| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet)
MFC after: 3 days
|
| |
|
|
|
|
| |
Submitted by: cjc
|
|
|
|
| |
mibs whose values are not already what is specified in sysctl.conf.
|
|
|
|
|
|
|
| |
not loaded yet on the first pass.
PR: conf/19629
Submitted by: Stephen J. Roznowski <sjr@home.com>
|
|
|
|
|
|
|
|
| |
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432
Submitted by: Me
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
administrator wishes to run commands outside of the PATH, he should
use a full pathname for the executable or set the PATH as appropriate
in any local startup scripts.
PR: misc/35770
|
|
|
|
|
|
|
| |
setting in rc.conf.
Extracted from the still clammy hands of: green
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
|
|
| |
addition, take out the checks on the $dumpdev. dumpon(8) behaves well
if given a non-existent filename. It gives a nice error message which
is better rather than the current silent failure.
Reviewed by: des
|
|
|
|
|
|
|
| |
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
|
| |
|
|
|
|
| |
Since I cannot answer that question, make it.
|
|
|
|
|
|
| |
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
|
|
|
|
|
|
|
|
|
|
| |
'authentication.log' as 'auth.log'.
This is also more consistent with syslog facility names.
Sigh. :-)
Submitted by: asmodai, aeonflux, green, ....
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.
o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).
This creates a special authentication log, which can now be searched
by scripts for authentication events.
|
|
|
|
|
|
|
|
|
|
| |
argument. Don't fail silently, but let savecore(8) make noise. It
won't behave badly, it doesn't need protection.
At the same time, allow the administrator to have dumpdev enabled
while dumpdir (savecore(8)) is disabled and document how to do it.
PR: conf/35725
|
|
|
|
|
|
|
| |
removed from MAKEDEV in 1.171.
PR: misc/35729
MFC after: 1 day
|
|
|
|
|
|
|
|
|
| |
systems due to sshd not using the security log class. Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.
Submitted by: aeonflux@synapse.subneural.net
MFC after: 4 weeks
|
|
|
|
|
|
|
|
|
|
| |
Kerberized CVS (kserver) listens on the same port as normal CVS
(pserver). In /etc/inetd.conf cvs kserver is disabled by default,
but set to listen to the service port 'cvs' which doesn't exist. It
should listen to 'cvspserver'.
PR: 34317
Submitted by: Sean Chittenden <sean@chittenden.org>
|
|
|
|
| |
with FreeBSD.
|
| |
|
|
|
|
|
| |
PR: bin/35558
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
|
|
|
|
|
| |
Submitted by: TANAKA Tomohiko <tomo@oso.to>
PR: 34954
|
|
|
|
|
| |
Submitted by: dwhite@paypal.com
PR: 34243
|
|
|
|
|
| |
Submitted by: Jerry A! <jerry@thehutt.org>
PR: 33858
|
|
|
|
|
| |
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
|
| |
|
|
|
|
|
|
|
|
|
| |
seperate the short name and the long name. This was present for most
but not all entries. Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
| |
some new IANA-blessed services and close some PRs. Ports for
Jabber and PostgreSQL.
PR: conf/35219, conf/35220
Submitted by: Sean Chittenden <sean@chittenden.org>
MFC after: 1 day
|
|
|
|
|
|
|
| |
will break a running system during a buildworld.
Noticed by: Alexandr Listopad <laa@laa.zp.ua>
MFC after: 1 week
|
|
|
|
|
|
|
|
| |
which have tailing spaces.
Some card entries had problem because of incorrect number of spaces.
Approved by: imp
MFC after: 1 week
|
|
|
|
|
|
|
|
| |
ugly it was,
$ awk '/[[:space:]]$/ { sub(/$/,"\$"); print; }' /etc/services
On the previous revision. And that's only the trailing whitespace.
|
|
|
|
|
|
| |
is mounted.
Submitted by: rizzo
|
|
|
|
|
|
|
|
| |
and looks like no other Unix diskless configuration I've ever seen.
Thus allow a more traditional /etc.
Note, the use of an MFS /var should also be settable.
Otherwise installing ports(packages) is just a total PITA.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rc.conf(5) and the files' inline documentation.
- Add the "closed"-type, documented in both places, but which did not
exist in the code.
- When provided a ruleset, the system should not make any assumptions
about the sites's policy and should add no rules of its own.
- Make the "UNKNOWN" (documented in-line) actual work as advertised,
load no rules.
Prodded by: Igor M Podlesny <poige@morning.ru>
MFC after: 1 week
|
|
|
|
|
|
|
| |
as a destination address of IPv6 packets.
Submitted by: cjc
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
absolutely necessary
Requested by: peter
PR: conf/33855
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions. If this isn't desired, see etc/mail/README for more hints.
Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.
Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.
|
|
|
|
|
|
| |
works and ways to work around common problems people might have.
Include information on reverting to a set-user-ID root sendmail binary in
case anyone really needs to do this.
|
| |
|
| |
|
|
|
|
| |
include files
|
|
|
|
|
| |
set-user-ID root binary instead of the new method (set-group-ID smmsp).
Therefore, we shouldn't install /etc/mail/submit.cf if it is set.
|
|
|
|
| |
Fix access_db usage for 8.12
|