mspq + ;; + +*) + echo "usage: `basename $0` {start|stop|restart}" >&2 + echo " `basename $0` {start-mta|stop-mta|restart-mta}" >&2 + echo " `basename $0` {start-mspq|stop-mspq|restart-mspq}" >&2 + exit 64 + ;; + +esac +exit 0 diff --git a/etc/rc.shutdown b/etc/rc.shutdown new file mode 100644 index 0000000..dc1ca13 --- /dev/null +++ b/etc/rc.shutdown @@ -0,0 +1,108 @@ +#!/bin/sh +# +# Copyright (c) 1997 Ollivier Robert +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Site-specific closing actions for daemons run by init on shutdown, +# or before going single-user from multi-user. +# Output and errors are directed to console by init, and the +# console is the controlling terminal. + +stty status '^T' + +# Set shell to ignore SIGINT (2), but not children; +# shell catches SIGQUIT (3) and returns to single user after fsck. +trap : 2 +trap : 3 # shouldn't be needed + +HOME=/ +PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin +export HOME PATH + +. /etc/rc.subr + +load_rc_config 'XXX' + +# reverse_list list +# print the list in reverse order +# +reverse_list() +{ + _revlist= + for _revfile in $*; do + _revlist="$_revfile${script_name_sep}$_revlist" + done + echo $_revlist +} + +# If requested, start a watchdog timer in the background which +# will terminate rc.shutdown if rc.shutdown doesn't complete +# within the specified time. +# +_rcshutdown_watchdog= +if [ -n "$rcshutdown_timeout" ]; then + debug "Initiating watchdog timer." + sleep $rcshutdown_timeout && ( + _msg="$rcshutdown_timeout second watchdog" + _msg="$_msg timeout expired. Shutdown terminated." + logger -t rc.shutdown "$_msg" + echo "$_msg" + date + kill -KILL $$ >/dev/null 2>&1 + ) & + _rcshutdown_watchdog=$! +fi + +# Determine the shutdown order of the /etc/rc.d scripts, +# and perform the operation +# +rcorder_opts="-k shutdown" +[ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && rcorder_opts="$rcorder_opts -s nojail" + +case ${local_startup} in +[Nn][Oo] | '') ;; +*) find_local_scripts_new ;; +esac + +files=`rcorder ${rcorder_opts} /etc/rc.d/* ${local_rc} 2>/dev/null` + +for _rc_elem in `reverse_list $files`; do + debug "run_rc_script $_rc_elem faststop" + run_rc_script $_rc_elem faststop +done + +# Terminate the background watchdog timer (if it is running) +# +if [ -n "$_rcshutdown_watchdog" ]; then + pkill -TERM -P $_rcshutdown_watchdog >/dev/null 2>&1 +fi + +# Insert other shutdown procedures here + + +echo '.' +exit 0 diff --git a/etc/rc.subr b/etc/rc.subr new file mode 100644 index 0000000..29ed3dd --- /dev/null +++ b/etc/rc.subr @@ -0,0 +1,1778 @@ +# $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $ +# $FreeBSD$ +# +# Copyright (c) 1997-2004 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Luke Mewburn. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +# rc.subr +# functions used by various rc scripts +# + +: ${rcvar_manpage:='rc.conf(5)'} +: ${RC_PID:=$$}; export RC_PID + +# +# Operating System dependent/independent variables +# + +if [ -z "${_rc_subr_loaded}" ]; then + +_rc_subr_loaded="YES" + +SYSCTL="/sbin/sysctl" +SYSCTL_N="${SYSCTL} -n" +SYSCTL_W="${SYSCTL}" +ID="/usr/bin/id" +IDCMD="if [ -x $ID ]; then $ID -un; fi" +PS="/bin/ps -ww" +JID=`$PS -p $$ -o jid=` + +# +# functions +# --------- + +# set_rcvar [var] [defval] [desc] +# +# Echo or define a rc.conf(5) variable name. Global variable +# $rcvars is used. +# +# If no argument is specified, echo "${name}_enable". +# +# If only a var is specified, echo "${var}_enable". +# +# If var and defval are specified, the ${var} is defined as +# rc.conf(5) variable and the default value is ${defvar}. An +# optional argument $desc can also be specified to add a +# description for that. +# +set_rcvar() +{ + case $# in + 0) + echo ${name}_enable + ;; + 1) + echo ${1}_enable + ;; + *) + debug "rcvar_define: \$$1=$2 is added" \ + " as a rc.conf(5) variable." + + local _var + _var=$1 + rcvars="${rcvars# } $_var" + eval ${_var}_defval=\"$2\" + shift 2 + # encode multiple lines of _desc + for l in "$@"; do + eval ${_var}_desc=\"\${${_var}_desc#^^}^^$l\" + done + eval ${_var}_desc=\"\${${_var}_desc#^^}\" + ;; + esac +} + +# set_rcvar_obsolete oldvar [newvar] [msg] +# Define obsolete variable. +# Global variable $rcvars_obsolete is used. +# +set_rcvar_obsolete() +{ + local _var + _var=$1 + debug "rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" + + rcvars_obsolete="${rcvars_obsolete# } $1" + eval ${1}_newvar=\"$2\" + shift 2 + eval ${_var}_obsolete_msg=\"$*\" +} + +# +# force_depend script +# Force a service to start. Intended for use by services +# to resolve dependency issues. It is assumed the caller +# has check to make sure this call is necessary +# $1 - filename of script, in /etc/rc.d, to run +# +force_depend() +{ + _depend="$1" + + info "${name} depends on ${_depend}, which will be forced to start." + if ! /etc/rc.d/${_depend} forcestart; then + warn "Unable to force ${_depend}. It may already be running." + return 1 + fi + return 0 +} + +# +# checkyesno var +# Test $1 variable, and warn if not set to YES or NO. +# Return 0 if it's "yes" (et al), nonzero otherwise. +# +checkyesno() +{ + eval _value=\$${1} + debug "checkyesno: $1 is set to $_value." + case $_value in + + # "yes", "true", "on", or "1" + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + return 0 + ;; + + # "no", "false", "off", or "0" + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + return 1 + ;; + *) + warn "\$${1} is not set properly - see ${rcvar_manpage}." + return 1 + ;; + esac +} + +# +# reverse_list list +# print the list in reverse order +# +reverse_list() +{ + _revlist= + for _revfile; do + _revlist="$_revfile $_revlist" + done + echo $_revlist +} + +# stop_boot always +# If booting directly to multiuser or $always is enabled, +# send SIGTERM to the parent (/etc/rc) to abort the boot. +# Otherwise just exit. +# +stop_boot() +{ + local always + + case $1 in + # "yes", "true", "on", or "1" + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + always=true + ;; + *) + always=false + ;; + esac + if [ "$autoboot" = yes -o "$always" = true ]; then + echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" + kill -TERM ${RC_PID} + fi + exit 1 +} + +# +# mount_critical_filesystems type +# Go through the list of critical filesystems as provided in +# the rc.conf(5) variable $critical_filesystems_${type}, checking +# each one to see if it is mounted, and if it is not, mounting it. +# +mount_critical_filesystems() +{ + eval _fslist=\$critical_filesystems_${1} + for _fs in $_fslist; do + mount | ( + _ismounted=false + while read what _on on _type type; do + if [ $on = $_fs ]; then + _ismounted=true + fi + done + if $_ismounted; then + : + else + mount $_fs >/dev/null 2>&1 + fi + ) + done +} + +# +# check_pidfile pidfile procname [interpreter] +# Parses the first line of pidfile for a PID, and ensures +# that the process is running and matches procname. +# Prints the matching PID upon success, nothing otherwise. +# interpreter is optional; see _find_processes() for details. +# +check_pidfile() +{ + _pidfile=$1 + _procname=$2 + _interpreter=$3 + if [ -z "$_pidfile" -o -z "$_procname" ]; then + err 3 'USAGE: check_pidfile pidfile procname [interpreter]' + fi + if [ ! -f $_pidfile ]; then + debug "pid file ($_pidfile): not readable." + return + fi + read _pid _junk < $_pidfile + if [ -z "$_pid" ]; then + debug "pid file ($_pidfile): no pid in file." + return + fi + _find_processes $_procname ${_interpreter:-.} '-p '"$_pid" +} + +# +# check_process procname [interpreter] +# Ensures that a process (or processes) named procname is running. +# Prints a list of matching PIDs. +# interpreter is optional; see _find_processes() for details. +# +check_process() +{ + _procname=$1 + _interpreter=$2 + if [ -z "$_procname" ]; then + err 3 'USAGE: check_process procname [interpreter]' + fi + _find_processes $_procname ${_interpreter:-.} '-ax' +} + +# +# _find_processes procname interpreter psargs +# Search for procname in the output of ps generated by psargs. +# Prints the PIDs of any matching processes, space separated. +# +# If interpreter == ".", check the following variations of procname +# against the first word of each command: +# procname +# `basename procname` +# `basename procname` + ":" +# "(" + `basename procname` + ")" +# "[" + `basename procname` + "]" +# +# If interpreter != ".", read the first line of procname, remove the +# leading #!, normalise whitespace, append procname, and attempt to +# match that against each command, either as is, or with extra words +# at the end. As an alternative, to deal with interpreted daemons +# using perl, the basename of the interpreter plus a colon is also +# tried as the prefix to procname. +# +_find_processes() +{ + if [ $# -ne 3 ]; then + err 3 'USAGE: _find_processes procname interpreter psargs' + fi + _procname=$1 + _interpreter=$2 + _psargs=$3 + + _pref= + if [ $_interpreter != "." ]; then # an interpreted script + _script=${_chroot}${_chroot:+"/"}$_procname + if [ -r $_script ]; then + read _interp < $_script # read interpreter name + case "$_interp" in + \#!*) + _interp=${_interp#\#!} # strip #! + set -- $_interp + case $1 in + */bin/env) + shift # drop env to get real name + ;; + esac + if [ $_interpreter != $1 ]; then + warn "\$command_interpreter $_interpreter != $1" + fi + ;; + *) + warn "no shebang line in $_script" + set -- $_interpreter + ;; + esac + else + warn "cannot read shebang line from $_script" + set -- $_interpreter + fi + _interp="$* $_procname" # cleanup spaces, add _procname + _interpbn=${1##*/} + _fp_args='_argv' + _fp_match='case "$_argv" in + ${_interp}|"${_interp} "*|"${_interpbn}: ${_procname}"*)' + else # a normal daemon + _procnamebn=${_procname##*/} + _fp_args='_arg0 _argv' + _fp_match='case "$_arg0" in + $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' + fi + + _proccheck="\ + $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | + while read _npid _jid '"$_fp_args"'; do + '"$_fp_match"' + if [ "$JID" -eq "$_jid" ]; + then echo -n "$_pref$_npid"; + _pref=" "; + fi + ;; + esac + done' + +# debug "in _find_processes: proccheck is ($_proccheck)." + eval $_proccheck +} + +# +# wait_for_pids pid [pid ...] +# spins until none of the pids exist +# +wait_for_pids() +{ + local _list _prefix _nlist _j + + _list="$@" + if [ -z "$_list" ]; then + return + fi + _prefix= + while true; do + _nlist=""; + for _j in $_list; do + if kill -0 $_j 2>/dev/null; then + _nlist="${_nlist}${_nlist:+ }$_j" + [ -n "$_prefix" ] && sleep 1 + fi + done + if [ -z "$_nlist" ]; then + break + fi + _list=$_nlist + echo -n ${_prefix:-"Waiting for PIDS: "}$_list + _prefix=", " + pwait $_list 2>/dev/null + done + if [ -n "$_prefix" ]; then + echo "." + fi +} + +# +# get_pidfile_from_conf string file +# +# Takes a string to search for in the specified file. +# Ignores lines with traditional comment characters. +# +# Example: +# +# if get_pidfile_from_conf string file; then +# pidfile="$_pidfile_from_conf" +# else +# pidfile='appropriate default' +# fi +# +get_pidfile_from_conf() +{ + if [ -z "$1" -o -z "$2" ]; then + err 3 "USAGE: get_pidfile_from_conf string file ($name)" + fi + + local string file line + + string="$1" ; file="$2" + + if [ ! -s "$file" ]; then + err 3 "get_pidfile_from_conf: $file does not exist ($name)" + fi + + while read line; do + case "$line" in + *[#\;]*${string}*) continue ;; + *${string}*) break ;; + esac + done < $file + + if [ -n "$line" ]; then + line=${line#*/} + _pidfile_from_conf="/${line%%[\"\;]*}" + else + return 1 + fi +} + +# +# check_startmsgs +# If rc_quiet is set (usually as a result of using faststart at +# boot time) check if rc_startmsgs is enabled. +# +check_startmsgs() +{ + if [ -n "$rc_quiet" ]; then + checkyesno rc_startmsgs + else + return 0 + fi +} + +# +# run_rc_command argument +# Search for argument in the list of supported commands, which is: +# "start stop restart rcvar status poll ${extra_commands}" +# If there's a match, run ${argument}_cmd or the default method +# (see below). +# +# If argument has a given prefix, then change the operation as follows: +# Prefix Operation +# ------ --------- +# fast Skip the pid check, and set rc_fast=yes, rc_quiet=yes +# force Set ${rcvar} to YES, and set rc_force=yes +# one Set ${rcvar} to YES +# quiet Don't output some diagnostics, and set rc_quiet=yes +# +# The following globals are used: +# +# Name Needed Purpose +# ---- ------ ------- +# name y Name of script. +# +# command n Full path to command. +# Not needed if ${rc_arg}_cmd is set for +# each keyword. +# +# command_args n Optional args/shell directives for command. +# +# command_interpreter n If not empty, command is interpreted, so +# call check_{pidfile,process}() appropriately. +# +# desc n Description of script. +# +# extra_commands n List of extra commands supported. +# +# pidfile n If set, use check_pidfile $pidfile $command, +# otherwise use check_process $command. +# In either case, only check if $command is set. +# +# procname n Process name to check for instead of $command. +# +# rcvar n This is checked with checkyesno to determine +# if the action should be run. +# +# ${name}_program n Full path to command. +# Meant to be used in /etc/rc.conf to override +# ${command}. +# +# ${name}_chroot n Directory to chroot to before running ${command} +# Requires /usr to be mounted. +# +# ${name}_chdir n Directory to cd to before running ${command} +# (if not using ${name}_chroot). +# +# ${name}_flags n Arguments to call ${command} with. +# NOTE: $flags from the parent environment +# can be used to override this. +# +# ${name}_nice n Nice level to run ${command} at. +# +# ${name}_user n User to run ${command} as, using su(1) if not +# using ${name}_chroot. +# Requires /usr to be mounted. +# +# ${name}_group n Group to run chrooted ${command} as. +# Requires /usr to be mounted. +# +# ${name}_groups n Comma separated list of supplementary groups +# to run the chrooted ${command} with. +# Requires /usr to be mounted. +# +# ${rc_arg}_cmd n If set, use this as the method when invoked; +# Otherwise, use default command (see below) +# +# ${rc_arg}_precmd n If set, run just before performing the +# ${rc_arg}_cmd method in the default +# operation (i.e, after checking for required +# bits and process (non)existence). +# If this completes with a non-zero exit code, +# don't run ${rc_arg}_cmd. +# +# ${rc_arg}_postcmd n If set, run just after performing the +# ${rc_arg}_cmd method, if that method +# returned a zero exit code. +# +# required_dirs n If set, check for the existence of the given +# directories before running a (re)start command. +# +# required_files n If set, check for the readability of the given +# files before running a (re)start command. +# +# required_modules n If set, ensure the given kernel modules are +# loaded before running a (re)start command. +# The check and possible loads are actually +# done after start_precmd so that the modules +# aren't loaded in vain, should the precmd +# return a non-zero status to indicate a error. +# If a word in the list looks like "foo:bar", +# "foo" is the KLD file name and "bar" is the +# module name. If a word looks like "foo~bar", +# "foo" is the KLD file name and "bar" is a +# egrep(1) pattern matching the module name. +# Otherwise the module name is assumed to be +# the same as the KLD file name, which is most +# common. See load_kld(). +# +# required_vars n If set, perform checkyesno on each of the +# listed variables before running the default +# (re)start command. +# +# Default behaviour for a given argument, if no override method is +# provided: +# +# Argument Default behaviour +# -------- ----------------- +# start if !running && checkyesno ${rcvar} +# ${command} +# +# stop if ${pidfile} +# rc_pid=$(check_pidfile $pidfile $command) +# else +# rc_pid=$(check_process $command) +# kill $sig_stop $rc_pid +# wait_for_pids $rc_pid +# ($sig_stop defaults to TERM.) +# +# reload Similar to stop, except use $sig_reload instead, +# and doesn't wait_for_pids. +# $sig_reload defaults to HUP. +# Note that `reload' isn't provided by default, +# it should be enabled via $extra_commands. +# +# restart Run `stop' then `start'. +# +# status Show if ${command} is running, etc. +# +# poll Wait for ${command} to exit. +# +# rcvar Display what rc.conf variable is used (if any). +# +# Variables available to methods, and after run_rc_command() has +# completed: +# +# Variable Purpose +# -------- ------- +# rc_arg Argument to command, after fast/force/one processing +# performed +# +# rc_flags Flags to start the default command with. +# Defaults to ${name}_flags, unless overridden +# by $flags from the environment. +# This variable may be changed by the precmd method. +# +# rc_pid PID of command (if appropriate) +# +# rc_fast Not empty if "fast" was provided (q.v.) +# +# rc_force Not empty if "force" was provided (q.v.) +# +# rc_quiet Not empty if "quiet" was provided +# +# +run_rc_command() +{ + _return=0 + rc_arg=$1 + if [ -z "$name" ]; then + err 3 'run_rc_command: $name is not set.' + fi + + # Don't repeat the first argument when passing additional command- + # line arguments to the command subroutines. + # + shift 1 + rc_extra_args="$*" + + _rc_prefix= + case "$rc_arg" in + fast*) # "fast" prefix; don't check pid + rc_arg=${rc_arg#fast} + rc_fast=yes + rc_quiet=yes + ;; + force*) # "force" prefix; always run + rc_force=yes + _rc_prefix=force + rc_arg=${rc_arg#${_rc_prefix}} + if [ -n "${rcvar}" ]; then + eval ${rcvar}=YES + fi + ;; + one*) # "one" prefix; set ${rcvar}=yes + _rc_prefix=one + rc_arg=${rc_arg#${_rc_prefix}} + if [ -n "${rcvar}" ]; then + eval ${rcvar}=YES + fi + ;; + quiet*) # "quiet" prefix; omit some messages + _rc_prefix=quiet + rc_arg=${rc_arg#${_rc_prefix}} + rc_quiet=yes + ;; + esac + + eval _override_command=\$${name}_program + command=${_override_command:-$command} + + _keywords="start stop restart rcvar $extra_commands" + rc_pid= + _pidcmd= + _procname=${procname:-${command}} + + # setup pid check command + if [ -n "$_procname" ]; then + if [ -n "$pidfile" ]; then + _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')' + else + _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')' + fi + if [ -n "$_pidcmd" ]; then + _keywords="${_keywords} status poll" + fi + fi + + if [ -z "$rc_arg" ]; then + rc_usage $_keywords + fi + + if [ -n "$flags" ]; then # allow override from environment + rc_flags=$flags + else + eval rc_flags=\$${name}_flags + fi + eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ + _nice=\$${name}_nice _user=\$${name}_user \ + _group=\$${name}_group _groups=\$${name}_groups + + if [ -n "$_user" ]; then # unset $_user if running as that user + if [ "$_user" = "$(eval $IDCMD)" ]; then + unset _user + fi + fi + + eval $_pidcmd # determine the pid if necessary + + for _elem in $_keywords; do + if [ "$_elem" != "$rc_arg" ]; then + continue + fi + # if ${rcvar} is set, $1 is not "rcvar" + # and ${rc_pid} is not set, then run + # checkyesno ${rcvar} + # and return if that failed + # + if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" ] || + [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then + if ! checkyesno ${rcvar}; then + if [ -n "${rc_quiet}" ]; then + return 0 + fi + echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to " + echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' " + echo "instead of '${rc_arg}'." + return 0 + fi + fi + + # if there's a custom ${XXX_cmd}, + # run that instead of the default + # + eval _cmd=\$${rc_arg}_cmd \ + _precmd=\$${rc_arg}_precmd \ + _postcmd=\$${rc_arg}_postcmd + + if [ -n "$_cmd" ]; then + _run_rc_precmd || return 1 + _run_rc_doit "$_cmd $rc_extra_args" || return 1 + _run_rc_postcmd + return $_return + fi + + case "$rc_arg" in # default operations... + + status) + _run_rc_precmd || return 1 + if [ -n "$rc_pid" ]; then + echo "${name} is running as pid $rc_pid." + else + echo "${name} is not running." + return 1 + fi + _run_rc_postcmd + ;; + + start) + if [ -z "$rc_fast" -a -n "$rc_pid" ]; then + echo 1>&2 "${name} already running? (pid=$rc_pid)." + return 1 + fi + + if [ ! -x ${_chroot}${_chroot:+"/"}${command} ]; then + warn "run_rc_command: cannot run $command" + return 1 + fi + + if ! _run_rc_precmd; then + warn "failed precmd routine for ${name}" + return 1 + fi + + # setup the full command to run + # + check_startmsgs && echo "Starting ${name}." + if [ -n "$_chroot" ]; then + _doit="\ +${_nice:+nice -n $_nice }\ +chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ +$_chroot $command $rc_flags $command_args" + else + _doit="\ +${_chdir:+cd $_chdir && }\ +$command $rc_flags $command_args" + if [ -n "$_user" ]; then + _doit="su -m $_user -c 'sh -c \"$_doit\"'" + fi + if [ -n "$_nice" ]; then + if [ -z "$_user" ]; then + _doit="sh -c \"$_doit\"" + fi + _doit="nice -n $_nice $_doit" + fi + fi + + # run the full command + # + if ! _run_rc_doit "$_doit"; then + warn "failed to start ${name}" + return 1 + fi + + # finally, run postcmd + # + _run_rc_postcmd + ;; + + stop) + if [ -z "$rc_pid" ]; then + [ -n "$rc_fast" ] && return 0 + _run_rc_notrunning + return 1 + fi + + _run_rc_precmd || return 1 + + # send the signal to stop + # + echo "Stopping ${name}." + _doit=$(_run_rc_killcmd "${sig_stop:-TERM}") + _run_rc_doit "$_doit" || return 1 + + # wait for the command to exit, + # and run postcmd. + wait_for_pids $rc_pid + + _run_rc_postcmd + ;; + + reload) + if [ -z "$rc_pid" ]; then + _run_rc_notrunning + return 1 + fi + + _run_rc_precmd || return 1 + + _doit=$(_run_rc_killcmd "${sig_reload:-HUP}") + _run_rc_doit "$_doit" || return 1 + + _run_rc_postcmd + ;; + + restart) + # prevent restart being called more + # than once by any given script + # + if ${_rc_restart_done:-false}; then + return 0 + fi + _rc_restart_done=true + + _run_rc_precmd || return 1 + + # run those in a subshell to keep global variables + ( run_rc_command ${_rc_prefix}stop $rc_extra_args ) + ( run_rc_command ${_rc_prefix}start $rc_extra_args ) + _return=$? + [ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1 + + _run_rc_postcmd + ;; + + poll) + _run_rc_precmd || return 1 + if [ -n "$rc_pid" ]; then + wait_for_pids $rc_pid + fi + _run_rc_postcmd + ;; + + rcvar) + echo -n "# $name" + if [ -n "$desc" ]; then + echo " : $desc" + else + echo "" + fi + echo "#" + # Get unique vars in $rcvar $rcvars + for _v in $rcvar $rcvars; do + case $v in + $_v\ *|\ *$_v|*\ $_v\ *) ;; + *) v="${v# } $_v" ;; + esac + done + + # Display variables. + for _v in $v; do + if [ -z "$_v" ]; then + continue + fi + + eval _desc=\$${_v}_desc + eval _defval=\$${_v}_defval + _h="-" + + eval echo \"$_v=\\\"\$$_v\\\"\" + # decode multiple lines of _desc + while [ -n "$_desc" ]; do + case $_desc in + *^^*) + echo "# $_h ${_desc%%^^*}" + _desc=${_desc#*^^} + _h=" " + ;; + *) + echo "# $_h ${_desc}" + break + ;; + esac + done + echo "# (default: \"$_defval\")" + done + echo "" + ;; + + *) + rc_usage $_keywords + ;; + + esac + return $_return + done + + echo 1>&2 "$0: unknown directive '$rc_arg'." + rc_usage $_keywords + # not reached +} + +# +# Helper functions for run_rc_command: common code. +# They use such global variables besides the exported rc_* ones: +# +# name R/W +# ------------------ +# _precmd R +# _postcmd R +# _return W +# +_run_rc_precmd() +{ + check_required_before "$rc_arg" || return 1 + + if [ -n "$_precmd" ]; then + debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args" + eval "$_precmd $rc_extra_args" + _return=$? + + # If precmd failed and force isn't set, request exit. + if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then + return 1 + fi + fi + + check_required_after "$rc_arg" || return 1 + + return 0 +} + +_run_rc_postcmd() +{ + if [ -n "$_postcmd" ]; then + debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args" + eval "$_postcmd $rc_extra_args" + _return=$? + fi + return 0 +} + +_run_rc_doit() +{ + debug "run_rc_command: doit: $*" + eval "$@" + _return=$? + + # If command failed and force isn't set, request exit. + if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then + return 1 + fi + + return 0 +} + +_run_rc_notrunning() +{ + local _pidmsg + + if [ -n "$pidfile" ]; then + _pidmsg=" (check $pidfile)." + else + _pidmsg= + fi + echo 1>&2 "${name} not running?