#
285830 |
|
23-Jul-2015 |
gjb |
- Copy stable/10@285827 to releng/10.2 in preparation for 10.2-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.2. - Update default pkg(8) configuration to use the quarterly branch.[1]
Discussed with: re, portmgr [1] Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
285725 |
|
20-Jul-2015 |
gjb |
MFC r285253 (hrs): - Add IPv6 support in quota(1). While rpc.rquotad has supported PF_INET6 for a long time, quota(1) utility supported only PF_INET. - Clean up confusing changes in f_mntfromname. - Add an entry for rquotad with rpc/udp6 to inetd.conf.
PR: 194084 Approved by: re (kib) Sponsored by: The FreeBSD Foundation
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
251794 |
|
15-Jun-2013 |
eadler |
Remove CVS from the base system.
Discussed with: many Reviewed by: peter, zi Approved by: core
|
#
206039 |
|
01-Apr-2010 |
des |
Add -k to the recommended fingerd(8) command line.
MFC after: 2 weeks
|
#
196787 |
|
03-Sep-2009 |
remko |
Do the first step in removing lukemftpd from the base system. Disconnect it from the build.
If you are using the FTP daemon, please consider using the port ftp/tnftpd which is the same FTP server, but newer and might have more/better functionality.
This results in us providing only one ftp daemon by default.
Reviewed by: bz Approved by: imp (mentor, implicit) MFC after: 3 days Silence from: obrien
|
#
171249 |
|
05-Jul-2007 |
delphij |
Remove reference to the old ftp-proxy implementation, which was replaced during the pf 4.1 import.
Approved by: re (mux)
|
#
161773 |
|
31-Aug-2006 |
obrien |
Re-add lukemftpd. It has: PAM, MAC, per-class nologin files, login.conf resource limits and features.
|
#
155349 |
|
05-Feb-2006 |
ceri |
The rpc.pcnfsd server was in the base for a little over seven minutes back in 1994. Change the example entry to point at the port, as per the entries for uucpd et al.
|
#
147270 |
|
10-Jun-2005 |
nectar |
Remove rexecd(8), a server that implements a particularly insecure method of executing commands remotely. There are no rexec clients in the FreeBSD tree, and the client function rexec(3) is present only in libcompat. It has been documented as "obsolete" since 4.3BSD, and its use has been discouraged in the man page for over 10 years.
|
#
130151 |
|
06-Jun-2004 |
schweikh |
Removed whitespace at BOF, EOL & EOF.
|
#
127799 |
|
03-Apr-2004 |
mlaier |
Style: - do not comment out entries in newsyslog.conf - use tabs to line up inetd.conf
Requested by: bde Approved by: bms(mentor)
|
#
126863 |
|
11-Mar-2004 |
des |
Turn on logging for tftpd.
|
#
126811 |
|
10-Mar-2004 |
mlaier |
ftp-proxy no longer lives in /usr/local/...
Noticed by: Pyun YongHyeon Approved by: bms(mentor)
|
#
126758 |
|
08-Mar-2004 |
ale |
Fix typos.
Approved by: blackend (mentor/implicitly)
|
#
126756 |
|
08-Mar-2004 |
mlaier |
Link pf to the build and install: This adds the former ports registered groups: proxy and authpf as well as the proxy user. Make sure to run mergemaster -p in oder to complete make installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to change ports accordingly.
Approved by: bms(mentor)
|
#
116119 |
|
09-Jun-2003 |
markm |
Bit of modernising. Remove old KerberosIV entries, add example sshd entries, sort internal services the same as everywhere else.
|
#
115892 |
|
06-Jun-2003 |
yar |
Since FreeBSD has never had a stock NNTP server, move the nntp line down to the section of optional mail/news services. Change the nntpd location to /usr/local/libexec since it's an optional software.
Henceforth, nntpd will be advised to run as "news", which is a standard user in the system, instead of "usenet", which has never existed in the default master.passwd(5). Note: It's not "news:news" since inetd(8) runs a service at the specified user's login group by default.
Add a blank comment line above the uucpd line so the section looks uniform.
