| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Remove most of the ATF tools and the _atf user.
Approved by: re
|
| |
|
|
| |
Approved by: re (blanket)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
but committing it helps to get everyone on the same page and makes
sure we make progress.
Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.
Credits follow:
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
| |
to drop privileges.
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
| |
so reflect this in the default. The uucp uid is a bit funny, and
is used by mtree in /var/spool for locks, so we can't remove it
without thinking about it a bit harder.
|
| |
|
|
|
| |
Found-by: brueffer
Pointy-hat-to: mlaier
|
| |
|
|
|
|
|
|
| |
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).
Discussed-on: -current
|
| |
|
|
| |
Reminded by: trhodes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
|
| | |
|
| |
|
|
| |
directory should be /var/empty.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID). This new user/group will be used for command line
submissions. UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.
mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid. If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull. UID/GID 26 has been chosen for
this user.
This was discussed on -arch on October 18-19, 2001.
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
If anybody wants to remove them for some reason, please consider "pop"
removing first.
Approved by: arch discussion from Oct 20
MFC after: 3 days
|
| |
|
|
| |
motivated. Currently, it is under dispute.
|
| | |
|
| |
|
|
| |
Noted by: Doug <Doug@gorean.org>
|
| |
|
|
|
|
| |
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
|
| |
|
|
|
|
|
|
|
|
| |
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
|
| |
|
|
| |
Submitted by: "Yarema" <yds@ingress.com>
|
| |
|
|
|
| |
PR: 6739
Submitted by: Are Bryne <are.bryne@communique.no>
|
| |
|
|
| |
inetd
|
| |
|
|
|
| |
while Apache is running, it effectively eats all default class limits for
nobody
|
| | |
|
| |
|
|
|
| |
One of the reasons: rwhod not work, because it got
1,31 instead of 1,1 on setuid(1) and require group 1 for directory access
|
| | |
|
| |
|
|
| |
This is less likely to collide with site policies.
|
| | |
|
| |
|
|
|
| |
change nobody group entry to 65534
Suggested-by: pst
|
| |
|
|
|
|
| |
complaints instead.
Change nobody user group from non existent in /etc/group (9999) to
existent nobody (39).
|
| |
|
|
| |
Submitted by: Gene Stark <gene@starkhome.cs.sunysb.edu>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Used the canonical non-existent file (/nonexistent) instead This should
probably be documented somewhere, but it's unclear where the right
place is (passwd(5)? login(8)? hier(7)? all three?).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
>From: "Chris G. Demetriou" <cgd@sun-lamp.cs.berkeley.edu>
Update of /b/source/CVS/src/etc
In directory sun-lamp.cs.berkeley.edu:/usr/src/etc
Modified Files:
master.passwd
Log Message:
disable toor by default
|
| | |
|
| | |
|
| |
|
|
| |
be in group 0 (was group 10). Changed operator to be in group 20, was 28.
|
| |
|
