Created
December 5, 2011 00:35
-
-
Save zeszyt/1431796 to your computer and use it in GitHub Desktop.
OpenBSD etc 4.5 -> 4.6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -ur etc45/.profile etc46/.profile | |
--- etc45/.profile Sat Feb 28 22:29:27 2009 | |
+++ etc46/.profile Fri Jul 10 05:01:04 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: dot.profile,v 1.5 2005/03/30 21:18:33 millert Exp $ | |
+# $OpenBSD: dot.profile,v 1.8 2009/05/06 22:02:05 millert Exp $ | |
# | |
# sh/ksh initialization | |
@@ -9,5 +9,9 @@ | |
umask 022 | |
if [ -x /usr/bin/tset ]; then | |
- eval `/usr/bin/tset -sQ \?$TERM` | |
+ if [ X"$XTERM_VERSION" = X"" ]; then | |
+ eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM` | |
+ else | |
+ eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM` | |
+ fi | |
fi | |
diff -ur etc45/etc/changelist etc46/etc/changelist | |
--- etc45/etc/changelist Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/changelist Fri Jul 10 05:01:02 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: changelist,v 1.59 2008/10/02 07:27:57 sthen Exp $ | |
+# $OpenBSD: changelist,v 1.60 2009/03/16 23:18:45 jacekm Exp $ | |
# | |
# List of files which the security script backs up and checks | |
# for modifications. | |
@@ -62,10 +62,13 @@ | |
/etc/mail/localhost.cf | |
/etc/mail/mailertable | |
/etc/mail/relay-domains | |
++/etc/mail/secrets | |
/etc/mail/sendmail.cf | |
+/etc/mail/smtpd.conf | |
/etc/mail/spamd.conf | |
/etc/mail/submit.cf | |
/etc/mail/trusted-users | |
+/etc/mail/virtual | |
/etc/mail/virtusertable | |
/etc/mailer.conf | |
/etc/man.conf | |
diff -ur etc45/etc/daily etc46/etc/daily | |
--- etc45/etc/daily Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/daily Fri Jul 10 05:01:02 2009 | |
@@ -1,32 +1,50 @@ | |
-#!/bin/sh - | |
# | |
-# $OpenBSD: daily,v 1.56 2006/10/26 12:20:55 ajacoutot Exp $ | |
+# $OpenBSD: daily,v 1.66 2009/05/26 22:59:15 schwarze Exp $ | |
# From: @(#)daily 8.2 (Berkeley) 1/25/94 | |
# | |
+# For local additions, create the file /etc/daily.local. | |
+# To get section headers, use the function next_part in daily.local. | |
+# | |
umask 022 | |
-PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin | |
-bak=/var/backups | |
+PARTOUT=/var/log/daily.part | |
+MAINOUT=/var/log/daily.out | |
+install -o 0 -g 0 -m 600 /dev/null $PARTOUT | |
+install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT | |
-sysctl -n kern.version | |
-uptime | |
+start_part() { | |
+ TITLE=$1 | |
+ exec > $PARTOUT 2>&1 | |
+} | |
-if [ -f /etc/daily.local ]; then | |
+end_part() { | |
+ exec >> $MAINOUT 2>&1 | |
+ test -s $PARTOUT || return | |
echo "" | |
- echo "Running daily.local:" | |
- . /etc/daily.local | |
-fi | |
+ echo "$TITLE" | |
+ cat $PARTOUT | |
+} | |
-TMP=`mktemp /tmp/_daily.XXXXXXXXXX` || exit 1 | |
-OUT=`mktemp /tmp/_security.XXXXXXXXXX` || { | |
- rm -f ${TMP} | |
- exit 1 | |
+next_part() { | |
+ end_part | |
+ start_part "$1" | |
} | |
-trap 'rm -f $TMP $OUT; exit 1' 0 1 15 | |
+run_script() { | |
+ f=/etc/$1 | |
+ test -e $f || return | |
+ if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then | |
+ echo "$f has insecure permissions, skipping:" | |
+ ls -l $f | |
+ return | |
+ fi | |
+ . $f | |
+} | |
-echo "" | |
-echo "Removing scratch and junk files:" | |
+start_part "Running daily.local:" | |
+run_script "daily.local" | |
+ | |
+next_part "Removing scratch and junk files:" | |
if [ -d /tmp -a ! -L /tmp ]; then | |
cd /tmp && { | |
find -x . \ | |
@@ -58,33 +76,12 @@ | |
find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; } | |
fi | |
-#find / \( ! -fstype local -o -fstype rdonly \ | |
-# -o -fstype procfs \) -a -prune -o \ | |
-# -name 'lost+found' -a -prune -o \ | |
-# -name '*.core' -a -print -o \ | |
-# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ | |
-# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ | |
-# -a -atime +3 -a -execdir rm -f -- {} \; -a -print > $TMP | |
- | |
-if egrep -q '\.core$' $TMP; then | |
- echo "" | |
- echo "Possible core dumps:" | |
- egrep '\.core$' $TMP | |
-fi | |
- | |
-if egrep -qv '\.core$' $TMP; then | |
- echo "" | |
- echo "Deleted files:" | |
- egrep -v '\.core$' $TMP | |
-fi | |
- | |
if [ -d /var/msgs -a ! -L /var/msgs ]; then | |
msgs -c | |
fi | |
+next_part "Purging accounting records:" | |
if [ -f /var/account/acct ]; then | |
- echo "" | |
- echo "Purging accounting records:" | |
mv -f /var/account/acct.2 /var/account/acct.3 | |
mv -f /var/account/acct.1 /var/account/acct.2 | |
mv -f /var/account/acct.0 /var/account/acct.1 | |
@@ -95,84 +92,109 @@ | |
# If ROOTBACKUP is set to 1 in the environment, and | |
# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx", | |
# use it as a backup root filesystem to be updated daily. | |
-[ "X$ROOTBACKUP" = X1 ] && { | |
- rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'` | |
+next_part "Backing up root filesystem:" | |
+while [ "X$ROOTBACKUP" = X1 ]; do | |
rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \ | |
$4 ~ /xx/ \ | |
{ print substr($1, 6) }' < /etc/fstab` | |
- [ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && { | |
- sync | |
- echo "" | |
- echo "Backing up root filesystem:" | |
- echo "copying /dev/r$rootdev to /dev/r$rootbak" | |
- dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ | |
- conv=noerror | |
- fsck -y /dev/r$rootbak | |
- } | |
-} | |
+ if [ -z "$rootbak" ]; then | |
+ echo "No xx ffs /altroot device found in the fstab(5)." | |
+ break | |
+ fi | |
+ bakdisk=${rootbak%[a-p]} | |
+ sysctl -n hw.disknames | grep -Fqw $bakdisk || break | |
+ bakpart=${rootbak#$bakdisk} | |
+ baksize=`disklabel $bakdisk 2>/dev/null | \ | |
+ awk -v "part=$bakpart:" '$1 == part { print $2 }'` | |
+ rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \ | |
+ { print substr($1, 6) }'` | |
+ if [ -z "$rootdev" ]; then | |
+ echo "The root filesystem is not local or not ffs." | |
+ break | |
+ fi | |
+ if [ X$rootdev = X$rootbak ]; then | |
+ echo "The device $rootdev holds both root and /altroot." | |
+ break | |
+ fi | |
+ rootdisk=${rootdev%[a-p]} | |
+ rootpart=${rootdev#$rootdisk} | |
+ rootsize=`disklabel $rootdisk 2>/dev/null | \ | |
+ awk -v "part=$rootpart:" '$1 == part { print $2 }'` | |
+ if [ $rootsize -gt $baksize ]; then | |
+ echo "Root ($rootsize) is larger than /altroot ($baksize)." | |
+ break | |
+ fi | |
+ next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:" | |
+ sync | |
+ dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ | |
+ conv=noerror | |
+ fsck -y /dev/r$rootbak | |
+ break | |
+done | |
-# Rotation of mail log now handled automatically by cron and 'newsyslog' | |
- | |
-echo "" | |
-echo "Checking subsystem status:" | |
-echo "" | |
-echo "disks:" | |
-df -kl | |
-echo "" | |
-dump W | |
-echo "" | |
- | |
-mailq > $TMP | |
-if ! grep -q "^/var/spool/mqueue is empty$" $TMP; then | |
+next_part "Checking subsystem status:" | |
+if [ "X$VERBOSESTATUS" != X0 ]; then | |
echo "" | |
- echo "mail:" | |
- cat $TMP | |
+ echo "disks:" | |
+ df -kl | |
+ echo "" | |
+ dump W | |
fi | |
-echo "" | |
-echo "network:" | |
-netstat -ivn | |
-echo "" | |
+# The first two regular expressions handle sendmail, the third postfix. | |
+# When the queue is empty, smtpd(8) and exim -bp keep silent. | |
+next_part "mail:" | |
+mailq | grep -v -e "^/var/spool/mqueue is empty$" \ | |
+ -e "^[[:blank:]]*Total requests: 0$" \ | |
+ -e "^Mail queue is empty$" | |
-t=/var/rwho/* | |
-if [ "$t" != '/var/rwho/*' ]; then | |
- echo "" | |
- ruptime | |
-fi | |
+next_part "network:" | |
+if [ "X$VERBOSESTATUS" != X0 ]; then | |
+ netstat -ivn | |
-echo "" | |
-if [ -d /var/yp/binding -a ! -d /var/yp/`domainname` -o "X$CALENDAR" = X0 ] | |
-then | |
- if [ "X$CALENDAR" = X0 ]; then | |
- echo "Not running calendar, (disabled)." | |
- else | |
- echo "Not running calendar, (yp client)." | |
+ t=/var/rwho/* | |
+ if [ "$t" != '/var/rwho/*' ]; then | |
+ echo "" | |
+ ruptime | |
fi | |
-else | |
- echo "Running calendar in the background." | |
+fi | |
+ | |
+next_part "Running calendar in the background:" | |
+if [ "X$CALENDAR" != X0 -a \ | |
+ \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then | |
calendar -a & | |
fi | |
# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck | |
# with the no-write flag. | |
+next_part "Checking filesystems:" | |
[ "X$CHECKFILESYSTEMS" = X1 ] && { | |
- echo "" | |
- echo "Checking filesystems:" | |
fsck -n | grep -v '^\*\* Phase' | |
} | |
+next_part "Running rdist:" | |
if [ -f /etc/Distfile ]; then | |