${_pidmsg}" +} + +_run_rc_killcmd() +{ + local _cmd + + _cmd="kill -$1 $rc_pid" + if [ -n "$_user" ]; then + _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" + fi + echo "$_cmd" +} + +# +# run_rc_script file arg +# Start the script `file' with `arg', and correctly handle the +# return value from the script. +# If `file' ends with `.sh', it's sourced into the current environment +# when $rc_fast_and_loose is set, otherwise it is run as a child process. +# If `file' appears to be a backup or scratch file, ignore it. +# Otherwise if it is executable run as a child process. +# +run_rc_script() +{ + _file=$1 + _arg=$2 + if [ -z "$_file" -o -z "$_arg" ]; then + err 3 'USAGE: run_rc_script file arg' + fi + + unset name command command_args command_interpreter \ + extra_commands pidfile procname \ + rcvar rcvars rcvars_obsolete required_dirs required_files \ + required_vars + eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd + + case "$_file" in + /etc/rc.d/*.sh) # no longer allowed in the base + warn "Ignoring old-style startup script $_file" + ;; + *[~#]|*.OLD|*.bak|*.orig|*,v) # scratch file; skip + warn "Ignoring scratch file $_file" + ;; + *) # run in subshell + if [ -x $_file ]; then + if [ -n "$rc_fast_and_loose" ]; then + set $_arg; . $_file + else + ( trap "echo Script $_file interrupted; kill -QUIT $$" 3 + trap "echo Script $_file interrupted; exit 1" 2 + trap "echo Script $_file running" 29 + set $_arg; . $_file ) + fi + fi + ;; + esac +} + +# +# load_rc_config name +# Source in the configuration file for a given name. +# +load_rc_config() +{ + local _name _var _defval _v _msg _new + _name=$1 + if [ -z "$_name" ]; then + err 3 'USAGE: load_rc_config name' + fi + + if ${_rc_conf_loaded:-false}; then + : + else + if [ -r /etc/defaults/rc.conf ]; then + debug "Sourcing /etc/defaults/rc.conf" + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)." + . /etc/rc.conf + fi + _rc_conf_loaded=true + fi + if [ -f /etc/rc.conf.d/"$_name" ]; then + debug "Sourcing /etc/rc.conf.d/${_name}" + . /etc/rc.conf.d/"$_name" + fi + + # Set defaults if defined. + for _var in $rcvar $rcvars; do + eval _defval=\$${_var}_defval + if [ -n "$_defval" ]; then + eval : \${$_var:=\$${_var}_defval} + fi + done + + # check obsolete rc.conf variables + for _var in $rcvars_obsolete; do + eval _v=\$$_var + eval _msg=\$${_var}_obsolete_msg + eval _new=\$${_var}_newvar + case $_v in + "") + ;; + *) + if [ -z "$_new" ]; then + _msg="Ignored." + else + eval $_new=\"\$$_var\" + if [ -z "$_msg" ]; then + _msg="Use \$$_new instead." + fi + fi + warn "\$$_var is obsolete. $_msg" + ;; + esac + done +} + +# +# load_rc_config_var name var +# Read the rc.conf(5) var for name and set in the +# current shell, using load_rc_config in a subshell to prevent +# unwanted side effects from other variable assignments. +# +load_rc_config_var() +{ + if [ $# -ne 2 ]; then + err 3 'USAGE: load_rc_config_var name var' + fi + eval $(eval '( + load_rc_config '$1' >/dev/null; + if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then + echo '$2'=\'\''${'$2'}\'\''; + fi + )' ) +} + +# +# rc_usage commands +# Print a usage string for $0, with `commands' being a list of +# valid commands. +# +rc_usage() +{ + echo -n 1>&2 "Usage: $0 [fast|force|one](" + + _sep= + for _elem; do + echo -n 1>&2 "$_sep$_elem" + _sep="|" + done + echo 1>&2 ")" + exit 1 +} + +# +# err exitval message +# Display message to stderr and log to the syslog, and exit with exitval. +# +err() +{ + exitval=$1 + shift + + if [ -x /usr/bin/logger ]; then + logger "$0: ERROR: $*" + fi + echo 1>&2 "$0: ERROR: $*" + exit $exitval +} + +# +# warn message +# Display message to stderr and log to the syslog. +# +warn() +{ + if [ -x /usr/bin/logger ]; then + logger "$0: WARNING: $*" + fi + echo 1>&2 "$0: WARNING: $*" +} + +# +# info message +# Display informational message to stdout and log to syslog. +# +info() +{ + case ${rc_info} in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + if [ -x /usr/bin/logger ]; then + logger "$0: INFO: $*" + fi + echo "$0: INFO: $*" + ;; + esac +} + +# +# debug message +# If debugging is enabled in rc.conf output message to stderr. +# BEWARE that you don't call any subroutine that itself calls this +# function. +# +debug() +{ + case ${rc_debug} in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + if [ -x /usr/bin/logger ]; then + logger "$0: DEBUG: $*" + fi + echo 1>&2 "$0: DEBUG: $*" + ;; + esac +} + +# +# backup_file action file cur backup +# Make a backup copy of `file' into `cur', and save the previous +# version of `cur' as `backup' or use rcs for archiving. +# +# This routine checks the value of the backup_uses_rcs variable, +# which can be either YES or NO. +# +# The `action' keyword can be one of the following: +# +# add `file' is now being backed up (and is possibly +# being reentered into the backups system). `cur' +# is created and RCS files, if necessary, are +# created as well. +# +# update `file' has changed and needs to be backed up. +# If `cur' exists, it is copied to to `back' or +# checked into RCS (if the repository file is old), +# and then `file' is copied to `cur'. Another RCS +# check in done here if RCS is being used. +# +# remove `file' is no longer being tracked by the backups +# system. If RCS is not being used, `cur' is moved +# to `back', otherwise an empty file is checked in, +# and then `cur' is removed. +# +# +backup_file() +{ + _action=$1 + _file=$2 + _cur=$3 + _back=$4 + + if checkyesno backup_uses_rcs; then + _msg0="backup archive" + _msg1="update" + + # ensure that history file is not locked + if [ -f $_cur,v ]; then + rcs -q -u -U -M $_cur + fi + + # ensure after switching to rcs that the + # current backup is not lost + if [ -f $_cur ]; then + # no archive, or current newer than archive + if [ ! -f $_cur,v -o $_cur -nt $_cur,v ]; then + ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur + rcs -q -kb -U $_cur + co -q -f -u $_cur + fi + fi + + case $_action in + add|update) + cp -p $_file $_cur + ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur + rcs -q -kb -U $_cur + co -q -f -u $_cur + chown root:wheel $_cur $_cur,v + ;; + remove) + cp /dev/null $_cur + ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur + rcs -q -kb -U $_cur + chown root:wheel $_cur $_cur,v + rm $_cur + ;; + esac + else + case $_action in + add|update) + if [ -f $_cur ]; then + cp -p $_cur $_back + fi + cp -p $_file $_cur + chown root:wheel $_cur + ;; + remove) + mv -f $_cur $_back + ;; + esac + fi +} + +# make_symlink src link +# Make a symbolic link 'link' to src from basedir. If the +# directory in which link is to be created does not exist +# a warning will be displayed and an error will be returned. +# Returns 0 on sucess, 1 otherwise. +# +make_symlink() +{ + local src link linkdir _me + src="$1" + link="$2" + linkdir="`dirname $link`" + _me="make_symlink()" + + if [ -z "$src" -o -z "$link" ]; then + warn "$_me: requires two arguments." + return 1 + fi + if [ ! -d "$linkdir" ]; then + warn "$_me: the directory $linkdir does not exist." + return 1 + fi + if ! ln -sf $src $link; then + warn "$_me: unable to make a symbolic link from $link to $src" + return 1 + fi + return 0 +} + +# devfs_rulesets_from_file file +# Reads a set of devfs commands from file, and creates +# the specified rulesets with their rules. Returns non-zero +# if there was an error. +# +devfs_rulesets_from_file() +{ + local file _err _me + file="$1" + _me="devfs_rulesets_from_file" + _err=0 + + if [ -z "$file" ]; then + warn "$_me: you must specify a file" + return 1 + fi + if [ ! -e "$file" ]; then + debug "$_me: no such file ($file)" + return 0 + fi + debug "reading rulesets from file ($file)" + { while read line + do + case $line in + \#*) + continue + ;; + \[*\]*) + rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"` + if [ -z "$rulenum" ]; then + warn "$_me: cannot extract rule number ($line)" + _err=1 + break + fi + rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"` + if [ -z "$rulename" ]; then + warn "$_me: cannot extract rule name ($line)" + _err=1 + break; + fi + eval $rulename=\$rulenum + debug "found ruleset: $rulename=$rulenum" + if ! /sbin/devfs rule -s $rulenum delset; then + _err=1 + break + fi + ;; + *) + rulecmd="${line%%"\#*"}" + # evaluate the command incase it includes + # other rules + if [ -n "$rulecmd" ]; then + debug "adding rule ($rulecmd)" + if ! eval /sbin/devfs rule -s $rulenum $rulecmd + then + _err=1 + break + fi + fi + ;; + esac + if [ $_err -ne 0 ]; then + debug "error in $_me" + break + fi + done } < $file + return $_err +} + +# devfs_init_rulesets +# Initializes rulesets from configuration files. Returns +# non-zero if there was an error. +# +devfs_init_rulesets() +{ + local file _me + _me="devfs_init_rulesets" + + # Go through this only once + if [ -n "$devfs_rulesets_init" ]; then + debug "$_me: devfs rulesets already initialized" + return + fi + for file in $devfs_rulesets; do + if ! devfs_rulesets_from_file $file; then + warn "$_me: could not read rules from $file" + return 1 + fi + done + devfs_rulesets_init=1 + debug "$_me: devfs rulesets initialized" + return 0 +} + +# devfs_set_ruleset ruleset [dir] +# Sets the default ruleset of dir to ruleset. The ruleset argument +# must be a ruleset name as specified in devfs.rules(5) file. +# Returns non-zero if it could not set it successfully. +# +devfs_set_ruleset() +{ + local devdir rs _me + [ -n "$1" ] && eval rs=\$$1 || rs= + [ -n "$2" ] && devdir="-m "$2"" || devdir= + _me="devfs_set_ruleset" + + if [ -z "$rs" ]; then + warn "$_me: you must specify a ruleset number" + return 1 + fi + debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })" + if ! /sbin/devfs $devdir ruleset $rs; then + warn "$_me: unable to set ruleset $rs to ${devdir#-m }" + return 1 + fi + return 0 +} + +# devfs_apply_ruleset ruleset [dir] +# Apply ruleset number $ruleset to the devfs mountpoint $dir. +# The ruleset argument must be a ruleset name as specified +# in a devfs.rules(5) file. Returns 0 on success or non-zero +# if it could not apply the ruleset. +# +devfs_apply_ruleset() +{ + local devdir rs _me + [ -n "$1" ] && eval rs=\$$1 || rs= + [ -n "$2" ] && devdir="-m "$2"" || devdir= + _me="devfs_apply_ruleset" + + if [ -z "$rs" ]; then + warn "$_me: you must specify a ruleset" + return 1 + fi + debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })" + if ! /sbin/devfs $devdir rule -s $rs applyset; then + warn "$_me: unable to apply ruleset $rs to ${devdir#-m }" + return 1 + fi + return 0 +} + +# devfs_domount dir [ruleset] +# Mount devfs on dir. If ruleset is specified it is set +# on the mount-point. It must also be a ruleset name as specified +# in a devfs.rules(5) file. Returns 0 on success. +# +devfs_domount() +{ + local devdir rs _me + devdir="$1" + [ -n "$2" ] && rs=$2 || rs= + _me="devfs_domount()" + + if [ -z "$devdir" ]; then + warn "$_me: you must specify a mount-point" + return 1 + fi + debug "$_me: mount-point is ($devdir), ruleset is ($rs)" + if ! mount -t devfs dev "$devdir"; then + warn "$_me: Unable to mount devfs on $devdir" + return 1 + fi + if [ -n "$rs" ]; then + devfs_init_rulesets + devfs_set_ruleset $rs $devdir + devfs -m $devdir rule applyset + fi + return 0 +} + +# devfs_mount_jail dir [ruleset] +# Mounts a devfs file system appropriate for jails +# on the directory dir. If ruleset is specified, the ruleset +# it names will be used instead. If present, ruleset must +# be the name of a ruleset as defined in a devfs.rules(5) file. +# This function returns non-zero if an error occurs. +# +devfs_mount_jail() +{ + local jdev rs _me + jdev="$1" + [ -n "$2" ] && rs=$2 || rs="devfsrules_jail" + _me="devfs_mount_jail" + + devfs_init_rulesets + if ! devfs_domount "$jdev" $rs; then + warn "$_me: devfs was not mounted on $jdev" + return 1 + fi + return 0 +} + +# Provide a function for normalizing the mounting of memory +# filesystems. This should allow the rest of the code here to remain +# as close as possible between 5-current and 4-stable. +# $1 = size +# $2 = mount point +# $3 = (optional) extra mdmfs flags +mount_md() +{ + if [ -n "$3" ]; then + flags="$3" + fi + /sbin/mdmfs $flags -s $1 md $2 +} + +# Code common to scripts that need to load a kernel module +# if it isn't in the kernel yet. Syntax: +# load_kld [-e regex] [-m module] file +# where -e or -m chooses the way to check if the module +# is already loaded: +# regex is egrep'd in the output from `kldstat -v', +# module is passed to `kldstat -m'. +# The default way is as though `-m file' were specified. +load_kld() +{ + local _loaded _mod _opt _re + + while getopts "e:m:" _opt; do + case "$_opt" in + e) _re="$OPTARG" ;; + m) _mod="$OPTARG" ;; + *) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;; + esac + done + shift $(($OPTIND - 1)) + if [ $# -ne 1 ]; then + err 3 'USAGE: load_kld [-e regex] [-m module] file' + fi + _mod=${_mod:-$1} + _loaded=false + if [ -n "$_re" ]; then + if kldstat -v | egrep -q -e "$_re"; then + _loaded=true + fi + else + if kldstat -q -m "$_mod"; then + _loaded=true + fi + fi + if ! $_loaded; then + if ! kldload "$1"; then + warn "Unable to load kernel module $1" + return 1 + else + info "$1 kernel module loaded." + fi + else + debug "load_kld: $1 kernel module already loaded." + fi + return 0 +} + +# ltr str src dst +# Change every $src in $str to $dst. +# Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor +# awk(1). +ltr() +{ + local _str _src _dst _out _com + _str=$1 + _src=$2 + _dst=$3 + _out="" + + IFS=${_src} + for _com in ${_str}; do + if [ -z "${_out}" ]; then + _out="${_com}" + else + _out="${_out}${_dst}${_com}" + fi + done + echo "${_out}" +} + +# Creates a list of providers for GELI encryption. +geli_make_list() +{ + local devices devices2 + local provider mountpoint type options rest + + # Create list of GELI providers from fstab. + while read provider mountpoint type options rest ; do + case ":${options}" in + :*noauto*) + noauto=yes + ;; + *) + noauto=no + ;; + esac + + case ":${provider}" in + :#*) + continue + ;; + *.eli) + # Skip swap devices. + if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then + continue + fi + devices="${devices} ${provider}" + ;; + esac + done < /etc/fstab + + # Append providers from geli_devices. + devices="${devices} ${geli_devices}" + + for provider in ${devices}; do + provider=${provider%.eli} + provider=${provider#/dev/} + devices2="${devices2} ${provider}" + done + + echo ${devices2} +} + +# Find scripts in local_startup directories that use the old syntax +# +find_local_scripts_old () { + zlist='' + slist='' + for dir in ${local_startup}; do + if [ -d "${dir}" ]; then + for file in ${dir}/[0-9]*.sh; do + grep '^# PROVIDE:' $file >/dev/null 2>&1 && + continue + zlist="$zlist $file" + done + for file in ${dir}/[!0-9]*.sh; do + grep '^# PROVIDE:' $file >/dev/null 2>&1 && + continue + slist="$slist $file" + done + fi + done +} + +find_local_scripts_new () { + local_rc='' + for dir in ${local_startup}; do + if [ -d "${dir}" ]; then + for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do + case "$file" in + *.sample) ;; + *) if [ -x "$file" ]; then + local_rc="${local_rc} ${file}" + fi + ;; + esac + done + fi + done +} + +# check_required_{before|after} command +# Check for things required by the command before and after its precmd, +# respectively. The two separate functions are needed because some +# conditions should prevent precmd from being run while other things +# depend on precmd having already been run. +# +check_required_before() +{ + local _f + + case "$1" in + start) + for _f in $required_vars; do + if ! checkyesno $_f; then + warn "\$${_f} is not enabled." + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + + for _f in $required_dirs; do + if [ ! -d "${_f}/." ]; then + warn "${_f} is not a directory." + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + + for _f in $required_files; do + if [ ! -r "${_f}" ]; then + warn "${_f} is not readable." + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + ;; + esac + + return 0 +} + +check_required_after() +{ + local _f _args + + case "$1" in + start) + for _f in $required_modules; do + case "${_f}" in + *~*) _args="-e ${_f#*~} ${_f%%~*}" ;; + *:*) _args="-m ${_f#*:} ${_f%%:*}" ;; + *) _args="${_f}" ;; + esac + if ! load_kld ${_args}; then + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + ;; + esac + + return 0 +} + +# check_kern_features mib +# Return existence of kern.features.* sysctl MIB as true or +# false. The result will be cached in $_rc_cache_kern_features_ +# namespace. "0" means the kern.features.X exists. + +check_kern_features() +{ + local _v + + [ -n "$1" ] || return 1; + eval _v=\$_rc_cache_kern_features_$1 + [ -n "$_v" ] && return "$_v"; + + if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then + eval _rc_cache_kern_features_$1=0 + return 0 + else + eval _rc_cache_kern_features_$1=1 + return 1 + fi +} + +# _echoonce var msg mode +# mode=0: Echo $msg if ${$var} is empty. +# After doing echo, a string is set to ${$var}. +# +# mode=1: Echo $msg if ${$var} is a string with non-zero length. +# +_echoonce() +{ + local _var _msg _mode + eval _var=\$$1 + _msg=$2 + _mode=$3 + + case $_mode in + 1) [ -n "$_var" ] && echo "$_msg" ;; + *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;; + esac +} + +fi # [ -z "${_rc_subr_loaded}" ] + +_rc_subr_loaded=: diff --git a/etc/rc.suspend b/etc/rc.suspend new file mode 100755 index 0000000..90c085b --- /dev/null +++ b/etc/rc.suspend @@ -0,0 +1,79 @@ +#!/bin/sh +# +# Copyright (c) 1999 Mitsuru IWASAKI +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# sample run command file for APM Suspend Event + +if [ $# -ne 2 ]; then + echo "Usage: $0 [apm|acpi] [standby,suspend|1-4]" + exit 1 +fi + +subsystem=$1 +state=$2 + +if [ -r /var/run/rc.suspend.pid ]; then + exit 1 +fi + +echo $$ 2> /dev/null > /var/run/rc.suspend.pid + +_t=`/sbin/sysctl -n kern.timecounter.hardware 2> /dev/null` +case ${_t#ACPI-} in +fast|safe) + /bin/rm -f /var/run/rc.suspend.tch + ;; +*) + { /sbin/sysctl -n kern.timecounter.hardware=ACPI-fast || \ + /sbin/sysctl -n kern.timecounter.hardware=ACPI-safe; } \ + > /dev/null 2>&1 && echo $_t > /var/run/rc.suspend.tch + ;; +esac + +# If you have troubles on suspending with PC-CARD modem, try this. +# See also contrib/pccardq.c (Only for PAO users). +# pccardq | awk -F '~' '$5 == "filled" && $4 ~ /uart/ \ +# { printf("pccardc power %d 0", $1); }' | sh + +# If a device driver has problems suspending, try unloading it before +# suspend and reloading it on resume. Example: +# kldunload usb + +/usr/bin/logger -t $subsystem suspend at `/bin/date +'%Y%m%d %H:%M:%S'` +/bin/sync && /bin/sync && /bin/sync +/bin/sleep 3 + +/bin/rm -f /var/run/rc.suspend.pid +if [ $subsystem = "apm" ]; then + /usr/sbin/zzz +else + # Notify the kernel to continue the suspend process + /usr/sbin/acpiconf -k 0 +fi + +exit 0 diff --git a/etc/regdomain.xml b/etc/regdomain.xml new file mode 100644 index 0000000..ff57113 --- /dev/null +++ b/etc/regdomain.xml @@ -0,0 +1,1901 @@ +<!-- + Copyright (c) 2007-2008 Sam Leffler, Errno Consulting + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + $FreeBSD$ +--> + +<regulatory-data> + +<!-- Regdomain/SKU definitions --> + +<regulatory-domains> + +<!-- + DEBUG holds all available channels; the driver/device + defines what the capabilities and tx power caps are. + Regdomain code gets this information with the + IEEE80211_IOC_DRIVERCAPS ioctl. +--> +<rd id="debug"> + <name>DEBUG</name> + <sku>0x1ff</sku> +</rd> + +<rd id="fcc"> + <name>FCC</name> + <sku>0x10</sku> + <defcc ref="US"/> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_5825_5825"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> +</rd> + +<!-- FCC3 is FCC w/ DFS on Upper-UNI --> + +<rd id="fcc3"> + <name>FCC3</name> + <sku>0x3a</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5580"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5660_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5825_5825"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5580"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5500_5580"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5660_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5660_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> +</rd> + +<!-- FCC4 is 2.4GHz FCC w/ Public Safety Band (PSB) --> + +<rd id="fcc4"> + <name>FCC4</name> + <sku>0x12</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_4950_4980"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_4945_4985_10"/> + <maxpower>27</maxpower> + </band> + <band> + <freqband ref="F1_4942_4987_5"/> + <maxpower>30</maxpower> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> +</rd> + +<rd id="japan"> + <name>JAPAN</name> + <sku>0x40</sku> + <defcc ref="JP"/> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + <band> + <freqband ref="F1_2484_2484"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_4920_4980"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_5040_5080"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2472"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_4920_4980"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_4920_4980"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5040_5080"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5040_5080"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5180_5240"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5500_5680"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> +</rd> + +<rd id="etsi"> + <name>ETSI</name> + <sku>0x30</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5500_5680"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> +</rd> + +<!-- ETSI w/o HT40 in 5GHz --> + +<rd id="etsi2"> + <name>ETSI2</name> + <sku>0x32</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5120_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5120_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> +</rd> + +<!