Searched hist:5 (Results 451 - 475 of 9460) sorted by relevance
/freebsd-10.0-release/contrib/amd/libamu/ | ||
H A D | mount_fs.c | diff 174313 Wed Dec 05 14:57:05 MST 2007 obrien Put stock 6.1.5 file into HEAD. diff 131706 Tue Jul 06 11:16:49 MDT 2004 mbr Resolve conflicts for am-utils-6.0-10p1 (am-utils-6.0-20040513) import: - Fix typo in amd/nfs_prot_svc.c - Manpage change in scripts/amd.conf.5 - Remove unneeded configure files - Remove unneeded m4/macros |
/freebsd-10.0-release/contrib/amd/wire-test/ | ||
H A D | wire-test.8 | diff 174297 Wed Dec 05 13:59:34 MST 2007 obrien Merge the 6.0.10p1 -> 6.1.5 changes into our manpages. diff 131706 Tue Jul 06 11:16:49 MDT 2004 mbr Resolve conflicts for am-utils-6.0-10p1 (am-utils-6.0-20040513) import: - Fix typo in amd/nfs_prot_svc.c - Manpage change in scripts/amd.conf.5 - Remove unneeded configure files - Remove unneeded m4/macros |
H A D | wire-test.c | diff 174313 Wed Dec 05 14:57:05 MST 2007 obrien Put stock 6.1.5 file into HEAD. diff 131706 Tue Jul 06 11:16:49 MDT 2004 mbr Resolve conflicts for am-utils-6.0-10p1 (am-utils-6.0-20040513) import: - Fix typo in amd/nfs_prot_svc.c - Manpage change in scripts/amd.conf.5 - Remove unneeded configure files - Remove unneeded m4/macros |
/freebsd-10.0-release/contrib/openbsm/libbsm/ | ||
H A D | au_control.3 | diff 189279 Mon Mar 02 11:32:58 MST 2009 rwatson Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. diff 189279 Mon Mar 02 11:32:58 MST 2009 rwatson Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. diff 189279 Mon Mar 02 11:32:58 MST 2009 rwatson Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. diff 189279 Mon Mar 02 11:32:58 MST 2009 rwatson Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. diff 189279 Mon Mar 02 11:32:58 MST 2009 rwatson Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. diff 168777 Mon Apr 16 13:37:10 MDT 2007 rwatson Vendor import TrustedBSD OpenBSM 1.0 alpha 14, with the following change history notes since the last import: OpenBSM 1.0 alpha 14 - Fix endian issues when processing IPv6 addresses for extended subject and process tokens. - gcc41 warnings clean. - Teach audit_submit(3) about getaudit_addr(2). - Add support for zonename tokens. OpenBSM 1.0 alpha 13 - compat/clock_gettime.h now provides a compatibility implementation of clock_gettime(), which fixes building on Mac OS X. - Countless man page improvements, markup fixes, content fixs, etc. - XML printing support via "praudit -x". - audit.log.5 expanded to include additional BSM token types. - Added encoding and decoding routines for process64_ex, process32_ex, subject32_ex, header64, and attr64 tokens. - Additional audit event identifiers for listen, mlockall/munlockall, getpath, POSIX message queues, and mandatory access control. Approved by: re (bmah) MFC after: 3 weeks Obtained from: TrustedBSD Project diff 162621 Mon Sep 25 09:40:29 MDT 2006 rwatson Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change history notes since the last import: OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results. MFC after: 3 days Obtained from: TrustedBSD Project diff 162621 Mon Sep 25 09:40:29 MDT 2006 rwatson Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change history notes since the last import: OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results. MFC after: 3 days Obtained from: TrustedBSD Project |
/freebsd-10.0-release/contrib/sendmail/src/ | ||
H A D | sm_resolve.c | diff 223067 Tue Jun 14 02:32:38 MDT 2011 gshapiro Merge sendmail 8.14.5 to HEAD MFC after: 4 days diff 98841 Wed Jun 26 00:48:44 MDT 2002 gshapiro Import sendmail 8.12.5 |
/freebsd-10.0-release/etc/mtree/ | ||
H A D | README | diff 172421 Wed Oct 03 03:44:27 MDT 2007 ru Removed "tail +5" from the command used to sanity check changes to mtree files -- the 5-line header is no longer printed when mtree(8) is run with -n (as of mtree/create.c,v 1.34). Approved by: re (kensmith) diff 172421 Wed Oct 03 03:44:27 MDT 2007 ru Removed "tail +5" from the command used to sanity check changes to mtree files -- the 5-line header is no longer printed when mtree(8) is run with -n (as of mtree/create.c,v 1.34). Approved by: re (kensmith) |
/freebsd-10.0-release/etc/pam.d/ | ||