- echo "" | |
- echo "Running rdist:" | |
if [ -d /var/log/rdist ]; then | |
- logf=`date +%Y.%b.%e` | |
- rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf | |
+ rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F` | |
else | |
rdist -f /etc/Distfile | |
fi | |
fi | |
-sh /etc/security 2>&1 > $OUT | |
-if [ -s $OUT ]; then | |
- mail -s "`hostname` daily insecurity output" root < $OUT | |
-fi | |
+end_part | |
+[ -s $MAINOUT ] && { | |
+ sysctl -n kern.version | |
+ uptime | |
+ cat $MAINOUT | |
+} 2>&1 | mail -s "`hostname` daily output" root | |
+ | |
+ | |
+MAINOUT=/var/log/security.out | |
+install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT | |
+ | |
+start_part "Running /etc/security:" | |
+run_script "security" | |
+end_part | |
+rm -f $PARTOUT | |
+ | |
+[ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT | |
diff -ur etc45/etc/ftpusers etc46/etc/ftpusers | |
--- etc45/etc/ftpusers Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/ftpusers Fri Jul 10 05:01:02 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: ftpusers,v 1.36 2008/11/25 23:35:06 fkr Exp $ | |
+# $OpenBSD: ftpusers,v 1.38 2009/05/20 21:10:06 thib Exp $ | |
# | |
# list of users disallowed any ftp access. | |
# read by ftpd(8). | |
@@ -46,3 +46,5 @@ | |
_rtadvd | |
_ypldap | |
_btd | |
+_smtpd | |
+_rwalld | |
diff -ur etc45/etc/group etc46/etc/group | |
--- etc45/etc/group Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/group Fri Jul 10 05:01:02 2009 | |
@@ -59,6 +59,8 @@ | |
_rtadvd:*:92: | |
_ypldap:*:93: | |
_btd:*:94: | |
+_smtpd:*:95: | |
+_rwalld:*:96: | |
dialer:*:117: | |
nogroup:*:32766: | |
nobody:*:32767: | |
diff -ur etc45/etc/hosts etc46/etc/hosts | |
--- etc45/etc/hosts Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/hosts Fri Jul 10 05:01:02 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: hosts,v 1.11 2002/09/26 23:35:51 krw Exp $ | |
+# $OpenBSD: hosts,v 1.12 2009/03/10 00:42:13 deraadt Exp $ | |
# | |
# Host Database | |
# | |
@@ -7,7 +7,5 @@ | |
# 172.16.0.0 172.31.255.255 | |
# 192.168.0.0 192.168.255.255 | |
# | |
-::1 localhost.my.domain localhost | |
-127.0.0.1 localhost.my.domain localhost | |
-::1 noname.my.domain noname | |
-127.0.0.1 noname.my.domain noname | |
+127.0.0.1 localhost | |
+::1 localhost | |
diff -ur etc45/etc/login.conf etc46/etc/login.conf | |
--- etc45/etc/login.conf Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/login.conf Fri Jul 10 05:01:04 2009 | |
@@ -42,8 +42,8 @@ | |
:umask=022:\ | |
:datasize-max=512M:\ | |
:datasize-cur=512M:\ | |
- :maxproc-max=128:\ | |
- :maxproc-cur=64:\ | |
+ :maxproc-max=256:\ | |
+ :maxproc-cur=128:\ | |
:openfiles-cur=128:\ | |
:stacksize-cur=4M:\ | |
:localcipher=blowfish,6:\ | |
@@ -71,7 +71,7 @@ | |
staff:\ | |
:datasize-cur=512M:\ | |
:datasize-max=infinity:\ | |
- :maxproc-max=256:\ | |
+ :maxproc-max=512:\ | |
:maxproc-cur=128:\ | |
:ignorenologin:\ | |
:requirehome@:\ | |
diff -ur etc45/etc/lynx.cfg etc46/etc/lynx.cfg | |
--- etc45/etc/lynx.cfg Sat Feb 28 22:29:38 2009 | |
+++ etc46/etc/lynx.cfg Fri Jul 10 05:01:18 2009 | |
@@ -3,10 +3,10 @@ | |
# or Lynx_Dir:lynx.cfg (VMS) | |
# | |
# $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ | |
-#PRCS LYNX_VERSION "2.8.5rel.4" | |
+#PRCS LYNX_VERSION "2.8.6rel.5" | |
# | |
# $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$ | |
-#PRCS LYNX_DATE "Tue, 25 Oct 2005 17:40:26 -0700" | |
+#PRCS LYNX_DATE "Wed, 09 May 2007 17:29:16 -0700" | |
# | |
# Definition pairs are of the form VARIABLE:DEFINITION | |
# NO spaces are allowed between the pair items. | |
@@ -22,7 +22,7 @@ | |
# An HTML'ized description of all settings (based on comments in this file, | |
# with alphabetical table of settings and with table of settings by category) | |
-# is available at http://www.hippo.ru/~hvv/lynxcfg_toc.html | |
+# is available at http://lynx.isc.org/release/lynx2-8-5/lynx_help/cattoc.html | |
# | |
### The conversion is done via the scripts/cfg2html.pl script. | |
### Several directives beginning with '.' are used for this purpose. | |
@@ -126,7 +126,8 @@ | |
# An index to your CWIS can be placed here or a document containing | |
# pointers to lots of interesting places on the web. | |
# | |
-DEFAULT_INDEX_FILE:http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/MetaIndex.html | |
+#DEFAULT_INDEX_FILE:http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/MetaIndex.html | |
+DEFAULT_INDEX_FILE:http://lynx.isc.org/ | |
.h1 Interaction | |
@@ -363,9 +364,10 @@ | |
# Eastern European (windows-1250) windows-1250 | |
# Latin 3 (ISO-8859-3) iso-8859-3 | |
# Latin 4 (ISO-8859-4) iso-8859-4 | |
-# Baltic Rim (ISO-8859-13) iso-8859-13 | |
+# Baltic Rim (ISO-8859-13) iso-8859-13 | |
# Baltic Rim (cp775) cp775 | |
# Baltic Rim (windows-1257) windows-1257 | |
+# Celtic (ISO-8859-14) iso-8859-14 | |
# Cyrillic (ISO-8859-5) iso-8859-5 | |
# Cyrillic (cp866) cp866 | |
# Cyrillic (windows-1251) windows-1251 | |
@@ -381,7 +383,7 @@ | |
# Hebrew (cp862) cp862 | |
# Hebrew (windows-1255) windows-1255 | |
# Turkish (ISO-8859-9) iso-8859-9 | |
-# ISO-8859-10 iso-8859-10 | |
+# North European (ISO-8859-10) iso-8859-10 | |
# Ukrainian Cyrillic (cp866u) cp866u | |
# Ukrainian Cyrillic (KOI8-U) koi8-u | |
# UNICODE (UTF-8) utf-8 | |
@@ -1339,6 +1341,19 @@ | |
#COOKIE_STRICT_INVALID_DOMAINS: | |
#COOKIE_QUERY_INVALID_DOMAINS: | |
+.h2 MAX_COOKIES_DOMAIN | |
+.h2 MAX_COOKIES_GLOBAL | |
+.h2 MAX_COOKIES_BUFFER | |
+# MAX_COOKIES_DOMAIN, | |
+# MAX_COOKIES_GLOBAL and | |
+# MAX_COOKIES_BUFFER are limits on the total number of cookies for each domain, | |
+# globally, and the per-cookie buffer size. These limits are by default large | |
+# enough for reasonable usage; if they are very high, some sites may present | |
+# undue performance waste. | |
+# | |
+#max_cookies_domain:50 | |
+#max_cookies_global:500 | |
+#max_cookies_buffer:4096 | |
.h2 PERSISTENT_COOKIES | |
# PERSISTENT_COOKIES indicates that cookies should be read at startup from | |
@@ -2310,7 +2325,38 @@ | |
# Sought in user's home (Unix) or sys$login (VMS) directory. | |
#PERSONAL_MAILCAP:.mailcap | |
+.h2 PREFERRED_MEDIA_TYPES | |
+# When doing a GET, lynx lists the MIME types which it knows how to present | |
+# (the "Accept:" string). Depending on your system configuration, the | |
+# mime.types or other data given by the GLOBAL_EXTENSION_MAP may include many | |
+# entries that lynx really does not handle. Use this option to select one | |
+# of the built-in subsets of the MIME types that lynx could list in the | |
+# Accept. | |
+# | |
+# Values for this option are keywords: | |
+# INTERNAL lynx's built-in types for internal conversions | |
+# CONFIGFILE adds lynx.cfg | |
+# USER adds PERSONAL_EXTENSION_MAP settings | |
+# SYSTEM adds GLOBAL_EXTENSION_MAP settings | |
+# ALL adds lynx's built-in types for external conversions | |
+# | |
+#PREFERRED_MEDIA_TYPES:internal | |
+.h2 PREFERRED_ENCODING | |
+# When doing a GET, lynx tells what types of compressed data it can decompress | |
+# (the "Accept-Encoding:" string). This is determined by compiled-in support | |
+# for decompression or external decompression programs. | |
+# | |
+# Values for this option are keywords: | |
+# NONE Do not request compressed data | |
+# GZIP For gzip | |
+# COMPRESS For compress | |
+# BZIP2 For bzip2 | |
+# ALL All of the above. | |
+#PREFERRED_ENCODING:all | |
+ | |
+ | |
+ | |
.h1 Keyboard Input | |
.h2 KEYBOARD_LAYOUT | |
@@ -2900,15 +2946,37 @@ | |
#COLOR:7:magenta:cyan | |
+.h2 COLOR_STYLE | |
+# Also known as "lss" (lynx style-sheet), the color-style file assigns color | |
+# combination to tags and combinations of tags. Normally a non-empty value | |
+# is compiled into lynx, and the user can override that using the -lss | |
+# command-line option. The configure script allows one to compile in an | |
+# empty string. If lynx finds no value for this setting, it simulates the | |
+# non-color-style assignments using the COLOR settings. | |
+# | |
+# If neither the command-line "-lss" or this COLOR_STYLE setting are given, | |
+# lynx tries the environment variables "LYNX_LSS" and "lynx_lss". If neither | |
+# is set, lynx uses the compiled-in value (which as noted, may be empty). | |
+# | |
+#COLOR_STYLE: lynx.lss | |
+ | |
+.h2 NESTED_TABLES | |
+# This is an experimental feature for improving table layout. | |
+# It is enabled by default when the COLOR_STYLE configuration is used, | |
+# and false otherwise. | |
+# | |
+#NESTED_TABLES: true | |
+ | |
+ | |
.h2 ASSUMED_COLOR | |