-- ETSI - channel 36 --> + +<rd id="etsi3"> + <name>ETSI3</name> + <sku>0x33</sku> + <defcc ref="RO"/> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5200_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5280_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5200_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5200_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5280_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5280_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5500_5680"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + </netband> +</rd> + +<rd id="apac"> + <name>APAC</name> + <sku>0x50</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_5825_5825"/> + <maxpower>23</maxpower> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> +</rd> + +<!-- APAC w/ DFS on Mid-band --> + +<rd id="apac2"> + <name>APAC2</name> + <sku>0x51</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5120_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + </band> + <band> + <freqband ref="F1_5825_5825"/> + <maxpower>23</maxpower> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5120_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5120_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> +</rd> + +<!-- APAC w/o ISM band --> + +<rd id="apac3"> + <name>APAC3</name> + <sku>0x5d</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + <flags>IEEE80211_CHAN_DFS</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> +</rd> + +<rd id="korea"> + <name>KOREA</name> + <sku>0x45</sku> + <defcc ref="KR"/> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + <band> + <freqband ref="F1_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="F1_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5500_5620"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="F1_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5180_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5500_5620"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> +</rd> + +<!-- Rest Of World --> + +<rd id="row"> + <name>ROW</name> + <sku>0x8a</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> +</rd> + +<rd id="none"> + <name>NONE</name> + <sku>0xf0</sku> + <netband mode="11b"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + </band> + <band> + <freqband ref="F1_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_B</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11g"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="F1_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11a"> + <band> + <freqband ref="F1_5120_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5825_5825"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11ng"> + <band> + <freqband ref="F1_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + </band> + <band> + <freqband ref="H4_2412_2462"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + </band> + <band> + <freqband ref="F1_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_2467_2472"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> + <netband mode="11na"> + <band> + <freqband ref="F1_5120_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5120_5240"/> + <maxpower>17</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5260_5320"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5500_5700"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5500_5680"/> + <maxpower>24</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5745_5805"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="F1_5825_5825"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT20</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + <band> + <freqband ref="H4_5825_5825"/> + <maxpower>23</maxpower> + <flags>IEEE80211_CHAN_HT40</flags> + <flags>IEEE80211_CHAN_PASSIVE</flags> + </band> + </netband> +</rd> + +<rd id="sr9"> + <name>SR9</name> + <sku>0x0298</sku> + <netband mode="11g"> + <band> + <freqband ref="S1_907_922_5"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="S1_907_922_10"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="S1_912_917"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> +</rd> + +<rd id="xr9"> + <name>XR9</name> + <sku>0x299</sku> + <netband mode="11g"> + <band> + <freqband ref="S1_907_922_5"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="S1_907_922_10"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="S1_912_917"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> +</rd> + +<rd id="gz901"> + <name>GZ901</name> + <sku>0x29a</sku> + <netband mode="11g"> + <band> + <freqband ref="S1_908_923_5"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="S1_913_918_10"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + <band> + <freqband ref="S1_913_918"/> + <maxpower>30</maxpower> + <flags>IEEE80211_CHAN_G</flags> + </band> + </netband> +</rd> +</regulatory-domains> + +<country-codes> +<!-- + ISO 3166 Country/Region codes and regdomain mapping. + + http://ftp.ics.uci.edu/pub/ietf/http/related/iso3166.txt + has the list of codes. + XXX this table is incomplete +--> +<country id="AL"> + <isocc>8</isocc> <name>Albania</name> <rd ref="none"/> +</country> +<country id="DZ"> + <isocc>12</isocc> <name>Algeria</name> <rd ref="none"/> +</country> +<country id="AR"> + <isocc>32</isocc> <name>Argentina</name> <rd ref="none"/> +</country> +<country id="AM"> + <isocc>51</isocc> <name>Armenia</name> <rd ref="etsi"/> +</country> +<country id="AU"> + <isocc>36</isocc> <name>Australia</name> <rd ref="row"/> +</country> +<country id="AT"> + <isocc>40</isocc> <name>Austria</name> <rd ref="etsi2"/> +</country> +<country id="AZ"> + <isocc>31</isocc> <name>Azerbaijan</name> <rd ref="etsi"/> +</country> +<country id="BH"> + <isocc>48</isocc> <name>Bahrain</name> <rd ref="none"/> +</country> +<country id="BD"> + <isocc>50</isocc> <name>Bangladesh</name> <rd ref="row"/> +</country> +<country id="BY"> + <isocc>112</isocc> <name>Belarus</name> <rd ref="none"/> +</country> +<country id="BE"> + <isocc>56</isocc> <name>Belgium</name> <rd ref="etsi"/> +</country> +<country id="BZ"> + <isocc>84</isocc> <name>Belize</name> <rd ref="none"/> +</country> +<country id="BO"> + <isocc>68</isocc> <name>Bolivia</name> <rd ref="none"/> +</country> +<country id="BR"> + <isocc>76</isocc> <name>Brazil</name> <rd ref="fcc"/> +</country> +<country id="BN"> + <isocc>96</isocc> <name>Brunei</name> <rd ref="apac"/> +</country> +<country id="BG"> + <isocc>100</isocc> <name>Bulgaria</name> <rd ref="etsi"/> +</country> +<country id="CA"> + <isocc>124</isocc> <name>Canada</name> <rd ref="fcc"/> +</country> +<country id="CL"> + <isocc>152</isocc> <name>Chile</name> <rd ref="row"/> +</country> +<country id="CN"> + <isocc>156</isocc> <name>China</name> <rd ref="row"/> +</country> +<country id="CO"> + <isocc>170</isocc> <name>Colombia</name> <rd ref="fcc"/> +</country> +<country id="CR"> + <isocc>188</isocc> <name>Costa Rica</name> <rd ref="none"/> +</country> +<country id="HR"> + <isocc>191</isocc> <name>Croatia</name> <rd ref="etsi"/> +</country> +<country id="CY"> + <isocc>196</isocc> <name>Cyprus</name> <rd ref="etsi"/> +</country> +<country id="CZ"> + <isocc>203</isocc> <name>Czech Republic</name> <rd ref="etsi"/> +</country> +<country id="DK"> + <isocc>208</isocc> <name>Denmark</name> <rd ref="etsi"/> +</country> +<country id="DO"> + <isocc>214</isocc> <name>Dominican Republic</name> <rd ref="none"/> +</country> +<country id="EC"> + <isocc>218</isocc> <name>Ecuador</name> <rd ref="none"/> +</country> +<country id="EG"> + <isocc>818</isocc> <name>Egypt</name> <rd ref="none"/> +</country> +<country id="SV"> + <isocc>222</isocc> <name>El Salvador</name> <rd ref="none"/> +</country> +<country id="EE"> + <isocc>233</isocc> <name>Estonia</name> <rd ref="etsi"/> +</country> +<country id="FI"> + <isocc>246</isocc> <name>Finland</name> <rd ref="etsi"/> +</country> +<country id="FR"> + <isocc>250</isocc> <name>France</name> <rd ref="etsi"/> +</country> +<country id="F2"> + <isocc>255</isocc> <name>France2</name> <rd ref="etsi"/> +</country> +<country id="GE"> + <isocc>268</isocc> <name>Georgia</name> <rd ref="etsi"/> +</country> +<country id="DE"> + <isocc>276</isocc> <name>Germany</name> <rd ref="etsi"/> +</country> +<country id="GR"> + <isocc>300</isocc> <name>Greece</name> <rd ref="etsi"/> +</country> +<country id="GT"> + <isocc>320</isocc> <name>Guatemala</name> <rd ref="none"/> +</country> +<country id="HN"> + <isocc>340</isocc> <name>Honduras</name> <rd ref="none"/> +</country> +<country id="HK"> + <isocc>344</isocc> <name>Hong Kong</name> <rd ref="apac"/> +</country> +<country id="HU"> + <isocc>348</isocc> <name>Hungary</name> <rd ref="etsi"/> +</country> +<country id="IS"> + <isocc>352</isocc> <name>Iceland</name> <rd ref="etsi"/> +</country> +<country id="IN"> + <isocc>356</isocc> <name>India</name> <rd ref="apac"/> +</country> +<country id="ID"> + <isocc>360</isocc> <name>Indonesia</name> <rd ref="none"/> +</country> +<country id="IR"> + <isocc>364</isocc> <name>Iran</name> <rd ref="none"/> +</country> +<country id="IE"> + <isocc>372</isocc> <name>Ireland</name> <rd ref="etsi"/> +</country> +<country id="IL"> + <isocc>376</isocc> <name>Israel</name> <rd ref="none"/> +</country> +<country id="IT"> + <isocc>380</isocc> <name>Italy</name> <rd ref="etsi"/> +</country> +<country id="JM"> + <isocc>388</isocc> <name>Jamaica</name> <rd ref="none"/> +</country> +<country id="JP"> + <isocc>392</isocc> <name>Japan</name> <rd ref="japan"/> +</country> +<country id="J1"> + <isocc>393</isocc> <name>Japan1</name> <rd ref="japan"/> +</country> +<country id="J2"> + <isocc>394</isocc> <name>Japan2</name> <rd ref="japan"/> +</country> +<country id="J3"> + <isocc>395</isocc> <name>Japan3</name> <rd ref="japan"/> +</country> +<country id="J4"> + <isocc>396</isocc> <name>Japan4</name> <rd ref="japan"/> +</country> +<country id="J5"> + <isocc>397</isocc> <name>Japan5</name> <rd ref="japan"/> +</country> +<country id="JO"> + <isocc>400</isocc> <name>Jordan</name> <rd ref="none"/> +</country> +<country id="KZ"> + <isocc>398</isocc> <name>Kazakhstan</name> <rd ref="none"/> +</country> +<country id="KP"> + <isocc>408</isocc> <name>North Korea</name> <rd ref="korea"/> +</country> +<country id="KR"> + <isocc>410</isocc> <name>Korea Republic</name> <rd ref="korea"/> +</country> +<country id="K2"> + <isocc>411</isocc> <name>Korea Republic2</name> <rd ref="none"/> +</country> +<country id="KW"> + <isocc>414</isocc> <name>Kuwait</name> <rd ref="none"/> +</country> +<country id="LV"> + <isocc>428</isocc> <name>Latvia</name> <rd ref="etsi2"/> +</country> +<country id="LB"> + <isocc>422</isocc> <name>Lebanon</name> <rd ref="none"/> +</country> +<country id="LI"> + <isocc>438</isocc> <name>Liechtenstein</name> <rd ref="etsi"/> +</country> +<country id="LT"> + <isocc>440</isocc> <name>Lithuania</name> <rd ref="etsi"/> +</country> +<country id="LU"> + <isocc>442</isocc> <name>Luxemborg</name> <rd ref="etsi"/> +</country> +<country id="MO"> + <isocc>446</isocc> <name>Macau</name> <rd ref="none"/> +</country> +<country id="MK"> + <isocc>807</isocc> <name>Macedonia</name> <rd ref="none"/> +</country> +<country id="MY"> + <isocc>458</isocc> <name>Malaysia</name> <rd ref="apac3"/> +</country> +<country id="MT"> + <isocc>470</isocc> <name>Malta</name> <rd ref="etsi"/> +</country> +<country id="MX"> + <isocc>484</isocc> <name>Mexico</name> <rd ref="fcc"/> +</country> +<country id="MC"> + <isocc>492</isocc> <name>Monaco</name> <rd ref="none"/> +</country> +<country id="MA"> + <isocc>504</isocc> <name>Morocco</name> <rd ref="etsi"/> +</country> +<country id="NP"> + <isocc>524</isocc> <name>Nepal</name> <rd ref="row"/> +</country> +<country id="NL"> + <isocc>528</isocc> <name>Netherlands</name> <rd ref="etsi"/> +</country> +<country id="NZ"> + <isocc>554</isocc> <name>New Zealand</name> <rd ref="apac"/> +</country> +<country id="NO"> + <isocc>578</isocc> <name>Norway</name> <rd ref="etsi"/> +</country> +<country id="OM"> + <isocc>512</isocc> <name>Oman</name> <rd ref="none"/> +</country> +<country id="PK"> + <isocc>586</isocc> <name>Pakistan</name> <rd ref="row"/> +</country> +<country id="PA"> + <isocc>591</isocc> <name>Panama</name> <rd ref="none"/> +</country> +<country id="PE"> + <isocc>604</isocc> <name>Peru</name> <rd ref="none"/> +</country> +<country id="PH"> + <isocc>608</isocc> <name>Phillipines</name> <rd ref="apac2"/> +</country> +<country id="PL"> + <isocc>616</isocc> <name>Poland</name> <rd ref="etsi"/> +</country> +<country id="PT"> + <isocc>620</isocc> <name>Portugal</name> <rd ref="etsi"/> +</country> +<country id="PR"> + <isocc>630</isocc> <name>Puerto Rico</name> <rd ref="fcc"/> +</country> +<country id="QA"> + <isocc>634</isocc> <name>Quatar</name> <rd ref="none"/> +</country> +<country id="RO"> + <isocc>642</isocc> <name>Romania</name> <rd ref="etsi"/> +</country> +<country id="RU"> + <isocc>643</isocc> <name>Rusia</name> <rd ref="none"/> +</country> +<country id="SA"> + <isocc>682</isocc> <name>Saudi Arabia</name> <rd ref="none"/> +</country> +<country id="SG"> + <isocc>702</isocc> <name>Singapore</name> <rd ref="apac2"/> +</country> +<country id="SK"> + <isocc>703</isocc> <name>Slovak Republic</name> <rd ref="etsi2"/> +</country> +<country id="SI"> + <isocc>705</isocc> <name>Slovenia</name> <rd ref="etsi"/> +</country> +<country id="ZA"> + <isocc>710</isocc> <name>South Africa</name> <rd ref="none"/> +</country> +<country id="ES"> + <isocc>724</isocc> <name>Spain</name> <rd ref="etsi2"/> +</country> +<country id="LK"> + <isocc>144</isocc> <name>Sri Lanka</name> <rd ref="apac2"/> +</country> +<country id="SE"> + <isocc>752</isocc> <name>Sweden</name> <rd ref="etsi"/> +</country> +<country id="CH"> + <isocc>756</isocc> <name>Switzerland</name> <rd ref="etsi"/> +</country> +<country id="SY"> + <isocc>760</isocc> <name>Syria</name> <rd ref="none"/> +</country> +<country id="TW"> + <isocc>158</isocc> <name>Taiwan</name> <rd ref="row"/> +</country> +<country id="TH"> + <isocc>764</isocc> <name>Thailand</name> <rd ref="none"/> +</country> +<country id="TT"> + <isocc>780</isocc> <name>Tobago</name> <rd ref="none"/> +</country> +<country id="TN"> + <isocc>788</isocc> <name>Tunisia</name> <rd ref="none"/> +</country> +<country id="TR"> + <isocc>792</isocc> <name>Turkey</name> <rd ref="etsi"/> +</country> +<country id="UA"> + <isocc>804</isocc> <name>Ukraine</name> <rd ref="none"/> +</country> +<country id="AE"> + <isocc>784</isocc> <name>United Arab Emirates</name> <rd ref="none"/> +</country> +<country id="GB"> + <isocc>826</isocc> <name>United Kingdom</name> <rd ref="etsi"/> +</country> +<country id="US"> + <isocc>840</isocc> <name>United States</name> <rd ref="fcc"/> +</country> +<country id="UY"> + <isocc>858</isocc> <name>Uruguay</name> <rd ref="none"/> +</country> +<country id="UZ"> + <isocc>860</isocc> <name>Uzbekistan</name> <rd ref="none"/> +</country> +<country id="VE"> + <isocc>862</isocc> <name>Venezuela</name> <rd ref="fcc"/> +</country> +<country id="VN"> + <isocc>704</isocc> <name>Viet Nam</name> <rd ref="apac2"/> +</country> +<country id="YE"> + <isocc>887</isocc> <name>Yemen</name> <rd ref="none"/> +</country> +<country id="ZW"> + <isocc>716</isocc> <name>Zimbabwe</name> <rd ref="none"/> +</country> + +<country id="DEBUG"> + <isocc>0</isocc> <name>Debug</name> <rd ref="debug"/> +</country> +</country-codes> + +<!-- + Band specifications referenced above. + NB: keep sorted by starting frequency, legacy before HT +--> +<shared-frequency-bands> +<freqband id="F1_4942_4987_5"> + <freqstart>4942</freqstart> <freqend>4987</freqend> + <chanwidth>5</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_A</flags> + <flags>IEEE80211_CHAN_QUARTER</flags> +</freqband> +<freqband id="F1_4945_4985_10"> + <freqstart>4945</freqstart> <freqend>4985</freqend> + <chanwidth>10</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_A</flags> + <flags>IEEE80211_CHAN_HALF</flags> +</freqband> +<freqband id="F1_4920_4980"> + <freqstart>4920</freqstart> <freqend>4980</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_4920_4980"> + <freqstart>4920</freqstart> <freqend>4980</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_4950_4980"> + <freqstart>4950</freqstart> <freqend>4980</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5040_5080"> + <freqstart>5040</freqstart> <freqend>5080</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5040_5080"> + <freqstart>5040</freqstart> <freqend>5080</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5120_5240"> + <freqstart>5120</freqstart> <freqend>5240</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5120_5240"> + <freqstart>5120</freqstart> <freqend>5240</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5180_5240"> + <freqstart>5180</freqstart> <freqend>5240</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5180_5240"> + <freqstart>5180</freqstart> <freqend>5240</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5200_5240"> + <freqstart>5200</freqstart> <freqend>5240</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5200_5240"> + <freqstart>5200</freqstart> <freqend>5240</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5260_5320"> + <freqstart>5260</freqstart> <freqend>5320</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5260_5320"> + <freqstart>5260</freqstart> <freqend>5320</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5260_5700"> + <freqstart>5260</freqstart> <freqend>5700</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5280_5320"> + <freqstart>5280</freqstart> <freqend>5320</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5280_5320"> + <freqstart>5280</freqstart> <freqend>5320</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5500_5580"> + <freqstart>5500</freqstart> <freqend>5580</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5500_5580"> + <freqstart>5500</freqstart> <freqend>5580</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5500_5620"> + <freqstart>5500</freqstart> <freqend>5620</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5500_5620"> + <freqstart>5500</freqstart> <freqend>5620</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5500_5680"> + <freqstart>5500</freqstart> <freqend>5680</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5500_5700"> + <freqstart>5500</freqstart> <freqend>5700</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5660_5700"> + <freqstart>5660</freqstart> <freqend>5700</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5660_5700"> + <freqstart>5660</freqstart> <freqend>5700</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5725_5825"> + <freqstart>5725</freqstart> <freqend>5825</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5745_5805"> + <freqstart>5745</freqstart> <freqend>5805</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5745_5805"> + <freqstart>5745</freqstart> <freqend>5805</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5745_5825"> + <freqstart>5745</freqstart> <freqend>5825</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="F1_5825_5825"> + <freqstart>5825</freqstart> <freqend>5825</freqend> + <chanwidth>20</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> +<freqband id="H4_5825_5825"> + <freqstart>5825</freqstart> <freqend>5825</freqend> + <chanwidth>40</chanwidth> <chansep>20</chansep> + <flags>IEEE80211_CHAN_A</flags> +</freqband> + +<freqband id="F1_2312_2372"> + <freqstart>2312</freqstart> <freqend>2372</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="F1_2412_2462"> + <freqstart>2412</freqstart> <freqend>2462</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="H4_2412_2462"> + <freqstart>2412</freqstart> <freqend>2462</freqend> + <chanwidth>40</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="F1_2412_2472"> + <freqstart>2412</freqstart> <freqend>2472</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="H4_2412_2472"> + <freqstart>2412</freqstart> <freqend>2472</freqend> + <chanwidth>40</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="F1_2467_2472"> + <freqstart>2467</freqstart> <freqend>2472</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="H4_2467_2472"> + <freqstart>2467</freqstart> <freqend>2472</freqend> + <chanwidth>40</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="F1_2484_2484"> + <freqstart>2484</freqstart> <freqend>2484</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> +</freqband> +<freqband id="F1_2512_2732"> + <freqstart>2512</freqstart> <freqend>2732</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> +</freqband> + +<freqband id="S1_907_922_5"> + <freqstart>907</freqstart> <freqend>922</freqend> + <chanwidth>5</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_GSM</flags> + <flags>IEEE80211_CHAN_QUARTER</flags> +</freqband> +<freqband id="S1_907_922_10"> + <freqstart>907</freqstart> <freqend>922</freqend> + <chanwidth>10</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_GSM</flags> + <flags>IEEE80211_CHAN_HALF</flags> +</freqband> +<freqband id="S1_912_917"> + <freqstart>912</freqstart> <freqend>917</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_GSM</flags> +</freqband> + +<freqband id="S1_908_923_5"> + <freqstart>908</freqstart> <freqend>923</freqend> + <chanwidth>5</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_GSM</flags> + <flags>IEEE80211_CHAN_QUARTER</flags> +</freqband> +<freqband id="S1_913_918_10"> + <freqstart>913</freqstart> <freqend>918</freqend> + <chanwidth>10</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_GSM</flags> + <flags>IEEE80211_CHAN_HALF</flags> +</freqband> +<freqband id="S1_913_918"> + <freqstart>913</freqstart> <freqend>918</freqend> + <chanwidth>20</chanwidth> <chansep>5</chansep> + <flags>IEEE80211_CHAN_GSM</flags> +</freqband> + +</shared-frequency-bands> + +</regulatory-data> diff --git a/etc/remote b/etc/remote new file mode 100644 index 0000000..c3e7808 --- /dev/null +++ b/etc/remote @@ -0,0 +1,76 @@ +# $FreeBSD$ +# +# @(#)remote 5.2 (Berkeley) 6/30/90 +# +# remote -- remote host description file +# see tip(1), remote(5) +# +# at ACU type +# br bit rate (defaults to 9600) +# cu call unit (default is dv) +# du make a call flag (dial up) +# dv device to use for the tty +# el EOL marks (default is NULL) +# fs frame size (default is BUFSIZ) -- used in buffering writes on +# receive operations +# ie input EOF marks (default is NULL) +# oe output EOF string (default is NULL) +# pa The parity type to use: even, odd, none, zero, one (default even) +# pn phone numbers (@ =>'s search phones file; possibly taken from +# PHONES environment variable) +# tc to continue a capability + +# Example systems +unixshell|Unix Access:\ + :pn=\@:tc=unix57600: +dosbbs|DOS-based BBS:\ + :pn=\@:tc=dos57600: + +# UNIX system definitions +unix57600|57600 Baud dial-out to a UNIX system:\ + :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial57600: +unix33600|33600 Baud dial-out to a UNIX system:\ + :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial33600: + +# DOS system definitions +dos57600|57600 Baud dial-out to a DOS system:\ + :el=^U^C^R^O^D^S^Q:ie=%$:oe=^Z:pa=none:tc=dial57600: + +# 33.6k and 56k modems run the com port at 115200 bps to allow for the +# compression performed in the modem. Note that some serial hardware +# does not support speeds above 38400 bps and that speeds above that have +# never been formally standardized. Modern architectures with 16550 or +# better UARTs typically have no issues with the higher speeds. +dial57600|57600 Baud Hayes attributes:\ + br#115200:tc=dial: +dial33600|33600 Baud Hayes attributes:\ + br#115200:tc=dial: +# 14.4k and 28.8k modems ran the port at 4x. Some rare 19.2 baud modems +# did too, but those aren't included in this example. +dial28800|28800 Baud