Partly pointed out by: Alexey Neyman <alex.neyman at auriga.ru> MFC after: 1 week
|
#
106817 |
|
12-Nov-2002 |
obrien |
[DAIVD O'BRIEN's OPINION] Head off what I think is an abuse of the TRB, and disable lukemftpd.
|
#
106117 |
|
29-Oct-2002 |
obrien |
Tweak the warning language.
|
#
105876 |
|
24-Oct-2002 |
rwatson |
# WARNING: lukemftpd does not support PAM, MAC, per-class nologin files, # or any login.conf resource limits or features; use it only if this is # appropriate for your environment. If you require these features, use # the regular FreeBSD ftpd below.
Discourage users from using lukemftpd if they rely any of these standard FreeBSD features that are fully supported by our native ftpd. There may be other features that are not yet supported that I have not yet discovered.
|
#
101595 |
|
09-Aug-2002 |
gordon |
Correct comment. We use rpcbind now, not portmap
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
#
94444 |
|
11-Apr-2002 |
ume |
Add an IPv6 sample line for tftpd.
MFC after: 2 weeks
|
#
93243 |
|
26-Mar-2002 |
obrien |
Add a sample line for lukemftp.
|
#
91929 |
|
09-Mar-2002 |
dd |
In the words of the submitter:
Kerberized CVS (kserver) listens on the same port as normal CVS (pserver). In /etc/inetd.conf cvs kserver is disabled by default, but set to listen to the service port 'cvs' which doesn't exist. It should listen to 'cvspserver'.
PR: 34317 Submitted by: Sean Chittenden <sean@chittenden.org>
|
#
90600 |
|
13-Feb-2002 |
maxim |
Fix a typo in swat example.
Spotted by: Sergey Osokin <osa@freebsd.org.ru> Reviewed by: ru Approved by: ru MFC after: 1 week
|
#
85298 |
|
22-Oct-2001 |
obrien |
Chroot to /tftpboot for tftp.
Reviewed by: mdodd, peter
|
#
84767 |
|
10-Oct-2001 |
obrien |
Fix tabbing damage in last commit.
|
#
84400 |
|
03-Oct-2001 |
jkh |
Add commented-out/prototype entries for samba's swat configuration tool.
Requested by: "William Wong" <willwong@samurai.com> MFC after: 1 week
|
#
84265 |
|
01-Oct-2001 |
kris |
Move the uucpd entry down a bit to live with other optional services and correct the path to /usr/local as an example.
Submitted by: ru
|
#
81020 |
|
02-Aug-2001 |
rwatson |
Default to disabling all inetd.conf entries, in particular, telnetd and ftpd. This more conservative default reduces the exposure of freshly installed machines, which is especially valuable for machines that receive minimal further configuration before being put into production. Generally speaking, SSH has superseded the use of both telnet and ftp in many environments. In light of recent remotely exploitable security holes in both telnetd and ftpd, this choice retains flexibility (both telnetd and ftpd daemons remain installed and easily enableable) while protecting users who don't need the additional risk. This change brings our configuration into line with the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet from first install, changes will shortly be committed to sysinstall to provide the ability to edit inetd.conf during the installation process, allowing telnetd and ftp to be re-enabled during the installation process.
While I'm at it, slightly improve commenting for inetd.conf so that it's more clear to users how to enable and disable services. Further commenting to indicate the functions of various columns would probably also be useful.
Reviewed by: imp, chris, jake, nate, -arch, -stable
|
#
75017 |
|
30-Mar-2001 |
peter |
Integrate the IPv6 entries with the rest of them to avoid things getting out of sync. A similar change was made by itojun on the OpenBSD tree a few weeks ago. This should stop people disabling one server and forgetting the other one (eg: ftp and/or telnet)
|
#
66621 |
|
04-Oct-2000 |
kris |
Disable rsh and rlogin by default. ssh and telnet are still available for remote access on default installations.
|
#
66568 |
|
03-Oct-2000 |
jkh |
Turn fingerd OFF by default. Comparative essentials like telnetd are bad enough, but finger is hardly a critical system service and it's traditionally been vulnerable to a variety of attacks; anybody remember RTFM and his worm?