# If built with a library that recognizes default colors (usually ncurses or | |
-# slang), lynx initializes it to assume the corresponding foreground and | |
-# background colors. Default colors are those that the terminal (emulator) | |
-# itself is initialized to. For instance, you might have an xterm running with | |
-# black text on a white background, and want lynx to display colored text on | |
-# the white background, but leave the possibility of using the same | |
-# configuration to draw colored text on a different xterm, this time using its | |
-# background set to black. | |
+# slang), and if the corresponding option is compiled into lynx, lynx | |
+# initializes it to assume the corresponding foreground and background colors. | |
+# Default colors are those that the terminal (emulator) itself is initialized | |
+# to. For instance, you might have an xterm running with black text on a white | |
+# background, and want lynx to display colored text on the white background, | |
+# but leave the possibility of using the same configuration to draw colored | |
+# text on a different xterm, this time using its background set to black. | |
# | |
# If built with conventional SVr3/SVr4 curses, tells lynx to use color pair 0 | |
# when the given colors match this setting. That gives a similar effect, | |
@@ -2922,7 +2990,21 @@ | |
# The first value given is the foreground, the second is the background. | |
#ASSUMED_COLOR:default:default | |
+.h2 DEFAULT_COLORS | |
+# If built with a library that recognizes default colors (usually ncurses or | |
+# slang), and if the corresponding option is compiled into lynx, lynx | |
+# initializes it to assume the corresponding foreground and background colors. | |
+# Default colors are those that the terminal (emulator) itself is initialized | |
+# to. | |
+# | |
+# Use this feature to disable the default-colors feature at runtime. | |
+# This is useful for constructing scripts which use the non-color-style | |
+# scheme, e.g., the oldlynx script. | |
+# | |
+# This should precede ASSUMED_COLOR settings. | |
+#DEFAULT_COLORS:true | |
+ | |
.h1 External Programs | |
.h2 EXTERNAL | |
@@ -3161,7 +3243,7 @@ | |
# | |
# This option is only available if Lynx was compiled with EXP_JUSTIFY_ELTS. | |
# | |
-#JUSTIFY:TRUE | |
+#JUSTIFY:FALSE | |
.h2 JUSTIFY_MAX_VOID_PERCENT | |
# JUSTIFY_MAX_VOID_PERCENT - Appearance | |
@@ -3262,7 +3344,9 @@ | |
#ENABLE_LYNXRC:multi_bookmark:ON | |
#ENABLE_LYNXRC:personal_mail_address:ON | |
#ENABLE_LYNXRC:preferred_charset:ON | |
+#ENABLE_LYNXRC:preferred_encoding:OFF | |
#ENABLE_LYNXRC:preferred_language:ON | |
+#ENABLE_LYNXRC:preferred_media_types:OFF | |
#ENABLE_LYNXRC:raw_mode:OFF | |
#ENABLE_LYNXRC:run_all_execution_links:ON | |
#ENABLE_LYNXRC:run_execution_links_on_local_files:ON | |
@@ -3293,12 +3377,14 @@ | |
#COMPRESS_PATH: | |
#COPY_PATH: | |
#GZIP_PATH: | |
+#INFLATE_PATH: | |
#INSTALL_PATH: | |
#MKDIR_PATH: | |
#MV_PATH: | |
#RLOGIN_PATH: | |
#RMDIR_PATH: | |
#RM_PATH: | |
+#SETFONT_PATH: | |
#TAR_PATH: | |
#TELNET_PATH: | |
#TN3270_PATH: | |
@@ -3328,6 +3414,29 @@ | |
#FORCE_COOKIE_PROMPT:PROMPT | |
.h1 Appearance | |
+ | |
+.h2 SCREEN_SIZE | |
# For win32, allow the console window to be resized to the given values. This | |
# requires PDCurses 2.5. The values given are width,height. | |
#SCREEN_SIZE:80,24 | |
+ | |
+.h2 NO_MARGINS | |
+# Disable left/right margins in the default style sheet. | |
+# This is the same as the command-line "-nomargins" option. | |
+#NO_MARGINS:FALSE | |
+ | |
+.h2 NO_TITLE | |
+# Disable title and blank line from top of page. | |
+# This is the same as the command-line "-notitle" option. | |
+#NO_TITLE:FALSE | |
+ | |
+.h1 External Programs | |
+ | |
+.h2 SYSLOG_REQUESTED_URLS | |
+# Log the requested URLs using the syslog interface. | |
+#SYSLOG_REQUESTED_URLS:TRUE | |
+ | |
+.h2 SYSLOG_TEXT | |
+# Add the given text to calls made to syslog, to distinguish Lynx from other | |
+# applications which use that interface. | |
+#SYSLOG_TEXT: | |
diff -ur etc45/etc/mail/Makefile etc46/etc/mail/Makefile | |
--- etc45/etc/mail/Makefile Sat Feb 28 22:29:38 2009 | |
+++ etc46/etc/mail/Makefile Fri Jul 10 05:01:19 2009 | |
@@ -1,10 +1,13 @@ | |
-# $OpenBSD: Makefile,v 1.5 2007/02/27 02:22:01 beck Exp $ | |
+# $OpenBSD: Makefile,v 1.7 2009/04/02 10:21:08 jacekm Exp $ | |
# | |
# Generate the various .db versions from their source files. | |
# The sendmail .mc files are not built here. They live in | |
# /usr/share/sendmail/cf and have their own Makefile. | |
# | |
+SENDMAIL= /usr/libexec/sendmail/sendmail | |
+MAKEMAP= /usr/libexec/sendmail/makemap | |
+ | |
.for DB in access aliases genericstable mailertable virtusertable userdb | |
. if exists(${DB}) | |
DB_FILES+= ${DB}.db | |
@@ -23,20 +26,20 @@ | |
${DESTDIR}/etc/mail/README | |
${INSTALL} -c -o root -g wheel -m 644 access \ | |
${DESTDIR}/etc/mail/access | |
- makemap hash ${DESTDIR}/etc/mail/access < access | |
+ ${MAKEMAP} hash ${DESTDIR}/etc/mail/access < access | |
${INSTALL} -c -o root -g wheel -m 644 aliases \ | |
${DESTDIR}/etc/mail/aliases | |
- /usr/libexec/sendmail/sendmail -C${DESTDIR}/etc/mail/sendmail.cf \ | |
+ ${SENDMAIL} -C${DESTDIR}/etc/mail/sendmail.cf \ | |
-bi -O AliasFile=${DESTDIR}/etc/mail/aliases \ | |
-O DontBlameSendmail=mapinunsafedirpath | |
${INSTALL} -c -o root -g wheel -m 644 local-host-names \ | |
${DESTDIR}/etc/mail/local-host-names | |
${INSTALL} -c -o root -g wheel -m 644 genericstable \ | |
${DESTDIR}/etc/mail/genericstable | |
- makemap hash ${DESTDIR}/etc/mail/genericstable < genericstable | |
+ ${MAKEMAP} hash ${DESTDIR}/etc/mail/genericstable < genericstable | |
${INSTALL} -c -o root -g wheel -m 644 mailertable \ | |
${DESTDIR}/etc/mail/mailertable | |
- makemap hash ${DESTDIR}/etc/mail/mailertable < mailertable | |
+ ${MAKEMAP} hash ${DESTDIR}/etc/mail/mailertable < mailertable | |
${INSTALL} -c -o root -g wheel -m 644 relay-domains \ | |
${DESTDIR}/etc/mail/relay-domains | |
${INSTALL} -c -o root -g wheel -m 644 trusted-users \ | |
@@ -45,29 +48,31 @@ | |
${DESTDIR}/etc/mail/virtusertable | |
${INSTALL} -c -o root -g wheel -m 644 spamd.conf \ | |
${DESTDIR}/etc/mail/spamd.conf | |
- makemap hash ${DESTDIR}/etc/mail/virtusertable < virtusertable | |
+ ${INSTALL} -c -o root -g wheel -m 644 smtpd.conf \ | |
+ ${DESTDIR}/etc/mail/smtpd.conf | |
+ ${MAKEMAP} hash ${DESTDIR}/etc/mail/virtusertable < virtusertable | |
@for db in access.db aliases.db genericstable.db mailertable.db \ | |
virtusertable.db; do \ | |
chmod 644 ${DESTDIR}/etc/mail/$$db; \ | |
done | |
access.db: access | |
- makemap hash ${.ALLSRC} < ${.ALLSRC} | |
+ ${MAKEMAP} hash ${.ALLSRC} < ${.ALLSRC} | |
aliases.db: aliases | |
- sendmail -bi | |
+ ${SENDMAIL} -bi | |
genericstable.db: genericstable | |
- makemap hash ${.ALLSRC} < ${.ALLSRC} | |
+ ${MAKEMAP} hash ${.ALLSRC} < ${.ALLSRC} | |
mailertable.db: mailertable | |
- makemap hash ${.ALLSRC} < ${.ALLSRC} | |
+ ${MAKEMAP} hash ${.ALLSRC} < ${.ALLSRC} | |
virtusertable.db: virtusertable | |
- makemap hash ${.ALLSRC} < ${.ALLSRC} | |
+ ${MAKEMAP} hash ${.ALLSRC} < ${.ALLSRC} | |
userdb.db: userdb | |
- makemap btree ${.ALLSRC} < ${.ALLSRC} | |
+ ${MAKEMAP} btree ${.ALLSRC} < ${.ALLSRC} | |
.PHONY: distribution | |
.include <bsd.own.mk> | |
diff -ur etc45/etc/mail/aliases etc46/etc/mail/aliases | |
--- etc45/etc/mail/aliases Sat Feb 28 22:29:38 2009 | |
+++ etc46/etc/mail/aliases Fri Jul 10 05:01:20 2009 | |
@@ -1,5 +1,5 @@ | |
# | |
-# $OpenBSD: aliases,v 1.28 2008/11/26 12:55:14 fkr Exp $ | |
+# $OpenBSD: aliases,v 1.30 2009/05/20 21:10:06 thib Exp $ | |
# | |
# Aliases in this file will NOT be expanded in the header from | |
# Mail, but WILL be visible over networks or from /usr/libexec/mail.local. | |
@@ -46,6 +46,8 @@ | |
_rstatd: /dev/null | |
_rtadvd: /dev/null | |
_rusersd: /dev/null | |
+_rwalld: /dev/null | |
+_smtpd: /dev/null | |
_snmpd: /dev/null | |
_spamd: /dev/null | |
_syslogd: /dev/null | |
Binary files etc45/etc/mail/aliases.db and etc46/etc/mail/aliases.db differ | |
diff -ur etc45/etc/mail/localhost.cf etc46/etc/mail/localhost.cf | |
--- etc45/etc/mail/localhost.cf Sat Feb 28 22:29:32 2009 | |
+++ etc46/etc/mail/localhost.cf Fri Jul 10 05:01:11 2009 | |
@@ -16,7 +16,7 @@ | |
##### | |
##### SENDMAIL CONFIGURATION FILE | |
##### | |
-##### built by root@i386.openbsd.org on Sat Feb 28 14:23:50 MST 2009 | |
+##### built by root@i386.openbsd.org on Wed Jul 8 15:44:48 MDT 2009 | |
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf | |
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory | |
##### | |
diff -ur etc45/etc/mail/sendmail.cf etc46/etc/mail/sendmail.cf | |
--- etc45/etc/mail/sendmail.cf Sat Feb 28 22:29:32 2009 | |
+++ etc46/etc/mail/sendmail.cf Fri Jul 10 05:01:11 2009 | |
@@ -16,7 +16,7 @@ | |
##### | |
##### SENDMAIL CONFIGURATION FILE | |
##### | |
-##### built by root@i386.openbsd.org on Sat Feb 28 14:23:50 MST 2009 | |
+##### built by root@i386.openbsd.org on Wed Jul 8 15:44:48 MDT 2009 | |
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf | |
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory | |
##### | |
Only in etc46/etc/mail: smtpd.conf | |
diff -ur etc45/etc/mail/submit.cf etc46/etc/mail/submit.cf | |
--- etc45/etc/mail/submit.cf Sat Feb 28 22:29:32 2009 | |
+++ etc46/etc/mail/submit.cf Fri Jul 10 05:01:11 2009 | |
@@ -16,7 +16,7 @@ | |
##### | |
##### SENDMAIL CONFIGURATION FILE | |
##### | |
-##### built by root@i386.openbsd.org on Sat Feb 28 14:23:50 MST 2009 | |
+##### built by root@i386.openbsd.org on Wed Jul 8 15:44:47 MDT 2009 | |
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf | |
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory | |
##### | |
diff -ur etc45/etc/mailer.conf etc46/etc/mailer.conf | |
--- etc45/etc/mailer.conf Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/mailer.conf Fri Jul 10 05:01:03 2009 | |
@@ -1,10 +1,11 @@ | |
-# $OpenBSD: mailer.conf,v 1.3 2000/04/06 18:24:19 millert Exp $ | |
+# $OpenBSD: mailer.conf,v 1.4 2009/03/16 14:26:22 jacekm Exp $ | |
# | |
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail | |
# | |
sendmail /usr/libexec/sendmail/sendmail | |
send-mail /usr/libexec/sendmail/sendmail | |
mailq /usr/libexec/sendmail/sendmail | |
+makemap /usr/libexec/sendmail/makemap | |
newaliases /usr/libexec/sendmail/sendmail | |
hoststat /usr/libexec/sendmail/sendmail | |
purgestat /usr/libexec/sendmail/sendmail | |
diff -ur etc45/etc/master.passwd etc46/etc/master.passwd | |
--- etc45/etc/master.passwd Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/master.passwd Fri Jul 10 05:01:04 2009 | |
@@ -41,4 +41,6 @@ | |
_rtadvd:*:92:92::0:0:IPv6 Router Advertisement Daemon:/var/empty:/sbin/nologin | |
_ypldap:*:93:93::0:0:YP to LDAP Daemon:/var/empty:/sbin/nologin | |
_btd:*:94:94::0:0:Bluetooth Daemon:/var/empty:/sbin/nologin | |
+_smtpd:*:95:95::0:0:SMTP Daemon:/var/empty:/sbin/nologin | |
+_rwalld:*:96:96::0:0:rpc.rwalld:/var/empty:/sbin/nologin | |
nobody:*:32767:32767::0:0:Unprivileged user for NFS:/nonexistent:/sbin/nologin | |
diff -ur etc45/etc/monthly etc46/etc/monthly | |
--- etc45/etc/monthly Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/monthly Fri Jul 10 05:01:02 2009 | |
@@ -1,11 +1,49 @@ | |
-#!/bin/sh - | |
-# $OpenBSD: monthly,v 1.7 2006/10/26 12:20:55 ajacoutot Exp $ | |
+# | |
+# $OpenBSD: monthly,v 1.12 2009/05/25 21:31:24 schwarze Exp $ | |
+# | |
+# For local additions, create the file /etc/monthly.local. | |
+# To get section headers, use the function next_part in monthly.local. | |
+# | |
umask 022 | |
-if [ -f /etc/monthly.local ];then | |
+PARTOUT=/var/log/monthly.part | |
+MAINOUT=/var/log/monthly.out | |
+install -o 0 -g 0 -m 600 /dev/null $PARTOUT | |
+install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT | |
+ | |
+start_part() { | |
+ TITLE=$1 | |
+ exec > $PARTOUT 2>&1 | |
+} | |
+ | |
+end_part() { | |
+ exec >> $MAINOUT 2>&1 | |
+ test -s $PARTOUT || return | |
echo "" | |
- echo "Running monthly.local:" | |
- . /etc/monthly.local | |
-else | |
- echo "Nothing to do!" | |
-fi | |
+ echo "$TITLE" | |
+ cat $PARTOUT | |
+} | |
+ | |
+next_part() { | |
+ end_part | |
+ start_part "$1" | |
+} | |
+ | |
+run_script() { | |
+ f=/etc/$1 | |
+ test -e $f || return | |
+ if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then | |
+ echo "$f has insecure permissions, skipping:" | |
+ ls -l $f | |
+ return | |
+ fi | |
+ . $f | |
+} | |
+ | |
+start_part "Running monthly.local:" | |
+run_script "monthly.local" | |
+ | |
+end_part | |
+rm -f $PARTOUT | |
+ | |
+[ -s $MAINOUT ] && mail -s "`hostname` monthly output" root < $MAINOUT | |
diff -ur etc45/etc/mtree/4.4BSD.dist etc46/etc/mtree/4.4BSD.dist | |
--- etc45/etc/mtree/4.4BSD.dist Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/mtree/4.4BSD.dist Fri Jul 10 05:01:05 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: 4.4BSD.dist,v 1.195 2008/12/23 18:33:36 reyk Exp $ | |
+# $OpenBSD: 4.4BSD.dist,v 1.198 2009/06/30 15:23:51 robert Exp $ | |
/set type=dir uname=root gname=wheel mode=0755 | |
# . | |
@@ -366,6 +366,11 @@ | |
# ./libexec/sendmail | |
.. | |
+# ./libexec/smtpd | |
+smtpd type=dir uname=root gname=wheel mode=0755 | |
+# ./libexec/smtpd | |
+.. | |
+ | |
# ./usr/libexec | |
.. | |
@@ -2580,6 +2585,11 @@ | |
# ./var/db/pkg | |
.. | |
+# ./var/db/sysmerge | |
+sysmerge | |
+# ./var/db/sysmerge | |
+.. | |
+ | |
# ./var/db | |
.. | |
@@ -2736,6 +2746,11 @@ | |
# ./var/spool/output | |
.. | |
+# ./var/spool/smtpd | |
+smtpd type=dir uname=root gname=wheel mode=0711 | |
+# ./var/spool/smtpd | |
+.. | |
+ | |
# ./var/spool/sockets | |
#sockets mode=777 | |
# ./var/spool/sockets | |
@@ -2768,6 +2783,12 @@ | |
# ./www | |
www type=dir uname=root gname=daemon mode=755 | |
+ | |
+# ./www/dev | |
+dev type=dir uname=root gname=daemon mode=755 | |
+ | |
+# ./www | |
+.. | |
# ./www/icons | |
icons type=dir uname=root gname=daemon mode=755 | |
diff -ur etc45/etc/mtree/special etc46/etc/mtree/special | |
--- etc45/etc/mtree/special Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/mtree/special Fri Jul 10 05:01:05 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: special,v 1.80 2009/01/25 17:30:48 miod Exp $ | |
+# $OpenBSD: special,v 1.84 2009/05/09 16:29:54 schwarze Exp $ | |
# $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ | |
# @(#)special 8.2 (Berkeley) 1/23/94 | |
# | |
@@ -52,7 +52,10 @@ | |
mail type=dir mode=0755 uname=root gname=wheel | |
aliases type=file mode=0644 uname=root gname=wheel optional | |
aliases.db type=file mode=0644 uname=root gname=wheel optional | |
+secrets type=file mode=0640 uname=root gname=_smtpd optional | |
+secrets.db type=file mode=0640 uname=root gname=_smtpd optional | |
sendmail.cf type=file mode=0644 uname=root gname=wheel optional | |
+smtpd.conf type=file mode=0644 uname=root gname=wheel | |
spamd.conf type=file mode=0644 uname=root gname=wheel optional | |
submit.cf type=file mode=0644 uname=root gname=wheel optional | |
diff -ur etc45/etc/ntpd.conf etc46/etc/ntpd.conf | |
--- etc45/etc/ntpd.conf Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/ntpd.conf Fri Jul 10 05:01:03 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: ntpd.conf,v 1.9 2008/10/10 11:46:22 sthen Exp $ | |
+# $OpenBSD: ntpd.conf,v 1.11 2009/05/18 16:13:48 stevesk Exp $ | |
# sample ntpd configuration file, see ntpd.conf(5) | |
# Addresses to listen on (ntpd does not listen by default) | |
@@ -7,12 +7,12 @@ | |
# sync to a single server | |
#server ntp.example.org | |
-# use a random selection of 8 public stratum 2 servers | |
+# use a random selection of NTP Pool Time Servers | |
# see http://support.ntp.org/bin/view/Servers/NTPPoolServers | |
servers pool.ntp.org | |
# use a specific local timedelta sensor (radio clock, etc) | |
#sensor nmea0 | |
-# use any detected timedelta sensor | |
+# use all detected timedelta sensors | |
#sensor * | |
diff -ur etc45/etc/passwd etc46/etc/passwd | |
--- etc45/etc/passwd Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/passwd Fri Jul 10 05:01:04 2009 | |
@@ -41,4 +41,6 @@ | |
_rtadvd:*:92:92:IPv6 Router Advertisement Daemon:/var/empty:/sbin/nologin | |
_ypldap:*:93:93:YP to LDAP Daemon:/var/empty:/sbin/nologin | |
_btd:*:94:94:Bluetooth Daemon:/var/empty:/sbin/nologin | |
+_smtpd:*:95:95:SMTP Daemon:/var/empty:/sbin/nologin | |
+_rwalld:*:96:96:rpc.rwalld:/var/empty:/sbin/nologin | |
nobody:*:32767:32767:Unprivileged user for NFS:/nonexistent:/sbin/nologin | |
diff -ur etc45/etc/pf.conf etc46/etc/pf.conf | |
--- etc45/etc/pf.conf Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/pf.conf Fri Jul 10 05:01:04 2009 | |
@@ -1,13 +1,11 @@ | |
-# $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $ | |
+# $OpenBSD: pf.conf,v 1.44 2009/06/10 15:29:34 sobrado Exp $ | |
# | |
# See pf.conf(5) for syntax and examples; this sample ruleset uses | |
# require-order to permit mixing of NAT/RDR and filter rules. | |
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 | |
# in /etc/sysctl.conf if packets are to be forwarded between interfaces. | |
-set require-order no | |
