summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Since r254974, periodic scripts' period can be configuredjlh2013-09-031-66/+70
| | | | | | independently. There is no reason to leave their options with the daily ones, so move them to their own section. Move periodic scripts' options into their own section. Since r254974,
* Create the default router last. This allows using an staticdelphij2013-09-021-2/+2
| | | | | | | | interface route for default routes, which seems to be common among many dedicated hosting providers. Reviewed by: hrs MFC after: 2 weeks
* Regenerate after recent addition of FTDI and bluetooth device IDs.ian2013-09-011-4/+96
|
* Add directories that is installed as part of bsdconfig.delphij2013-08-291-0/+74
| | | | | | | | | | These are included unconditionally for now because bsdconfig is currently installed unconditionally. This fixes 'make -j 17 installworld' caused by a race condition. MFC candidate.
* Add a few missing language directories for /usr.delphij2013-08-291-0/+8
|
* After writing a kernel core dump into /var/crash, call sync(8).gavin2013-08-281-0/+1
| | | | | | | | | | | | | If we panic again shortly after boot (say, within 30 seconds), any core dump we wrote out may be lost on reboot. In this situation, we really want to keep that core file, as it may be the only way to have the issue resolved. Call sync(8) after writing out the core file and running crashinfo(8), in the hope that these will not be lost if we panic again. sync(8) is only called in the case where there is a core dump to be written out, so won't be called during normal boots. Discovered by: Trying to debug an IPSEC panic MFC after: 1 week
* Fix a typo introduced in r254975.jkim2013-08-271-1/+1
|
* Install 450.status-security.jlh2013-08-271-1/+2
|
* Make the period of each periodic security script configurable.jlh2013-08-2720-107/+322
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@
* Move daily_status_security_noamd next to 200.chkmounts's variables.jlh2013-08-251-1/+1
|
* Correctly remove an interface's ipv4 address when the user callsasomers2013-08-231-3/+3
| | | | | | | | | | "/etc/rc.d/netif stop XXX". The old globbing pattern failed to account for the possibility of a tab occuring before "inet". Reviewed by: will Approved by: ken (mentor, implicit) MFC after: Never (bug affects head only) Sponsored by: Spectra Logic
* Pass pidfile to bsnmpd if it's been changed (parts cut/pasted frompeter2013-08-191-1/+2
| | | | rc.d/rarpd and rc.d/wpa_supplicant)
* Revert r254508.peter2013-08-191-11/+1
|
* Add the optional ability to run as a different user.peter2013-08-191-1/+11
| | | | Obtained from: Antique freebsd.org cluster archive images
* Add empty zones for Shared Address Space (RFC 6598)erwin2013-08-091-0/+66
| | | | | | Approved by: delphij (mentor) MFC after: 3 days Sponsored by: DK Hostmaster A/S
* Regen for if_rsu.rpaulo2013-08-041-7/+239
|
* - Reimplement $gif_interfaces as a variant of $cloned_interfaces.hrs2013-08-042-41/+114
| | | | | | | | | | | | | | | | | | Newly-configured systems should use $cloned_interfaces. - Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}. ifnet_rename() now accepts an interface name list as its argument. - Add rc.d/netif clear. The "clear" subcommand is basically equivalent to "stop" but it does not call clone_down(). - Add "ifname:sticky" keyword into $cloned_interfaces. If :sticky is specified, the interface will not be destroyed in rc.d/netif stop. - Add cloned_interfaces_sticky={YES,NO}. This variable globally sets :sticky keyword above for all interfaces. The default value is NO. When cloned_interfaces_sticky=YES, :nosticky keyword can be used to override it on per interface basis.
* Include /usr/local/etc/libmap.d/ by default.jlh2013-08-012-0/+3
| | | | | | | PR: 180568 Reviewed by: bapt Obtained from: kib MFC after: 3 days
* Regenerate usb.confhselasky2013-07-261-67/+27
| | | | MFC after: 1 week
* Add pkgconf files for libusb.rpaulo2013-07-251-0/+2
| | | | Reviewed by: hselasky
* Do not set ND6_IFF_ACCEPT_RTADV on if_bridge(4) interfaces whenhrs2013-07-211-5/+23
| | | | | | ipv6_enable=yes. MFC after: 3 days
* Fix address range specification with ifconfig(8) options such as:hrs2013-07-201-19/+54
| | | | | | | | | | | - inet 192.0.2.1-10 netmask 255.255.255.0 (inet range spec + ifconfig options) - inet6 2001:db8:1::1-f prefixlen 60 (inet6 range spec + ifconfig options) If prefixlen or netmask option is specified with CIDR notation at the same time, the option is used. Tested by: Michael Grimm MFC after: 3 days
* - Fix a bug in ipv6_prefix_IF. It did not work with the 64-bit prefixhrs2013-07-181-16/+4
| | | | | | | | | | notation like 2001:db8:1:1. - Use eui64 flag in ifconfig(8) instead of network6_getladdr()[*] for interface indentifier part. Suggested by: ume [*] MFC after: 3 days
* When stopping pfsync, remove the pfsync interface's syncpeer setting.des2013-07-151-1/+1
| | | | MFC after: 3 days
* rc.d/zfs: pass -v option to zfs mountavg2013-07-091-1/+1
| | | | | | | this should make boot process more informative (and entertaining) on systems with lots of zfs filesystems. MFC after: 7 days
* wpa_supplicant should be able to reassociate when resuming, so remove arpaulo2013-07-041-4/+0
| | | | comment saying it can't.
