#
1.25 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
#
1.24 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.23 |
|
11-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.22 |
|
23-Jun-2001 |
itojun |
pim6dd.conf is gone. primes -> moduli (openssh)
|
#
1.21 |
|
26-May-2001 |
itojun |
install /etc/primes for ssh
|
#
1.20 |
|
24-Apr-2001 |
atatat |
The script called dhclient-script no longer lives in /etc.
|
#
1.19 |
|
15-Jan-2001 |
veego |
Remove /etc/mail/sendmail-IPv4only.cf which is no longer needed.
|
#
1.18 |
|
21-Aug-2000 |
lukem |
remove rc.wscons
|
#
1.17 |
|
06-Jul-2000 |
ad |
Add /etc/{hesiod,passwd}.conf.
|
#
1.16 |
|
04-Jul-2000 |
itojun |
sync sendmail default configuration file with GENERIC kernel setting. was: sendmail-IPv6.cf(v4/v6) + sendmail.cf(v4) now: sendmail-IPv4only.cf(v4) + sendmail.cf(v4/v6)
do we need etc/obsolete.mi?
|
#
1.15 |
|
20-Jun-2000 |
ad |
Add /etc/netconfig and /etc/security.local.
|
#
1.14 |
|
12-Jun-2000 |
itojun |
branches: 1.14.2; add rc.d/ipsec for ipsec configuration. when enabled, it will inject /etc/ipsec.conf into "setkey -f". PR 9609.
|
#
1.13 |
|
21-May-2000 |
itojun |
branches: 1.13.2; remove /etc/sendmail and other old items. PR 10171 from Andrew Brown.
|
#
1.12 |
|
13-May-2000 |
lukem |
remove netstart
|
#
1.11 |
|
07-May-2000 |
itojun |
make default sendmail.cf IPv4-only again. roll sendmail-IPv6.cf, which does IPv4/v6.
|
#
1.10 |
|
03-May-2000 |
itojun |
sync with sendmail upgrade. - sendmail configuration files are in /etc/mail, not /etc. - src/etc/aliases will be installed into /etc/mail/aliases (confusing) - rc.d/sendmail warns if /etc/sendmail.cf exists.
|
#
1.9 |
|
19-Apr-2000 |
enami |
Add login.conf, sysctl.conf and usermgmt.conf.
|
#
1.8 |
|
24-Mar-2000 |
enami |
Add ftpd.conf.
|
#
1.7 |
|
23-Jan-2000 |
enami |
Sync with the reality.
|
#
1.6 |
|
25-Nov-1998 |
msaitoh |
Add some files to security check and backup.
|
#
1.5 |
|
10-Sep-1997 |
mikel |
add some files from /etc to the list: csh.logout, inetd.conf, ld.so.conf, newsyslog.conf, profile, rc.subr, resolv.conf, and rpc.
|
#
1.4 |
|
06-Jan-1997 |
hpeyerl |
add /var/cron/tabs/root.
|
#
1.3 |
|
04-Jan-1997 |
mrg |
add new files.
|
#
1.2 |
|
08-May-1996 |
thorpej |
RCS id police.
|
#
1.1 |
|
14-Jun-1994 |
cgd |
branches: 1.1.1; update to new security script
|
#
1.1.1.1 |
|
14-Feb-1997 |
mikel |
import 4.4BSD-Lite
|
#
1.13.2.1 |
|
23-Jun-2000 |
minoura |
Sync w/ netbsd-1-5-base.
|
#
1.14.2.8 |
|
24-Mar-2002 |
he |
Apply patch (requested by itojun): Remove /etc/primes, add /etc/moduli, following openssh upgrade. Fixes PR#15486.
|
#
1.14.2.7 |
|
24-Mar-2002 |
he |
Apply patch (requested by itojun): Check the postfix files for changes. Fixes PR#15659.
|
#
1.14.2.6 |
|
25-Jun-2001 |
he |
Pull up revisions 1.19,1.22 (partial, via patch, requested by he): Remove entries for pim6dd.conf and sendmail-IPv4only.cf.
|
#
1.14.2.5 |
|
27-May-2001 |
he |
Pull up revision 1.21 (requested by itojun): Install /etc/primes, which is required for Diffie-Hellman Group Exchange operation.
|
#
1.14.2.4 |
|
03-May-2001 |
he |
Pull up revision 1.20 (requested by he): /etc/dhclient-script moved to /sbin/dhclient-script.
|
#
1.14.2.3 |
|
23-Aug-2000 |
lukem |
pull up rev 1.18: move guts of etc/rc.wscons -> etc/rc.d/wscons approved: thorpej
|
#
1.14.2.2 |
|
07-Jul-2000 |
itojun |
pullup 1.15 -> 1.16, approved by: releng-1-5 sync sendmail default configuration file with GENERIC kernel setting.
|
#
1.14.2.1 |
|
21-Jun-2000 |
ad |
Pull up revision 1.15: add /etc/netconfig and /etc/security.local.
|