set skip on lo | |
-scrub in | |
# NAT/filter rules and anchors for ftp-proxy(8) | |
#nat-anchor "ftp-proxy/*" | |
@@ -27,9 +25,9 @@ | |
#no rdr on egress proto tcp from <spamd-white> to any port smtp | |
#rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port spamd | |
-pass in # to establish keep-state | |
+pass # to establish keep-state | |
#block in quick from urpf-failed to any # use with care | |
# By default, do not permit remote connections to X11 | |
-block in on ! lo0 proto tcp from any to any port 6000 | |
+block in on ! lo0 proto tcp to port 6000:6010 | |
Binary files etc45/etc/pwd.db and etc46/etc/pwd.db differ | |
diff -ur etc45/etc/rc etc46/etc/rc | |
--- etc45/etc/rc Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/rc Fri Jul 10 05:01:02 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc,v 1.321 2008/12/11 15:44:00 naddy Exp $ | |
+# $OpenBSD: rc,v 1.328 2009/06/30 15:30:24 deraadt Exp $ | |
# System startup script run by init on autoboot | |
# or after single-user. | |
@@ -106,7 +106,7 @@ | |
> /dev/null 2>&1 | |
dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \ | |
> /dev/null 2>&1 | |
- | |
+ | |
# reset seed file, so that if a shutdown-less reboot occurs, | |
# the next seed is not a repeat | |
dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ | |
@@ -122,7 +122,7 @@ | |
local _sysctl="net.inet.${_service}.baddynamic" | |
local _name _port _srv _junk _ban | |
local _i=0 | |
- grep "/${_service}" /etc/services | { | |
+ grep "/${_service}" /etc/services | { | |
IFS=" /" | |
while read _name _port _srv _junk; do | |
[ "x${_srv}" = "x${_service}" ] || continue; | |
@@ -137,7 +137,7 @@ | |
_ban="" | |
_i=0 | |
fi | |
- done; | |
+ done; | |
if [ "x${_ban}" != "x" ]; then | |
sysctl ${_sysctl}=${_ban} >/dev/null | |
fi | |
@@ -268,11 +268,11 @@ | |
RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" | |
RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" | |
fi | |
- RULES="$RULES\npass proto carp" | |
+ RULES="$RULES\npass proto carp keep state (no-sync)" | |
case `sysctl vfs.mounts.nfs 2>/dev/null` in | |
*[1-9]*) | |
# don't kill NFS | |
- RULES="scrub in all no-df\n$RULES" | |
+ RULES="set reassemble yes no-df\n$RULES" | |
RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" | |
RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" | |
;; | |
@@ -331,6 +331,10 @@ | |
echo 'starting system logger' | |
rm -f /dev/log | |
+if [ X"${httpd_flags}" != X"-u" ]; then | |
+ rm -f /var/www/dev/log | |
+ syslogd_flags="${syslogd_flags} -a /var/www/dev/log" | |
+fi | |
if [ X"${named_flags}" != X"NO" ]; then | |
rm -f /var/named/dev/log | |
syslogd_flags="${syslogd_flags} -a /var/named/dev/log" | |
@@ -467,10 +471,10 @@ | |
savecore ${savecore_flags} /var/crash | |
fi | |
-if [ X"${afs}" = X"YES" -a -c /dev/xfs0 ]; then | |
+if [ X"${afs}" = X"YES" -a -c /dev/nnpfs0 ]; then | |
echo -n 'mounting afs:' | |
mkdir -p -m 0755 /afs | |
- mount -t xfs /dev/xfs0 /afs | |
+ mount -t nnpfs /dev/nnpfs0 /afs | |
/usr/libexec/afsd ${afsd_flags} | |
echo ' done.' | |
fi | |
@@ -698,6 +702,10 @@ | |
echo -n ' sendmail'; ( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & ) | |
fi | |
+if [ X"${smtpd_flags}" != X"NO" ]; then | |
+ echo -n ' smtpd'; smtpd $smtpd_flags | |
+fi | |
+ | |
if [ X"${httpd_flags}" != X"NO" ]; then | |
# Clean up left-over httpd locks | |
rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.* | |
@@ -805,7 +813,7 @@ | |
fi | |
# Alternatively, on some architectures, xdm may be started in /etc/ttys. | |
-if [ X"${xdm_flags}" != X"NO" ]; then | |
+if [ X"${xdm_flags}" != X"NO" -a -x /usr/X11R6/bin/xdm ]; then | |
echo 'starting xdm...'; /usr/X11R6/bin/xdm ${xdm_flags} | |
fi | |
diff -ur etc45/etc/rc.conf etc46/etc/rc.conf | |
--- etc45/etc/rc.conf Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/rc.conf Fri Jul 10 05:01:02 2009 | |
@@ -1,6 +1,6 @@ | |
#!/bin/sh - | |
# | |
-# $OpenBSD: rc.conf,v 1.131 2008/11/27 00:52:06 uwe Exp $ | |
+# $OpenBSD: rc.conf,v 1.133 2009/05/31 19:16:16 henning Exp $ | |
# set these to "NO" to turn them off. otherwise, they're used as flags | |
ripd_flags=NO # for normal use: "" | |
@@ -41,6 +41,7 @@ | |
ifstated_flags=NO # for normal use: "" | |
relayd_flags=NO # for normal use: "" | |
snmpd_flags=NO # for normal use: "" | |
+smtpd_flags=NO # for normal use: "" | |
# use -u to disable chroot, see httpd(8) | |
httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8)) | |
@@ -68,7 +69,7 @@ | |
nfs_server=NO # see sysctl.conf for nfs client configuration | |
lockd=NO | |
amd=NO | |
-pf=NO # Packet filter / NAT | |
+pf=YES # Packet filter / NAT | |
ipsec=NO # IPsec | |
bt=NO # Bluetooth | |
portmap=NO # Note: inetd(8) rpc services need portmap too | |
diff -ur etc45/etc/security etc46/etc/security | |
--- etc45/etc/security Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/security Fri Jul 10 05:01:02 2009 | |
@@ -1,6 +1,5 @@ | |
-#!/bin/sh - | |
# | |
-# $OpenBSD: security,v 1.81 2008/07/23 16:05:47 sthen Exp $ | |
+# $OpenBSD: security,v 1.88 2009/06/03 14:45:39 jj Exp $ | |
# from: @(#)security 8.1 (Berkeley) 6/9/93 | |
# | |
@@ -9,17 +8,15 @@ | |
umask 077 | |
DIR=`mktemp -d /tmp/_secure.XXXXXXXXXX` || exit 1 | |
-ERR=$DIR/_secure1 | |
TMP1=$DIR/_secure2 | |
TMP2=$DIR/_secure3 | |
-TMP3=$DIR/_secure4 | |
LIST=$DIR/_secure5 | |
-OUTPUT=$DIR/_secure6 | |
trap 'rm -rf $DIR; exit 1' 0 1 2 3 13 15 | |
# Check the master password file syntax. | |
MP=/etc/master.passwd | |
+next_part "Checking the ${MP} file:" | |
awk -F: '{ | |
if ($0 ~ /^[ ]*$/) { | |
printf("Line %d is a blank line.\n", NR); | |
@@ -54,22 +51,15 @@ | |
printf("Login %s has a negative group ID.\n", $1); | |
if (int($7) != 0 && system("test "$7" -lt `date +%s`") == 0) | |
printf("Login %s has expired.\n", $1); | |
-}' < $MP > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking the ${MP} file:" | |
- cat $OUTPUT | |
-fi | |
+}' < $MP | |
-awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\n${MP} has duplicate user names." | |
- column $OUTPUT | |
-fi | |
+next_part "${MP} has duplicate user names." | |
+awk -F: '{ print $1 }' $MP | sort | uniq -d | column | |
+next_part "${MP} has duplicate user IDs." | |
awk -F: '/^[^\+]/ { print $1 " " $3 }' $MP | sort -n +1 | tee $TMP1 | | |
uniq -d -f 1 | awk '{ print $2 }' > $TMP2 | |
if [ -s $TMP2 ] ; then | |
- echo "\n${MP} has duplicate user IDs." | |
while read uid; do | |
grep -w $uid $TMP1 | |
done < $TMP2 | column | |
@@ -99,6 +89,7 @@ | |
# Check the group file syntax. | |
GRP=/etc/group | |
+next_part "Checking the ${GRP} file:" | |
awk -F: '{ | |
if ($0 ~ /^[ ]*$/) { | |
printf("Line %d is a blank line.\n", NR); | |
@@ -112,28 +103,21 @@ | |
printf("Group %s has non-alphanumeric characters.\n", $1); | |
if (length($1) > 31) | |
printf("Group %s has more than 31 characters.\n", $1); | |
- if ($3 !~ /[0-9]*/) | |
- printf("Login %s has a negative group ID.\n", $1); | |
-}' < $GRP > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking the ${GRP} file:" | |
- cat $OUTPUT | |
-fi | |
+ if ($3 !~ /^[0-9]*$/) | |
+ printf("Group %s has an invalid group ID.\n", $1); | |
+}' < $GRP | |
-awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\n${GRP} has duplicate group names." | |
- column $OUTPUT | |
-fi | |
+next_part "${GRP} has duplicate group names." | |
+awk -F: '{ print $1 }' $GRP | sort | uniq -d | column | |
# Check for root paths, umask values in startup files. | |
# The check for the root paths is problematical -- it's likely to fail | |
# in other environments. Once the shells have been modified to warn | |
# of '.' in the path, the path tests should go away. | |
-> $OUTPUT | |
rhome=/root | |
umaskset=no | |
list="/etc/csh.cshrc /etc/csh.login ${rhome}/.cshrc ${rhome}/.login" | |
+next_part "Checking root csh paths, umask values:\n${list}" | |
for i in $list ; do | |
if [ -s $i ] ; then | |
if egrep -aq '[[:space:]]*umask[[:space:]]' $i ; then | |
@@ -146,7 +130,7 @@ | |
if ($2 % 10 ~ /^[0145]/) | |
print "Root umask is other writable"; | |
} | |
- }' < $i >> $OUTPUT | |
+ }' < $i | |
SAVE_PATH=$PATH | |
unset PATH | |
/bin/csh -f -s << end-of-csh > /dev/null 2>&1 | |
@@ -168,24 +152,18 @@ | |
{ print "Root path directory " $10 " is group writable." } \ | |
$1 ~ /^d.......w/ \ | |
{ print "Root path directory " $10 " is other writable." }' \ | |
- < $TMP1 >> $OUTPUT | |
+ < $TMP1 | |
fi | |
done | |
-if [ $umaskset = "no" -o -s $OUTPUT ] ; then | |
- echo "\nChecking root csh paths, umask values:\n${list}" | |