Hayes attributes:\ + br#115200:tc=dial: +dial14400|14400 Baud Hayes attributes:\ + br#57600:tc=dial: +dial|Generic dialing parameters:\ + :dv=/dev/cuau0:cu=/dev/cuau0:at=hayes:du:pa=none: + +# Hardwired line +cuau0c|cua0c:dv=/dev/cuau0:br#9600:pa=none: + +# Finger friendly shortcuts +uart0|com1:dv=/dev/cuau0:br#9600:pa=none: +uart1|com2:dv=/dev/cuau1:br#9600:pa=none: +uart2|com3:dv=/dev/cuau2:br#9600:pa=none: +uart3|com4:dv=/dev/cuau3:br#9600:pa=none: +uart4|com5:dv=/dev/cuau4:br#9600:pa=none: +uart5|com6:dv=/dev/cuau5:br#9600:pa=none: +uart6|com7:dv=/dev/cuau6:br#9600:pa=none: +uart7|com8:dv=/dev/cuau7:br#9600:pa=none: +ucom1:dv=/dev/cuaU0:br#9600:pa=none: +ucom2:dv=/dev/cuaU1:br#9600:pa=none: +ucom3:dv=/dev/cuaU2:br#9600:pa=none: +ucom4:dv=/dev/cuaU3:br#9600:pa=none: +ucom5:dv=/dev/cuaU4:br#9600:pa=none: +ucom6:dv=/dev/cuaU5:br#9600:pa=none: +ucom7:dv=/dev/cuaU6:br#9600:pa=none: +ucom8:dv=/dev/cuaU7:br#9600:pa=none: diff --git a/etc/root/dot.cshrc b/etc/root/dot.cshrc new file mode 100644 index 0000000..36df9c6 --- /dev/null +++ b/etc/root/dot.cshrc @@ -0,0 +1,35 @@ +# $FreeBSD$ +# +# .cshrc - csh resource script, read at beginning of execution by each shell +# +# see also csh(1), environ(7). +# + +alias h history 25 +alias j jobs -l +alias la ls -a +alias lf ls -FA +alias ll ls -lA + +# A righteous umask +umask 22 + +set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin) + +setenv EDITOR vi +setenv PAGER more +setenv BLOCKSIZE K + +if ($?prompt) then + # An interactive shell -- set some stuff up + set prompt = "`/bin/hostname -s`# " + set filec + set history = 100 + set savehist = 100 + set mail = (/var/mail/$USER) + if ( $?tcsh ) then + bindkey "^W" backward-delete-word + bindkey -k up history-search-backward + bindkey -k down history-search-forward + endif +endif diff --git a/etc/root/dot.k5login b/etc/root/dot.k5login new file mode 100644 index 0000000..e01b941 --- /dev/null +++ b/etc/root/dot.k5login @@ -0,0 +1,4 @@ +# $FreeBSD$ +# +# user1/root@YOUR.REALM.WHEREVER +# user2/root@YOUR.REALM.WHEREVER diff --git a/etc/root/dot.login b/etc/root/dot.login new file mode 100644 index 0000000..3032ef9 --- /dev/null +++ b/etc/root/dot.login @@ -0,0 +1,9 @@ +# $FreeBSD$ +# +# .login - csh login script, read by login shell, after `.cshrc' at login. +# +# see also csh(1), environ(7). +# + +# Uncomment to display a random cookie each login: +# [ -x /usr/games/fortune ] && /usr/games/fortune -s diff --git a/etc/root/dot.profile b/etc/root/dot.profile new file mode 100644 index 0000000..1fca58e --- /dev/null +++ b/etc/root/dot.profile @@ -0,0 +1,10 @@ +# $FreeBSD$ +# +PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:~/bin +export PATH +HOME=/root +export HOME +TERM=${TERM:-xterm} +export TERM +PAGER=more +export PAGER @@ -0,0 +1,68 @@ +# +# $FreeBSD$ +# rpc 88/08/01 4.0 RPCSRC; from 1.12 99/07/25 SMI +# +rpcbind 100000 portmap sunrpc rpcbind +rstatd 100001 rstat rstat_svc rup perfmeter +rusersd 100002 rusers +nfs 100003 nfsprog +ypserv 100004 ypprog +mountd 100005 mount showmount +ypbind 100007 +walld 100008 rwall shutdown +yppasswdd 100009 yppasswd +etherstatd 100010 etherstat +rquotad 100011 rquotaprog quota rquota +sprayd 100012 spray +3270_mapper 100013 +rje_mapper 100014 +selection_svc 100015 selnsvc +database_svc 100016 +rexd 100017 rex +alis 100018 +sched 100019 +llockmgr 100020 +nlockmgr 100021 +x25.inr 100022 +statmon 100023 +status 100024 +bootparamd 100026 bootparam +ypupdated 100028 ypupdate +keyserv 100029 keyserver +sunlink_mapper 100033 +tfsd 100037 +nsed 100038 +nsemntd 100039 +showfhd 100043 showfh +ioadmd 100055 rpc.ioadmd +NETlicense 100062 +sunisamd 100065 +debug_svc 100066 dbsrv +cmsd 100068 +bugtraqd 100071 +kerbd 100078 +ttdbserver 100083 tooltalk +event 100101 na.event # SunNet Manager +logger 100102 na.logger # SunNet Manager +sync 100104 na.sync +hostperf 100107 na.hostperf +activity 100109 na.activity # SunNet Manager +hostmem 100112 na.hostmem +sample 100113 na.sample +x25 100114 na.x25 +ping 100115 na.ping +rpcnfs 100116 na.rpcnfs +hostif 100117 na.hostif +etherif 100118 na.etherif +iproutes 100120 na.iproutes +layers 100121 na.layers +snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk +traffic 100123 na.traffic +nfs_acl 100227 +sadmind 100232 +nisd 100300 rpc.nisd +nispasswd 100303 rpc.nispasswdd +ufsd 100233 +pcnfsd 150001 pcnfs +amd 300019 +sgi_fam 391002 # file alteration monitor diff --git a/etc/sendmail/Makefile b/etc/sendmail/Makefile new file mode 100644 index 0000000..b79e722 --- /dev/null +++ b/etc/sendmail/Makefile @@ -0,0 +1,94 @@ +# @(#)Makefile 8.19 (Berkeley) 1/14/97 +# $FreeBSD$ + +M4= m4 +CHMOD= chmod +ROMODE= 444 +RM= rm -f + +SENDMAIL_DIR= ${.CURDIR}/../../contrib/sendmail +SMDIR= ${SENDMAIL_DIR}/src +SENDMAIL_CF_DIR?=${SENDMAIL_DIR}/cf + +# this is overkill, but.... +M4FILES!= find ${SENDMAIL_CF_DIR} -type f -name '*.m4' -print + +.SUFFIXES: .mc .cf + +.mc.cf: ${M4FILES} + ${RM} ${.TARGET} + ${M4} -D_CF_DIR_=${SENDMAIL_CF_DIR}/ ${SENDMAIL_M4_FLAGS} \ + ${SENDMAIL_CF_DIR}/m4/cf.m4 ${.IMPSRC} > ${.TARGET} + ${CHMOD} ${ROMODE} ${.TARGET} + +DEST_CF= ${DESTDIR}/etc/mail/sendmail.cf +DEST_SUBMIT_CF= ${DESTDIR}/etc/mail/submit.cf + +ALL= freebsd.cf freebsd.submit.cf +CLEANFILES= freebsd.cf freebsd.submit.cf + +# Local SENDMAIL_MC or SENDMAIL_CF may be set in /etc/make.conf. +# Warning! If set, this causes 'make install' to always copy it +# over /etc/mail/sendmail.cf!!! +# Caveat emptor! Be sure you want this before you enable it. +.if defined(SENDMAIL_MC) && defined(SENDMAIL_CF) +.error Both SENDMAIL_MC and SENDMAIL_CF cannot be set. +.elif defined(SENDMAIL_MC) +INSTALL_CF= ${SENDMAIL_MC:T:R}.cf +ALL+= ${INSTALL_CF} +CLEANFILES+= ${SENDMAIL_MC:T:R}.cf +${INSTALL_CF}: ${SENDMAIL_MC} +.elif defined(SENDMAIL_CF) +ALL+= ${SENDMAIL_CF} +INSTALL_CF= ${SENDMAIL_CF} +.endif + +.if !defined(SENDMAIL_SET_USER_ID) && defined(SENDMAIL_SUBMIT_MC) +INSTALL_SUBMIT_CF= ${SENDMAIL_SUBMIT_MC:T:R}.cf +ALL+= ${INSTALL_SUBMIT_CF} +CLEANFILES+= ${INSTALL_SUBMIT_CF} +${INSTALL_SUBMIT_CF}: ${SENDMAIL_SUBMIT_MC} +.endif + +# Additional .cf files to build. +.if defined(SENDMAIL_ADDITIONAL_MC) +SENDMAIL_ADDITIONAL_CF= ${SENDMAIL_ADDITIONAL_MC:T:S/.mc$/.cf/} +ALL+= ${SENDMAIL_ADDITIONAL_CF} +CLEANFILES+= ${SENDMAIL_ADDITIONAL_CF} +.for mc in ${SENDMAIL_ADDITIONAL_MC} +${mc:T:R}.cf: ${mc} +.endfor +.endif + +all: ${ALL} + +distribution: + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${.CURDIR}/freebsd.mc freebsd.cf ${DESTDIR}/etc/mail + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${.CURDIR}/freebsd.submit.mc freebsd.submit.cf ${DESTDIR}/etc/mail + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${SMDIR}/helpfile ${DESTDIR}/etc/mail + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 640 \ + /dev/null ${DESTDIR}/var/log/sendmail.st + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + freebsd.cf ${DEST_CF} + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ + freebsd.submit.cf ${DEST_SUBMIT_CF} + +install: +.if defined(INSTALL_CF) && ${INSTALL_CF} != ${DEST_CF} + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${INSTALL_CF} ${DEST_CF} +.endif +.if defined(SENDMAIL_ADDITIONAL_CF) + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${SENDMAIL_ADDITIONAL_CF} ${DESTDIR}/etc/mail +.endif +.if !defined(SENDMAIL_SET_USER_ID) && \ + defined(INSTALL_SUBMIT_CF) && ${INSTALL_SUBMIT_CF} != ${DEST_SUBMIT_CF} + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ + ${INSTALL_SUBMIT_CF} ${DEST_SUBMIT_CF} +.endif + +.include <bsd.prog.mk> diff --git a/etc/sendmail/freebsd.mc b/etc/sendmail/freebsd.mc new file mode 100644 index 0000000..1e28c47 --- /dev/null +++ b/etc/sendmail/freebsd.mc @@ -0,0 +1,90 @@ +divert(-1) +# +# Copyright (c) 1983 Eric P. Allman +# Copyright (c) 1988, 1993 +# The Regents of the University of California. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by the University of +# California, Berkeley and its contributors. +# 4. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +# +# This is a generic configuration file for FreeBSD 6.X and later systems. +# If you want to customize it, copy it to a name appropriate for your +# environment and do the modifications there. +# +# The best documentation for this .mc file is: +# /usr/share/sendmail/cf/README or +# /usr/src/contrib/sendmail/cf/README +# + +divert(0) +VERSIONID(`$FreeBSD$') +OSTYPE(freebsd6) +DOMAIN(generic) + +FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access') +FEATURE(blacklist_recipients) +FEATURE(local_lmtp) +FEATURE(mailertable, `hash -o /etc/mail/mailertable') +FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') + +dnl Uncomment to allow relaying based on your MX records. +dnl NOTE: This can allow sites to use your server as a backup MX without +dnl your permission. +dnl FEATURE(relay_based_on_MX) + +dnl DNS based black hole lists +dnl -------------------------------- +dnl DNS based black hole lists come and go on a regular basis +dnl so this file will not serve as a database of the available servers. +dnl For that, visit +dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/ + +dnl Uncomment to activate your chosen DNS based blacklist +dnl FEATURE(dnsbl, `dnsbl.example.com') +dnl Alternatively, you can provide your own server and rejection message: +dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected'') + +dnl Dialup users should uncomment and define this appropriately +dnl define(`SMART_HOST', `your.isp.mail.server') + +dnl Uncomment the first line to change the location of the default +dnl /etc/mail/local-host-names and comment out the second line. +dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') +define(`confCW_FILE', `-o /etc/mail/local-host-names') + +dnl Enable for both IPv4 and IPv6 (optional) +DAEMON_OPTIONS(`Name=IPv4, Family=inet') +DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') + +define(`confBIND_OPTS', `WorkAroundBrokenAAAA') +define(`confNO_RCPT_ACTION', `add-to-undisclosed') +define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') +MAILER(local) +MAILER(smtp) diff --git a/etc/sendmail/freebsd.submit.mc b/etc/sendmail/freebsd.submit.mc new file mode 100644 index 0000000..c6ec655 --- /dev/null +++ b/etc/sendmail/freebsd.submit.mc @@ -0,0 +1,27 @@ +divert(-1) +# +# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers. +# All rights reserved. +# +# By using this file, you agree to the terms and conditions set +# forth in the LICENSE file which can be found at the top level of +# the sendmail distribution. +# +# + +# +# This is the FreeBSD configuration for a set-group-ID sm-msp sendmail +# that acts as a initial mail submission program. +# + +divert(0)dnl +VERSIONID(`$FreeBSD$') +define(`confCF_VERSION', `Submit')dnl +define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining +define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet +define(`confTIME_ZONE', `USE_TZ')dnl +define(`confDONT_INIT_GROUPS', `True')dnl +define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl +dnl +dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] +FEATURE(`msp', `[127.0.0.1]')dnl diff --git a/etc/sendmail/freefall.mc b/etc/sendmail/freefall.mc new file mode 100644 index 0000000..9f77dbd --- /dev/null +++ b/etc/sendmail/freefall.mc @@ -0,0 +1,47 @@ +divert(-1) +# +# Copyright (c) 1983 Eric P. Allman +# Copyright (c) 1988, 1993 +# The Regents of the University of California. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by the University of +# California, Berkeley and its contributors. +# 4. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +# +# This is the prototype for a "null client" -- that is, a client that +# does nothing except forward all mail to a mail hub, plus an extra +# line to make the email all appear as coming from "FreeBSD.org". +# + +divert(0)dnl +VERSIONID(`$FreeBSD$') + +OSTYPE(freebsd6) +FEATURE(nullclient, hub.$m) +MASQUERADE_AS(FreeBSD.org) diff --git a/etc/services b/etc/services new file mode 100644 index 0000000..146fefc --- /dev/null +++ b/etc/services @@ -0,0 +1,2483 @@ +# +# Network services, Internet style +# +# Note that it is presently the policy of IANA to assign a single well-known +# port number for both TCP and UDP; hence, most entries here have two entries +# even if the protocol doesn't support UDP operations. +# +# The latest IANA port assignments can be gotten from +# +# http://www.iana.org/assignments/port-numbers +# +# The Well Known Ports are those from 0 through 1023. +# The Registered Ports are those from 1024 through 49151 +# The Dynamic and/or Private Ports are those from 49152 through 65535 +# +# Kerberos services are for Kerberos v4, and are unofficial. Sites running +# v5 should uncomment v5 entries and comment v4 entries. +# +# $FreeBSD$ +# From: @(#)services 5.8 (Berkeley) 5/9/91 +# +# WELL KNOWN PORT NUMBERS +# +rtmp 1/ddp #Routing Table Maintenance Protocol +tcpmux 1/tcp #TCP Port Service Multiplexer +tcpmux 1/udp #TCP Port Service Multiplexer +nbp 2/ddp #Name Binding Protocol +compressnet 2/tcp #Management Utility +compressnet 2/udp #Management Utility +compressnet 3/tcp #Compression Process +compressnet 3/udp #Compression Process +echo 4/ddp #AppleTalk Echo Protocol +rje 5/tcp #Remote Job Entry +rje 5/udp #Remote Job Entry +zip 6/ddp #Zone Information Protocol +echo 7/sctp +echo 7/tcp +echo 7/udp +discard 9/sctp sink null +discard 9/tcp sink null +discard 9/udp sink null +systat 11/tcp users #Active Users +systat 11/udp users #Active Users +daytime 13/sctp +daytime 13/tcp +daytime 13/udp +qotd 17/tcp quote #Quote of the Day +qotd 17/udp quote #Quote of the Day +msp 18/tcp #Message Send Protocol +msp 18/udp #Message Send Protocol +chargen 19/sctp ttytst source #Character Generator +chargen 19/tcp ttytst source #Character Generator +chargen 19/udp ttytst source #Character Generator +ftp-data 20/sctp #File Transfer [Default Data] +ftp-data 20/tcp #File Transfer [Default Data] +ftp-data 20/udp #File Transfer [Default Data] +ftp 21/sctp #File Transfer [Control] +ftp 21/tcp #File Transfer [Control] +ftp 21/udp #File Transfer [Control] +ssh 22/sctp #Secure Shell Login +ssh 22/tcp #Secure Shell Login +ssh 22/udp #Secure Shell Login +telnet 23/tcp +telnet 23/udp +# 24/tcp any private mail system +# 24/udp any private mail system +smtp 25/tcp mail #Simple Mail Transfer +smtp 25/udp mail #Simple Mail Transfer +nsw-fe 27/tcp #NSW User System FE +nsw-fe 27/udp #NSW User System FE +msg-icp 29/tcp #MSG ICP +msg-icp 29/udp #MSG ICP +msg-auth 31/tcp #MSG Authentication +msg-auth 31/udp #MSG Authentication +dsp 33/tcp #Display Support Protocol +dsp 33/udp #Display Support Protocol +# 35/tcp any private printer server +# 35/udp any private printer server +time 37/tcp timserver +time 37/udp timserver +rap 38/tcp #Route Access Protocol +rap 38/udp #Route Access Protocol +rlp 39/tcp resource #Resource Location Protocol +rlp 39/udp resource #Resource Location Protocol +graphics 41/tcp +graphics 41/udp +nameserver 42/tcp name #Host Name Server +nameserver 42/udp name #Host Name Server +nicname 43/tcp whois +nicname 43/udp whois +mpm-flags 44/tcp #MPM FLAGS Protocol +mpm-flags 44/udp #MPM FLAGS Protocol +mpm 45/tcp #Message Processing Module [recv] +mpm 45/udp #Message Processing Module [recv] +mpm-snd 46/tcp #MPM [default send] +mpm-snd 46/udp #MPM [default send] +ni-ftp 47/tcp #NI FTP +ni-ftp 47/udp #NI FTP +auditd 48/tcp #Digital Audit Daemon +auditd 48/udp #Digital Audit Daemon +tacacs 49/tcp #Login Host Protocol (TACACS) +tacacs 49/udp #Login Host Protocol (TACACS) +re-mail-ck 50/tcp #Remote Mail Checking Protocol +re-mail-ck 50/udp #Remote Mail Checking Protocol +la-maint 51/tcp #IMP Logical Address Maintenance +la-maint 51/udp #IMP Logical Address Maintenance +xns-time 52/tcp #XNS Time Protocol +xns-time 52/udp #XNS Time Protocol +domain 53/tcp #Domain Name Server +domain 53/udp #Domain Name Server +xns-ch 54/tcp #XNS Clearinghouse +xns-ch 54/udp #XNS Clearinghouse +isi-gl 55/tcp #ISI Graphics Language +isi-gl 55/udp #ISI Graphics Language +xns-auth 56/tcp #XNS Authentication +xns-auth 56/udp #XNS Authentication +# 57/tcp any private terminal access +# 57/udp any private terminal access +xns-mail 58/tcp #XNS Mail +xns-mail 58/udp #XNS Mail +# 59/tcp any private file service +# 59/udp any private file service +ni-mail 61/tcp #NI MAIL +ni-mail 61/udp #NI MAIL +acas 62/tcp #ACA Services +acas 62/udp #ACA Services +whois++ 63/tcp +whois++ 63/udp +covia 64/tcp #Communications Integrator (CI) +covia 64/udp #Communications Integrator (CI) +tacacs-ds 65/tcp #TACACS-Database Service +tacacs-ds 65/udp #TACACS-Database Service +sql*net 66/tcp #Oracle SQL*NET +sql*net 66/udp #Oracle SQL*NET +bootps 67/tcp dhcps #Bootstrap Protocol Server +bootps 67/udp dhcps #Bootstrap Protocol Server +bootpc 68/tcp dhcpc #Bootstrap Protocol Client +bootpc 68/udp dhcpc #Bootstrap Protocol Client +tftp 69/tcp #Trivial File Transfer +tftp 69/udp #Trivial File Transfer +gopher 70/tcp +gopher 70/udp +netrjs-1 71/tcp #Remote Job Service +netrjs-1 71/udp #Remote Job Service +netrjs-2 72/tcp #Remote Job Service +netrjs-2 72/udp #Remote Job Service +netrjs-3 73/tcp #Remote Job Service +netrjs-3 73/udp #Remote Job Service +netrjs-4 74/tcp #Remote Job Service +netrjs-4 74/udp #Remote Job Service +# 75/tcp any private dial out service +# 75/udp any private dial out service +deos 76/tcp #Distributed External Object Store +deos 76/udp #Distributed External Object Store +# 77/tcp any private RJE service +# 77/udp any private RJE service +vettcp 78/tcp +vettcp 78/udp +finger 79/tcp +finger 79/udp +http 80/sctp www www-http #World Wide Web HTTP +http 80/tcp www www-http #World Wide Web HTTP +http 80/udp www www-http #World Wide Web HTTP +hosts2-ns 81/tcp #HOSTS2 Name Server +hosts2-ns 81/udp #HOSTS2 Name Server +xfer 82/tcp #XFER Utility +xfer 82/udp #XFER Utility +mit-ml-dev 83/tcp #MIT ML Device +mit-ml-dev 83/udp #MIT ML Device +ctf 84/tcp #Common Trace Facility +ctf 84/udp #Common Trace Facility +mit-ml-dev 85/tcp #MIT ML Device +mit-ml-dev 85/udp #MIT ML Device +mfcobol 86/tcp #Micro Focus Cobol +mfcobol 86/udp #Micro Focus Cobol +# 87/tcp any private terminal link +# 87/udp any private terminal link +kerberos-sec 88/tcp kerberos # krb5 # Kerberos (v5) +kerberos-sec 88/udp kerberos # krb5 # Kerberos (v5) +su-mit-tg 89/tcp #SU/MIT Telnet Gateway +su-mit-tg 89/udp #SU/MIT Telnet Gateway +dnsix 90/tcp #DNSIX Securit Attribute Token Map +dnsix 90/udp #DNSIX Securit Attribute Token Map +mit-dov 91/tcp #MIT Dover Spooler +mit-dov 91/udp #MIT Dover Spooler +npp 92/tcp #Network Printing Protocol +npp 92/udp #Network Printing Protocol +dcp 93/tcp #Device Control Protocol +dcp 93/udp #Device Control Protocol +objcall 94/tcp #Tivoli Object Dispatcher +objcall 94/udp #Tivoli Object Dispatcher +supdup 95/tcp +supdup 95/udp +dixie 96/tcp #DIXIE Protocol Specification +dixie 96/udp #DIXIE Protocol Specification +swift-rvf 97/tcp #Swift Remote Virtural File Protocol +swift-rvf 97/udp #Swift Remote Virtural File Protocol +tacnews 98/tcp #TAC News, Unofficial: Red Hat linuxconf +tacnews 98/udp #TAC News, Unofficial: Red Hat linuxconf +metagram 99/tcp #Metagram Relay +metagram 99/udp #Metagram Relay +newacct 100/tcp #[unauthorized use] +hostname 101/tcp hostnames #NIC Host Name Server +hostname 101/udp hostnames #NIC Host Name Server +iso-tsap 102/tcp tsap #ISO-TSAP Class 0 +iso-tsap 102/udp tsap #ISO-TSAP Class 0 +gppitnp 103/tcp #Genesis Point-to-Point Trans Net +gppitnp 103/udp #Genesis Point-to-Point Trans Net +acr-nema 104/tcp #ACR-NEMA Digital Imag. & Comm. 300 +acr-nema 104/udp #ACR-NEMA Digital Imag. & Comm. 300 +csnet-ns 105/tcp cso-ns cso #Mailbox Name Nameserver +csnet-ns 105/udp cso-ns cso #Mailbox Name Nameserver +pop3pw 106/tcp 3com-tsmux #Eudora compatible PW changer +3com-tsmux 106/udp +rtelnet 107/tcp #Remote Telnet Service +rtelnet 107/udp #Remote Telnet Service +snagas 108/tcp #SNA Gateway Access Server +snagas 108/udp #SNA Gateway Access Server +pop2 109/tcp postoffice #Post Office Protocol - Version 2 +pop2 109/udp postoffice #Post Office Protocol - Version 2 +pop3 110/tcp #Post Office Protocol - Version 3 +pop3 110/udp #Post Office Protocol - Version 3 +sunrpc 111/tcp rpcbind #SUN Remote Procedure Call +sunrpc 111/udp rpcbind #SUN Remote Procedure Call +mcidas 112/tcp #McIDAS Data Transmission Protocol +mcidas 112/udp #McIDAS Data Transmission Protocol +auth 113/tcp ident tap #Authentication Service +auth 113/udp ident tap #Authentication Service +sftp 115/tcp #Simple File Transfer Protocol +sftp 115/udp #Simple File Transfer Protocol +ansanotify 116/tcp #ANSA REX Notify +ansanotify 116/udp #ANSA REX Notify +uucp-path 117/tcp #UUCP Path Service +uucp-path 117/udp #UUCP Path Service +sqlserv 118/tcp #SQL Services +sqlserv 118/udp #SQL Services +nntp 119/tcp usenet #Network News Transfer Protocol +nntp 119/udp usenet #Network News Transfer Protocol +cfdptkt 120/tcp +cfdptkt 120/udp +erpc 121/tcp #Encore Expedited Remote Pro.Call +erpc 121/udp #Encore Expedited Remote Pro.Call +smakynet 122/tcp +smakynet 122/udp +ntp 123/tcp #Network Time Protocol +ntp 123/udp #Network Time Protocol +ansatrader 124/tcp #ANSA REX Trader +ansatrader 124/udp #ANSA REX Trader +locus-map 125/tcp #Locus PC-Interface Net Map Ser +locus-map 125/udp #Locus PC-Interface Net Map Ser +unitary 126/tcp #Unisys Unitary Login +unitary 126/udp #Unisys Unitary Login +locus-con 127/tcp #Locus PC-Interface Conn Server +locus-con 127/udp #Locus PC-Interface Conn Server +gss-xlicen 128/tcp #GSS X License Verification +gss-xlicen 128/udp #GSS X License Verification +pwdgen 129/tcp #Password Generator Protocol +pwdgen 129/udp #Password Generator Protocol +cisco-fna 130/tcp #cisco FNATIVE +cisco-fna 130/udp #cisco FNATIVE +cisco-tna 131/tcp #cisco TNATIVE +cisco-tna 131/udp #cisco TNATIVE +cisco-sys 132/tcp #cisco SYSMAINT +cisco-sys 132/udp #cisco SYSMAINT +statsrv 133/tcp #Statistics Service +statsrv 133/udp #Statistics Service +ingres-net 134/tcp #INGRES-NET Service +ingres-net 134/udp #INGRES-NET Service +loc-srv 135/tcp epmap #Location Service +loc-srv 135/udp epmap #Location Service +profile 136/tcp #PROFILE Naming System +profile 136/udp #PROFILE Naming System +netbios-ns 137/tcp #NETBIOS Name Service +netbios-ns 137/udp #NETBIOS Name Service +netbios-dgm 138/tcp #NETBIOS Datagram Service +netbios-dgm 138/udp #NETBIOS Datagram Service +netbios-ssn 139/tcp #NETBIOS Session Service +netbios-ssn 139/udp #NETBIOS Session Service +emfis-data 140/tcp #EMFIS Data Service +emfis-data 140/udp #EMFIS Data Service +emfis-cntl 141/tcp #EMFIS Control Service +emfis-cntl 141/udp #EMFIS Control Service +bl-idm 142/tcp #Britton-Lee IDM +bl-idm 142/udp #Britton-Lee IDM +imap 143/tcp imap2 imap4 #Interim Mail Access Protocol v2 +imap 143/udp imap2 imap4 #Interim Mail Access Protocol v2 +NeWS 144/tcp # Window System +NeWS 144/udp # Window System +#PROBLEMS!============================================================== +#uma 144/tcp #Universal Management Architecture +#uma 144/udp #Universal Management Architecture +#PROBLEMS!