|
#
58574 |
|
25-Mar-2000 |
jhb |
Fix a misspelling in the comments for tha IPv6 auth service and change them to more closely resembles those in the IPv4 sction.
|
#
57773 |
|
05-Mar-2000 |
shin |
Fix a typo. (s/eExample/Example/)
Submitted by: Robert Muir <rmuir@looksharp.net>
|
#
57537 |
|
27-Feb-2000 |
shin |
Add IPv6 services into inetd.conf. Also enable some standard IPv6 apps by default. These entries will be simply ignored on systems with no INET6 defined.
Approved by: jkh Suggested by: peter
|
#
55779 |
|
10-Jan-2000 |
dbaker |
Include a note below the example qmail entry that mentions that inetd is no longer the correct way to have qmail handle incoming qmail smtp connections. Also provide a url to the correct method.
|
#
55115 |
|
26-Dec-1999 |
peter |
Update the cvs pserver example so that it gives some more obvious clues about the --allow-root switch.
PR: 14463
|
#
50472 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
49059 |
|
24-Jul-1999 |
green |
Add -n to the example and explanation of the internal auth service.
|
#
49034 |
|
23-Jul-1999 |
sheldonh |
Document the -o and -t options to the internal auth service and give an example of their usage in the sample config. Merge the two examples for the green internal auth service.
This commit failed the first time around because Brian beat me to the punch on inetd.8 . I like my descriptions better and I'm pretty sure Brian won't mind.
|
#
48846 |
|
16-Jul-1999 |
green |
I think the last revision got lost here. Identd needs to be run as root, at least for now. I relegated the getcred sysctls to only root, but if they're deemed to be "allowable" to export to users, I'll do so and revert this change.
|
#
48845 |
|
16-Jul-1999 |
sheldonh |
Document the new {auth,ident,tap} service and provide examples in the configuration file.
Requested by: green
|
#
48816 |
|
15-Jul-1999 |
green |
This is the working internal ident service. Turn it on by setting the make variable REAL_IDENT, and ~/.fakeid support can be added with FAKEID set. Note that the default behavior is the same as the old behavior.
|
#
48815 |
|
15-Jul-1999 |
ache |
Due to recent pidentd port changes (switch to sysctl), identd must be runned as root again, not kmem:kmem
|
#
41444 |
|
01-Dec-1998 |
dillon |
comsat sandbox prevents biff/comsat from being able to print partial mailbox contents. comsat instead simply prints that new mail is available. Add appropriate comment to inetd.conf but leave comsat in sandbox.
|
#
41441 |
|
01-Dec-1998 |
dillon |
Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53), adjustd inetd.conf to run comsat and ntalk from tty sandbox, and the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to prevent programs running under a single uid from being able to gdb or otherwise mess with other programs (with different group perms) running under the same uid.
|
#
40911 |
|
04-Nov-1998 |
phk |
Add example for the internal "ident server".
|
#
39825 |
|
30-Sep-1998 |
wosch |
Limit the fingerd daemon to: runs only 3 simultaneous fingerd processes and limit the connections-per-ip-per-minute to 10.
|
#
38738 |
|
02-Sep-1998 |
brian |
Add Id keywords
|
#
38337 |
|
15-Aug-1998 |
markm |
Clean up the kerberos entries, and add example CVS entries
|
#
37741 |
|
18-Jul-1998 |
hoek |
MFC: sample qmail entry.
|
#
29951 |
|
28-Sep-1997 |
jkh |
Restore the Samba entries which were spammed when someone added the imap4 entry.
|
#
21613 |
|
12-Jan-1997 |
ache |
Add commented out example entry for imap4
|
#
19607 |
|
10-Nov-1996 |
peter |
The kerberised network services should only be active in inetd.conf if kerberos is installed. So far as I'm aware, kerberos aware clients detect ECONNREFUSED and (if allowed) fall back to the non-kerberos servers. They do not know how to interpret messages such as "rlogind: unknown option -k".
I believe Garrett also mentioned this.
