summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Since we do not pre-create /etc/namedb/s, add additional documentationdillon1998-12-021-2/+6
| | | | | | to the comments in named.conf to describe to the user how to create it. (named.conf does not use /etc/namedb/s by default anyway so us not pre-created it in the mtree does not hurt us terribly).
* Remove mtree creation of /etc/namedb/s until we find a good waydillon1998-12-021-3/+5
| | | | to handle new user id's in buildworld/installworld.
* Use /sbin/nologin as shell for operatorache1998-12-021-1/+1
| | | | | | Replace non-existent directory for operator with / Supply by default operator with non-existent but can be created directory and /bin/csh is kinda security risk
* comsat sandbox prevents biff/comsat from being able to print partialdillon1998-12-011-1/+3
| | | | | | mailbox contents. comsat instead simply prints that new mail is available. Add appropriate comment to inetd.conf but leave comsat in sandbox.
* Reviewed by: freebsd-current, freebsd-securitydillon1998-12-013-6/+12
| | | | | | | | Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s subdirectory (user bind, group bind) to hold secondaries, adjust comments in named.conf to reflect new secondary scheme. (Note that core read-only zone files are left owned by root, increasing security even more).
* Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),dillon1998-12-013-5/+9
| | | | | | | | | | adjustd inetd.conf to run comsat and ntalk from tty sandbox, and the (commented out) ident from the kmem sandbox. Note that it is necessary to give each group access it's own uid to prevent programs running under a single uid from being able to gdb or otherwise mess with other programs (with different group perms) running under the same uid.
* Direct std{err,out} to /dev/null when invoking sysctl(8) for settingjkoshy1998-11-277-21/+28
| | | | | | `nfs_access_cache_timeout'. Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
* Don't suggest that NO is allowed here; you use "0" or "" to turn the cachemsmith1998-11-251-2/+2
| | | | | off. Submitted by: jdp
* Add a sample "/etc/pam.conf" file that configures the authenticationjdp1998-11-202-2/+26
| | | | | | | | | | | | | | | | | | methods used by login. Changes to "/usr/bin/login" to use it will be committed later today. The format of the file is described in pam(8). This sample file makes login behave in the traditional way. To wit, it enables authentication via S/Key and passwd/NIS lookups. KerberosIV authentication is present in the sample file but commented out. As a safety net and a transition aid, login will fall back on built-in passwd/NIS authentication if this configuration file is missing or if some other fatal PAM error occurs. This file will eventually replace "/etc/auth.conf", but not until I've finished converting the other utilities, such as passwd and su.
* Bad default value of ${fs} for type:=host in /etc/amd.map.obrien1998-11-201-1/+1
| | | | | PR: conf/7054 Submitted by: Amakawa Shuhei <amakawa@sf.t.u-tokyo.ac.jp>
* Add the directory "/usr/include/security", which is where the PAMjdp1998-11-181-1/+3
| | | | | | header files go. I am not too happy about the name. But if we are to have any hope of being able to use 3rd party PAM modules, we'll have to live with it.
* put hosts before bind.jkh1998-11-161-4/+4
|
* Implement the nfs_access_cache variable, allowing us to set the timeout formsmith1998-11-158-8/+30
| | | | the NFS client's ACCESS cache.
* Arrg, ppi*) correctednsouch1998-11-122-4/+4
|
* Add ppi*) iic*) and smb*)nsouch1998-11-122-6/+52
|
* kldload the screen saverspeter1998-11-112-6/+4
|
* kldload ipfw, it's installed always and works on both kernel formatspeter1998-11-117-14/+14
|
* Suggest using ``iface clear'' under certain circumstancesbrian1998-11-051-1/+9
| | | | in ppp.linkdown.
* Add example for the internal "ident server".phk1998-11-041-1/+5
|
* Move the "root" entry up so people can see it.phk1998-11-032-4/+12
|
* Write temp files with a uniq name into /var/runwosch1998-11-012-4/+4
| | | | | instead the public writable directory /tmp PR: conf/8330
* Backout rev 1.175.obrien1998-10-312-40/+32
|
* ``MAKEDEV ccd3'' is now consistant with many of the other devices in thatobrien1998-10-302-34/+42
| | | | *ccd{0,1,2}* will be created.