============================================================== +uaac 145/tcp #UAAC Protocol +uaac 145/udp #UAAC Protocol +iso-tp0 146/tcp +iso-tp0 146/udp +iso-ip 147/tcp +iso-ip 147/udp +cronus 148/tcp jargon #CRONUS-SUPPORT +cronus 148/udp jargon #CRONUS-SUPPORT +aed-512 149/tcp #AED 512 Emulation Service +aed-512 149/udp #AED 512 Emulation Service +sql-net 150/tcp +sql-net 150/udp +hems 151/tcp +hems 151/udp +bftp 152/tcp #Background File Transfer Program +bftp 152/udp #Background File Transfer Program +sgmp 153/tcp +sgmp 153/udp +netsc-prod 154/tcp +netsc-prod 154/udp +netsc-dev 155/tcp +netsc-dev 155/udp +sqlsrv 156/tcp #SQL Service +sqlsrv 156/udp #SQL Service +knet-cmp 157/tcp #KNET/VM Command/Message Protocol +knet-cmp 157/udp #KNET/VM Command/Message Protocol +pcmail-srv 158/tcp #PCMail Server +pcmail-srv 158/udp #PCMail Server +nss-routing 159/tcp +nss-routing 159/udp +sgmp-traps 160/tcp +sgmp-traps 160/udp +snmp 161/tcp +snmp 161/udp +snmptrap 162/tcp snmp-trap +snmptrap 162/udp snmp-trap +cmip-man 163/tcp #CMIP/TCP Manager +cmip-man 163/udp #CMIP/TCP Manager +cmip-agent 164/tcp #CMIP/TCP Agent +smip-agent 164/udp #CMIP/TCP Agent +xns-courier 165/tcp #Xerox +xns-courier 165/udp #Xerox +s-net 166/tcp #Sirius Systems +s-net 166/udp #Sirius Systems +namp 167/tcp +namp 167/udp +rsvd 168/tcp +rsvd 168/udp +send 169/tcp +send 169/udp +print-srv 170/tcp #Network PostScript +print-srv 170/udp #Network PostScript +multiplex 171/tcp #Network Innovations Multiplex +multiplex 171/udp #Network Innovations Multiplex +cl/1 172/tcp #Network Innovations CL/1 +cl/1 172/udp #Network Innovations CL/1 +xyplex-mux 173/tcp +xyplex-mux 173/udp +mailq 174/tcp +mailq 174/udp +vmnet 175/tcp +vmnet 175/udp +genrad-mux 176/tcp +genrad-mux 176/udp +xdmcp 177/tcp #X Display Manager Control Protocol +xdmcp 177/udp #X Display Manager Control Protocol +NextStep 178/tcp nextstep NeXTStep #NextStep Window Server +NextStep 178/udp nextstep NeXTStep #NextStep Window Server +bgp 179/sctp #Border Gateway Protocol +bgp 179/tcp #Border Gateway Protocol +bgp 179/udp #Border Gateway Protocol +ris 180/tcp #Intergraph +ris 180/udp #Intergraph +unify 181/tcp +unify 181/udp +audit 182/tcp #Unisys Audit SITP +audit 182/udp #Unisys Audit SITP +ocbinder 183/tcp +ocbinder 183/udp +ocserver 184/tcp +ocserver 184/udp +remote-kis 185/tcp +remote-kis 185/udp +kis 186/tcp #KIS Protocol +kis 186/udp #KIS Protocol +aci 187/tcp #Application Communication Interface +aci 187/udp #Application Communication Interface +mumps 188/tcp #Plus Five's MUMPS +mumps 188/udp #Plus Five's MUMPS +qft 189/tcp #Queued File Transport +qft 189/udp #Queued File Transport +gacp 190/tcp #Gateway Access Control Protocol +gacp 190/udp cacp #Gateway Access Control Protocol +prospero 191/tcp #Prospero Directory Service +prospero 191/udp #Prospero Directory Service +osu-nms 192/tcp #OSU Network Monitoring System +osu-nms 192/udp #OSU Network Monitoring System +srmp 193/tcp #Spider Remote Monitoring Protocol +srmp 193/udp #Spider Remote Monitoring Protocol +irc 194/tcp #Internet Relay Chat Protocol +irc 194/udp #Internet Relay Chat Protocol +dn6-nlm-aud 195/tcp #DNSIX Network Level Module Audit +dn6-nlm-aud 195/udp #DNSIX Network Level Module Audit +dn6-smm-red 196/tcp #DNSIX Session Mgt Module Audit Redir +dn6-smm-red 196/udp #DNSIX Session Mgt Module Audit Redir +dls 197/tcp #Directory Location Service +dls 197/udp #Directory Location Service +dls-mon 198/tcp #Directory Location Service Monitor +dls-mon 198/udp #Directory Location Service Monitor +smux 199/tcp +smux 199/udp +src 200/tcp #IBM System Resource Controller +src 200/udp #IBM System Resource Controller +at-rtmp 201/tcp #AppleTalk Routing Maintenance +at-rtmp 201/udp #AppleTalk Routing Maintenance +at-nbp 202/tcp #AppleTalk Name Binding +at-nbp 202/udp #AppleTalk Name Binding +at-3 203/tcp #AppleTalk Unused +at-3 203/udp #AppleTalk Unused +at-echo 204/tcp #AppleTalk Echo +at-echo 204/udp #AppleTalk Echo +at-5 205/tcp #AppleTalk Unused +at-5 205/udp #AppleTalk Unused +at-zis 206/tcp #AppleTalk Zone Information +at-zis 206/udp #AppleTalk Zone Information +at-7 207/tcp #AppleTalk Unused +at-7 207/udp #AppleTalk Unused +at-8 208/tcp #AppleTalk Unused +at-8 208/udp #AppleTalk Unused +qmtp 209/tcp #The Quick Mail Transfer Protocol +qmtp 209/udp #The Quick Mail Transfer Protocol +#PROBLEMS!============================================================== +#tam 209/tcp #Trivial Authenticated Mail Protocol +#tam 209/udp #Trivial Authenticated Mail Protocol +#PROBLEMS!============================================================== +z39.50 210/tcp wais #ANSI Z39.50 +z39.50 210/udp wais #ANSI Z39.50 +914c/g 211/tcp #Texas Instruments 914C/G Terminal +914c/g 211/udp #Texas Instruments 914C/G Terminal +anet 212/tcp #ATEXSSTR +anet 212/udp #ATEXSSTR +ipx 213/tcp +ipx 213/udp +vmpwscs 214/tcp +vmpwscs 214/udp +softpc 215/tcp #Insignia Solutions +softpc 215/udp #Insignia Solutions +CAIlic 216/tcp atls #Computer Associates Int'l License Server +CAIlic 216/udp atls #Computer Associates Int'l License Server +dbase 217/tcp #dBASE Unix +dbase 217/udp #dBASE Unix +mpp 218/tcp #Netix Message Posting Protocol +mpp 218/udp #Netix Message Posting Protocol +uarps 219/tcp #Unisys ARPs +uarps 219/udp #Unisys ARPs +imap3 220/tcp #Interactive Mail Access Protocol v3 +imap3 220/udp #Interactive Mail Access Protocol v3 +fln-spx 221/tcp #Berkeley rlogind with SPX auth +fln-spx 221/udp #Berkeley rlogind with SPX auth +rsh-spx 222/tcp #Berkeley rshd with SPX auth +rsh-spx 222/udp #Berkeley rshd with SPX auth +cdc 223/tcp #Certificate Distribution Center +cdc 223/udp #Certificate Distribution Center +masqdialer 224/tcp +masqdialer 224/udp +direct 242/tcp +direct 242/udp +sur-meas 243/tcp #Survey Measurement +sur-meas 243/udp #Survey Measurement +dayna 244/tcp +dayna 244/udp +link 245/tcp +link 245/udp +dsp3270 246/tcp #Display Systems Protocol +dsp3270 246/udp #Display Systems Protocol +subntbcst_tftp 247/tcp #subntbcst_tftp +subntbcst_tftp 247/udp #subntbcst_tftp +bhfhs 248/tcp +bhfhs 248/udp +# 249-255 reserved +rap 256/tcp +rap 256/udp +set 257/tcp #secure electronic transaction +set 257/udp #secure electronic transaction +esro-gen 259/tcp #efficient short remote operations +esro-gen 259/udp #efficient short remote operations +openport 260/tcp +openport 260/udp +nsiiops 261/tcp #iiop name service over tls/ssl +nsiiops 261/udp #iiop name service over tls/ssl +arcisdms 262/tcp +arcisdms 262/udp +hdap 263/tcp +hdap 263/udp +bgmp 264/tcp +bgmp 264/udp +x-bone-ctl 265/tcp #X-Bone CTL +x-bone-ctl 265/udp #X-Bone CTL +sst 266/tcp #SCSI on ST +sst 266/udp #SCSI on ST +td-service 267/tcp #Tobit David Service Layer +td-service 267/udp #Tobit David Service Layer +td-replica 268/tcp #Tobit David Replica +td-replica 268/udp #Tobit David Replica +# 269-279 unassigned +http-mgmt 280/tcp +http-mgmt 280/udp +personal-link 281/tcp +personal-link 281/udp +cableport-ax 282/tcp #cable port a/x +cableport-ax 282/udp #cable port a/x +rescap 283/tcp +rescap 283/udp +corerjd 284/tcp +corerjd 284/udp +# 285 unassigned +fxp 286/tcp +fxp 286/udp +k-block 287/tcp +k-block 287/udp +# 288-307 unassigned +novastorbakcup 308/tcp #novastor backup +novastorbakcup 308/udp #novastor backup +entrusttime 309/tcp +entrusttime 309/udp +bhmds 310/tcp +bhmds 310/udp +asip-webadmin 311/tcp #appleshare ip webadmin +asip-webadmin 311/udp #appleshare ip webadmin +vslmp 312/tcp +vslmp 312/udp +magenta-logic 313/tcp +magenta-logic 313/udp +opalis-robot 314/tcp +opalis-robot 314/udp +dpsi 315/tcp +dpsi 315/udp +decauth 316/tcp +decauth 316/udp +zannet 317/tcp +zannet 317/udp +pkix-timestamp 318/tcp #PKIX TimeStamp +pkix-timestamp 318/udp #PKIX TimeStamp +ptp-event 319/tcp #PTP Event +ptp-event 319/udp #PTP Event +ptp-general 320/tcp #PTP General +ptp-general 320/udp #PTP General +pip 321/tcp +pip 321/udp +rtsps 322/tcp +rtsps 322/udp +# 323-332 #unassigned +texar 333/tcp #Texar Security Port +texar 333/udp #Texar Security Port +# 334-343 #unassigned +pdap 344/tcp #Prospero Data Access Protocol +pdap 344/udp #Prospero Data Access Protocol +pawserv 345/tcp #Perf Analysis Workbench +pawserv 345/udp #Perf Analysis Workbench +zserv 346/tcp #Zebra server +zserv 346/udp #Zebra server +fatserv 347/tcp #Fatmen Server +fatserv 347/udp #Fatmen Server +csi-sgwp 348/tcp #Cabletron Management Protocol +csi-sgwp 348/udp #Cabletron Management Protocol +mftp 349/tcp +mftp 349/udp +matip-type-a 350/tcp #MATIP Type A +matip-type-a 350/udp +matip-type-b 351/tcp #MATIP Type B +matip-type-b 351/udp +bhoetty 351/tcp #unassigned but widespread use +bhoetty 351/udp #unassigned but widespread use +dtag-ste-sb 352/tcp #DTAG +dtag-ste-sb 352/udp #DTAG +bhoedap4 352/tcp #unassigned but widespread use +bhoedap4 352/udp #unassigned but widespread use +ndsauth 353/tcp +ndsauth 353/udp +bh611 354/tcp +bh611 354/udp +datex-asn 355/tcp +datex-asn 355/udp +cloanto-net-1 356/tcp #Cloanto Net 1 +cloanto-net-1 356/udp +bhevent 357/tcp +bhevent 357/udp +shrinkwrap 358/tcp +shrinkwrap 358/udp +tenebris_nts 359/tcp #Tenebris Network Trace Service +tenebris_nts 359/udp #Tenebris Network Trace Service +scoi2odialog 360/tcp +scoi2odialog 360/udp +semantix 361/tcp +semantix 361/udp +srssend 362/tcp #SRS Send +srssend 362/udp #SRS Send +rsvp_tunnel 363/tcp +rsvp_tunnel 363/udp +aurora-cmgr 364/tcp +aurora-cmgr 364/udp +dtk 365/tcp #Deception Tool Kit - Fred Cohen <fc@all.net> +dtk 365/udp #Deception Tool Kit - Fred Cohen <fc@all.net> +odmr 366/tcp +odmr 366/udp +mortgageware 367/tcp +mortgageware 367/udp +qbikgdp 368/tcp #QbikGDP +qbikgdp 368/udp +rpc2portmap 369/tcp +rpc2portmap 369/udp +codaauth2 370/tcp +codaauth2 370/udp +clearcase 371/tcp +clearcase 371/udp +ulistserv 372/tcp ulistproc #Unix Listserv +ulistserv 372/udp ulistproc #Unix Listserv +legent-1 373/tcp #Legent Corporation (now Computer Associates Intl.) +legent-1 373/udp #Legent Corporation (now Computer Associates Intl.) +legent-2 374/tcp #Legent Corporation (now Computer Associates Intl.) +legent-2 374/udp #Legent Corporation (now Computer Associates Intl.) +hassle 375/tcp +hassle 375/udp +nip 376/tcp #Amiga Envoy Network Inquiry Proto +nip 376/udp #Amiga Envoy Network Inquiry Proto +tnETOS 377/tcp #NEC Corporation +tnETOS 377/udp #NEC Corporation +dsETOS 378/tcp #NEC Corporation +dsETOS 378/udp #NEC Corporation +is99c 379/tcp #TIA/EIA/IS-99 modem client +is99c 379/udp #TIA/EIA/IS-99 modem client +is99s 380/tcp #TIA/EIA/IS-99 modem server +is99s 380/udp #TIA/EIA/IS-99 modem server +hp-collector 381/tcp #hp performance data collector +hp-collector 381/udp #hp performance data collector +hp-managed-node 382/tcp #hp performance data managed node +hp-managed-node 382/udp #hp performance data managed node +hp-alarm-mgr 383/tcp #hp performance data alarm manager +hp-alarm-mgr 383/udp #hp performance data alarm manager +arns 384/tcp #A Remote Network Server System +arns 384/udp #A Remote Network Server System +ibm-app 385/tcp #IBM Application +ibm-app 385/udp #IBM Application +asa 386/tcp #ASA Message Router Object Def. +asa 386/udp #ASA Message Router Object Def. +aurp 387/tcp #Appletalk Update-Based Routing Pro. +aurp 387/udp #Appletalk Update-Based Routing Pro. +unidata-ldm 388/tcp #Unidata LDM Version 4 +unidata-ldm 388/udp #Unidata LDM Version 4 +ldap 389/tcp #Lightweight Directory Access Protocol +ldap 389/udp #Lightweight Directory Access Protocol +uis 390/tcp +uis 390/udp +synotics-relay 391/tcp #SynOptics SNMP Relay Port +synotics-relay 391/udp #SynOptics SNMP Relay Port +synotics-broker 392/tcp #SynOptics Port Broker Port +synotics-broker 392/udp #SynOptics Port Broker Port +dis 393/tcp #Data Interpretation System +dis 393/udp #Data Interpretation System +embl-ndt 394/tcp #EMBL Nucleic Data Transfer +embl-ndt 394/udp #EMBL Nucleic Data Transfer +netcp 395/tcp #NETscout Control Protocol +netcp 395/udp #NETscout Control Protocol +netware-ip 396/tcp #Novell Netware over IP +netware-ip 396/udp #Novell Netware over IP +mptn 397/tcp #Multi Protocol Trans. Net. +mptn 397/udp #Multi Protocol Trans. Net. +kryptolan 398/tcp +kryptolan 398/udp +iso-tsap-c2 399/tcp #ISO-TSAP Class 2 +iso-tsap-c2 399/udp #ISO-TSAP Class 2 +work-sol 400/tcp #Workstation Solutions +work-sol 400/udp #Workstation Solutions +ups 401/tcp #Uninterruptible Power Supply +ups 401/udp #Uninterruptible Power Supply +genie 402/tcp #Genie Protocol +genie 402/udp #Genie Protocol +decap 403/tcp +decap 403/udp +nced 404/tcp +nced 404/udp +ncld 405/tcp +ncld 405/udp +imsp 406/tcp #Interactive Mail Support Protocol +imsp 406/udp #Interactive Mail Support Protocol +timbuktu 407/tcp +timbuktu 407/udp +prm-sm 408/tcp #Prospero Resource Manager Sys. Man. +prm-sm 408/udp #Prospero Resource Manager Sys. Man. +prm-nm 409/tcp #Prospero Resource Manager Node Man. +prm-nm 409/udp #Prospero Resource Manager Node Man. +decladebug 410/tcp #DECLadebug Remote Debug Protocol +decladebug 410/udp #DECLadebug Remote Debug Protocol +rmt 411/tcp #Remote MT Protocol +rmt 411/udp #Remote MT Protocol +synoptics-trap 412/tcp #Trap Convention Port +synoptics-trap 412/udp #Trap Convention Port +smsp 413/tcp +smsp 413/udp +infoseek 414/tcp +infoseek 414/udp +bnet 415/tcp +bnet 415/udp +silverplatter 416/tcp +silverplatter 416/udp +onmux 417/tcp +onmux 417/udp +hyper-g 418/tcp +hyper-g 418/udp +ariel1 419/tcp +ariel1 419/udp +smpte 420/tcp +smpte 420/udp +ariel2 421/tcp +ariel2 421/udp +ariel3 422/tcp +ariel3 422/udp +opc-job-start 423/tcp #IBM Operations Planning and Control Start +opc-job-start 423/udp #IBM Operations Planning and Control Start +opc-job-track 424/tcp #IBM Operations Planning and Control Track +opc-job-track 424/udp #IBM Operations Planning and Control Track +icad-el 425/tcp +icad-el 425/udp +smartsdp 426/tcp +smartsdp 426/udp +svrloc 427/tcp #Server Location +svrloc 427/udp #Server Location +ocs_cmu 428/tcp +ocs_cmu 428/udp +ocs_amu 429/tcp +ocs_amu 429/udp +utmpsd 430/tcp +utmpsd 430/udp +utmpcd 431/tcp +utmpcd 431/udp +iasd 432/tcp +iasd 432/udp +nnsp 433/tcp +nnsp 433/udp +mobileip-agent 434/tcp +mobileip-agent 434/udp +mobilip-mn 435/tcp +mobilip-mn 435/udp +dna-cml 436/tcp +dna-cml 436/udp +comscm 437/tcp +comscm 437/udp +dsfgw 438/tcp +dsfgw 438/udp +dasp 439/tcp +dasp 439/udp +sgcp 440/tcp +sgcp 440/udp +decvms-sysmgt 441/tcp +decvms-sysmgt 441/udp +cvc_hostd 442/tcp +cvc_hostd 442/udp +https 443/sctp +https 443/tcp +https 443/udp +snpp 444/tcp #Simple Network Paging Protocol +snpp 444/udp #Simple Network Paging Protocol +# [RFC1568] +microsoft-ds 445/tcp +microsoft-ds 445/udp +ddm-rdb 446/tcp +ddm-rdb 446/udp +ddm-dfm 447/tcp +ddm-dfm 447/udp +ddm-ssl 448/tcp ddm-byte +ddm-ssl 448/udp ddm-byte +as-servermap 449/tcp #AS Server Mapper +as-servermap 449/udp #AS Server Mapper +tserver 450/tcp +tserver 450/udp +sfs-smp-net 451/tcp #Cray Network Semaphore server +sfs-smp-net 451/udp #Cray Network Semaphore server +sfs-config 452/tcp #Cray SFS config server +sfs-config 452/udp #Cray SFS config server +creativeserver 453/tcp #CreativeServer +creativeserver 453/udp #CreativeServer +contentserver 454/tcp #ContentServer +contentserver 454/udp #ContentServer +creativepartnr 455/tcp #CreativePartnr +creativepartnr 455/udp #CreativePartnr +macon-tcp 456/tcp +macon-udp 456/udp +scohelp 457/tcp +scohelp 457/udp +appleqtc 458/tcp #apple quick time +appleqtc 458/udp #apple quick time +ampr-rcmd 459/tcp +ampr-rcmd 459/udp +skronk 460/tcp +skronk 460/udp +datasurfsrv 461/tcp +datasurfsrv 461/udp +datasurfsrvsec 462/tcp +datasurfsrvsec 462/udp +alpes 463/tcp +alpes 463/udp +# +kpasswd5 464/tcp # Kerberos (v5) +kpasswd5 464/udp # Kerberos (v5) +#PROBLEMS!============================================================== +# IANA has offically assigned these two ports as ``kpasswd'' +#kpasswd 464/tcp # Kerberos (v5) +#kpasswd 464/udp # Kerberos (v5) +#PROBLEMS!============================================================== +smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp) +smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp) +digital-vrc 466/tcp +digital-vrc 466/udp +mylex-mapd 467/tcp +mylex-mapd 467/udp +photuris 468/tcp +photuris 468/udp +rcp 469/tcp #Radio Control Protocol +rcp 469/udp #Radio Control Protocol +scx-proxy 470/tcp +scx-proxy 470/udp +mondex 471/tcp +mondex 471/udp +ljk-login 472/tcp +ljk-login 472/udp +hybrid-pop 473/tcp +hybrid-pop 473/udp +tn-tl-w1 474/tcp +tn-tl-w2 474/udp +tcpnethaspsrv 475/tcp +tcpnethaspsrv 475/udp +tn-tl-fd1 476/tcp +tn-tl-fd1 476/udp +ss7ns 477/tcp +ss7ns 477/udp +spsc 478/tcp +spsc 478/udp +iafserver 479/tcp +iafserver 479/udp +iafdbase 480/tcp +iafdbase 480/udp +ph 481/tcp +ph 481/udp +bgs-nsi 482/tcp +bgs-nsi 482/udp +ulpnet 483/tcp +ulpnet 483/udp +integra-sme 484/tcp #Integra Software Management Environment +integra-sme 484/udp #Integra Software Management Environment +powerburst 485/tcp #Air Soft Power Burst +powerburst 485/udp #Air Soft Power Burst +avian 486/tcp +avian 486/udp +saft 487/tcp #saft Simple Asynchronous File Transfer +saft 487/udp #saft Simple Asynchronous File Transfer +gss-http 488/tcp +gss-http 488/udp +nest-protocol 489/tcp +nest-protocol 489/udp +micom-pfs 490/tcp +micom-pfs 490/udp +go-login 491/tcp +go-login 491/udp +ticf-1 492/tcp #Transport Independent Convergence for FNA +ticf-1 492/udp #Transport Independent Convergence for FNA +ticf-2 493/tcp #Transport Independent Convergence for FNA +ticf-2 493/udp #Transport Independent Convergence for FNA +pov-ray 494/tcp +pov-ray 494/udp +intecourier 495/tcp +intecourier 495/udp +pim-rp-disc 496/tcp +pim-rp-disc 496/udp +dantz 497/tcp +dantz 497/udp +siam 498/tcp +siam 498/udp +iso-ill 499/tcp #ISO ILL Protocol +iso-ill 499/udp #ISO ILL Protocol +isakmp 500/tcp +isakmp 500/udp +stmf 501/tcp +stmf 501/udp +asa-appl-proto 502/tcp +asa-appl-proto 502/udp +intrinsa 503/tcp +intrinsa 503/udp +citadel 504/tcp +citadel 504/udp +mailbox-lm 505/tcp +mailbox-lm 505/udp +ohimsrv 506/tcp +ohimsrv 506/udp +crs 507/tcp +crs 507/udp +xvttp 508/tcp +xvttp 508/udp +snare 509/tcp +snare 509/udp +fcp 510/tcp #FirstClass Protocol +fcp 510/udp #FirstClass Protocol +passgo 511/tcp +passgo 511/udp +# +# Berkeley-specific services +# +exec 512/tcp #remote process execution; +# authentication performed using +# passwords and UNIX login names +biff 512/udp comsat #used by mail system to notify users +# of new mail received; currently +# receives messages only from +# processes on the same machine +login 513/tcp #remote login a la telnet; +# automatic authentication performed +# based on priviledged port numbers +# and distributed data bases which +# identify "authentication domains" +who 513/udp whod #maintains data bases showing who's +# logged in to machines on a local +# net and the load average of the +# machine +shell 514/tcp cmd #like exec, but automatic +# authentication is performed as for +# login server +syslog 514/udp +printer 515/tcp spooler +printer 515/udp spooler +videotex 516/tcp +videotex 516/udp +talk 517/tcp #like tenex link, but across +# machine - unfortunately, doesn't +# use link protocol (this is actually +# just a rendezvous port from which a +# tcp connection is established) +talk 517/udp #like tenex link, but across +# machine - unfortunately, doesn't +# use link protocol (this is actually +# just a rendezvous port from which a +# tcp connection is established) +ntalk 518/tcp +ntalk 518/udp +utime 519/tcp unixtime +utime 519/udp unixtime +efs 520/tcp #extended file name server +router 520/udp route routed #local routing process (on site); +# uses variant of Xerox NS routing +# information protocol +ripng 521/tcp +ripng 521/udp +ulp 522/tcp +ulp 522/udp +ibm-db2 523/tcp +ibm-db2 523/udp +ncp 524/tcp +ncp 524/udp +timed 525/tcp timeserver +timed 525/udp timeserver +tempo 526/tcp newdate +tempo 526/udp newdate +stx 527/tcp #Stock IXChange +stx 527/udp #Stock IXChange +custix 528/tcp #Customer IXChange +custix 528/udp #Customer IXChange +irc-serv 529/tcp +irc-serv 529/udp +courier 530/tcp rpc +courier 530/udp rpc +conference 531/tcp chat +conference 531/udp chat +netnews 532/tcp readnews +netnews 532/udp readnews +netwall 533/tcp #for emergency broadcasts +netwall 533/udp #for emergency broadcasts +mm-admin 534/tcp #MegaMedia Admin +mm-admin 534/udp #MegaMedia Admin +iiop 535/tcp +iiop 535/udp +opalis-rdv 536/tcp +opalis-rdv 536/udp +nmsp 537/tcp #Networked Media Streaming Protocol +nmsp 537/udp #Networked Media Streaming Protocol +gdomap 538/tcp +gdomap 538/udp +apertus-ldp 539/tcp #Apertus Technologies Load Determination +apertus-ldp 539/udp #Apertus Technologies Load Determination +uucp 540/tcp uucpd +uucp 540/udp uucpd +uucp-rlogin 541/tcp +uucp-rlogin 541/udp +commerce 542/tcp +commerce 542/udp +klogin 543/tcp # Kerberos (v4/v5) +klogin 543/udp # Kerberos (v4/v5) +kshell 544/tcp krcmd # Kerberos (v4/v5) +kshell 544/udp krcmd # Kerberos (v4/v5) +appleqtcsrvr 545/tcp +appleqtcsrvr 545/udp +dhcpv6-client 546/tcp #DHCPv6 Client +dhcpv6-client 546/udp #DHCPv6 Client +dhcpv6-server 547/tcp #DHCPv6 Server +dhcpv6-server 547/udp #DHCPv6 Server +afpovertcp 548/tcp #AFP over TCP +afpovertcp 548/udp #AFP over TCP +idfp 549/tcp +idfp 549/udp +new-rwho 550/tcp new-who +new-rwho 550/udp new-who +cybercash 551/tcp +cybercash 551/udp +deviceshare 552/tcp +deviceshare 552/udp +pirp 553/tcp +pirp 553/udp +rtsp 554/tcp #Real Time Stream Control Protocol +rtsp 554/udp #Real Time Stream Control Protocol +dsf 555/tcp +dsf 555/udp +remotefs 556/tcp rfs rfs_server # Brunhoff remote filesystem +remotefs 556/udp rfs rfs_server # Brunhoff remote filesystem +openvms-sysipc 557/tcp +openvms-sysipc 557/udp +sdnskmp 558/tcp +sdnskmp 558/udp +teedtap 559/tcp +teedtap 559/udp +rmonitor 560/tcp rmonitord +rmonitor 560/udp rmonitord +monitor 561/tcp +monitor 561/udp +chshell 562/tcp chcmd +chshell 562/udp chcmd +nntps 563/tcp snntp #nntp protocol over TLS/SSL +nntps 563/udp snntp #nntp protocol over TLS/SSL +9pfs 564/tcp #plan 9 file service +9pfs 564/udp #plan 9 file service +whoami 565/tcp +whoami 565/udp +streettalk 566/tcp +streettalk 566/udp +banyan-rpc 567/tcp +banyan-rpc 567/udp +ms-shuttle 568/tcp #Microsoft shuttle +ms-shuttle 568/udp #Microsoft shuttle +ms-rome 569/tcp #Microsoft rome +ms-rome 569/udp #Microsoft rome +meter 570/tcp #demon +meter 570/udp #demon +umeter 571/tcp #udemon +umeter 571/udp #udemon +sonar 572/tcp +sonar 572/udp +banyan-vip 573/tcp +banyan-vip 573/udp +ftp-agent 574/tcp #FTP Software Agent System +ftp-agent 574/udp #FTP Software Agent System +vemmi 575/tcp +vemmi 575/udp +ipcd 576/tcp +ipcd 576/udp +vnas 577/tcp +vnas 577/udp +ipdd 578/tcp +ipdd 578/udp +decbsrv 579/tcp +decbsrv 579/udp +sntp-heartbeat 580/tcp +sntp-heartbeat 580/udp +bdp 581/tcp #Bundle Discovery Protocol +bdp 581/udp #Bundle Discovery Protocol +scc-security 582/tcp +scc-security 582/udp +philips-vc 583/tcp #Philips Video-Conferencing +philips-vc 583/udp #Philips Video-Conferencing +keyserver 584/tcp +keyserver 584/udp +#imap4-ssl@585 never should have been allocated. See PR 46294. +#imap4-ssl 585/tcp #IMAP4+SSL (use of 585 is not recommended, +#imap4-ssl 585/udp # use 993 instead) +password-chg 586/tcp +password-chg 586/udp +submission 587/tcp +submission 587/udp +cal 588/tcp +cal 588/udp +eyelink 589/tcp +eyelink 589/udp +tns-cml 590/tcp +tns-cml 590/udp +http-alt 591/tcp #FileMaker, Inc. - HTTP Alternate (see Port 80) +http-alt 591/udp #FileMaker, Inc. - HTTP Alternate (see Port 80) +eudora-set 592/tcp +eudora-set 592/udp +http-rpc-epmap 593/tcp #HTTP RPC Ep Map +http-rpc-epmap 593/udp #HTTP RPC Ep Map +tpip 594/tcp +tpip 594/udp +cab-protocol 595/tcp +cab-protocol 