- if [ -s $OUTPUT ] ; then | |
- cat $OUTPUT | |
- fi | |
- if [ $umaskset = "no" ] ; then | |
- echo "\nRoot csh startup files do not set the umask." | |
- fi | |
+if [ $umaskset = "no" ] ; then | |
+ echo "\nRoot csh startup files do not set the umask." | |
fi | |
-> $OUTPUT | |
> $TMP2 | |
rhome=/root | |
umaskset=no | |
list="/etc/profile ${rhome}/.profile" | |
+next_part "Checking root sh paths, umask values:\n${list}" | |
for i in $list; do | |
if [ -s $i ] ; then | |
if egrep -a umask $i > /dev/null ; then | |
@@ -195,7 +173,7 @@ | |
awk '$2 % 100 < 20 \ | |
{ print "Root umask is group writable" } \ | |
$2 % 10 < 2 \ | |
- { print "Root umask is other writable" }' >> $OUTPUT | |
+ { print "Root umask is other writable" }' | |
SAVE_PATH=$PATH | |
SAVE_ENV=$ENV | |
unset PATH ENV | |
@@ -221,25 +199,19 @@ | |
{ print "Root path directory " $10 " is group writable." } \ | |
$1 ~ /^d.......w/ \ | |
{ print "Root path directory " $10 " is other writable." }' \ | |
- < $TMP1 >> $OUTPUT | |
+ < $TMP1 | |
fi | |
done | |
-if [ $umaskset = "no" -o -s $OUTPUT ] ; then | |
- echo "\nChecking root sh paths, umask values:\n${list}" | |
- if [ -s $OUTPUT ] ; then | |
- cat $OUTPUT | |
- fi | |
- if [ $umaskset = "no" ] ; then | |
- echo "\nRoot sh startup files do not set the umask." | |
- fi | |
+if [ $umaskset = "no" ] ; then | |
+ echo "\nRoot sh startup files do not set the umask." | |
fi | |
# A good .kshrc will not have a umask or path, that being set in .profile | |
# check anyway. | |
-> $OUTPUT | |
rhome=/root | |
list="/etc/ksh.kshrc `cat $TMP2`" | |
+next_part "Checking root ksh paths, umask values:\n${list}" | |
(cd $rhome | |
for i in $list; do | |
if [ -s $i ] ; then | |
@@ -247,7 +219,7 @@ | |
awk '$2 % 100 < 20 \ | |
{ print "Root umask is group writable" } \ | |
$2 % 10 < 2 \ | |
- { print "Root umask is other writable" }' >> $OUTPUT | |
+ { print "Root umask is other writable" }' | |
if egrep -a PATH= $i > /dev/null ; then | |
SAVE_PATH=$PATH | |
unset PATH | |
@@ -271,32 +243,29 @@ | |
{ print "Root path directory " $10 " is group writable." } \ | |
$1 ~ /^d.......w/ \ | |
{ print "Root path directory " $10 " is other writable." }' \ | |
- < $TMP1 >> $OUTPUT | |
+ < $TMP1 | |
fi | |
fi | |
done | |
) | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking root ksh paths, umask values:\n${list}" | |
- cat $OUTPUT | |
-fi | |
+next_part "Checking configuration files:" | |
# Root and uucp should both be in /etc/ftpusers. | |
if egrep root /etc/ftpusers > /dev/null ; then | |
: | |
else | |
- echo "\nRoot not listed in /etc/ftpusers file." | |
+ echo "Root not listed in /etc/ftpusers file." | |
fi | |
if egrep uucp /etc/ftpusers > /dev/null ; then | |
: | |
else | |
- echo "\nUucp not listed in /etc/ftpusers file." | |
+ echo "Uucp not listed in /etc/ftpusers file." | |
fi | |
# Uudecode should not be in the /etc/mail/aliases file. | |
if egrep 'uudecode|decode' /etc/mail/aliases; then | |
- echo "\nThere is an entry for uudecode in the /etc/mail/aliases file." | |
+ echo "There is an entry for uudecode in the /etc/mail/aliases file." | |
fi | |
# hostname.if files may contain secrets and should not be | |
@@ -307,7 +276,7 @@ | |
continue | |
fi | |
if [ "$(stat -Lf "%SLp" $f)" != "---" ]; then | |
- echo "\n$f is world readable." | |
+ echo "$f is world readable." | |
fi | |
done | |
@@ -319,7 +288,7 @@ | |
if ($0 ~ /^\+@.*$/) | |
next; | |
if ($0 ~ /^\+.*$/) | |
- printf("\nPlus sign in %s file.\n", FILENAME); | |
+ printf("Plus sign in %s file.\n", FILENAME); | |
}' $f | |
fi | |
done | |
@@ -327,6 +296,7 @@ | |
# Check for special users with .rhosts/.shosts files. Only root | |
# should have .rhosts/.shosts files. Also, .rhosts/.shosts | |
# files should not have plus signs. | |
+next_part "Checking for special users with .rhosts/.shosts files." | |
awk -F: '$1 != "root" && $1 !~ /^[+-]/ && \ | |
($3 < 100 || $1 == "ftp" || $1 == "uucp") \ | |
{ print $1 " " $6 }' /etc/passwd | | |
@@ -338,12 +308,9 @@ | |
echo "${uid}: ${rhost}" | |
fi | |
done | |
-done > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking for special users with .rhosts/.shosts files." | |
- cat $OUTPUT | |
-fi | |
+done | |
+next_part "Checking .rhosts/.shosts files syntax." | |
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ | |
while read uid homedir; do | |
for j in .rhosts .shosts; do | |
@@ -357,14 +324,11 @@ | |
}' ${homedir}/$j | |
fi | |
done | |
-done > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking .rhosts/.shosts files syntax." | |
- cat $OUTPUT | |
-fi | |
+done | |
# Check home directories. Directories should not be owned by someone else | |
# or writeable. | |
+next_part "Checking home directories." | |
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ | |
while read uid homedir; do | |
if [ -d ${homedir}/ ] ; then | |
@@ -377,15 +341,12 @@ | |
$2 ~ /^-....w/ \ | |
{ print "user " $1 " home directory is group writable" } | |
$2 ~ /^-.......w/ \ | |
- { print "user " $1 " home directory is other writable" }' > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking home directories." | |
- cat $OUTPUT | |
-fi | |
+ { print "user " $1 " home directory is other writable" }' | |
# Files that should not be owned by someone else or readable. | |
list=".netrc .rhosts .gnupg/secring.gpg .gnupg/random_seed \ | |
.pgp/secring.pgp .shosts .ssh/identity .ssh/id_dsa .ssh/id_rsa" | |
+next_part "Checking dot files." | |
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ | |
while read uid homedir; do | |
for f in $list ; do | |
@@ -404,7 +365,7 @@ | |
$3 ~ /^-....w/ \ | |
{ print "user " $1 " " $2 " file is group writable" } | |
$3 ~ /^-.......w/ \ | |
- { print "user " $1 " " $2 " file is other writable" }' > $OUTPUT | |
+ { print "user " $1 " " $2 " file is other writable" }' | |
# Files that should not be owned by someone else or writeable. | |
list=".bashrc .bash_profile .bash_login .bash_logout .cshrc \ | |
@@ -427,24 +388,18 @@ | |
$3 ~ /^-....w/ \ | |
{ print "user " $1 " " $2 " file is group writable" } | |
$3 ~ /^-.......w/ \ | |
- { print "user " $1 " " $2 " file is other writable" }' >> $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking dot files." | |
- cat $OUTPUT | |
-fi | |
+ { print "user " $1 " " $2 " file is other writable" }' | |
# Mailboxes should be owned by user and unreadable. | |
+next_part "Checking mailbox ownership." | |
ls -l /var/mail | sed 1d | \ | |
awk '$3 != $9 \ | |
{ print "user " $9 " mailbox is owned by " $3 } | |
$1 != "-rw-------" \ | |
- { print "user " $9 " mailbox is " $1 ", group " $4 }' > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking mailbox ownership." | |
- cat $OUTPUT | |
-fi | |
+ { print "user " $9 " mailbox is " $1 ", group " $4 }' | |
# File systems should not be globally exported. | |
+next_part "Checking for globally exported file systems." | |
if [ -s /etc/exports ] ; then | |
awk '{ | |
if (($1 ~ /^#/) || ($1 ~ /^$/)) | |
@@ -460,38 +415,30 @@ | |
print "File system " $1 " globally exported, read-only." | |
else | |
print "File system " $1 " globally exported, read-write." | |
- }' < /etc/exports > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "\nChecking for globally exported file systems." | |
- cat $OUTPUT | |
- fi | |
+ }' < /etc/exports | |
fi | |
# Display any changes in setuid/setgid files and devices. | |
-pending="\nChecking setuid/setgid files and devices:\n" | |
-(find / \( ! -fstype local \ | |
- -o -fstype procfs -o -fstype afs -o -fstype xfs \) -a -prune -o \ | |
+next_part "Setuid/device find errors:" | |
+( set -o noglob | |
+ find / \ | |
+ \( ! -fstype local -o -fstype procfs -o -fstype afs -o -fstype nnpfs \ | |
+ `for f in $SUIDSKIP; do echo -o -path $f; done` \ | |
+ \) -a -prune -o \ | |
-type f -a \( -perm -u+s -o -perm -g+s \) -print0 -o \ | |
! -type d -a ! -type f -a ! -type l -a ! -type s -a ! -type p \ | |
- -print0 | xargs -0 ls -ldgT | sort +9 > $LIST) 2> $OUTPUT | |
+ -print0 | xargs -0 -r ls -ldgT | sort +9 > $LIST | |
+) | |
-# Display any errors that occurred during system file walk. | |
-if [ -s $OUTPUT ] ; then | |
- echo "${pending}Setuid/device find errors:" | |
- pending= | |
- cat $OUTPUT | |
- echo "" | |
-fi | |
- | |
# Display any changes in the setuid/setgid file list. | |
+next_part "Checking setuid/setgid files and devices:" | |
FIELDS1=1.1,1.2,1.3,1.4,1.5,1.6,1.7,1.8,1.9,0 | |
FIELDS2=2.1,2.2,2.3,2.4,2.5,2.6,2.7,2.8,2.9,0 | |
egrep -av '^[bc]' $LIST | join -o $FIELDS2 -110 -210 -v2 /dev/null - > $TMP1 | |
if [ -s $TMP1 ] ; then | |