* ``MAKEDEV bpf3'' is now consistant with many of the other devices in thatobrien1998-10-292-6/+14
| | | | bpf{0,1,2} will be created.
* Some directories would like to install things into /modulespeter1998-10-171-1/+3
|
* Commented out example of changing the default kernel format with warning.peter1998-10-162-2/+18
|
* - Add a couple comment lines to note that spaces are not allowed asnate1998-10-141-1/+3
| | | | | | | field separators. PR: conf/8162 Submitted by: Sheldon Hearn <sheldonh@axl.training.iafrica.com>
* Shut this thing up; most people don't even have this enabled.jkh1998-10-131-4/+1
|
* Add extra directories required by Perl5. The one in local-landmarkm1998-10-112-2/+6
| | | | is contoversial and may be removed later.
* Hand me the pointy hat, and make it big.des1998-10-091-2/+2
|
* Remove all references to tickadj(8) from rc, rc.conf and rc.conf.5.des1998-10-082-9/+3
| | | | | | | | | | | | | | | Disable building tickadj(8) by removing util from SUBDIR in the xntpd Makefile. Note that the sources are still there and tickadj can still be built and installed by doing: # cd /usr/src/usr.sbin/xntpd/util # make all install There are enough references to tickadj in e.g. the xntpd documentation (not to mention the sysctl variables it uses etc.) that I don't feel up to implementing the final solution right now. Kinda-approved-by: phk
* Avoid using dmesg to find devices, the buffer may not be big enough.phk1998-10-086-30/+12
| | | | | Reviewed by: phk Submitted by: Mike Spengler <mks@networkcs.com>
* Add auth.conf. JKH Added the code to understand this to libutil, andmarkm1998-10-082-2/+12
| | | | I will be following up with commits to use it in KerberosIV userland.
* Add spanish doc dirs.jkh1998-10-071-1/+5
| | | | Submitted by: Motoyuki Konno <motoyuki@snipe.rim.or.jp>
* Here are some scripts and man pages for configuring HARP ATMphk1998-10-0615-10/+1183
| | | | | | | interfaces. Reviewed by: phk Submitted by: Mike Spengler <mks@networkcs.com>
* Doh! Change the correct version of disktab and backout the change todfr1998-10-063-13/+8
| | | | the i386 disktab.
* Add a 2880k disk prototype for building MFS install images.dfr1998-10-062-2/+12
|
* Avoid the ``ruptime: no hosts in /var/rwho.'' message by not callingjoerg1998-10-061-2/+7
| | | | | | | | rwho iff /var/rwho is empty. Call `uptime' instead. This doesn't belong under `network' right away, but at least reports the same informaton about the local system. rwhod is not turned on by default (for good reason), and i've already seen too many of the above messages...
* Show how to create a secure (ssh) VPNbrian1998-10-031-1/+12
|
* Re-enable creating sd*s* devices.obrien1998-10-022-4/+6
| | | | Add note, that one should use da*s* however.
* Add /boot, while I happen to be thinking about it.jkh1998-09-301-1/+3
|
* Limit the fingerd daemon to:wosch1998-09-301-2/+2
| | | | | runs only 3 simultaneous fingerd processes and limit the connections-per-ip-per-minute to 10.
* Put guard shells around stuff started from $local_startup. If you typecracauer1998-09-301-2/+3
| | | | | SIGINT (C-c), you'll get control passed to the next script even if the current one blocks signals. The child is not killed, though.
* We don't support SUID `games' games anymore.obrien1998-09-271-4/+2
|
* Make a /usr/lib/compat/aout directory. Folks should remember tojkh1998-09-261-1/+3
| | | | | re-run mtree over this if they want to populate the compat dirs during a build or that step will fall over.
* Add an entry for the HAYES OPTIMA 28.8kbrian1998-09-252-2/+14
|
* Backout my previous commit. Oops.dima1998-09-251-2/+2
|
* ${DISTDIR}/bin/etc/objformat -> ${DISTDIR}/etc/objformatdima1998-09-251-2/+2
|
* initialize /etc/objformat for new installs, just to be sure.jkh1998-09-231-1/+5
|
* I'm not sure how/when router_enable got set to YES, but it doesn'tjkh1998-09-231-2/+2
| | | | | seem right to me. Noticed by: jkb
OpenPOWER on IntegriCloud