H A D | cron | 170890 Sun Jun 17 15:25:53 MDT 2007 yar Add PAM support to cron(8). Now cron(8) will skip commands scheduled by unavailable accounts, e.g., those locked, expired, not allowed in at the moment by nologin(5), or whatever, depending on cron's pam.conf(5). This applies to personal crontabs only, /etc/crontab is unaffected. In other words, now the account management policy will apply to commands scheduled by users via crontab(1) so that a user can no longer use cron(8) to set up a delayed backdoor and run commands during periods when the admin doesn't want him to. The PAM check is done just before running a command, not when loading a crontab, because accounts can get locked, expired, and re-enabled any time with no changes to their crontabs. E.g., imagine that you provide a system with payed access, or better a cluster of such systems with centralized account management via PAM. When a user pays for some days of access, you set his expire field respectively. If the account expires before its owner pays more, its crontab commands won't run until the next payment is made. Then it'll be enough to set the expire field in future for the commands to run again. And so on. Document this change in the cron(8) manpage, which includes adding a FILES section and touching the document date. X-Security: should benefit as users have access to cron(8) by default 170890 Sun Jun 17 15:25:53 MDT 2007 yar Add PAM support to cron(8). Now cron(8) will skip commands scheduled by unavailable accounts, e.g., those locked, expired, not allowed in at the moment by nologin(5), or whatever, depending on cron's pam.conf(5). This applies to personal crontabs only, /etc/crontab is unaffected. In other words, now the account management policy will apply to commands scheduled by users via crontab(1) so that a user can no longer use cron(8) to set up a delayed backdoor and run commands during periods when the admin doesn't want him to. The PAM check is done just before running a command, not when loading a crontab, because accounts can get locked, expired, and re-enabled any time with no changes to their crontabs. E.g., imagine that you provide a system with payed access, or better a cluster of such systems with centralized account management via PAM. When a user pays for some days of access, you set his expire field respectively. If the account expires before its owner pays more, its crontab commands won't run until the next payment is made. Then it'll be enough to set the expire field in future for the commands to run again. And so on. Document this change in the cron(8) manpage, which includes adding a FILES section and touching the document date. X-Security: should benefit as users have access to cron(8) by default |
/freebsd-10.0-release/etc/periodic/monthly/ | ||
H A D | 450.status-security | 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ |
/freebsd-10.0-release/etc/periodic/security/ | ||
H A D | 300.chkuid0 | diff 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ diff 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ |
H A D | 400.passwdless | diff 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ diff 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ |
H A D | 610.ipf6denied | diff 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ diff 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ |
/freebsd-10.0-release/etc/periodic/weekly/ | ||
H A D | 450.status-security | 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ 254974 Tue Aug 27 19:33:49 MDT 2013 jlh Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ |
/freebsd-10.0-release/etc/rc.d/ | ||
H A D | static_arp | 196550 Tue Aug 25 17:14:22 MDT 2009 delphij Add a new rc.d script, static_arp, which enables the administrator to statically bind IPv4 <-> MAC address at boot time. In order to use this, the administrator needs to configure the following rc.conf(5) variable: - static_arp_pairs: A list of names for static bind pairs, and, - a series of static_arp_(name): the arguments that is being passed to ``arp -S'' operation. Example: static_arp_pairs="gw" static_arp_gw="192.168.1.1 00:01:02:03:04:05" See the rc.conf(5) manual page for more details. Reviewed by: -rc@ MFC after: 2 weeks 196550 Tue Aug 25 17:14:22 MDT 2009 delphij Add a new rc.d script, static_arp, which enables the administrator to statically bind IPv4 <-> MAC address at boot time. In order to use this, the administrator needs to configure the following rc.conf(5) variable: - static_arp_pairs: A list of names for static bind pairs, and, - a series of static_arp_(name): the arguments that is being passed to ``arp -S'' operation. Example: static_arp_pairs="gw" static_arp_gw="192.168.1.1 00:01:02:03:04:05" See the rc.conf(5) manual page for more details. Reviewed by: -rc@ MFC after: 2 weeks |