# Check to make sure uudecode isn't setuid. | |
if grep -aw uudecode $TMP1 > /dev/null ; then | |
- echo "${pending}\nUudecode is setuid." | |
- pending= | |
+ echo "Uudecode is setuid." | |
fi | |
CUR=/var/backups/setuid.current | |
@@ -501,46 +448,31 @@ | |
if cmp -s $CUR $TMP1 ; then | |
: | |
else | |
- > $TMP2 | |
- join -o $FIELDS2 -110 -210 -v2 $CUR $TMP1 > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "${pending}Setuid additions:" | |
- pending= | |
- tee -a $TMP2 < $OUTPUT | column -t | |
- echo "" | |
- fi | |
+ next_part "Setuid additions:" | |
+ join -o $FIELDS2 -110 -210 -v2 $CUR $TMP1 | \ | |
+ tee $TMP2 | column -t | |
- join -o $FIELDS1 -110 -210 -v1 $CUR $TMP1 > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "${pending}Setuid deletions:" | |
- pending= | |
- tee -a $TMP2 < $OUTPUT | column -t | |
- echo "" | |
- fi | |
+ next_part "Setuid deletions:" | |
+ join -o $FIELDS1 -110 -210 -v1 $CUR $TMP1 | \ | |
+ tee -a $TMP2 | column -t | |
+ next_part "Setuid changes:" | |
sort +9 $TMP2 $CUR $TMP1 | \ | |
- sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "${pending}Setuid changes:" | |
- pending= | |
- column -t $OUTPUT | |
- echo "" | |
- fi | |
+ sed -e 's/[ ][ ]*/ /g' | uniq -u | column -t | |
cp $CUR $BACK | |
cp $TMP1 $CUR | |
fi | |
else | |
- echo "${pending}Setuid additions:" | |
- pending= | |
+ next_part "Setuid additions:" | |
column -t $TMP1 | |
- echo "" | |
cp $TMP1 $CUR | |
fi | |
fi | |
# Check for block and character disk devices that are readable or writeable | |
# or not owned by root.operator. | |
+next_part "Checking disk ownership and permissions." | |
>$TMP1 | |
DISKLIST="ccd dk fd hd hk hp jb kra ra rb rd rl rx rz sd up vnd wd xd" | |
for i in $DISKLIST; do | |
@@ -550,12 +482,7 @@ | |
awk '$3 != "root" || $4 != "operator" || $1 !~ /.rw-r-----/ \ | |
{ printf("Disk %s is user %s, group %s, permissions %s.\n", \ | |
- $11, $3, $4, $1); }' < $TMP1 > $OUTPUT | |
-if [ -s $OUTPUT ] ; then | |
- echo "\nChecking disk ownership and permissions." | |
- cat $OUTPUT | |
- echo "" | |
-fi | |
+ $11, $3, $4, $1); }' < $TMP1 | |
FIELDS1=1.1,1.2,1.3,1.4,1.5,1.6,1.7,1.8,1.9,1.10,0 | |
FIELDS2=2.1,2.2,2.3,2.4,2.5,2.6,2.7,2.8,2.9,2.10,0 | |
@@ -570,41 +497,30 @@ | |
if cmp -s $CUR $TMP1 ; then | |
: | |
else | |
- > $TMP2 | |
- join -o $FIELDS2 -111 -211 -v2 $CUR $TMP1 > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "Device additions:" | |
- tee -a $TMP2 < $OUTPUT | column -t | |
- echo "" | |
- fi | |
+ next_part "Device additions:" | |
+ join -o $FIELDS2 -111 -211 -v2 $CUR $TMP1 | \ | |
+ tee $TMP2 | column -t | |
- join -o $FIELDS1 -111 -211 -v1 $CUR $TMP1 > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "Device deletions:" | |
- tee -a $TMP2 < $OUTPUT | column -t | |
- echo "" | |
- fi | |
+ next_part "Device deletions:" | |
+ join -o $FIELDS1 -111 -211 -v1 $CUR $TMP1 | \ | |
+ tee -a $TMP2 | column -t | |
# Report any block device change. Ignore character | |
# devices, only the name is significant. | |
+ next_part "Block device changes:" | |
cat $TMP2 $CUR $TMP1 | \ | |
sed -e '/^c/d' | \ | |
sort +10 | \ | |
sed -e 's/[ ][ ]*/ /g' | \ | |
- uniq -u > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "Block device changes:" | |
- column -t $OUTPUT | |
- echo "" | |
- fi | |
+ uniq -u | \ | |
+ column -t | |
cp $CUR $BACK | |
cp $TMP1 $CUR | |
fi | |
else | |
- echo "Device additions:" | |
+ next_part "Device additions:" | |
column -t $TMP1 | |
- echo "" | |
cp $TMP1 $CUR | |
fi | |
fi | |
@@ -622,30 +538,17 @@ | |
# the hacker can modify the tree specification to match the replaced binary. | |
# For details on really protecting yourself against modified binaries, see | |
# the mtree(8) manual page. | |
+next_part "Checking special files and directories. | |
+Output format is:\n\tfilename:\n\t\tcriteria (shouldbe, reallyis)" | |
if [ -d /etc/mtree ] ; then | |
cd /etc/mtree | |
- mtree -e -l -p / -f /etc/mtree/special > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "\nChecking special files and directories." | |
- echo "Output format is:\n\tfilename:" | |
- echo "\t\tcriteria (shouldbe, reallyis)" | |
- cat $OUTPUT | |
- fi | |
- | |
- > $OUTPUT | |
+ mtree -e -l -p / -f /etc/mtree/special | |
for file in *.secure; do | |
[ $file = '*.secure' ] && continue | |
tree=`sed -n -e '3s/.* //p' -e 3q $file` | |
- mtree -f $file -p $tree > $TMP1 | |
- if [ -s $TMP1 ] ; then | |
- echo "\nChecking ${tree}:" >> $OUTPUT | |
- cat $TMP1 >> $OUTPUT | |
- fi | |
+ next_part "Checking system binaries in ${tree}:" | |
+ mtree -f $file -p $tree | |
done | |
- if [ -s $OUTPUT ] ; then | |
- echo "\nChecking system binaries:" | |
- cat $OUTPUT | |
- fi | |
else | |
echo /etc/mtree is missing | |
fi | |
@@ -660,33 +563,29 @@ | |
for file in `egrep -v "^(#|\+|$MP)" /etc/changelist`; do | |
CUR=/var/backups/$(_fnchg "$file").current | |
BACK=/var/backups/$(_fnchg "$file").backup | |
+ next_part "======\n${file} diffs (-OLD +NEW)\n======" | |
if [ -s $file -a ! -d $file ] ; then | |
if [ -s $CUR ] ; then | |
- diff -ua $CUR $file > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "\n======\n${file} diffs (-OLD +NEW)\n======" | |
- cat $OUTPUT | |
+ diff -ua $CUR $file | |
+ if [ -s $PARTOUT ] ; then | |
cp -p $CUR $BACK | |
cp -p $file $CUR | |
chown root:wheel $CUR $BACK | |
fi | |
else | |
- echo "\n======\n${file} diffs (-OLD +NEW)\n======" | |
diff -u /dev/null $file | |
cp -p $file $CUR | |
chown root:wheel $CUR | |
fi | |
fi | |
if [ ! -s $file -a -s $CUR ]; then | |
- echo "\n======\n${file} diffs (-OLD +NEW)\n======" | |
diff -u $CUR /dev/null | |
cp -p $CUR $BACK | |
rm -f $CUR | |
chown root:wheel $BACK | |
fi | |
done | |
- for file in `egrep "^\+" /etc/changelist`; do | |
- file="${file#+}" | |
+ for file in `sed -n 's/^+//p' /etc/changelist`; do | |
CUR=/var/backups/$(_fnchg "$file").current.md5 | |
BACK=/var/backups/$(_fnchg "$file").backup.md5 | |
if [ -s $file -a ! -d $file ] ; then | |
@@ -694,7 +593,7 @@ | |
if [ -s $CUR ] ; then | |
MD5_OLD="`cat $CUR`" | |
if [ "$MD5_NEW" != "$MD5_OLD" ]; then | |
- echo "\n======\n${file} MD5 checksums\n======" | |
+ next_part "======\n${file} MD5 checksums\n======" | |
echo "OLD: $MD5_OLD" | |
echo "NEW: $MD5_NEW" | |
cp -p $CUR $BACK | |
@@ -703,7 +602,7 @@ | |
chmod 600 $CUR | |
fi | |
else | |
- echo "\n======\n${file} new MD5 checksum\n======" | |
+ next_part "======\n${file} new MD5 checksum\n======" | |
echo "NEW: $MD5_NEW" | |
echo $MD5_NEW > $CUR | |
chown root:wheel $CUR | |
@@ -712,7 +611,7 @@ | |
fi | |
if [ ! -s $file -a -s $CUR ]; then | |
MD5_OLD="`cat $CUR`" | |
- echo "\n======\n${file} removed MD5 checksum\n======" | |
+ next_part "======\n${file} removed MD5 checksum\n======" | |
echo "OLD: $MD5_OLD" | |
cp -p $CUR $BACK | |
rm $CUR | |
@@ -727,12 +626,11 @@ | |
file=/var/backups/disklabel.$d | |
CUR=$file.current | |
BACK=$file.backup | |
+ next_part "======\n${d} diffs (-OLD +NEW)\n======" | |
if disklabel $d > $file 2>&1 ; then | |
if [ -s $CUR ] ; then | |
- diff -u $CUR $file > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "\n======\n${d} diffs (-OLD +NEW)\n======" | |
- cat $OUTPUT | |
+ diff -u $CUR $file | |
+ if [ -s $PARTOUT ] ; then | |
cp -p $CUR $BACK | |
cp -p $file $CUR | |
chown root:wheel $CUR $BACK | |
@@ -746,15 +644,14 @@ | |
done | |
# Backup the list of installed packages and produce diffs when it changes. | |
+next_part "======\nPackage list changes (-OLD +NEW)\n======" | |
file=/var/backups/pkglist | |
CUR=$file.current | |
BACK=$file.backup | |
if pkg_info > $file 2>&1 ; then | |
if [ -s $CUR ] ; then | |
- diff -u $CUR $file > $OUTPUT | |
- if [ -s $OUTPUT ] ; then | |
- echo "\n======\nInstalled package changes (-OLD +NEW)\n======" | |
- cat $OUTPUT | |
+ diff -u $CUR $file | |
+ if [ -s $PARTOUT ] ; then | |
cp -p $CUR $BACK | |
cp -p $file $CUR | |
chown root:wheel $CUR $BACK | |
Only in etc46/etc/skel: .Xdefaults | |
diff -ur etc45/etc/skel/.login etc46/etc/skel/.login | |
--- etc45/etc/skel/.login Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/skel/.login Fri Jul 10 05:01:05 2009 | |
@@ -1,9 +1,13 @@ | |
-# $OpenBSD: dot.login,v 1.4 2009/01/30 08:42:26 sobrado Exp $ | |
+# $OpenBSD: dot.login,v 1.5 2009/05/06 22:02:05 millert Exp $ | |
# | |
# csh login file | |
if ( ! $?TERMCAP ) then | |
- tset -Q '-mdialup:?vt100' $TERM | |
+ if ( $?XTERM_VERSION ) then | |
+ tset -IQ '-munknown:?vt220' $TERM | |
+ else | |
+ tset -Q '-munknown:?vt220' $TERM | |
+ endif | |
endif | |
stty newcrt crterase | |