Unfortunately, this adds an extra step to bringing up kerberos.
It also stops /var/log/messages getting quite so many useless (and confusing) error messages when somebody does a port scan on you.
|
#
18639 |
|
02-Oct-1996 |
pst |
In the brave new world, that that does not make us strong, kills us.
Turn OFF the "small servers" by default. FreeBSD systems should only serve actively used programs. Jewels like chargen and echo are too useful in attack scenarios.
|
#
18378 |
|
19-Sep-1996 |
phk |
Add commented out example for bootps
|
#
13249 |
|
05-Jan-1996 |
graichen |
changed /etc/[daily,weekly,monthly] to not rotate the logfiles by "hand", changed /etc/crontab to call /usr/sbin/newsyslog every hour (the entry was there before - but we haven't had any newsyslog until today :-) and changed /etc/inetd.conf to also contain (commentet out) entries for rpc.rquotad and rpc.sprayd (taken from NetBSD)
|
#
12995 |
|
23-Dec-1995 |
joerg |
Add /tftpboot as an argument to the commented-out example for tftp, so people don't compromise their system by blindly un-commenting the entry.
|
#
10808 |
|
15-Sep-1995 |
gibbs |
inetd.conf: Add rkinit at 2108/tcp.
services: Add rkinitd.
|
#
9775 |
|
29-Jul-1995 |
ache |
Restore tabs in inetd line Submitted by: Obtained from:
|
#
9742 |
|
27-Jul-1995 |
ache |
Rename in.identd -> identd according recent ports rename
|
#
7671 |
|
08-Apr-1995 |
ache |
Add ident (commented out)
|
#
5183 |
|
21-Dec-1994 |
wollman |
Disable UDP echo, chargen, date, and daytime services.
|
#
5170 |
|
19-Dec-1994 |
ache |
Uncomment uucpd by default, it is working and secure now
|
#
4652 |
|
18-Nov-1994 |
ats |
Change the example line for popper to point to /usr/local/libexec/popper instead of /usr/local/etc/popper. The 2.0 installation installs it there.
|
#
3196 |
|
29-Sep-1994 |
pst |
Secure fingerd by default
|
#
3190 |
|
29-Sep-1994 |
pst |
Disable rexecd by default (major security hole)
|
#
3169 |
|
28-Sep-1994 |
pst |
Add an entry for pcnfsd (commented out)
|
#
1715 |
|
13-Jun-1994 |
wollman |
Added comment about registerd and kpasswdd not working in 1.x. Deleted commented-out line which would start mountd; that's not the right pplace to do it (don't confuse the users). Should probablyhave uncommented rpc.rstatd, but didn't.
|
#
1662 |
|
31-May-1994 |
ache |
Comment out uucpd, not properly configured as default Comment out walld/rusersd/rstatd, may be too verbose
|
#
1645 |
|
31-May-1994 |
ache |
Uncomment uucpd, now it works Uncomment rstatd/rusersd/rwalld all three worked mountd still commented out, I remember some problem with it
|
#
831 |
|
05-Dec-1993 |
ats |
Added entries for sup into services. Added an example entry for the pop3 popper into inetd.conf as a comment.
|
#
645 |
|
21-Oct-1993 |
rgrimes |
Change space to tab in ruserd line per Guido van Rooij
|
#
591 |
|
13-Oct-1993 |
rgrimes |
Disable rpc services so that inetd no longer hangs when you are not running portmapper. These are site specific functionality and should only be enabled for sites that want them, not by default.
These services REQUIRE portmapper to be running
|
#
500 |
|
23-Sep-1993 |
jtc |
Entries so RPC servers are started.
|
#
377 |
|
02-Sep-1993 |
rgrimes |
Added /etc/networks to the files that get installed, some how it got dropped out of the Makefile. Commented out talk in inetd.conf since it refers to the old non-existent otalkd.
|
#
38 |
|
20-Jun-1993 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r37, which included commits to RCS files with non-trunk default branches.
|
#
37 |
|
20-Jun-1993 |
rgrimes |
Initial import of 386BSD 0.1 othersrc/etc
|