/freebsd-10.0-release/include/rpcsvc/ | ||
H A D | mount.x | 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. |
H A D | nfs_prot.x | 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. |
H A D | rstat.x | 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. |
H A D | yppasswd.x | 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. 1832 Thu Aug 04 17:01:57 MDT 1994 wollman Moved 1.1.5 RPC service files from 1.1.5. Tese are the correct ones; the ones in /usr/src/lib/librpc/rpcsvc are somewhat bogus and will be deleted. Submitted by: Original work in 1.1 by J.T. Conklin. |
/freebsd-10.0-release/kerberos5/usr.bin/verify_krb5_conf/ | ||
H A D | Makefile | diff 125491 Thu Feb 05 16:51:52 MST 2004 ru style.Makefile(5). OK'ed by: nectar 120955 Thu Oct 09 17:54:03 MDT 2003 nectar Build and install the verify_krb5_conf(8) utility, which checks krb5.conf(5) for obvious errors. |
/freebsd-10.0-release/lib/clang/libllvmarchive/ | ||
H A D | Makefile | diff 246259 Sat Feb 02 20:38:41 MST 2013 dim Pull in r170135 from upstream clang trunk: Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user specifies not to. Dont build ASTMatchers with Rewriter disabled and StaticAnalyzer when it's disabled. Without all those three, the clang binary shrinks (x86_64) from ~36MB to ~32MB (unstripped). To disable these clang components, and get a smaller clang binary built and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the initial stages of buildworld, those extra components are already disabled automatically, to save some build time. MFC after: 1 week 231057 Sun Feb 05 22:05:30 MST 2012 dim Add a WITH_CLANG_EXTRAS option for src.conf(5), disabled by default, that builds the following additional llvm/clang tools: - bugpoint - llc - lli - llvm-ar - llvm-as - llvm-bcanalyzer - llvm-diff - llvm-dis - llvm-extract - llvm-ld - llvm-link - llvm-mc - llvm-nm - llvm-objdump - llvm-prof - llvm-ranlib - llvm-rtdyld - llvm-stub - macho-dump - opt These tools are mainly useful for people that want to manipulate llvm bitcode (.bc) and llvm assembly language (.ll) files, or want to tinker with llvm and clang themselves. MFC after: 2 weeks |
/freebsd-10.0-release/lib/clang/libllvmexecutionengine/ | ||
H A D | Makefile | diff 246259 Sat Feb 02 20:38:41 MST 2013 dim Pull in r170135 from upstream clang trunk: Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user specifies not to. Dont build ASTMatchers with Rewriter disabled and StaticAnalyzer when it's disabled. Without all those three, the clang binary shrinks (x86_64) from ~36MB to ~32MB (unstripped). To disable these clang components, and get a smaller clang binary built and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the initial stages of buildworld, those extra components are already disabled automatically, to save some build time. MFC after: 1 week 231057 Sun Feb 05 22:05:30 MST 2012 dim Add a WITH_CLANG_EXTRAS option for src.conf(5), disabled by default, that builds the following additional llvm/clang tools: - bugpoint - llc - lli - llvm-ar - llvm-as - llvm-bcanalyzer - llvm-diff - llvm-dis - llvm-extract - llvm-ld - llvm-link - llvm-mc - llvm-nm - llvm-objdump - llvm-prof - llvm-ranlib - llvm-rtdyld - llvm-stub - macho-dump - opt These tools are mainly useful for people that want to manipulate llvm bitcode (.bc) and llvm assembly language (.ll) files, or want to tinker with llvm and clang themselves. MFC after: 2 weeks |
/freebsd-10.0-release/lib/clang/libllvminterpreter/ | ||
H A D | Makefile | diff 246259 Sat Feb 02 20:38:41 MST 2013 dim Pull in r170135 from upstream clang trunk: Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user specifies not to. Dont build ASTMatchers with Rewriter disabled and StaticAnalyzer when it's disabled. Without all those three, the clang binary shrinks (x86_64) from ~36MB to ~32MB (unstripped). To disable these clang components, and get a smaller clang binary built and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the initial stages of buildworld, those extra components are already disabled automatically, to save some build time. MFC after: 1 week 231057 Sun Feb 05 22:05:30 MST 2012 dim Add a WITH_CLANG_EXTRAS option for src.conf(5), disabled by default, that builds the following additional llvm/clang tools: - bugpoint - llc - lli - llvm-ar - llvm-as - llvm-bcanalyzer - llvm-diff - llvm-dis - llvm-extract - llvm-ld - llvm-link - llvm-mc - llvm-nm - llvm-objdump - llvm-prof - llvm-ranlib - llvm-rtdyld - llvm-stub - macho-dump - opt These tools are mainly useful for people that want to manipulate llvm bitcode (.bc) and llvm assembly language (.ll) files, or want to tinker with llvm and clang themselves. MFC after: 2 weeks |
