| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Discussed with: many
Reviewed by: peter, zi
Approved by: core
|
|
|
|
| |
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it from the build.
If you are using the FTP daemon, please consider using the port ftp/tnftpd
which is the same FTP server, but newer and might have more/better
functionality.
This results in us providing only one ftp daemon by default.
Reviewed by: bz
Approved by: imp (mentor, implicit)
MFC after: 3 days
Silence from: obrien
|
|
|
|
|
|
| |
which was replaced during the pf 4.1 import.
Approved by: re (mux)
|
|
|
|
| |
login.conf resource limits and features.
|
|
|
|
|
| |
back in 1994. Change the example entry to point at the port, as per
the entries for uucpd et al.
|
|
|
|
|
|
|
| |
method of executing commands remotely. There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat. It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
|
| |
|
|
|
|
|
|
|
|
| |
- do not comment out entries in newsyslog.conf
- use tabs to line up inetd.conf
Requested by: bde
Approved by: bms(mentor)
|
| |
|
|
|
|
|
| |
Noticed by: Pyun YongHyeon
Approved by: bms(mentor)
|
|
|
|
| |
Approved by: blackend (mentor/implicitly)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
|
|
|
|
|
| |
sshd entries, sort internal services the same as everywhere
else.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
down to the section of optional mail/news services. Change the nntpd
location to /usr/local/libexec since it's an optional software.
Henceforth, nntpd will be advised to run as "news", which is a
standard user in the system, instead of "usenet", which has never
existed in the default master.passwd(5).
Note: It's not "news:news" since inetd(8) runs a service at the
specified user's login group by default.
Add a blank comment line above the uucpd line so the section looks uniform.
Partly pointed out by: Alexey Neyman <alex.neyman at auriga.ru>
MFC after: 1 week
|
|
|
|
| |
Head off what I think is an abuse of the TRB, and disable lukemftpd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
# or any login.conf resource limits or features; use it only if this is
# appropriate for your environment. If you require these features, use
# the regular FreeBSD ftpd below.
Discourage users from using lukemftpd if they rely any of these standard
FreeBSD features that are fully supported by our native ftpd. There
may be other features that are not yet supported that I have not yet
discovered.
|
|
|
|
| |
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
|
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Kerberized CVS (kserver) listens on the same port as normal CVS
(pserver). In /etc/inetd.conf cvs kserver is disabled by default,
but set to listen to the service port 'cvs' which doesn't exist. It
should listen to 'cvspserver'.
PR: 34317
Submitted by: Sean Chittenden <sean@chittenden.org>
|
|
|
|
|
|
|
| |
Spotted by: Sergey Osokin <osa@freebsd.org.ru>
Reviewed by: ru
Approved by: ru
MFC after: 1 week
|
|
|
|
| |
Reviewed by: mdodd, peter
|
| |
|
|
|
|
|
| |
Requested by: "William Wong" <willwong@samurai.com>
MFC after: 1 week
|
|
|
|
|
|
| |
and correct the path to /usr/local as an example.
Submitted by: ru
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and ftpd. This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production. Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments. In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk. This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.
While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.
Reviewed by: imp, chris, jake, nate, -arch, -stable
|
|
|
|
|
|
| |
out of sync. A similar change was made by itojun on the OpenBSD tree
a few weeks ago. This should stop people disabling one server and
forgetting the other one (eg: ftp and/or telnet)
|
|
|
|
| |
remote access on default installations.
|
|
|
|
|
|
| |
are bad enough, but finger is hardly a critical system service and
it's traditionally been vulnerable to a variety of attacks; anybody
remember RTFM and his worm?
|
|
|
|
| |
to more closely resembles those in the IPv4 sction.
|
|
|
|
| |
Submitted by: Robert Muir <rmuir@looksharp.net>
|
|
|
|
|
|
|
|
| |
Also enable some standard IPv6 apps by default.
These entries will be simply ignored on systems with no INET6 defined.
Approved by: jkh
Suggested by: peter
|
|
|
|
|
| |
no longer the correct way to have qmail handle incoming qmail smtp
connections. Also provide a url to the correct method.
|
|
|
|
|
|
| |
about the --allow-root switch.
PR: 14463
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
example of their usage in the sample config. Merge the two examples
for the green internal auth service.
This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
|
|
|
|
|
|
| |
at least for now. I relegated the getcred sysctls to only root, but if
they're deemed to be "allowable" to export to users, I'll do so and
revert this change.
|
|
|
|
|
|
| |
configuration file.
Requested by: green
|
|
|
|
|
|
| |
the make variable REAL_IDENT, and ~/.fakeid support can be added
with FAKEID set. Note that the default behavior is the same as
the old behavior.
|
|
|
|
| |
runned as root again, not kmem:kmem
|
|
|
|
|
|
| |
mailbox contents. comsat instead simply prints that new mail is
available. Add appropriate comment to inetd.conf but leave comsat in
sandbox.
|
|
|
|
|
|
|
|
|
|
| |
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
|
| |
|
|
|
|
|
| |
runs only 3 simultaneous fingerd processes and
limit the connections-per-ip-per-minute to 10.
|
| |
|
| |
|
| |
|