| #
1.25 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
| #
1.24 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown.
- Resurrect /etc/changelist, even if it's an "empty" file by default,
because it's easier to use than /etc/mtree/special.local for adding
a couple of simple files. Back by popular demand (hi @@@! :-)
- Add /etc/rc.d/* to the list of "dynamic" files; this notices changes
in user-added scripts
- Only calculate the mtree -I nomail list once, and re-use
- Use "cat foo | while read file" instead of "for file in `cat foo`" ;
handles whitespace better...
|
| #
1.23 |
|
11-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features:
- Add a bunch of stuff to /etc/mtree/special to enable removal of
/etc/changelist:
- files which we want to monitor for changes but don't want to
see the diffs of (master.passwd, ssh_host_key, ...) are
tagged with "nomail"
- files which we don't want to monitor are tagged with "exclude"
(such as netgroup.db, kvm.db, ...)
- monitor /etc/mtree/special.local, /root/.ssh/*
- remove /etc/changelist, and a bunch of XXX comments
- use mtree(8)'s -D, -I, and -E to generate lists of files to
actually do the changelist stuff on.
- support /etc/mtree/special.local as an optional user-provided
version of /etc/mtree/special (effectively, an enhanced
/etc/changelist)
- Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/*
including support for these files being added and removed at will.
- If /sbin/fdisk exists, backup the output of "fdisk $disk" for all
the active disk drives as part of $check_disklabels
- Check permissions on: ~/.ssh/* ~/.shosts
Details:
- Reorder initialisation of defaults
- Remove special case for /etc/master.passwd "monitor but don't email diffs"
with general case for other similar files.
- Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...)
in "$backup_dir/work", to minimise name clashes.
- Add migrate_file(old, new) to do the hard work of migrating files
from the old `top level' /var/backups mechanism to the `full path'
mechanism recently added. Use this appropriately.
- Add backup_and_diff(file, printdiffs), to the hard work of backing-up
and diff-ing files.
- Cleanup use of shell redirects
- /bin/sh supports ~root globbing, so use it.
- Improve umask checking; use awk regex rather than awk math
|
| #
1.22 |
|
23-Jun-2001 |
itojun |
pim6dd.conf is gone. primes -> moduli (openssh)
|
| #
1.21 |
|
26-May-2001 |
itojun |
install /etc/primes for ssh
|
| #
1.20 |
|
24-Apr-2001 |
atatat |
The script called dhclient-script no longer lives in /etc.
|
| #
1.19 |
|
15-Jan-2001 |
veego |
Remove /etc/mail/sendmail-IPv4only.cf which is no longer needed.
|
| #
1.18 |
|
21-Aug-2000 |
lukem |
remove rc.wscons
|
| #
1.17 |
|
06-Jul-2000 |
ad |
Add /etc/{hesiod,passwd}.conf.
|
| #
1.16 |
|
04-Jul-2000 |
itojun |
sync sendmail default configuration file with GENERIC kernel setting.
was: sendmail-IPv6.cf(v4/v6) + sendmail.cf(v4)
now: sendmail-IPv4only.cf(v4) + sendmail.cf(v4/v6)
do we need etc/obsolete.mi?
|
| #
1.15 |
|
20-Jun-2000 |
ad |
Add /etc/netconfig and /etc/security.local.
|
| #
1.14 |
|
12-Jun-2000 |
itojun |
branches: 1.14.2;
add rc.d/ipsec for ipsec configuration. when enabled, it will inject
/etc/ipsec.conf into "setkey -f". PR 9609.
|
| #
1.13 |
|
21-May-2000 |
itojun |
branches: 1.13.2;
remove /etc/sendmail and other old items.
PR 10171 from Andrew Brown.
|
| #
1.12 |
|
13-May-2000 |
lukem |
remove netstart
|
| #
1.11 |
|
07-May-2000 |
itojun |
make default sendmail.cf IPv4-only again.
roll sendmail-IPv6.cf, which does IPv4/v6.
|
| #
1.10 |
|
03-May-2000 |
itojun |
sync with sendmail upgrade.
- sendmail configuration files are in /etc/mail, not /etc.
- src/etc/aliases will be installed into /etc/mail/aliases (confusing)
- rc.d/sendmail warns if /etc/sendmail.cf exists.
|
| #
1.9 |
|
19-Apr-2000 |
enami |
Add login.conf, sysctl.conf and usermgmt.conf.
|
| #
1.8 |
|
24-Mar-2000 |
enami |
Add ftpd.conf.
|
| #
1.7 |
|
23-Jan-2000 |
enami |
Sync with the reality.
|
| #
1.6 |
|
25-Nov-1998 |
msaitoh |
Add some files to security check and backup.
|
| #
1.5 |
|
10-Sep-1997 |
mikel |
add some files from /etc to the list: csh.logout, inetd.conf,
ld.so.conf, newsyslog.conf, profile, rc.subr, resolv.conf, and rpc.
|
| #
1.4 |
|
06-Jan-1997 |
hpeyerl |
add /var/cron/tabs/root.
|
| #
1.3 |
|
04-Jan-1997 |
mrg |
add new files.
|
| #
1.2 |
|
08-May-1996 |
thorpej |
RCS id police.
|
| #
1.1 |
|
14-Jun-1994 |
cgd |
branches: 1.1.1;
update to new security script
|
| #
1.1.1.1 |
|
14-Feb-1997 |
mikel |
import 4.4BSD-Lite
|
| #
1.13.2.1 |
|
23-Jun-2000 |
minoura |
Sync w/ netbsd-1-5-base.
|
| #
1.14.2.8 |
|
24-Mar-2002 |
he |
Apply patch (requested by itojun):
Remove /etc/primes, add /etc/moduli, following openssh upgrade.
Fixes PR#15486.
|
| #
1.14.2.7 |
|
24-Mar-2002 |
he |
Apply patch (requested by itojun):
Check the postfix files for changes. Fixes PR#15659.
|
| #
1.14.2.6 |
|
25-Jun-2001 |
he |
Pull up revisions 1.19,1.22 (partial, via patch, requested by he):
Remove entries for pim6dd.conf and sendmail-IPv4only.cf.
|
| #
1.14.2.5 |
|
27-May-2001 |
he |
Pull up revision 1.21 (requested by itojun):
Install /etc/primes, which is required for Diffie-Hellman Group
Exchange operation.
|
| #
1.14.2.4 |
|
03-May-2001 |
he |
Pull up revision 1.20 (requested by he):
/etc/dhclient-script moved to /sbin/dhclient-script.
|
| #
1.14.2.3 |
|
23-Aug-2000 |
lukem |
pull up rev 1.18:
move guts of etc/rc.wscons -> etc/rc.d/wscons
approved: thorpej
|
| #
1.14.2.2 |
|
07-Jul-2000 |
itojun |
pullup 1.15 -> 1.16, approved by: releng-1-5
sync sendmail default configuration file with GENERIC kernel setting.
|
| #
1.14.2.1 |
|
21-Jun-2000 |
ad |
Pull up revision 1.15: add /etc/netconfig and /etc/security.local.
|