/freebsd-10.0-release/lib/clang/libllvmjit/ | ||
H A D | Makefile | diff 246259 Sat Feb 02 20:38:41 MST 2013 dim Pull in r170135 from upstream clang trunk: Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user specifies not to. Dont build ASTMatchers with Rewriter disabled and StaticAnalyzer when it's disabled. Without all those three, the clang binary shrinks (x86_64) from ~36MB to ~32MB (unstripped). To disable these clang components, and get a smaller clang binary built and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the initial stages of buildworld, those extra components are already disabled automatically, to save some build time. MFC after: 1 week 231057 Sun Feb 05 22:05:30 MST 2012 dim Add a WITH_CLANG_EXTRAS option for src.conf(5), disabled by default, that builds the following additional llvm/clang tools: - bugpoint - llc - lli - llvm-ar - llvm-as - llvm-bcanalyzer - llvm-diff - llvm-dis - llvm-extract - llvm-ld - llvm-link - llvm-mc - llvm-nm - llvm-objdump - llvm-prof - llvm-ranlib - llvm-rtdyld - llvm-stub - macho-dump - opt These tools are mainly useful for people that want to manipulate llvm bitcode (.bc) and llvm assembly language (.ll) files, or want to tinker with llvm and clang themselves. MFC after: 2 weeks |
/freebsd-10.0-release/lib/clang/libllvmmcdisassembler/ | ||
H A D | Makefile | diff 246259 Sat Feb 02 20:38:41 MST 2013 dim Pull in r170135 from upstream clang trunk: Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user specifies not to. Dont build ASTMatchers with Rewriter disabled and StaticAnalyzer when it's disabled. Without all those three, the clang binary shrinks (x86_64) from ~36MB to ~32MB (unstripped). To disable these clang components, and get a smaller clang binary built and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the initial stages of buildworld, those extra components are already disabled automatically, to save some build time. MFC after: 1 week 231057 Sun Feb 05 22:05:30 MST 2012 dim Add a WITH_CLANG_EXTRAS option for src.conf(5), disabled by default, that builds the following additional llvm/clang tools: - bugpoint - llc - lli - llvm-ar - llvm-as - llvm-bcanalyzer - llvm-diff - llvm-dis - llvm-extract - llvm-ld - llvm-link - llvm-mc - llvm-nm - llvm-objdump - llvm-prof - llvm-ranlib - llvm-rtdyld - llvm-stub - macho-dump - opt These tools are mainly useful for people that want to manipulate llvm bitcode (.bc) and llvm assembly language (.ll) files, or want to tinker with llvm and clang themselves. MFC after: 2 weeks |
/freebsd-10.0-release/lib/clang/libllvmobject/ | ||
H A D | Makefile | diff 246259 Sat Feb 02 20:38:41 MST 2013 dim Pull in r170135 from upstream clang trunk: Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user specifies not to. Dont build ASTMatchers with Rewriter disabled and StaticAnalyzer when it's disabled. Without all those three, the clang binary shrinks (x86_64) from ~36MB to ~32MB (unstripped). To disable these clang components, and get a smaller clang binary built and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the initial stages of buildworld, those extra components are already disabled automatically, to save some build time. MFC after: 1 week 231057 Sun Feb 05 22:05:30 MST 2012 dim Add a WITH_CLANG_EXTRAS option for src.conf(5), disabled by default, that builds the following additional llvm/clang tools: - bugpoint - llc - lli - llvm-ar - llvm-as - llvm-bcanalyzer - llvm-diff - llvm-dis - llvm-extract - llvm-ld - llvm-link - llvm-mc - llvm-nm - llvm-objdump - llvm-prof - llvm-ranlib - llvm-rtdyld - llvm-stub - macho-dump - opt These tools are mainly useful for people that want to manipulate llvm bitcode (.bc) and llvm assembly language (.ll) files, or want to tinker with llvm and clang themselves. MFC after: 2 weeks |
/freebsd-10.0-release/lib/libipsec/ | ||
H A D | ipsec_strerror.c | diff 78064 Mon Jun 11 10:39:29 MDT 2001 ume Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks diff 78064 Mon Jun 11 10:39:29 MDT 2001 ume Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks |
Completed in 307 milliseconds