* Add syslog(3) support to devd(8).asomers2013-07-012-0/+5
| | | | | | | | | | | | | | | | | | | | | sbin/devd/devd.cc All output will now go to syslog(3) if devd is daemonized, or stderr if it's running in the foreground. sbin/devd/devd.8 Remove the "-D" flag. Filtering messages by priority now happens in the usual syslog way. For performance reasons, a few extra-verbose debugging statements are now conditional on the "-d" (do not daemonize) flag. etc/syslog.conf etc/newsyslog.conf Direct messages from devd(8) to /var/log/devd.log, but leave it disabled by default Reviewed by: eadler Approved by: gibbs (co-mentor) MFC after: never (removed a command-line option from devd)
* Add "ether" and "link" to ifconfig_alias{es,N}.hrs2013-06-301-2/+15
|
* Don't attempt to do DHCP on certain interfaces, similar to what's done fordelphij2013-06-281-1/+10
| | | | | | ipv6_autoconfif() in r212577. MFC after: 1 week
* - Trim an unused and bogus Makefile for mount_smbfs.davide2013-06-283-1/+7
| | | | | | - Reconnect with some minor modifications, in particular now selsocket() internals are adapted to use sbintime units after recent'ish calloutng switch.
* - Add vnode-backed swap space specification support. This is enabled whenhrs2013-06-278-120/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | device names "md" or "md[0-9]*" and a "file" option are specified in /etc/fstab like this: md none swap sw,file=/swap.bin 0 0 - Add GBDE/GELI encrypted swap space specification support, which rc.d/encswap supported. The /etc/fstab lines are like the following: /dev/ada1p1.bde none swap sw 0 0 /dev/ada1p2.eli none swap sw 0 0 .eli devices accepts aalgo, ealgo, keylen, and sectorsize as options. swapctl(8) can understand an encrypted device in the command line like this: # swapctl -a /dev/ada2p1.bde - "-L" flag is added to support "late" option to defer swapon until rc.d/mountlate runs. - rc.d script change: rc.d/encswap -> removed rc.d/addswap -> just display a warning message if $swapfile is defined rc.d/swap1 -> renamed to rc.d/swap rc.d/swaplate -> newly added to support "late" option These changes alleviate a race condition between device creation/removal and swapon/swapoff. MFC after: 1 week Reviewed by: wblock (manual page)
* Implement ifconfig_wlanX="HOSTAP".rpaulo2013-06-262-3/+35
| | | | | | | | | Not only this is a bit cleaner, it allows multiple instances of hostapd to be running on the system host, useful for simultaneous dual-band WiFi. This is similar to ifconfig_wlanX="WPA" but it uses /etc/hostapd-wlanX.conf. Compatibility with hostapd_enable=YES/NO was kept. Reviewed by: adrian
* If daily_status_security_inline is set, the rc value needs to bejhb2013-06-251-12/+12
| | | | | | | | | | | | | forced to 3 so that the output of this script is always displayed. In fact, setting this flag is identical to setting daily_status_security_output to an empty string. To make the logic less confusing, change the behavior of daily_status_security_inline such that it just forces daily_status_security_output to an empty string and then applies the normal logic. PR: conf/178611 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> MFC after: 3 days
* Regenerate usb.conf after r252196.kevlo2013-06-251-2/+2
| | | | Spotted by: rpaulo
* Call sshd_precmd instead of sshd_configtest when the operatordelphij2013-06-211-2/+2
| | | | | | | | | | requests reload or restart, which, in addition of testing the configuration, will also generate host keys when they are not present (previous behavior). Obtained from: FreeNAS Ok'ed by: bdrewery, des MFC after: 1 week
* - Add CIDR notation support like 192.168.1-2.10-16/24 to $ifconfig_IF_aliasN.hrs2013-06-201-235/+372
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an extended version of ipv4_addr_IF which supports both IPv4 and IPv6, and multiple range specifications. To avoid to generate too many addresses, the maximum number of the generated addresses is currently limited to 31. - Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable. - ipv6_prefix_IF now supports !/64 prefix length. In addition to the old 64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64 is supported. - Replace ifconfig command with $IFCONFIG_CMD variable to support a dry-run mode in the future. - Remove IP aliases before removing all of IPv4 addresses when doing "rc.d/netif down". - Add a DAD wait to network6_getladdr() because it is possible to fail to configure an EUI64 address when ipv6_prefix_IF is specified. A summary of the supported ifconfig_* variables is as follows: # IPv4 configuration. ifconfig_em0="inet 192.168.0.1" # IPv6 configuration. ifconfig_em0_ipv6="inet6 2001:db8::1/64" # IPv4 address range spec. Now deprecated. ipv4_addr_em0="10.2.1.1-10" # IPv6 alias. ifconfig_em0_alias0="inet6 2001:db8:5::1 prefixlen 70" # IPv4 alias. ifconfig_em0_alias1="inet 10.2.2.1/24" # IPv4 alias with range spec w/o AF keyword (backward compat). ifconfig_em0_alias2="10.3.1.1-10/32" # IPv6 alias with range spec. ifconfig_em0_alias3="inet6 2001:db8:20-2f::1/64" # ifconfig_IF_aliases is just like ifconfig_IF_aliasN. ifconfig_em0_aliases="inet 10.3.3.201-204/24 inet6 2001:db8:210-213::1/64 inet 10.1.1.1/24" # IPv6 alias (backward compat) ipv6_ifconfig_em0_alias0="inet6 2001:db8:f::1/64" # IPv6 alias w/o AF keyword (backward compat) ipv6_ifconfig_em0_alias1="2001:db8:f:1::1/64" # IPv6 prefix. ipv6_prefix_em0="2001:db8::/64" Tested by: Kimmo Paasiala
* Allow $ntpdate_config to be NULL. Due to a lack of surrounding quotes, whendteske2013-06-181-2/+2
| | | | | | | ntpdate_config was set to NULL the conditional would (counter to prevailing logic) succeed -- leading to awk attempting to redirect from a NULL pathname standard-in. While we're here, make the script consistant with itself by removing the {curlies} around ntpdate_config (they are unnecessary).