595/udp +smsd 596/tcp +smsd 596/udp +ptcnameservice 597/tcp #PTC Name Service +ptcnameservice 597/udp #PTC Name Service +sco-websrvrmg3 598/tcp #SCO Web Server Manager 3 +sco-websrvrmg3 598/udp #SCO Web Server Manager 3 +acp 599/tcp #Aeolon Core Protocol +acp 599/udp #Aeolon Core Protocol +ipcserver 600/tcp #Sun IPC server +ipcserver 600/udp #Sun IPC server +syslog-conn 601/tcp #Reliable Syslog Service +syslog-conn 601/udp #Reliable Syslog Service +xmlrpc-beep 602/tcp #XML-RPC over BEEP +xmlrpc-beep 602/udp #XML-RPC over BEEP +idxp 603/tcp +idxp 603/udp +tunnel 604/tcp +tunnel 604/udp +soap-beep 605/tcp #SOAP over BEEP +soap-beep 605/udp #SOAP over BEEP +urm 606/tcp #Cray Unified Resource Manager +urm 606/udp #Cray Unified Resource Manager +nqs 607/tcp +nqs 607/udp +sift-uft 608/tcp #Sender-Initiated/Unsolicited File Transfer +sift-uft 608/udp #Sender-Initiated/Unsolicited File Transfer +npmp-trap 609/tcp +npmp-trap 609/udp +npmp-local 610/tcp +npmp-local 610/udp +npmp-gui 611/tcp +npmp-gui 611/udp +hmmp-ind 612/tcp #HMMP Indication +hmmp-ind 612/udp #HMMP Indication +hmmp-op 613/tcp #HMMP Operation +hmmp-op 613/udp #HMMP Operation +sshell 614/tcp #SSLshell +sshell 614/udp +sco-inetmgr 615/tcp #Internet Configuration Manager +sco-inetmgr 615/udp #Internet Configuration Manager +sco-sysmgr 616/tcp #SCO System Administration Server +sco-sysmgr 616/udp #SCO System Administration Server +sco-dtmgr 617/tcp #SCO Desktop Administration Server +sco-dtmgr 617/udp #SCO Desktop Administration Server +dei-icda 618/tcp +dei-icda 618/udp +compaq-evm 619/tcp #Compaq EVM +compaq-evm 619/udp #Compaq EVM +sco-websrvrmgr 620/tcp #SCO WebServer Manager +sco-websrvrmgr 620/udp #SCO WebServer Manager +escp-ip 621/tcp #ESCP +escp-ip 621/udp #ESCP +collaborator 622/tcp +collaborator 622/udp +asf-rmcp 623/tcp #ASF Remote Management and Control Protocol +asf-rmcp 623/udp #ASF Remote Management and Control Protocol +cryptoadmin 624/tcp #Crypto Admin +cryptoadmin 624/udp #Crypto Admin +dec_dlm 625/tcp #DEC DLM +dec_dlm 625/udp #DEC DLM +asia 626/tcp +asia 626/udp +passgo-tivoli 627/tcp #PassGo Tivoli +passgo-tivoli 627/udp #PassGo Tivoli +qmqp 628/tcp +qmqp 628/udp +3com-amp3 629/tcp #3Com AMP3 +3com-amp3 629/udp #3Com AMP3 +rda 630/tcp +rda 630/udp +ipp 631/tcp #IPP (Internet Printing Protocol) +ipp 631/udp #IPP (Internet Printing Protocol) +bmpp 632/tcp +bmpp 632/udp +servstat 633/tcp #Service Status update (Sterling Software) +servstat 633/udp #Service Status update (Sterling Software) +ginad 634/tcp +ginad 634/udp +rlzdbase 635/tcp #RLZ DBase +rlzdbase 635/udp #RLZ DBase +ldaps 636/tcp sldap #ldap protocol over TLS/SSL +ldaps 636/udp sldap +lanserver 637/tcp +lanserver 637/udp +mcns-sec 638/tcp +mcns-sec 638/udp +msdp 639/tcp +msdp 639/udp +entrust-sps 640/tcp +entrust-sps 640/udp +repcmd 641/tcp +repcmd 641/udp +esro-emsdp 642/tcp #ESRO-EMSDP V1.3 +esro-emsdp 642/udp #ESRO-EMSDP V1.3 +sanity 643/tcp #SANity +sanity 643/udp #SANity +dwr 644/tcp +dwr 644/udp +pssc 645/tcp +pssc 645/udp +ldp 646/tcp +ldp 646/udp +dhcp-failover 647/tcp #DHCP Failover +dhcp-failover 647/udp #DHCP Failover +rrp 648/tcp #Registry Registrar Protocol (RRP) +rrp 648/udp #Registry Registrar Protocol (RRP) +cadview-3d 649/tcp #Cadview-3d - streaming 3d models over the internet +cadview-3d 649/udp #Cadview-3d - streaming 3d models over the internet +obex 650/tcp +obex 650/udp +ieee-mms 651/tcp #IEEE MMS +ieee-mms 651/udp #IEEE MMS +hello-port 652/tcp +hello-port 652/udp +repscmd 653/tcp +repscmd 653/udp +aodv 654/tcp #Ad-Hoc On-Demand Distance Vector Routing Protocol +aodv 654/udp #Ad-Hoc On-Demand Distance Vector Routing Protocol +tinc 655/tcp +tinc 655/udp +spmp 656/tcp +spmp 656/udp +rmc 657/tcp +rmc 657/udp +tenfold 658/tcp +tenfold 658/udp +mac-srvr-admin 660/tcp #MacOS Server Admin +mac-srvr-admin 660/udp #MacOS Server Admin +hap 661/tcp +hap 661/udp +pftp 662/tcp +pftp 662/udp +purenoise 663/tcp #PureNoise +purenoise 663/udp #PureNoise +asf-secure-rmcp 664/tcp #ASF Secure Remote Management and Control Protocol +asf-secure-rmcp 664/udp #ASF Secure Remote Management and Control Protocol +sun-dr 665/tcp #Sun DR +sun-dr 665/udp #Sun DR +mdqs 666/tcp +mdqs 666/udp +#PROBLEMS!=============================================== +doom 666/tcp #doom Id Software +doom 666/udp #doom Id Software +#PROBLEMS!=============================================== +disclose 667/tcp #campaign contribution disclosures - SDR Technologies +disclose 667/udp #campaign contribution disclosures - SDR Technologies +mecomm 668/tcp +mecomm 668/udp +meregister 669/tcp +meregister 669/udp +vacdsm-sws 670/tcp +vacdsm-sws 670/udp +vacdsm-app 671/tcp +vacdsm-app 671/udp +vpps-qua 672/tcp +vpps-qua 672/udp +cimplex 673/tcp +cimplex 673/udp +acap 674/tcp #Application Configuration Access Protocol +acap 674/udp #Application Configuration Access Protocol +dctp 675/tcp +dctp 675/udp +vpps-via 676/tcp #VPPS Via +vpps-via 676/udp #VPPS Via +vpp 677/tcp #Virtual Presence Protocol +vpp 677/udp #Virtual Presence Protocol +ggf-ncp 678/tcp #GNU Generation Foundation NCP +ggf-ncp 678/udp #GNU Generation Foundation NCP +mrm 679/tcp +mrm 679/udp +entrust-aaas 680/tcp +entrust-aaas 680/udp +entrust-aams 681/tcp +entrust-aams 681/udp +xfr 682/tcp +xfr 682/udp +corba-iiop 683/tcp #CORBA IIOP +corba-iiop 683/udp #CORBA IIOP +corba-iiop-ssl 684/tcp #CORBA IIOP SSL +corba-iiop-ssl 684/udp #CORBA IIOP SSL +mdc-portmapper 685/tcp #MDC Port Mapper +mdc-portmapper 685/udp #MDC Port Mapper +hcp-wismar 686/tcp #Hardware Control Protocol Wismar +hcp-wismar 686/udp #Hardware Control Protocol Wismar +asipregistry 687/tcp +asipregistry 687/udp +realm-rusd 688/tcp #ApplianceWare managment protocol +realm-rusd 688/udp #ApplianceWare managment protocol +nmap 689/tcp +nmap 689/udp +vatp 690/tcp #Velazquez Application Transfer Protocol +vatp 690/udp #Velazquez Application Transfer Protocol +msexch-routing 691/tcp #MS Exchange Routing +msexch-routing 691/udp #MS Exchange Routing +hyperwave-isp 692/tcp #Hyperwave-ISP +hyperwave-isp 692/udp #Hyperwave-ISP +connendp 693/tcp +connendp 693/udp +ha-cluster 694/tcp +ha-cluster 694/udp +ieee-mms-ssl 695/tcp +ieee-mms-ssl 695/udp +rushd 696/tcp +rushd 696/udp +uuidgen 697/tcp +uuidgen 697/udp +olsr 698/tcp +olsr 698/udp +accessnetwork 699/tcp #Access Network +accessnetwork 699/udp #Access Network +epp 700/tcp #Extensible Provisioning Protocol +epp 700/udp #Extensible Provisioning Protocol +lmp 701/tcp #Link Management Protocol (LMP) +lmp 701/udp #Link Management Protocol (LMP) +iris-beep 702/tcp #IRIS over BEEP +iris-beep 702/udp #IRIS over BEEP +elcsd 704/tcp #errlog copy/server daemon +elcsd 704/udp #errlog copy/server daemon +agentx 705/tcp #AgentX +agentx 705/udp #AgentX +silc 706/tcp +silc 706/udp +borland-dsj 707/tcp #Borland DSJ +borland-dsj 707/udp #Borland DSJ +entrustmanager 709/tcp #EntrustManager +entrustmanager 709/udp #EntrustManager +entrust-ash 710/tcp #Entrust Administration Service Handler +entrust-ash 710/udp #Entrust Administration Service Handler +cisco-tdp 711/tcp #Cisco TDP +cisco-tdp 711/udp #Cisco TDP +tbrpf 712/tcp +tbrpf 712/udp +iris-xpc 713/tcp #IRIS over XPC +iris-xpc 713/udp #IRIS over XPC +iris-xpcs 714/tcp #IRIS over XPCS +iris-xpcs 714/udp #IRIS over XPCS +iris-lwz 715/tcp +iris-lwz 715/udp +netviewdm1 729/tcp #IBM NetView DM/6000 Server/Client +netviewdm1 729/udp #IBM NetView DM/6000 Server/Client +netviewdm2 730/tcp #IBM NetView DM/6000 send/tcp +netviewdm2 730/udp #IBM NetView DM/6000 send/tcp +netviewdm3 731/tcp #IBM NetView DM/6000 receive/tcp +netviewdm3 731/udp #IBM NetView DM/6000 receive/tcp +netgw 741/tcp +netgw 741/udp +netrcs 742/tcp #Network based Rev. Cont. Sys. +netrcs 742/udp #Network based Rev. Cont. Sys. +flexlm 744/tcp #Flexible License Manager +flexlm 744/udp #Flexible License Manager +fujitsu-dev 747/tcp #Fujitsu Device Control +fujitsu-dev 747/udp #Fujitsu Device Control +ris-cm 748/tcp #Russell Info Sci Calendar Manager +ris-cm 748/udp #Russell Info Sci Calendar Manager +kerberos-adm 749/tcp #Kerberos administration (v5) +kerberos-adm 749/udp #Kerberos administration (v5) +kerberos-iv 750/udp kdc # Kerberos (v4) +kerberos-iv 750/tcp kdc # Kerberos (v4) +#PROBLEMS!======================================================== +#rfile 750/tcp +#loadav 750/udp +#PROBLEMS!======================================================== +kerberos_master 751/tcp # Kerberos `kadmin' (v4) +kerberos_master 751/udp # Kerberos `kadmin' (v4) +#PROBLEMS!======================================================== +pump 751/tcp +pump 751/udp +#PROBLEMS!======================================================== +qrh 752/tcp +qrh 752/udp +rrh 753/tcp +rrh 753/udp +krb_prop 754/tcp krb5_prop # kerberos/v5 server propagation +#PROBLEMS!======================================================== +tell 754/tcp #send +#PROBLEMS!======================================================== +tell 754/udp #send +nlogin 758/tcp +nlogin 758/udp +con 759/tcp +con 759/udp +krbupdate 760/tcp kreg # Kerberos (v4) registration +#PROBLEMS!======================================================== +ns 760/tcp +#PROBLEMS!======================================================== +ns 760/udp +kpasswd 761/tcp kpwd # Kerberos (v4) "passwd" +#PROBLEMS!======================================================== +rxe 761/tcp +#PROBLEMS!======================================================== +rxe 761/udp +quotad 762/tcp +quotad 762/udp +cycleserv 763/tcp +cycleserv 763/udp +omserv 764/tcp +omserv 764/udp +webster 765/tcp +webster 765/udp +phonebook 767/tcp #phone +phonebook 767/udp #phone +vid 769/tcp +vid 769/udp +cadlock 770/tcp +cadlock 770/udp +rtip 771/tcp +rtip 771/udp +cycleserv2 772/tcp +cycleserv2 772/udp +submit 773/tcp +notify 773/udp +rpasswd 774/tcp +acmaint_dbd 774/udp +entomb 775/tcp +acmaint_transd 775/udp +wpages 776/tcp +wpages 776/udp +multiling-http 777/tcp #Multiling HTTP +multiling-http 777/udp #Multiling HTTP +wpgs 780/tcp +wpgs 780/udp +mdbs_daemon 800/tcp +mdbs_daemon 800/udp +device 801/tcp +device 801/udp +fcp-udp 810/tcp #FCP +fcp-udp 810/udp #FCP Datagram +itm-mcell-s 828/tcp +itm-mcell-s 828/udp +pkix-3-ca-ra 829/tcp #PKIX-3 CA/RA +pkix-3-ca-ra 829/udp #PKIX-3 CA/RA +netconf-ssh 830/tcp #NETCONF over SSH +netconf-ssh 830/udp #NETCONF over SSH +netconf-beep 831/tcp #NETCONF over BEEP +netconf-beep 831/udp #NETCONF over BEEP +netconfsoaphttp 832/tcp #NETCONF for SOAP over HTTPS +netconfsoaphttp 832/udp #NETCONF for SOAP over HTTPS +netconfsoapbeep 833/tcp #NETCONF for SOAP over BEEP +netconfsoapbeep 833/udp #NETCONF for SOAP over BEEP +dhcp-failover2 847/tcp #dhcp-failover 2 +dhcp-failover2 847/udp #dhcp-failover 2 +gdoi 848/tcp +gdoi 848/udp +iscsi 860/tcp +iscsi 860/udp +owamp-control 861/tcp +owamp-control 861/udp +supfilesrv 871/tcp # for SUP +rsync 873/tcp +rsync 873/udp +iclcnet-locate 886/tcp #ICL coNETion locate server +iclcnet-locate 886/udp #ICL coNETion locate server +iclcnet_svinfo 887/tcp #ICL coNETion server info +iclcnet_svinfo 887/udp #ICL coNETion server info +accessbuilder 888/tcp +accessbuilder 888/udp +omginitialrefs 900/tcp #OMG Initial Refs +omginitialrefs 900/udp #OMG Initial Refs +swat 901/tcp # samba web configuration tool +smpnameres 901/tcp +smpnameres 901/udp +ideafarm-chat 902/tcp +ideafarm-chat 902/udp +ideafarm-catch 903/tcp +ideafarm-catch 903/udp +kink 910/tcp #Kerberized Internet Negotiation of Keys (KINK) +kink 910/udp #Kerberized Internet Negotiation of Keys (KINK) +xact-backup 911/tcp +xact-backup 911/udp +apex-mesh 912/tcp #APEX relay-relay service +apex-mesh 912/udp #APEX relay-relay service +apex-edge 913/tcp #APEX endpoint-relay service +apex-edge 913/udp #APEX endpoint-relay service +rndc 953/tcp # named's rndc control socket +ftps-data 989/tcp # ftp protocol, data, over TLS/SSL +ftps-data 989/udp +ftps 990/tcp # ftp protocol, control, over TLS/SSL +ftps 990/udp +nas 991/tcp #Netnews Administration System +nas 991/udp #Netnews Administration System +telnets 992/tcp # telnet protocol over TLS/SSL +telnets 992/udp +imaps 993/tcp # imap4 protocol over TLS/SSL +imaps 993/udp +ircs 994/tcp # irc protocol over TLS/SSL +ircs 994/udp +pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL +pop3s 995/udp spop3 +vsinet 996/tcp +vsinet 996/udp +maitrd 997/tcp +maitrd 997/udp +busboy 998/tcp +puparp 998/udp +garcon 999/tcp +applix 999/udp #Applix ac +puprouter 999/tcp +puprouter 999/udp +cadlock2 1000/tcp +cadlock2 1000/udp +surf 1010/tcp +surf 1010/udp +exp1 1021/tcp #RFC3692-style Experiment 1 (*) [RFC4727] +exp1 1021/udp #RFC3692-style Experiment 1 (*) [RFC4727] +exp2 1022/tcp #RFC3692-style Experiment 2 (*) [RFC4727] +exp2 1022/udp #RFC3692-style Experiment 2 (*) [RFC4727] +# +# REGISTERED PORT NUMBERS +# +blackjack 1025/tcp #network blackjack +blackjack 1025/udp #network blackjack +iad1 1030/tcp #BBN IAD +iad1 1030/udp #BBN IAD +iad2 1031/tcp #BBN IAD +iad2 1031/udp #BBN IAD +iad3 1032/tcp #BBN IAD +iad3 1032/udp #BBN IAD +nim 1058/tcp +nim 1058/udp +nimreg 1059/tcp +nimreg 1059/udp +instl_boots 1067/tcp #Installation Bootstrap Proto. Serv. +instl_boots 1067/udp #Installation Bootstrap Proto. Serv. +instl_bootc 1068/tcp #Installation Bootstrap Proto. Cli. +instl_bootc 1068/udp #Installation Bootstrap Proto. Cli. +socks 1080/tcp +socks 1080/udp +ansoft-lm-1 1083/tcp #Anasoft License Manager +ansoft-lm-1 1083/udp #Anasoft License Manager +ansoft-lm-2 1084/tcp #Anasoft License Manager +ansoft-lm-2 1084/udp #Anasoft License Manager +webobjects 1085/tcp #Web Objects +webobjects 1085/udp #Web Objects +kpop 1109/tcp #Unofficial +kpop 1109/udp #Unofficial +nfsd-status 1110/tcp #Cluster status info +nfsd-keepalive 1110/udp #Client status info +supfiledbg 1127/tcp # for SUP +nfa 1155/tcp #Network File Access +nfa 1155/udp #Network File Access +cisco-ipsla 1167/sctp #Cisco IP SLAs Control Protocol +cisco-ipsla 1167/tcp #Cisco IP SLAs Control Protocol +cisco-ipsla 1167/udp #Cisco IP SLAs Control Protocol +skkserv 1178/tcp #SKK (kanji input) +openvpn 1194/tcp #OpenVPN +openvpn 1194/udp #OpenVPN +lupa 1212/tcp +lupa 1212/udp +nerv 1222/tcp #SNI R&D network +nerv 1222/udp #SNI R&D network +hermes 1248/tcp +hermes 1248/udp +healthd 1281/tcp #healthd +healthd 1281/udp #healthd +alta-ana-lm 1346/tcp #Alta Analytics License Manager +alta-ana-lm 1346/udp #Alta Analytics License Manager +bbn-mmc 1347/tcp #multi media conferencing +bbn-mmc 1347/udp #multi media conferencing +bbn-mmx 1348/tcp #multi media conferencing +bbn-mmx 1348/udp #multi media conferencing +sbook 1349/tcp #Registration Network Protocol +sbook 1349/udp #Registration Network Protocol +editbench 1350/tcp #Registration Network Protocol +editbench 1350/udp #Registration Network Protocol +equationbuilder 1351/tcp #Digital Tool Works (MIT) +equationbuilder 1351/udp #Digital Tool Works (MIT) +lotusnote 1352/tcp #Lotus Note +lotusnote 1352/udp #Lotus Note +relief 1353/tcp #Relief Consulting +relief 1353/udp #Relief Consulting +rightbrain 1354/tcp #RightBrain Software +rightbrain 1354/udp #RightBrain Software +intuitive-edge 1355/tcp #Intuitive Edge +intuitive-edge 1355/udp #Intuitive Edge +cuillamartin 1356/tcp #CuillaMartin Company +cuillamartin 1356/udp #CuillaMartin Company +pegboard 1357/tcp #Electronic PegBoard +pegboard 1357/udp #Electronic PegBoard +connlcli 1358/tcp +connlcli 1358/udp +ftsrv 1359/tcp +ftsrv 1359/udp +mimer 1360/tcp +mimer 1360/udp +linx 1361/tcp +linx 1361/udp +timeflies 1362/tcp +timeflies 1362/udp +ndm-requester 1363/tcp #Network DataMover Requester +ndm-requester 1363/udp #Network DataMover Requester +ndm-server 1364/tcp #Network DataMover Server +ndm-server 1364/udp #Network DataMover Server +adapt-sna 1365/tcp #Network Software Associates +adapt-sna 1365/udp #Network Software Associates +netware-csp 1366/tcp #Novell NetWare Comm Service Platform +netware-csp 1366/udp #Novell NetWare Comm Service Platform +dcs 1367/tcp +dcs 1367/udp +screencast 1368/tcp +screencast 1368/udp +gv-us 1369/tcp #GlobalView to Unix Shell +gv-us 1369/udp #GlobalView to Unix Shell +us-gv 1370/tcp #Unix Shell to GlobalView +us-gv 1370/udp #Unix Shell to GlobalView +fc-cli 1371/tcp #Fujitsu Config Protocol +fc-cli 1371/udp #Fujitsu Config Protocol +fc-ser 1372/tcp #Fujitsu Config Protocol +fc-ser 1372/udp #Fujitsu Config Protocol +chromagrafx 1373/tcp +chromagrafx 1373/udp +molly 1374/tcp #EPI Software Systems +molly 1374/udp #EPI Software Systems +bytex 1375/tcp +bytex 1375/udp +ibm-pps 1376/tcp #IBM Person to Person Software +ibm-pps 1376/udp #IBM Person to Person Software +cichlid 1377/tcp #Cichlid License Manager +cichlid 1377/udp #Cichlid License Manager +elan 1378/tcp #Elan License Manager +elan 1378/udp #Elan License Manager +dbreporter 1379/tcp #Integrity Solutions +dbreporter 1379/udp #Integrity Solutions +telesis-licman 1380/tcp #Telesis Network License Manager +telesis-licman 1380/udp #Telesis Network License Manager +apple-licman 1381/tcp #Apple Network License Manager +apple-licman 1381/udp #Apple Network License Manager +#udt_os 1382/tcp +#udt_os 1382/udp +gwha 1383/tcp #GW Hannaway Network License Manager +gwha 1383/udp #GW Hannaway Network License Manager +os-licman 1384/tcp #Objective Solutions License Manager +os-licman 1384/udp #Objective Solutions License Manager +atex_elmd 1385/tcp #Atex Publishing License Manager +atex_elmd 1385/udp #Atex Publishing License Manager +checksum 1386/tcp #CheckSum License Manager +checksum 1386/udp #CheckSum License Manager +cadsi-lm 1387/tcp #Computer Aided Design Software Inc LM +cadsi-lm 1387/udp #Computer Aided Design Software Inc LM +objective-dbc 1388/tcp #Objective Solutions DataBase Cache +objective-dbc 1388/udp #Objective Solutions DataBase Cache +iclpv-dm 1389/tcp #Document Manager +iclpv-dm 1389/udp #Document Manager +iclpv-sc 1390/tcp #Storage Controller +iclpv-sc 1390/udp #Storage Controller +iclpv-sas 1391/tcp #Storage Access Server +iclpv-sas 1391/udp #Storage Access Server +iclpv-pm 1392/tcp #Print Manager +iclpv-pm 1392/udp #Print Manager +iclpv-nls 1393/tcp #Network Log Server +iclpv-nls 1393/udp #Network Log Server +iclpv-nlc 1394/tcp #Network Log Client +iclpv-nlc 1394/udp #Network Log Client +iclpv-wsm 1395/tcp #PC Workstation Manager software +iclpv-wsm 1395/udp #PC Workstation Manager software +dvl-activemail 1396/tcp #DVL Active Mail +dvl-activemail 1396/udp #DVL Active Mail +audio-activmail 1397/tcp #Audio Active Mail +audio-activmail 1397/udp #Audio Active Mail +video-activmail 1398/tcp #Video Active Mail +video-activmail 1398/udp #Video Active Mail +cadkey-licman 1399/tcp #Cadkey License Manager +cadkey-licman 1399/udp #Cadkey License Manager +cadkey-tablet 1400/tcp #Cadkey Tablet Daemon +cadkey-tablet 1400/udp #Cadkey Tablet Daemon +goldleaf-licman 1401/tcp #Goldleaf License Manager +goldleaf-licman 1401/udp #Goldleaf License Manager +prm-sm-np 1402/tcp #Prospero Resource Manager +prm-sm-np 1402/udp #Prospero Resource Manager +prm-nm-np 1403/tcp #Prospero Resource Manager +prm-nm-np 1403/udp #Prospero Resource Manager +igi-lm 1404/tcp #Infinite Graphics License Manager +igi-lm 1404/udp #Infinite Graphics License Manager +ibm-res 1405/tcp #IBM Remote Execution Starter +ibm-res 1405/udp #IBM Remote Execution Starter +netlabs-lm 1406/tcp #NetLabs License Manager +netlabs-lm 1406/udp #NetLabs License Manager +dbsa-lm 1407/tcp #DBSA License Manager +dbsa-lm 1407/udp #DBSA License Manager +sophia-lm 1408/tcp #Sophia License Manager +sophia-lm 1408/udp #Sophia License Manager +here-lm 1409/tcp #Here License Manager +here-lm 1409/udp #Here License Manager +hiq 1410/tcp #HiQ License Manager +hiq 1410/udp #HiQ License Manager +af 1411/tcp #AudioFile +af 1411/udp #AudioFile +innosys 1412/tcp +innosys 1412/udp +innosys-acl 1413/tcp +innosys-acl 1413/udp +ibm-mqseries 1414/tcp #IBM MQSeries +ibm-mqseries 1414/udp #IBM MQSeries +dbstar 1415/tcp +dbstar 1415/udp +novell-lu6.2 1416/tcp #Novell LU6.2 +novell-lu6.2 1416/udp #Novell LU6.2 +timbuktu-srv1 1417/tcp #Timbuktu Service 1 Port +timbuktu-srv1 1417/udp #Timbuktu Service 1 Port +timbuktu-srv2 1418/tcp #Timbuktu Service 2 Port +timbuktu-srv2 1418/udp #Timbuktu Service 2 Port +timbuktu-srv3 1419/tcp #Timbuktu Service 3 Port +timbuktu-srv3 1419/udp #Timbuktu Service 3 Port +timbuktu-srv4 1420/tcp #Timbuktu Service 4 Port +timbuktu-srv4 1420/udp #Timbuktu Service 4 Port +gandalf-lm 1421/tcp #Gandalf License Manager +gandalf-lm 1421/udp #Gandalf License Manager +autodesk-lm 1422/tcp #Autodesk License Manager +autodesk-lm 1422/udp #Autodesk License Manager +essbase 1423/tcp #Essbase Arbor Software +essbase 1423/udp #Essbase Arbor Software +hybrid 1424/tcp #Hybrid Encryption Protocol +hybrid 1424/udp #Hybrid Encryption Protocol +zion-lm 1425/tcp #Zion Software License Manager +zion-lm 1425/udp #Zion Software License Manager +sas-1 1426/tcp #Satellite-data Acquisition System 1 +sas-1 1426/udp #Satellite-data Acquisition System 1 +mloadd 1427/tcp #mloadd monitoring tool +mloadd 1427/udp #mloadd monitoring tool +informatik-lm 1428/tcp #Informatik License Manager +informatik-lm 1428/udp #Informatik License Manager +nms 1429/tcp #Hypercom NMS +nms 1429/udp #Hypercom NMS +tpdu 1430/tcp #Hypercom TPDU +tpdu 1430/udp #Hypercom TPDU +rgtp 1431/tcp #Reverse Gossip Transport +rgtp 1431/udp #Reverse Gossip Transport +blueberry-lm 1432/tcp #Blueberry Software License Manager +blueberry-lm 1432/udp #Blueberry Software License Manager +ms-sql-s 1433/tcp #Microsoft-SQL-Server +ms-sql-s 1433/udp #Microsoft-SQL-Server +ms-sql-m 1434/tcp #Microsoft-SQL-Monitor +ms-sql-m 1434/udp #Microsoft-SQL-Monitor +ibm-cics 1435/tcp +ibm-cics 1435/udp +sas-2 1436/tcp #Satellite-data Acquisition System 2 +sas-2 1436/udp #Satellite-data Acquisition System 2 +tabula 1437/tcp +tabula 1437/udp +eicon-server 1438/tcp #Eicon Security Agent/Server +eicon-server 1438/udp #Eicon Security Agent/Server +eicon-x25 1439/tcp #Eicon X25/SNA Gateway +eicon-x25 1439/udp #Eicon X25/SNA Gateway +eicon-slp 1440/tcp #Eicon Service Location Protocol +eicon-slp 1440/udp #Eicon Service Location Protocol +cadis-1 1441/tcp #Cadis License Management +cadis-1 1441/udp #Cadis License Management +cadis-2 1442/tcp #Cadis License Management +cadis-2 1442/udp #Cadis License Management +ies-lm 1443/tcp #Integrated Engineering Software +ies-lm 1443/udp #Integrated Engineering Software +marcam-lm 1444/tcp #Marcam License Management +marcam-lm 1444/udp #Marcam License Management +proxima-lm 1445/tcp #Proxima License Manager +proxima-lm 1445/udp #Proxima License Manager +ora-lm 1446/tcp #Optical Research Associates License Manager +ora-lm 1446/udp #Optical Research Associates License Manager +apri-lm 1447/tcp #Applied Parallel Research LM +apri-lm 1447/udp #Applied Parallel Research LM +oc-lm 1448/tcp #OpenConnect License Manager +oc-lm 1448/udp #OpenConnect License Manager +peport 1449/tcp +peport 1449/udp +dwf 1450/tcp #Tandem Distributed Workbench Facility +dwf 1450/udp #Tandem Distributed Workbench Facility +infoman 1451/tcp #IBM Information Management +infoman 1451/udp #IBM Information Management +gtegsc-lm 1452/tcp #GTE Government Systems License Man +gtegsc-lm 1452/udp #GTE Government Systems License Man +genie-lm 1453/tcp #Genie License Manager +genie-lm 1453/udp #Genie License Manager +interhdl_elmd 1454/tcp #interHDL License Manager +interhdl_elmd 1454/udp #interHDL License Manager +esl-lm 1455/tcp #ESL License Manager +esl-lm 1455/udp #ESL License Manager +dca 1456/tcp +dca 1456/udp +valisys-lm 1457/tcp #Valisys License Manager +valisys-lm 1457/udp #Valisys License Manager +nrcabq-lm 1458/tcp #Nichols Research Corp. +nrcabq-lm 1458/udp #Nichols Research Corp. +proshare1 1459/tcp #Proshare Notebook Application +proshare1 1459/udp #Proshare Notebook Application +proshare2 1460/tcp #Proshare Notebook Application +proshare2 1460/udp #Proshare Notebook Application +ibm_wrless_lan 1461/tcp #IBM Wireless LAN +ibm_wrless_lan 1461/udp #IBM Wireless LAN +world-lm 1462/tcp #World License Manager +world-lm 1462/udp #World License Manager +nucleus 1463/tcp +nucleus 1463/udp +msl_lmd 1464/tcp #MSL License Manager +msl_lmd 1464/udp #MSL License Manager +pipes 1465/tcp #Pipes Platform +pipes 1465/udp #Pipes Platform mfarlin@peerlogic.com +oceansoft-lm 1466/tcp #Ocean Software License Manager +oceansoft-lm 1466/udp #Ocean Software License Manager +csdmbase 1467/tcp +csdmbase 1467/udp +csdm 1468/tcp +csdm 1468/udp +aal-lm 1469/tcp #Active Analysis Limited License Manager +aal-lm 1469/udp #Active Analysis Limited License Manager +uaiact 1470/tcp #Universal Analytics +uaiact 1470/udp #Universal Analytics +csdmbase 1471/tcp +csdmbase 1471/udp +csdm 1472/tcp +csdm 1472/udp +openmath 1473/tcp +openmath 1473/udp +telefinder 1474/tcp +telefinder 1474/udp +taligent-lm 1475/tcp #Taligent License Manager +taligent-lm 1475/udp #Taligent License Manager +clvm-cfg 1476/tcp +clvm-cfg 1476/udp +ms-sna-server 1477/tcp +ms-sna-server 1477/udp +ms-sna-base 1478/tcp +ms-sna-base 1478/udp +dberegister 1479/tcp +dberegister 1479/udp +pacerforum 1480/tcp +pacerforum 1480/udp +airs 1481/tcp +airs 1481/udp +miteksys-lm 1482/tcp #Miteksys License Manager +miteksys-lm 1482/udp #Miteksys License Manager +afs 1483/tcp #AFS License Manager +afs 1483/udp #AFS License Manager +confluent 1484/tcp #Confluent License Manager +confluent 1484/udp #Confluent License Manager +lansource 1485/tcp +lansource 1485/udp +nms_topo_serv 1486/tcp +nms_topo_serv 1486/udp +localinfosrvr 1487/tcp +localinfosrvr 1487/udp +docstor 1488/tcp +docstor 1488/udp +dmdocbroker 1489/tcp +dmdocbroker 1489/udp +insitu-conf 1490/tcp +insitu-conf 1490/udp +anynetgateway 1491/tcp +anynetgateway 1491/udp +stone-design-1 1492/tcp +stone-design-1 1492/udp +netmap_lm 1493/tcp +netmap_lm 1493/udp +ica 1494/tcp +ica 1494/udp +cvc 1495/tcp +cvc 1495/udp +liberty-lm 1496/tcp +liberty-lm 1496/udp +rfx-lm 1497/tcp +rfx-lm 1497/udp +watcom-sql 1498/tcp +watcom-sql 1498/udp +fhc 1499/tcp #Federico Heinz Consultora +fhc 1499/udp #Federico Heinz Consultora +vlsi-lm 1500/tcp #VLSI License Manager +vlsi-lm 1500/udp #VLSI License Manager +sas-3 1501/tcp #Satellite-data Acquisition System 3 +sas-3 1501/udp #Satellite-data Acquisition System 3 +shivadiscovery 1502/tcp #Shiva +shivadiscovery 1502/udp #Shiva +imtc-mcs 1503/tcp #Databeam +imtc-mcs 1503/udp #Databeam +evb-elm 1504/tcp #EVB Software Engineering License Manager +evb-elm 1504/udp #EVB Software Engineering License Manager +funkproxy 1505/tcp #Funk Software, Inc. +funkproxy 1505/udp #Funk Software, Inc. +utcd 1506/tcp #Universal Time daemon (utcd) +utcd 1506/udp #Universal Time daemon (utcd) +symplex 1507/tcp +symplex 1507/udp +diagmond 1508/tcp +diagmond 1508/udp +robcad-lm 1509/tcp #Robcad, Ltd. License Manager +robcad-lm 1509/udp #Robcad, Ltd. License Manager +mvx-lm 1510/tcp #Midland Valley Exploration Ltd. Lic. Man. +mvx-lm 1510/udp #Midland Valley Exploration Ltd. Lic. Man. +3l-l1 1511/tcp +3l-l1 1511/udp +wins 1512/tcp #Microsoft's Windows Internet Name Service +wins 1512/udp #Microsoft's Windows Internet Name Service +fujitsu-dtc 1513/tcp #Fujitsu Systems Business of America, Inc +fujitsu-dtc 1513/udp #Fujitsu Systems Business of America, Inc +fujitsu-dtcns 1514/tcp #Fujitsu Systems Business of America, Inc +fujitsu-dtcns 1514/udp #Fujitsu Systems Business of America, Inc +ifor-protocol 1515/tcp +ifor-protocol 1515/udp +vpad 1516/tcp #Virtual Places Audio data +vpad 1516/udp #Virtual Places Audio data +vpac 1517/tcp #Virtual Places Audio control +vpac 1517/udp #Virtual Places Audio control +vpvd 1518/tcp #Virtual Places Video data +vpvd 1518/udp #Virtual Places Video data +vpvc 1519/tcp #Virtual Places Video control +vpvc 1519/udp #Virtual Places Video control +atm-zip-office 1520/tcp #atm zip office +atm-zip-office 1520/udp #atm zip office +ncube-lm 1521/tcp #nCube License Manager +ncube-lm 1521/udp #nCube License Manager +rna-lm 1522/tcp #Ricardo North America License Manager +rna-lm 1522/udp #Ricardo North America License Manager +cichild-lm 1523/tcp +cichild-lm 1523/udp +ingreslock 1524/tcp #ingres +ingreslock 1524/udp #ingres +prospero-np 1525/tcp #Prospero Directory Service non-priv +prospero-np 1525/udp #Prospero Directory Service non-priv +#PROBLEMS!======================================================== +orasrv 1525/tcp #oracle +orasrv 1525/udp #oracle +#PROBLEMS!======================================================== +pdap-np 1526/tcp #Prospero Data Access Prot non-priv +pdap-np 1526/udp #Prospero Data Access Prot non-priv +tlisrv 1527/tcp #oracle +tlisrv 1527/udp #oracle +mciautoreg 1528/tcp +mciautoreg 1528/udp +support 1529/tcp prmsd gnatsd # cygnus bug tracker +coauthor 1529/tcp #oracle +coauthor 1529/udp #oracle +rap-service 1530/tcp +rap-service 1530/udp +rap-listen 1531/tcp +rap-listen 1531/udp +miroconnect 1532/tcp +miroconnect 1532/udp +virtual-places 1533/tcp #Virtual Places Software +virtual-places 1533/udp #Virtual Places Software +micromuse-lm 1534/tcp +micromuse-lm 1534/udp +ampr-info 1535/tcp +ampr-info 1535/udp +ampr-inter 1536/tcp +ampr-inter 1536/udp +sdsc-lm 1537/tcp +sdsc-lm 1537/udp +3ds-lm 1538/tcp +3ds-lm 1538/udp +intellistor-lm 1539/tcp #Intellistor License Manager +intellistor-lm 1539/udp #Intellistor License Manager +rds 1540/tcp +rds 1540/udp +rds2 1541/tcp +rds2 1541/udp +gridgen-elmd 1542/tcp +gridgen-elmd 1542/udp +simba-cs 1543/tcp +simba-cs 1543/udp +aspeclmd 1544/tcp +aspeclmd 1544/udp +vistium-share 1545/tcp +vistium-share 1545/udp +abbaccuray 1546/tcp +abbaccuray 1546/udp +laplink 1547/tcp +laplink 1547/udp +axon-lm 1548/tcp #Axon License Manager +axon-lm 1548/udp #Axon License Manager +shivahose 1549/tcp #Shiva Hose +shivasound 1549/udp #Shiva Sound +3m-image-lm 1550/tcp #Image Storage license manager 3M Company +3m-image-lm 1550/udp #Image Storage license manager 3M Company +hecmtl-db 1551/tcp +hecmtl-db 1551/udp +pciarray 1552/tcp +pciarray 1552/udp +issd 1600/tcp +issd 1600/udp +# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by +# many vendors without obtaining official IANA assignment. The official +# assignment is now ports 1812/1813 and users are encouraged to migrate +# when possible to these new ports. +#radius 1645/udp #RADIUS authentication protocol (old) +#radacct 1646/udp #RADIUS accounting protocol (old) +nkd 1650/tcp +nkd 1650/udp +shiva_confsrvr 1651/tcp +shiva_confsrvr 1651/udp +xnmp 1652/tcp +xnmp 1652/udp +netview-aix-1 1661/tcp +netview-aix-1 1661/udp +netview-aix-2 1662/tcp +netview-aix-2 1662/udp +netview-aix-3 1663/tcp +netview-aix-3 1663/udp +netview-aix-4 1664/tcp +netview-aix-4 1664/udp +netview-aix-5 1665/tcp +netview-aix-5 1665/udp +netview-aix-6 1666/tcp +netview-aix-6 1666/udp +netview-aix-7 1667/tcp +netview-aix-7 1667/udp +netview-aix-8 1668/tcp +netview-aix-8 1668/udp +netview-aix-9 1669/tcp +netview-aix-9 1669/udp +netview-aix-10 1670/tcp +netview-aix-10 1670/udp +netview-aix-11 1671/tcp +netview-aix-11 1671/udp +netview-aix-12 1672/tcp +netview-aix-12 1672/udp +l2f 1701/tcp #l2f +l2f 1701/udp #l2f +l2tp 1701/tcp #Layer 2 Tunnelling Protocol +l2tp 1701/udp #Layer 2 Tunnelling Protocol +pptp 1723/tcp #Point-to-point tunnelling protocol +# IMPORTANT NOTE: See comments for ports 1645/1646 when using older equipment +radius 1812/udp #RADIUS authentication protocol (IANA sanctioned) +radacct 1813/udp #RADIUS accounting protocol (IANA sanctioned) +licensedaemon 1986/tcp #cisco license management +licensedaemon 1986/udp #cisco license management +tr-rsrb-p1 1987/tcp #cisco RSRB Priority 1 port +tr-rsrb-p1 1987/udp #cisco RSRB Priority 1 port +tr-rsrb-p2 1988/tcp #cisco RSRB Priority 2 port +tr-rsrb-p2 1988/udp #cisco RSRB Priority 2 port +tr-rsrb-p3 1989/tcp #cisco RSRB Priority 3 port +tr-rsrb-p3 1989/udp #cisco RSRB Priority 3 port +#PROBLEMS!=================================================== +mshnet 1989/tcp #MHSnet system +mshnet 1989/udp #MHSnet system +#PROBLEMS!=================================================== +stun-p1 1990/tcp #cisco STUN Priority 1 port +stun-p1 1990/udp #cisco STUN Priority 1 port +stun-p2 1991/tcp #cisco STUN Priority 2 port +stun-p2 1991/udp #cisco STUN Priority 2 port +stun-p3 1992/tcp #cisco STUN Priority 3 port +stun-p3 1992/udp #cisco STUN Priority 3 port +#PROBLEMS!=================================================== +ipsendmsg 1992/tcp +ipsendmsg 1992/udp +#PROBLEMS!=================================================== +snmp-tcp-port 1993/tcp #cisco SNMP TCP port +snmp-tcp-port 1993/udp #cisco SNMP TCP port +stun-port 1994/tcp #cisco serial tunnel port +stun-port 1994/udp #cisco serial tunnel port +perf-port 1995/tcp #cisco perf port +perf-port 1995/udp #cisco perf port +tr-rsrb-port 1996/tcp #cisco Remote SRB port +tr-rsrb-port 1996/udp #cisco Remote SRB port +gdp-port 1997/tcp #cisco Gateway Discovery Protocol +gdp-port 1997/udp #cisco Gateway Discovery Protocol +x25-svc-port 1998/tcp #cisco X.25 service (XOT) +x25-svc-port 1998/udp #cisco X.25 service (XOT) +tcp-id-port 1999/tcp #cisco identification port +tcp-id-port 1999/udp #cisco identification port +callbook 2000/tcp +callbook 2000/udp +dc 2001/tcp +wizard 2001/udp #curry +globe 2002/tcp +globe 2002/udp +cfingerd 2003/tcp #GNU finger +mailbox 2004/tcp +emce 2004/udp #CCWS mm conf +berknet 2005/tcp +oracle 2005/udp +invokator 2006/tcp +raid-cc 2006/udp #raid +dectalk 2007/tcp +raid-am 2007/udp +conf 2008/tcp +terminaldb 2008/udp +news 2009/tcp +whosockami 2009/udp +search 2010/tcp +pipe_server 2010/udp +raid-cc 2011/tcp #raid +servserv 2011/udp +ttyinfo 2012/tcp +raid-ac 2012/udp +raid-am 2013/tcp +raid-cd 2013/udp +troff 2014/tcp +raid-sf 2014/udp +cypress 2015/tcp +raid-cs 2015/udp +bootserver 2016/tcp +bootserver 2016/udp +cypress-stat 2017/tcp +bootclient 2017/udp +terminaldb 2018/tcp +rellpack 2018/udp +whosockami 2019/tcp +about 2019/udp +xinupageserver 2020/tcp +xinupageserver 2020/udp +servexec 2021/tcp +xinuexpansion1 2021/udp +down 2022/tcp +xinuexpansion2 2022/udp +xinuexpansion3 2023/tcp +xinuexpansion3 2023/udp +xinuexpansion4 2024/tcp +xinuexpansion4 2024/udp +ellpack 2025/tcp +xribs 2025/udp +scrabble 2026/tcp +scrabble 2026/udp +shadowserver 2027/tcp +shadowserver 2027/udp +submitserver 2028/tcp +submitserver 2028/udp +device2 2030/tcp +device2 2030/udp +blackboard 2032/tcp +blackboard 2032/udp +glogger 2033/tcp +glogger 2033/udp +scoremgr 2034/tcp +scoremgr 2034/udp +imsldoc 2035/tcp +imsldoc 2035/udp +objectmanager 2038/tcp +objectmanager 2038/udp +lam 2040/tcp +lam 2040/udp +interbase 2041/tcp +interbase 2041/udp +isis 2042/tcp +isis 2042/udp +isis-bcast 2043/tcp +isis-bcast 2043/udp +rimsl 2044/tcp +rimsl 2044/udp +cdfunc 2045/tcp +cdfunc 2045/udp +sdfunc 2046/tcp +sdfunc 2046/udp +#dls 2047/tcp +#dls 2047/udp +dls-monitor 2048/tcp +dls-monitor 2048/udp +nfsd 2049/sctp nfs # NFS server daemon +nfsd 2049/tcp nfs # NFS server daemon +nfsd 2049/udp nfs # NFS server daemon +#PROBLEMS!============================================================= +#shilp 2049/tcp +#shilp 2049/udp +#PROBLEMS!============================================================= +dlsrpn 2065/tcp #Data Link Switch Read Port Number +dlsrpn 2065/udp #Data Link Switch Read Port Number +dlswpn 2067/tcp #Data Link Switch Write Port Number +dlswpn 2067/udp #Data Link Switch Write Port Number +zephyr-clt 2103/udp #Zephyr serv-hm connection +zephyr-hm 2104/udp #Zephyr hostmanager +#PROBLEMS!============================================================= +#zephyr-hm-srv 2105/udp #Zephyr hm-serv connection +#PROBLEMS!============================================================= +eklogin 2105/tcp #Kerberos (v4) encrypted rlogin +eklogin 2105/udp #Kerberos (v4) encrypted rlogin +ekshell 2106/tcp #Kerberos (v4) encrypted rshell +ekshell 2106/udp #Kerberos (v4) encrypted rshell +rkinit 2108/tcp #Kerberos (v4) remote initialization +rkinit 2108/udp #Kerberos (v4) remote initialization +ats 2201/tcp #Advanced Training System Program +ats 2201/udp #Advanced Training System Program +hpssd 2207/tcp #HP Status and Services +hpssd 2207/udp #HP Status and Services +hpiod 2208/tcp #HP I/O Backend +hpiod 2208/udp #HP I/O Backend +rcip-itu 2225/sctp #Resource Connection Initiation Protocol +rcip-itu 2225/tcp #Resource Connection Initiation Protocol +ivs-video 2232/tcp #IVS Video default +ivs-video 2232/udp #IVS Video default +ivsd 2241/tcp #IVS Daemon +ivsd 2241/udp #IVS Daemon +pehelp 2307/tcp +pehelp 2307/udp +cvspserver 2401/tcp #CVS network server +cvspserver 2401/udp #CVS network server +venus 2430/tcp #venus +venus 2430/udp #venus +venus-se 2431/tcp #venus-se +venus-se 2431/udp #venus-se +codasrv 2432/tcp #codasrv +codasrv 2432/udp #codasrv +codasrv-se 2433/tcp #codasrv-se +codasrv-se 2433/udp #codasrv-se +rtsserv 2500/tcp #Resource Tracking system server +rtsserv 2500/udp #Resource Tracking system server +rtsclient 2501/tcp #Resource Tracking system client +rtsclient 2501/udp #Resource Tracking system client +hp-3000-telnet 2564/tcp #HP 3000 NS/VT block mode telnet +zebrasrv 2600/tcp #zebra service +zebra 2601/tcp #zebra vty +ripd 2602/tcp #RIPd vty +ripngd 2603/tcp #RIPngd vty +ospfd 2604/tcp #OSPFd vty +bgpd 2605/tcp #BGPd vty +ospf6d 2606/tcp #OSPF6d vty +dict 2628/tcp #RFC 2229 +dict 2628/udp #RFC 2229 +listen 2766/tcp #System V listener port +www-dev 2784/tcp #world wide web - development +www-dev 2784/udp #world wide web - development +m2ua 2904/sctp #M2UA +m2ua 2904/tcp #M2UA +m2ua 2904/udp #M2UA +m3ua 2905/sctp #M3UA +m3ua 2905/tcp #M3UA +megaco-h248 2944/sctp #Megaco-H.248 text +megaco-h248 2944/tcp #Megaco H-248 +megaco-h248 2944/udp #Megaco H-248 +h248-binary 2945/sctp #Megaco/H.248 binary +h248-binary 2945/tcp #H248 Binary +h248-binary 2945/udp #H248 Binary +eppc 3031/tcp #Remote AppleEvents/PPC Toolbox +eppc 3031/udp #Remote AppleEvents/PPC Toolbox +NSWS 3049/tcp +NSWS 3049/udp +gds_db 3050/tcp #InterBase Database Remote Protocol +gds_db 3050/udp #InterBase Database Remote Protocol +sj3 3086/tcp #SJ3 (kanji input) +itu-bicc-stc 3097/sctp #ITU-T Q.1902.1/Q.2150.3 +vmodem 3141/tcp +vmodem 3141/udp +iscsi-target 3260/tcp # iSCSI port +iscsi-target 3260/udp # iSCSI port +ccmail 3264/tcp #cc:mail/lotus +ccmail 3264/udp #cc:mail/lotus +dec-notes 3333/tcp #DEC Notes +dec-notes 3333/udp #DEC Notes +rdp 3389/tcp #Microsoft Remote Desktop Protocol +bmap 3421/tcp #Bull Apprise portmapper +bmap 3421/udp #Bull Apprise portmapper +prsvp 3455/tcp #RSVP Port +prsvp 3455/udp rsvp-encap #RSVP Port +vat 3456/tcp #VAT default data +vat 3456/udp #VAT default data +vat-control 3457/tcp #VAT default control +vat-control 3457/udp #VAT default control +nut 3493/tcp #Network UPS Tools +nut 3493/udp #Network UPS Tools +m2pa 3565/sctp #M2PA +m2pa 3565/tcp #M2PA +tsp 3653/tcp #Tunnel Setup Protocol +tsp 3653/udp #Tunnel Setup Protocol +svn 3690/tcp #Subversion +svn 3690/udp #Subversion +asap 3863/sctp #asap sctp +asap 3863/tcp #asap tcp port +asap 3863/udp #asap udp port +asap-tls 3864/sctp #asap-sctp/tls +asap-tls 3864/tcp #asap/tls tcp port +diameter 3868/tcp #DIAMETER +diameter 3868/sctp #DIAMETER +udt_os 3900/tcp #Unidata UDT OS +udt_os 3900/udp #Unidata UDT OS +mapper-nodemgr 3984/tcp #MAPPER network node manager +mapper-nodemgr 3984/udp #MAPPER network node manager +mapper-mapethd 3985/tcp #MAPPER TCP/IP server +mapper-mapethd 3985/udp #MAPPER TCP/IP server +mapper-ws_ethd 3986/tcp #MAPPER workstation server +mapper-ws_ethd 3986/udp #MAPPER workstation server +netcheque 4008/tcp #NetCheque accounting +netcheque 4008/udp #NetCheque accounting +lockd 4045/udp # NFS lock daemon/manager +lockd 4045/tcp +nuts_dem 4132/tcp #NUTS Daemon +nuts_dem 4132/udp #NUTS Daemon +nuts_bootp 4133/tcp #NUTS Bootp Server +nuts_bootp 4133/udp #NUTS Bootp Server +sieve 4190/tcp #ManageSieve Protocol +sieve 4190/udp #ManageSieve Protocol +rwhois 4321/tcp #Remote Who Is +rwhois 4321/udp #Remote Who Is +unicall 4343/tcp +unicall 4343/udp +epmd 4369/tcp #Erlang Port Mapper Daemon +epmd 4369/udp #Erlang Port Mapper Daemon +krb524 4444/tcp +krb524 4444/udp +# PROBLEM krb524 assigned the port, +# PROBLEM nv used it without an assignment +nv-video 4444/tcp #NV Video default +nv-video 4444/udp #NV Video default +sae-urn 4500/tcp +sae-urn 4500/udp +fax 4557/tcp #FAX transmission service +hylafax 4559/tcp #HylaFAX client-server protocol +rfa 4672/tcp #remote file access server +rfa 4672/udp #remote file access server +ipfix 4739/sctp #IP Flow Info Export +ipfix 4739/tcp #IP Flow Info Export +ipfix 4739/udp #IP Flow Info Export +ipfixs 4740/sctp #ipfix protocol over DTLS +ipfixs 4740/tcp #ipfix protocol over TLS +ipfixs 4740/udp #ipfix protocol over DTLS +commplex-main 5000/tcp +commplex-main 5000/udp +commplex-link 5001/tcp +commplex-link 5001/udp +rfe 5002/tcp #radio free ethernet +rfe 5002/udp #radio free ethernet +telelpathstart 5010/tcp +telelpathstart 5010/udp +telelpathattack 5011/tcp +telelpathattack 5011/udp +mmcc 5050/tcp #multimedia conference control tool +mmcc 5050/udp #multimedia conference control tool +sds 5059/tcp #SIP Directory Services +sds 5059/udp #SIP Directory Services +sip 5060/tcp #Session Initialization Protocol (VoIP) +sip 5060/udp #Session Initialization Protocol (VoIP) +sip-tls 5061/tcp #SIP over TLS +sip-tls 5061/udp #SIP over TLS +car 5090/sctp #Candidate AR +cxtp 5091/sctp #Context Transfer Protocol +rmonitor_secure 5145/tcp +rmonitor_secure 5145/udp +aol 5190/tcp #America-Online +aol 5190/udp #America-Online +aol-1 5191/tcp #AmericaOnline1 +aol-1 5191/udp #AmericaOnline1 +aol-2 5192/tcp #AmericaOnline2 +aol-2 5192/udp #AmericaOnline2 +aol-3 5193/tcp #AmericaOnline3 +aol-3 5193/udp #AmericaOnline3 +xmpp-client 5222/tcp #XMPP Client Connection +xmpp-client 5222/udp #XMPP Client Connection +padl2sim 5236/tcp +padl2sim 5236/udp +xmpp-server 5269/tcp #XMPP Server Connection +xmpp-server 5269/udp #XMPP Server Connection +hacl-hb 5300/tcp # HA cluster heartbeat +hacl-hb 5300/udp # HA cluster heartbeat +hacl-gs 5301/tcp # HA cluster general services +hacl-gs 5301/udp # HA cluster general services +hacl-cfg 5302/tcp # HA cluster configuration +hacl-cfg 5302/udp # HA cluster configuration +hacl-probe 5303/tcp # HA cluster probing +hacl-probe 5303/udp # HA cluster probing +hacl-local 5304/tcp +hacl-local 5304/udp +hacl-test 5305/tcp +hacl-test 5305/udp +cfengine 5308/tcp +cfengine 5308/udp +mdns 5353/tcp #Multicast DNS +mdns 5353/udp #Multicast DNS +postgresql 5432/tcp #PostgreSQL Database +postgresql 5432/udp #PostgreSQL Database +rplay 5555/udp +amqp 5672/sctp #AMQP +amqp 5672/tcp #AMQP +amqp 5672/udp #AMQP +v5ua 5675/sctp #V5UA application port +v5ua 5675/tcp #V5UA application port +v5ua 5675/udp #V5UA application port +canna 5680/tcp #Canna (Japanese Input) +proshareaudio 5713/tcp #proshare conf audio +proshareaudio 5713/udp #proshare conf audio +prosharevideo 5714/tcp #proshare conf video +prosharevideo 5714/udp #proshare conf video +prosharedata 5715/tcp #proshare conf data +prosharedata 5715/udp #proshare conf data +prosharerequest 5716/tcp #proshare conf request +prosharerequest 5716/udp #proshare conf request +prosharenotify 5717/tcp #proshare conf notify +prosharenotify 5717/udp #proshare conf notify +cvsup 5999/tcp #CVSup file transfer/John Polstra/FreeBSD +x11 6000/tcp #6000-6063 are assigned to X Window System +x11 6000/udp +x11-ssh 6010/tcp #Unofficial name, for convenience +x11-ssh 6010/udp +softcm 6110/tcp #HP SoftBench CM +softcm 6110/udp #HP SoftBench CM +spc 6111/tcp #HP SoftBench Sub-Process Control +spc 6111/udp #HP SoftBench Sub-Process Control +meta-corp 6141/tcp #Meta Corporation License Manager +meta-corp 6141/udp #Meta Corporation License Manager +aspentec-lm 6142/tcp #Aspen Technology License Manager +aspentec-lm 6142/udp #Aspen Technology License Manager +watershed-lm 6143/tcp #Watershed License Manager +watershed-lm 6143/udp #Watershed License Manager +statsci1-lm 6144/tcp #StatSci License Manager - 1 +statsci1-lm 6144/udp #StatSci License Manager - 1 +statsci2-lm 6145/tcp #StatSci License Manager - 2 +statsci2-lm 6145/udp #StatSci License Manager - 2 +lonewolf-lm 6146/tcp #Lone Wolf Systems License Manager +lonewolf-lm 6146/udp #Lone Wolf Systems License Manager +montage-lm 6147/tcp #Montage License Manager +montage-lm 6147/udp #Montage License Manager +ricardo-lm 6148/tcp #Ricardo North America License Manager +ricardo-lm 6148/udp #Ricardo North America License Manager +sge_qmaster 6444/tcp #Grid Engine Qmaster Service +sge_qmaster 6444/udp #Grid Engine Qmaster Service +sge_execd 6445/tcp #Grid Engine Execution Service +sge_execd 6445/udp #Grid Engine Execution Service +xdsxdm 6558/tcp +xdsxdm 6558/udp +sane-port 6566/tcp #Scanner Access Now Easy (SANE) Control Port +sane-port 6566/udp #Scanner Access Now Easy (SANE) Control Port +ircd 6667/tcp #Internet Relay Chat (unoffical) +frc-hp 6704/sctp #ForCES HP (High Priority) channel +frc-mp 6705/sctp #ForCES MP (Medium Priority) channel +frc-lp 6706/sctp #ForCES LP (Low priority) channel +acmsoda 6969/tcp +acmsoda 6969/udp +afs3-fileserver 7000/tcp #file server itself +afs3-fileserver 7000/udp #file server itself +afs3-callback 7001/tcp #callbacks to cache managers +afs3-callback 7001/udp #callbacks to cache managers +afs3-prserver 7002/tcp #users & groups database +afs3-prserver 7002/udp #users & groups database +afs3-vlserver 7003/tcp #volume location database +afs3-vlserver 7003/udp #volume location database +afs3-kaserver 7004/tcp #AFS/Kerberos authentication service +afs3-kaserver 7004/udp #AFS/Kerberos authentication service +afs3-volser 7005/tcp #volume management server +afs3-volser 7005/udp #volume management server +afs3-errors 7006/tcp #error interpretation service +afs3-errors 7006/udp #error interpretation service +afs3-bos 7007/tcp #basic overseer process +afs3-bos 7007/udp #basic overseer process +afs3-update 7008/tcp #server-to-server updater +afs3-update 7008/udp #server-to-server updater +afs3-rmtsys 7009/tcp #remote cache manager service +afs3-rmtsys 7009/udp #remote cache manager service +afs3-resserver 7010/tcp #MR-AFS residence server +afs3-resserver 7010/udp #MR-AFS residence server +ups-onlinet 7010/tcp #onlinet uninterruptable power supplies +ups-onlinet 7010/udp #onlinet uninterruptable power supplies +afs3-remio 7011/tcp #MR-AFS remote IO server +afs3-remio 7011/udp #MR-AFS remote IO server +font-service 7100/tcp #X Font Service +font-service 7100/udp #X Font Service +fodms 7200/tcp #FODMS FLIP +fodms 7200/udp #FODMS FLIP +dlip 7201/tcp +dlip 7201/udp +simco 7626/sctp #SImple Middlebox COnfiguration (SIMCO) +simco 7626/tcp #SImple Middlebox COnfiguration (SIMCO) Server +ftp-proxy 8021/tcp # FTP proxy +pim 8471/sctp #PIM over Reliable Transport +pim 8471/tcp #PIM over Reliable Transport +natd 8668/divert # Network Address Translation +lcs-ap 9082/sctp #LCS Application Protocol +aurora 9084/sctp #IBM AURORA Performance Visualizer +aurora 9084/tcp #IBM AURORA Performance Visualizer +aurora 9084/udp #IBM AURORA Performance Visualizer +jetdirect 9100/tcp #HP JetDirect card +git 9418/tcp #git pack transfer service +git 9418/udp #git pack transfer service +man 9535/tcp +man 9535/udp +sd 9876/tcp #Session Director +sd 9876/udp #Session Director +iua 9900/sctp #IUA +iua 9900/tcp #IUA +iua 9900/udp #IUA +enrp 9901/sctp #enrp server channel +enrp 9901/udp #enrp server channel +enrp-tls 9902/sctp #enrp/tls server channel +amanda 10080/tcp #Dump server control +amanda 10080/udp #Dump server control +amandaidx 10082/tcp #Amanda indexing +amidxtape 10083/tcp #Amanda tape indexing +wmereceiving 11997/sctp #WorldMailExpress +wmedistribution 11998/sctp #WorldMailExpress +wmereporting 11999/sctp #WorldMailExpress +sua 14001/sctp #SUA +sua 14001/tcp #SUA +isode-dua 17007/tcp +isode-dua 17007/udp +biimenu 18000/tcp #Beckman Instruments, Inc. +biimenu 18000/udp #Beckman Instruments, Inc. +nfsrdma 20049/sctp #Network File System (NFS) over RDMA +nfsrdma 20049/tcp #Network File System (NFS) over RDMA +nfsrdma 20049/udp #Network File System (NFS) over RDMA +wnn4 22273/tcp wnn6 #Wnn4 (Japanese input) +wnn4_Cn 22289/tcp wnn6_Cn #Wnn4 (Chinese input) +wnn4_Kr 22305/tcp wnn6_Kr #Wnn4 (Korean input) +wnn4_Tw 22321/tcp wnn6_Tw #Wnn4 (Taiwanse input) +wnn6_DS 26208/tcp #Wnn6 (Dserver) +sgsap 29118/sctp #SGsAP in 3GPP +sbcap 29168/sctp #SBcAP in 3GPP +iuhsctpassoc 29169/sctp #HNBAP and RUA Common Association +s1-control 36412/sctp #S1-Control Plane (3GPP) +x2-control 36422/sctp #X2-Control Plane (3GPP) +dbbrowse 47557/tcp #Databeam Corporation +dbbrowse 47557/udp #Databeam Corporation diff --git a/etc/shells b/etc/shells new file mode 100644 index 0000000..fe1e029 --- /dev/null +++ b/etc/shells @@ -0,0 +1,9 @@ +# $FreeBSD$ +# +# List of acceptable shells for chpass(1). +# Ftpd will not allow users to connect who are not using +# one of these shells. + +/bin/sh +/bin/csh +/bin/tcsh diff --git a/etc/snmpd.config b/etc/snmpd.config new file mode 100644 index 0000000..86b0989 --- /dev/null +++ b/etc/snmpd.config @@ -0,0 +1,302 @@ +# $FreeBSD$ +# +# Example configuration file for bsnmpd(1). +# + +# +# Set some common variables +# +location := "Room 200" +contact := "sysmeister@example.com" +system := 1 # FreeBSD +traphost := localhost +trapport := 162 + +# +# Set the SNMP engine ID. +# +# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via +# this configuration file, an ID is assigned based on the value of the +# kern.hostid variable +# engine := 0x80:0x10:0x08:0x10:0x80:0x25 +# snmpEngineID = $(engine) + +# Change this! +read := "public" +# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community +# string to enable write access. +write := "geheim" +trap := "mytrap" + +# +# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options +# + +NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 +HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 +HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 +NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 +DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 +AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 + +# +# Enumerations from SNMP-FRAMEWORK-MIB +# + +# Security models +securityModelAny := 0 +securityModelSNMPv1 := 1 +securityModelSNMPv2c := 2 +securityModelUSM := 3 + +# Message Processing models +MPmodelSNMPv1 := 0 +MPmodelSNMPv2c := 1 +MPmodelSNMPv3 := 3 + +# Security levels +noAuthNoPriv := 1 +authNoPriv := 2 +authPriv := 3 + + +# SNMPv3 USM User definition +# +# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, +# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking +# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other +# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" +# with a private password "bsnmptest", localized for the above engine ID. +# +#user1 := "bsnmp" +#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 + +# +# Configuration +# +%snmpd +begemotSnmpdDebugDumpPdus = 2 +begemotSnmpdDebugSyslogPri = 7 + +# +# Set the read and write communities. +# +# The default value of the community strings is NULL (note, that this is +# different from the empty string). This disables both read and write access. +# To enable read access only the read community string must be set. Setting +# the write community string enables both read and write access with that +# string. +# +# Be sure to understand the security implications of SNMPv2 - the community +# strings are readable on the wire! +# +begemotSnmpdCommunityString.0.1 = $(read) +# begemotSnmpdCommunityString.0.2 = $(write) +begemotSnmpdCommunityDisable = 1 + +# open standard SNMP ports +begemotSnmpdPortStatus.0.0.0.0.161 = 1 + +# open a unix domain socket +begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 +begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 + +# send traps to the traphost +begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 +begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 +begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) + +sysContact = $(contact) +sysLocation = $(location) +sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) + +snmpEnableAuthenTraps = 2 + +# +# SNMPv3 User-based security module - must be loaded for SNMPv3 USM +# +#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" + +# +# SNMPv3 USM User definition. +# + +#%usm + +# +# The following block creates a user with name "bsnmp" and sets privacy +# and encryption options to SHA256 message digests and AES encryption +# for this user. +# +# usmUserStatus.$(engine).$(user1) = 5 +# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) +# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) +# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserStatus.$(engine).$(user1) = 1 +# + +# +# The following block creates a user with name "public" with no authentication +# or encryption options. +# +# usmUserStatus.$(engine).$(read) = 5 +# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) +# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) +# usmUserStatus.$(engine).$(read) = 1 +# + +# +# SNMPv3 View-based Access Control module +# +#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" + +# +# Definition of view-based access control entries. +# +#%vacm + +# Definition of a SNMPv1 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 +# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) + +# Definition of SNMPv2 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 +# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) + +# Definition of SNMPv3 group with users "bsnmp" and "public" +# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 +# vacmGroupName.$(securityModelUSM).$(user1) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 +# vacmGroupName.$(securityModelUSM).$(read) = $(write) + +# +# The OID of the .iso.org.dod.internet subtree +# +# internetoid := 1.3.6.1 +# internetoidlen := 4 + +# +# Definitions of two views +# +# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 +# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 + +# +# Access control +# + +# +# Read-only access for SNMPv1 users +# +# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" + +# +# Read-write access for SNMPv2 users +# +# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" + +# +# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv +# +# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" + +# +#Read-write-notify access to restricted for SNMPv3 USM users with authPriv +# +# vacmAccessStatus.$(write)."".3.$(authPriv) = 4 +# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted" +# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted" +# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted" + +# +# SNMPv3 Notification Targets +# +# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" + +#%target +# Send notifications to target tag "test" +# tag := "test" +# snmpNotifyRowStatus.$(tag) = 4 +# snmpNotifyTag.$(tag) = $(tag) + +# tagremote := "testremote" +# snmpNotifyRowStatus.$(tagremote) = 4 +# snmpNotifyTag.$(tagremote) = $(tagremote) + +# +# Specify the target parameters for the notifications - send with the credentials +# of user "bsnmp" +# +# snmpTargetParamsRowStatus.$(tag) = 5 +# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) +# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) +# snmpTargetParamsSecurityName.$(tag) = $(user1) +# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) +# snmpTargetParamsRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on localhost +# +# snmpTargetAddrRowStatus.$(tag) = 5 +# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tag) = "test notification" +# snmpTargetAddrParams.$(tag) = $(tag) +# snmpTargetAddrRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on 10.0.0.1 +# +# snmpTargetAddrRowStatus.$(tagremote) = 5 +# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tagremote) = $(tagremote) +# snmpTargetAddrParams.$(tagremote) = $(tag) +# snmpTargetAddrRowStatus.$(tagremote) = 1 + +# +# Load MIB-2 module +# +begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" + +# Force a polling rate for the 64-bit interface counters in case +# the automatic computation is wrong (which may be the case if an interface +# announces the wrong bit rate via its MIB). +#%mibII +#begemotIfForcePoll = 2000 + + +# Netgraph module +# +#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" +# +#%netgraph +#begemotNgControlNodeName = "snmpd" + +# +# pf(4) module +# +#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" + +# +# Host resources module +# This requires the mibII module. +# +#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" + +# +# Bridge module +# This requires the mibII module. +# +#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" + +# +# Wireless module +# This requires the mibII module. +# +#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" diff --git a/etc/sysctl.conf b/etc/sysctl.conf new file mode 100644 index 0000000..0c9e796 --- /dev/null +++ b/etc/sysctl.conf @@ -0,0 +1,9 @@ +# $FreeBSD$ +# +# This file is read when going to multi-user and its contents piped thru +# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. +# + +# Uncomment this to prevent users from seeing information about processes that +# are being run under another UID. +#security.bsd.see_other_uids=0 diff --git a/etc/syslog.conf b/etc/syslog.conf new file mode 100644 index 0000000..be96831 --- /dev/null +++ b/etc/syslog.conf @@ -0,0 +1,31 @@ +# $FreeBSD$ +# +# Spaces ARE valid field separators in this file. However, +# other *nix-like systems still insist on using tabs as field +# separators. If you are sharing this file between systems, you +# may want to use only tabs as field separators here. +# Consult the syslog.conf(5) manpage. +*.err;kern.warning;auth.notice;mail.crit /dev/console +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security +auth.info;authpriv.info /var/log/auth.log +mail.info /var/log/maillog +lpr.info /var/log/lpd-errs +ftp.info /var/log/xferlog +cron.* /var/log/cron +*.=debug /var/log/debug.log +*.emerg * +# uncomment this to log all writes to /dev/console to /var/log/console.log +#console.info /var/log/console.log +# uncomment this to enable logging of all log messages to /var/log/all.log +# touch /var/log/all.log and chmod it to mode 600 before it will work +#*.* /var/log/all.log +# uncomment this to enable logging to a remote loghost named loghost +#*.* @loghost +# uncomment these if you're running inn +# news.crit /var/log/news/news.crit +# news.err /var/log/news/news.err +# news.notice /var/log/news/news.notice +!ppp +*.* /var/log/ppp.log +!* diff --git a/etc/termcap.small b/etc/termcap.small new file mode 100644 index 0000000..7c30837 --- /dev/null +++ b/etc/termcap.small @@ -0,0 +1,315 @@ +# Copyright (c) 1980, 1985, 1989 The Regents of the University of California. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by the University of +# California, Berkeley and its contributors. +# 4. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# @(#)termcap.src 5.88 (Berkeley) 4/30/91 +# $FreeBSD$ +# +# for syscons +# common entry without semigraphics +cons25w|ansiw|ansi80x25-raw:\ + :am:bs:NP:ms:pt:AX:eo:bw:ut:km:\ + :co#80:li#25:pa#64:Co#8:it#8:\ + :al=\E[L:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:\ + :dc=\E[P:dl=\E[M:do=\E[B:bt=\E[Z:ho=\E[H:ic=\E[@:cb=\E[1K:\ + :nd=\E[C:rs=\Ec:so=\E[7m:se=\E[27m:up=\E[A:cr=^M:ta=^I:\ + :AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:sc=\E7:rc=\E8:\ + :k1=\E[M:k2=\E[N:k3=\E[O:k4=\E[P:k5=\E[Q:k6=\E[R:k7=\E[S:k8=\E[T:\ + :k9=\E[U:k;=\E[V:F1=\E[W:F2=\E[X:K2=\E[E:nw=\E[E:ec=\E[%dX:\ + :kb=^H:kh=\E[H:ku=\E[A:kd=\E[B:kl=\E[D:kr=\E[C:le=^H:sf=\E[S:sr=\E[T:\ + :kN=\E[G:kP=\E[I:@7=\E[F:kI=\E[L:kD=\177:kB=\E[Z:\ + :IC=\E[%d@:DC=\E[%dP:SF=\E[%dS:SR=\E[%dT:AL=\E[%dL:DL=\E[%dM:\ + :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:cv=\E[%i%dd:ch=\E[%i%d`:\ + :mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:bl=^G:\ + :ve=\E[=S:vi=\E[=1S:vs=\E[=2S: +# CP437 FreeBSD console with ACS support +cons25|ansis|ansi80x25:\ + :ac=l\332m\300k\277j\331u\264t\303v\301w\302q\304x\263n\305`^Da\260f\370g\361~\371.^Y-^Xh\261i^U0\333y\363z\362:\ + :tc=cons25w: +cons25-m|ansis-mono|ansi80x25-mono:\ + :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25: +cons30|ansi80x30:\ + :li#30:tc=cons25: +cons30-m|ansi80x30-mono:\ + :li#30:tc=cons25-m: +cons43|ansi80x43:\ + :li#43:tc=cons25: +cons43-m|ansi80x43-mono:\ + :li#43:tc=cons25-m: +cons50|ansil|ansi80x50:\ + :li#50:tc=cons25: +cons50-m|ansil-mono|ansi80x50-mono:\ + :li#50:tc=cons25-m: +cons60|ansi80x60:\ + :li#60:tc=cons25: +cons60-m|ansi80x60-mono:\ + :li#60:tc=cons25-m: +# Syscons console with 132 characters (VESA modes) +cons25-w|ansi132x25:\ + :co#132:tc=cons25: +cons30-w|ansi132x30:\ + :co#132:tc=cons30: +cons43-w|ansi132x43:\ + :co#132:tc=cons43: +cons50-w|ansil-w|ansi132x50:\ + :co#132:tc=cons50: +cons60-w|ansi132x60:\ + :co#132:tc=cons60: +# KOI8-R/KOI8-U FreeBSD console with ACS support +cons25r|cons25u|pc3r|ibmpc3r|cons25-koi8:\ + :ac=q\200x\201m\204v\211j\205t\206n\212u\207l\202w\210k\203y\230z\231f\234~\225a\220h\2210\215:\ + :tc=cons25w: +cons25r-m|cons25u-m|pc3r-m|ibmpc3r-mono|cons25-koi8-mono:\ + :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25r: +cons30r|cons30u|cons30-koi8:\ + :li#30:tc=cons25r: +cons30r-m|cons30u-m|cons30-koi8-mono:\ + :li#30:tc=cons25r-m: +cons43r|cons43u|cons43-koi8:\ + :li#43:tc=cons25r: +cons43r-m|cons43u-m|cons43-koi8-mono:\ + :li#43:tc=cons25r-m: +cons50r|cons50u|cons50-koi8:\ + :li#50:tc=cons25r: +cons50r-m|cons50u-m|cons50-koi8-mono:\ + :li#50:tc=cons25r-m: +cons60r|cons60u|cons60-koi8:\ + :li#60:tc=cons25r: +cons60r-m|cons60u-m|cons60-koi8-mono:\ + :li#60:tc=cons25r-m: +# Syscons console with 90 characters (VGA modes) +# KOI8-R/KOI8-U FreeBSD console with ACS support. +cons25r-v|cons25u-v|pc3r-v|ibmpc3r-vga|cons25-koi8-vga:\ + :co#90:tc=cons25r: +cons25r-mv|cons25u-mv|pc3r-mv|ibmpc3r-monovga|cons25-koi8-monovga:\ + :co#90:tc=cons25r-m: +cons30r-v|cons30u-v|cons30-koi8-vga:\ + :co#90:tc=cons30r: +cons30r-mv|cons30u-mv|cons30-koi8-monovga:\ + :co#90:tc=cons30r-m: +cons43r-v|cons43u-v|cons43-koi8-vga:\ + :co#90:tc=cons43r: +cons43r-mv|cons43u-mv|cons43-koi8-monovga:\ + :co#90:tc=cons43r-m: +cons50r-v|cons50u-v|cons50-koi8-vga:\ + :co#90:tc=cons50r: +cons50r-mv|cons50u-mv|cons50-koi8-monovga:\ + :co#90:tc=cons50r-m: +cons60r-v|cons60u-v|cons60-koi8-vga:\ + :co#90:tc=cons60r: +cons60r-mv|cons60u-mv|cons60-koi8-monovga:\ + :co#90:tc=cons60r-m: +# ISO 8859-2 FreeBSD console with ACS support +cons25l2|cons25-iso8859-2:\ + :ac=f\260i\247:\ + :tc=cons25w: +cons25l2-m|cons25-iso8859-2-mono:\ + :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l2: +cons30l2|cons30-iso8859-2:\ + :li#30:tc=cons25l2: +cons30l2-m|cons30-iso8859-2-mono:\ + :li#30:tc=cons25l2-m: +cons43l2|cons43-iso8859-2:\ + :li#43:tc=cons25l2: +cons43l2-m|cons43-iso8859-2-mono:\ + :li#43:tc=cons25l2-m: +cons50l2|cons50-iso8859-2:\ + :li#50:tc=cons25l2: +cons50l2-m|cons50-iso8859-2-mono:\ + :li#50:tc=cons25l2-m: +cons60l2|cons60-iso8859-2:\ + :li#60:tc=cons25l2: +cons60l2-m|cons60-iso8859-2-mono:\ + :li#60:tc=cons25l2-m: +# ISO 8859-1 FreeBSD console with ACS support +cons25l1|cons25-iso8859-1:\ + :ac=f\260g\261}\243+\253,\273i\247:\ + :tc=cons25w: +cons25l1-m|cons25-iso8859-1-mono:\ + :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l1: +cons30l1|cons30-iso8859-1:\ + :li#30:tc=cons25l1: +cons30l1-m|cons30-iso8859-1-mono:\ + :li#30:tc=cons25l1-m: +cons43l1|cons43-iso8859-1:\ + :li#43:tc=cons25l1: +cons43l1-m|cons43-iso8859-1-mono:\ + :li#43:tc=cons25l1-m: +cons50l1|cons50-iso8859-1:\ + :li#50:tc=cons25l1: +cons50l1-m|cons50-iso8859-1-mono:\ + :li#50:tc=cons25l1-m: +cons60l1|cons60-iso8859-1:\ + :li#60:tc=cons25l1: +cons60l1-m|cons60-iso8859-1-mono:\ + :li#60:tc=cons25l1-m: +# 132x25 ISO 8859-1 FreeBSD console +cons25l1-w|cons25w-iso8859-1:\ + :co#132:tc=cons25l1: +cons30l1-w|cons30w-iso8859-1:\ + :co#132:tc=cons30l1: +cons43l1-w|cons43w-iso8859-1:\ + :co#132:tc=cons43l1: +cons50l1-w|cons50w-iso8859-1:\ + :co#132:tc=cons50l1: +cons60l1-w|cons60w-iso8859-1:\ + :co#132:tc=cons60l1: +# ISO 8859-7 FreeBSD console with ACS support +cons25l7|cons25-iso8859-7:\ + :ac=f\260g\261{\360}\243+\253,\273i\247:\ + :tc=cons25w: +cons25l7-m|cons25-iso8859-7-mono:\ + :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l7: +cons30l7|cons30-iso8859-7:\ + :li#30:tc=cons25l7: +cons30l7-m|cons30-iso8859-7-mono:\ + :li#30:tc=cons25l7-m: +cons43l7|cons43-iso8859-7:\ + :li#43:tc=cons25l7: +cons43l7-m|cons43-iso8859-7-mono:\ + :li#43:tc=cons25l7-m: +cons50l7|cons50-iso8859-7:\ + :li#50:tc=cons25l7: +cons50l7-m|cons50-iso8859-7-mono:\ + :li#50:tc=cons25l7-m: +cons60l7|cons60-iso8859-7:\ + :li#60:tc=cons25l7: +cons60l7-m|cons60-iso8859-7-mono:\ + :li#60:tc=cons25l7-m: + +SC|screen|VT 100/ANSI X3.64 virtual terminal:\ + :am:xn:ms:mi:G0:km:\ + :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:bs:bt=\E[Z:\ + :cb=\E[1K:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:ct=\E[3g:\ + :do=^J:nd=\E[C:pt:rc=\E8:rs=\Ec:sc=\E7:st=\EH:up=\EM:\ + :le=^H:bl=^G:cr=^M:it#8:ho=\E[H:nw=\EE:ta=^I:is=\E)0:\ + :li#24:co#80:us=\E[4m:ue=\E[24m:so=\E[3m:se=\E[23m:\ + :mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:sr=\EM:al=\E[L:\ + :AL=\E[%dL:dl=\E[M:DL=\E[%dM:cs=\E[%i%d;%dr:dc=\E[P:\ + :DC=\E[%dP:im=\E[4h:ei=\E[4l:IC=\E[%d@:\ + :ks=\E[?1h\E=:ke=\E[?1l\E>:vb=\Eg:\ + :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=^H:\ + :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\ + :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:F1=\E[23~:F2=\E[24~:\ + :F3=\E[25~:F4=\E[26~:F5=\E[28~:F6=\E[29~:\ + :F7=\E[31~:F8=\E[32~:F9=\E[33~:FA=\E[34~:\ + :kh=\E[1~:kI=\E[2~:kD=\E[3~:@7=\E[4~:kP=\E[5~:\ + :kN=\E[6~:eA=\E(B\E)0:as=^N:ae=^O:ti=\E[?1049h:te=\E[?1049l:\ + :vi=\E[?25l:ve=\E[34h\E[?25h:vs=\E[34l:\ + :Co#8:pa#64:AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:AX:\ + :ac=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..--++,,hhII00: + +vt100|dec-vt100|vt100-am|vt100am|dec vt100:\ + :do=2\E[B:co#80:li#24:cl=50\E[H\E[J:sf=2*\ED:\ + :le=^H:bs:am:cm=5\E[%i%d;%dH:nd=2\E[C:up=2\E[A:\ + :ce=3\E[K:cd=50\E[J:so=2\E[7m:se=2\E[m:us=2\E[4m:ue=2\E[m:\ + :md=2\E[1m:mr=2\E[7m:mb=2\E[5m:me=2\E[m:\ + :is=\E>\E[?1;3;4;5l\E[?7;8h\E[1;24r\E[24;1H:\ + :if=/usr/share/tabset/vt100:nw=2\EE:ho=\E[H:\ + :as=2\E(0:ae=2\E(B:\ + :ac=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||:\ + :rs=\E>\E[?1;3;4;5l\E[?7;8h:ks=\E[?1h\E=:ke=\E[?1l\E>:\ + :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=\177:\ + :k0=\EOy:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\EOt:\ + :k6=\EOu:k7=\EOv:k8=\EOl:k9=\EOw:k;=\EOx:@8=\EOM:\ + :K1=\EOq:K2=\EOr:K3=\EOs:K4=\EOp:K5=\EOn:pt:sr=2*\EM:xn:\ + :sc=2\E7:rc=2\E8:cs=5\E[%i%d;%dr:UP=2\E[%dA:DO=2\E[%dB:RI=2\E[%dC:\ + :LE=2\E[%dD:ct=2\E[3g:st=2\EH:ta=^I:ms:bl=^G:cr=^M:eo:it#8:\ + :RA=\E[?7l:SA=\E[?7h:po=\E[5i:pf=\E[4i: + +# $XTermId: termcap,v 1.78 2009/11/09 00:24:26 tom Exp $ +# +xterm-new|modern xterm:\ + :@7=\EOF:@8=\EOM:F1=\E[23~:F2=\E[24~:K2=\EOE:Km=\E[M:\ + :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\ + :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:kI=\E[2~:\ + :kN=\E[6~:kP=\E[5~:kd=\EOB:kh=\EOH:kl=\EOD:kr=\EOC:ku=\EOA:\ + :tc=xterm-basic: +# +# This chunk is used for building the VT220/Sun/PC keyboard variants. +xterm-basic|modern xterm common:\ + :am:bs:km:mi:ms:ut:xn:AX:\ + :Co#8:co#80:kn#12:li#24:pa#64:\ + :AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:\ + :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:ae=\E(B:al=\E[L:\ + :as=\E(0:bl=^G:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\ + :cm=\E[%i%d;%dH:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:\ + :ei=\E[4l:ho=\E[H:im=\E[4h:is=\E[!p\E[?3;4l\E[4l\E>:\ + :kD=\E[3~:kb=^H:ke=\E[?1l\E>:ks=\E[?1h\E=:le=^H:md=\E[1m:\ + :me=\E[m:ml=\El:mr=\E[7m:mu=\Em:nd=\E[C:op=\E[39;49m:\ + :rc=\E8:rs=\E[!p\E[?3;4l\E[4l\E>:sc=\E7:se=\E[27m:sf=^J:\ + :so=\E[7m:sr=\EM:st=\EH:\ + :ue=\E[24m:up=\E[A:us=\E[4m:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h: +# +# This is the only entry which you should have to customize, since "xterm" +# is widely used for a variety of incompatible terminal emulations including +# color_xterm and rxvt. +xterm|X11 terminal emulator:\ + :tc=xterm-new: +# +# Add the capability to "clear the screen" after exiting vi, more/less, etc. +xterm-clear:\ + :te=\E[?1049l:ti=\E[?1049h:\ + :tc=xterm-new: +# +# This should work for the commonly used "color xterm" variations (XFree86 +# xterm, color_xterm, nxterm, rxvt). Note that it does not set 'bce', so for +# XFree86 and rxvt, some applications that use colors will be less efficient, +# and in a few special cases (with "smart" optimization) the wrong color will +# be painted in spots. +xterm-color|generic "ANSI" color xterm:\ + :Co#8:NC@:pa#64:\ + :AB=\E[4%dm:AF=\E[3%dm:ac=:op=\E[m:tc=xterm-r6: +# +# Compatible with the X11R6.3 xterm +xterm-r6|xterm-old|X11R6 xterm:\ + :am:bs:km:mi:ms:pt:xn:\ + :co#80:kn#20:li#24:\ + :*6=\E[4~:@0=\E[1~:@7=\E[4~:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:\ + :DO=\E[%dB:F1=\E[23~:F2=\E[24~:F3=\E[25~:F4=\E[26~:\ + :F5=\E[28~:F6=\E[29~:F7=\E[31~:F8=\E[32~:F9=\E[33~:\ + :FA=\E[34~:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:ae=^O:al=\E[L:\ + :as=^N:bl=^G:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:\ + :cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:eA=\E)0:ei=\E[4l:\ + :ho=\E[H:im=\E[4h:\ + :is=\E[m\E[?7h\E[4l\E>\E7\E[r\E[?1;3;4;6l\E8:\ + :k1=\E[11~:k2=\E[12~:k3=\E[13~:k4=\E[14~:k5=\E[15~:\ + :k6=\E[17~:k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:\ + :kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=^H:kd=\EOB:\ + :ke=\E[?1l\E>:kh=\E[1~:kl=\EOD:kr=\EOC:ks=\E[?1h\E=:\ + :ku=\EOA:md=\E[1m:me=\E[m:ml=\El:mr=\E[7m:mu=\Em:nd=\E[C:\ + :rc=\E8:rs=\E[m\E[?7h\E[4l\E>\E7\E[r\E[?1;3;4;6l\E8:\ + :sc=\E7:se=\E[m:sf=^J:so=\E[7m:sr=\EM:\ + :ue=\E[m:up=\E[A:us=\E[4m: +# +# Add the capability to "clear the screen" after exiting vi, more/less, etc. +xterm-r6-clear:\ + :te=\E[2J\E[?47l\E8:ti=\E7\E[?47h:ue=\E[m:\ + :tc=xterm-r6: |