* Remove CVS from the base system.eadler2013-06-152-8/+2
| | | | | | Discussed with: many Reviewed by: peter, zi Approved by: core
* Clean up swapfile memory disk on shutdowncrees2013-06-122-4/+40
| | | | | | | | Make the md unit number configurable so that it can be predicted PR: bin/168544 Submitted by: wblock (based on) Approved by: kevlo
* Regen.rpaulo2013-06-101-2/+229
|
* Add :ifname modifier to specify interface-specific routes intohrs2013-06-092-82/+132
| | | | | | | | | | | | | | | | | {,ipv6_}static_routes and rc.d/routing. For example: static_routes="foo bar:em0" route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1" route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2" At boot time, all of the static routes are installed as before. The differences are: - "/etc/rc.d/netif start/stop <if>" now configures static routes with :<if> if any. - "/etc/rc.d/routing start/stop <af> <if>" works as well. <af> cannot be omitted when <if> is specified, but a keyword "any" or "all" can be used for <af> and <if>.
* Add a new knob WITH_DEBUG_FILES to control the building of standaloneemaste2013-06-073-0/+58
| | | | | | | | | | | | | | | | debug files for userland programs and libraries. The "-g" debug flag is automatically applied when WITH_DEBUG_FILES is set. The debug files are now named ${prog}.debug and ${shlib}.debug for consistency with other systems and documentation. In addition they are installed under /usr/lib/debug, to simplify the process of installing them if needed after a crash. Users of bsd.{prog,lib}.mk outside of the base system place the standalone debug files in a .debug subdirectory. GDB automatically searches both of these directories for standalone debug files. Thanks to everyone who contributed changes, review, and testing during development.
* Refine the "nojail" rc keyword, adding "nojailvnet" for files that don'tjamie2013-05-195-4/+12
| | | | | | | | | apply to most jails but do apply to vnet jails. This includes adding a new sysctl "security.jail.vnet" to identify vnet jails. PR: conf/149050 Submitted by: mdodd MFC after: 3 days
* etc/rc.d/syslogdasomers2013-05-131-1/+3
| | | | | | | | | | Add netif as a requirement of syslogd to get lo0 up. Currently, this doesn't affect the rc order, because mountcritremote already depends on netif. Reviewed by: eadler Approved by: kenm (mentor) MFC after: 2 weeks
* Revert r250565 which causes issues for older CPUseadler2013-05-121-18/+18
| | | | | PR: conf/178504 Requested by: many
* Make newsyslog compress logs with xz instead of bzip2 to save space.eadler2013-05-121-18/+18
| | | | | | PR: conf/178504 Submitted by: ak Reviewed by: smh
* Unconditionally install 210.backup-aliases as many MTAs other thaneadler2013-05-111-1/+1
| | | | | | | | sendmail support the use of /etc/aliases. PR: conf/176098 Submitted by: ak MFC after: 2 weeks
* Bring /etc/protocols up to date.eadler2013-05-101-0/+7
| | | | | PR: conf/175397 Submitted by: ak
* - Fix exit status when ip6addrctl_verbose=yes [*]hrs2013-05-041-26/+34
| | | | | | | | | - Use the absolute pathname for ip6addrctl. - Use "install" instead of "add" to reduce the number of invocations. Reported by: Tatsuki Makino [*] PR: conf/175006 [*] MFC after: 1 week
* Introduce and use new flag -L to mount for mounting only late filesystems.crees2013-05-041-13/+4
| | | | | | | | | | Previously, rc.d/mountlate mounted *all* filesystems, causing problems with background NFS mounts being mounted twice. PR: conf/137629 Submitted by: eadler (original concept) Reviewed by: mjg Approved by: hrs
OpenPOWER on IntegriCloud