diff -ur etc45/etc/skel/.mailrc etc46/etc/skel/.mailrc | |
--- etc45/etc/skel/.mailrc Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/skel/.mailrc Fri Jul 10 05:01:05 2009 | |
@@ -1,2 +1,3 @@ | |
set ask | |
+set crt | |
ignore message-id received date fcc status resent-date resent-message-id resent-from in-reply-to | |
Binary files etc45/etc/spwd.db and etc46/etc/spwd.db differ | |
diff -ur etc45/etc/sudoers etc46/etc/sudoers | |
--- etc45/etc/sudoers Sat Feb 28 22:29:39 2009 | |
+++ etc46/etc/sudoers Fri Jul 10 05:01:22 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: sudoers,v 1.21 2008/04/11 20:51:57 thib Exp $ | |
+# $OpenBSD: sudoers,v 1.23 2009/06/03 20:25:23 millert Exp $ | |
# | |
# sudoers file. | |
# | |
@@ -16,10 +16,10 @@ | |
# Cmnd alias specification | |
# Defaults specification | |
-Defaults env_keep +="DESTDIR FETCH_CMD FLAVOR FTPMODE GROUP MAKE MULTI_PACKAGES" | |
-Defaults env_keep +="OKAY_FILES OWNER PKG_DBDIR PKG_DESTDIR PKG_CACHE PKG_PATH" | |
-Defaults env_keep +="PKG_TMPDIR PORTSDIR RELEASEDIR SUBPACKAGE WRKOBJDIR" | |
-Defaults env_keep +="SSH_AUTH_SOCK EDITOR VISUAL SHARED_ONLY" | |
+Defaults env_keep +="DESTDIR EDITOR FETCH_CMD FLAVOR FTPMODE GROUP MAKE" | |
+Defaults env_keep +="MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_CACHE PKG_DBDIR" | |
+Defaults env_keep +="PKG_DESTDIR PKG_PATH PKG_TMPDIR PORTSDIR RELEASEDIR" | |
+Defaults env_keep +="SHARED_ONLY SSH_AUTH_SOCK SUBPACKAGE VISUAL WRKOBJDIR" | |
# Uncomment to disable the lecture the first time you run sudo | |
#Defaults !lecture | |
diff -ur etc45/etc/sysctl.conf etc46/etc/sysctl.conf | |
--- etc45/etc/sysctl.conf Sat Feb 28 22:29:27 2009 | |
+++ etc46/etc/sysctl.conf Fri Jul 10 05:01:04 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: sysctl.conf,v 1.46 2008/01/05 18:38:37 mbalmer Exp $ | |
+# $OpenBSD: sysctl.conf,v 1.47 2009/06/09 11:52:54 sthen Exp $ | |
# | |
# This file contains a list of sysctl options the user wants set at | |
# boot time. See sysctl(3) and sysctl(8) for more information on | |
@@ -7,6 +7,8 @@ | |
#net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets | |
#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets | |
#net.inet.ip.multipath=1 # 1=Enable IP multipath routing | |
+#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects | |
+#net.inet6.icmp6.rediraccept=0 # 0=Don't accept IPv6 ICMP redirects | |
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets | |
#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets | |
#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing | |
diff -ur etc45/etc/weekly etc46/etc/weekly | |
--- etc45/etc/weekly Sat Feb 28 22:29:26 2009 | |
+++ etc46/etc/weekly Fri Jul 10 05:01:03 2009 | |
@@ -1,24 +1,53 @@ | |
-#!/bin/sh - | |
# | |
-# $OpenBSD: weekly,v 1.19 2007/02/02 14:52:48 ajacoutot Exp $ | |
+# $OpenBSD: weekly,v 1.23 2009/05/25 21:31:24 schwarze Exp $ | |
# | |
+# For local additions, create the file /etc/weekly.local. | |
+# To get section headers, use the function next_part in weekly.local. | |
+# | |
umask 022 | |
-PATH=/bin:/sbin:/usr/sbin:/usr/bin:/usr/libexec | |
-export PATH | |
+PARTOUT=/var/log/weekly.part | |
+MAINOUT=/var/log/weekly.out | |
+install -o 0 -g 0 -m 600 /dev/null $PARTOUT | |
+install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT | |
-if [ -f /etc/weekly.local ]; then | |
+start_part() { | |
+ TITLE=$1 | |
+ exec > $PARTOUT 2>&1 | |
+} | |
+ | |
+end_part() { | |
+ exec >> $MAINOUT 2>&1 | |
+ test -s $PARTOUT || return | |
echo "" | |
- echo "Running weekly.local:" | |
- . /etc/weekly.local | |
-fi | |
+ echo "$TITLE" | |
+ cat $PARTOUT | |
+} | |
-echo "" | |
+next_part() { | |
+ end_part | |
+ start_part "$1" | |
+} | |
+ | |
+run_script() { | |
+ f=/etc/$1 | |
+ test -e $f || return | |
+ if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then | |
+ echo "$f has insecure permissions, skipping:" | |
+ ls -l $f | |
+ return | |
+ fi | |
+ . $f | |
+} | |
+ | |
+start_part "Running weekly.local:" | |
+run_script "weekly.local" | |
+ | |
+next_part "Rebuilding locate database:" | |
if [ -f /var/db/locate.database ]; then | |
TMP=`mktemp /var/db/locate.database.XXXXXXXXXX` | |
if [ $? -eq 0 ]; then | |
trap 'rm -f $TMP; exit 1' 0 1 15 | |
- echo "Rebuilding locate database:" | |
UPDATEDB="/usr/libexec/locate.updatedb" | |
echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/var/tmp}" | \ | |
nice -5 su -m nobody 2>/dev/null 1>$TMP | |
@@ -32,18 +61,17 @@ | |
else | |
echo "Not rebuilding locate database; can't create temp file" | |
fi | |
-else | |
- echo "Not rebuilding locate database; no /var/db/locate.database" | |
fi | |
-echo "" | |
-echo "Rebuilding whatis databases:" | |
-makewhatis | |
+next_part "Rebuilding whatis databases:" | |
+/usr/libexec/makewhatis | |
-# If LOGINACCOUNTING is set to 1 in the environment, report user | |
-# accounting information | |
+next_part "Doing login accounting:" | |
[ "X$LOGINACCOUNTING" = X1 ] && { | |
- echo "" | |
- echo "Doing login accounting:" | |
ac -p | sort -nr -k 2 | |
} | |
+ | |
+end_part | |
+rm -f $PARTOUT | |
+ | |
+[ -s $MAINOUT ] && mail -s "`hostname` weekly output" root < $MAINOUT | |
Only in etc46/root: .Xdefaults | |
diff -ur etc45/root/.login etc46/root/.login | |
--- etc45/root/.login Sat Feb 28 22:29:27 2009 | |
+++ etc46/root/.login Fri Jul 10 05:01:04 2009 | |
@@ -1,15 +1,19 @@ | |
-# $OpenBSD: dot.login,v 1.11 2005/03/30 19:50:07 deraadt Exp $ | |
+# $OpenBSD: dot.login,v 1.13 2009/05/06 22:02:05 millert Exp $ | |
# | |
# csh login file | |
-set tterm='?'$TERM | |
-set noglob | |
-onintr finish | |
-eval `tset -s -Q $tterm` | |
-finish: | |
-unset noglob | |
-unset tterm | |
-onintr | |
+if ( -x /usr/bin/tset ) then | |
+ set noglob histchars="" | |
+ onintr finish | |
+ if ( $?XTERM_VERSION ) then | |
+ eval `tset -IsQ '-munknown:?vt220' $TERM` | |
+ else | |
+ eval `tset -sQ '-munknown:?vt220' $TERM` | |
+ endif | |
+ finish: | |
+ unset noglob histchars | |
+ onintr | |
+endif | |
if ( `logname` == `whoami` ) then | |
echo "Read the afterboot(8) man page for administration advice." | |
diff -ur etc45/root/.profile etc46/root/.profile | |
--- etc45/root/.profile Sat Feb 28 22:29:27 2009 | |
+++ etc46/root/.profile Fri Jul 10 05:01:04 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: dot.profile,v 1.5 2005/03/30 21:18:33 millert Exp $ | |
+# $OpenBSD: dot.profile,v 1.8 2009/05/06 22:02:05 millert Exp $ | |
# | |
# sh/ksh initialization | |
@@ -9,5 +9,9 @@ | |
umask 022 | |
if [ -x /usr/bin/tset ]; then | |
- eval `/usr/bin/tset -sQ \?$TERM` | |
+ if [ X"$XTERM_VERSION" = X"" ]; then | |
+ eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM` | |
+ else | |
+ eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM` | |
+ fi | |
fi | |
diff -ur etc45/var/cron/tabs/root etc46/var/cron/tabs/root | |
--- etc45/var/cron/tabs/root Sat Feb 28 22:29:27 2009 | |
+++ etc46/var/cron/tabs/root Fri Jul 10 05:01:04 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: crontab,v 1.15 2007/02/27 16:04:16 beck Exp $ | |
+# $OpenBSD: crontab,v 1.18 2009/05/09 17:15:49 schwarze Exp $ | |
# | |
# /var/cron/tabs/root - root's crontab | |
# | |
@@ -17,7 +17,7 @@ | |
#1-59 * * * * /usr/bin/newsyslog -m | |
# | |
# do daily/weekly/monthly maintenance | |
-30 1 * * * umask 077; /bin/sh /etc/daily 2>&1 | tee /var/log/daily.out | mail -s "`/bin/hostname` daily output" root | |
-30 3 * * 6 umask 077; /bin/sh /etc/weekly 2>&1 | tee /var/log/weekly.out | mail -s "`/bin/hostname` weekly output" root | |
-30 5 1 * * umask 077; /bin/sh /etc/monthly 2>&1 | tee /var/log/monthly.out | mail -s "`/bin/hostname` monthly output" root | |
+30 1 * * * /bin/sh /etc/daily | |
+30 3 * * 6 /bin/sh /etc/weekly | |
+30 5 1 * * /bin/sh /etc/monthly | |
#0 * * * * /usr/libexec/spamd-setup | |
diff -ur etc45/var/mail/root etc46/var/mail/root | |
--- etc45/var/mail/root Sat Feb 28 22:29:39 2009 | |
+++ etc46/var/mail/root Fri Jul 10 05:01:22 2009 | |
@@ -1,9 +1,9 @@ | |
-From deraadt@do-not-reply.openbsd.org Fri May 1 05:45:45 MDT 2009 | |
+From deraadt@do-not-reply.openbsd.org Thu Oct 1 06:46:46 MDT 2009 | |
Return-Path: root | |
-Date: May 1 05:45:45 MDT 2009 | |
+Date: Oct 1 06:46:46 MDT 2009 | |
From: deraadt@do-not-reply.openbsd.org (Theo de Raadt) | |
To: root | |
-Subject: Welcome to OpenBSD 4.5! Secure by Default! | |
+Subject: Welcome to OpenBSD 4.6! | |
This message attempts to describe the most basic initial questions that a | |
system administrator of an OpenBSD box might have. You are urged to save | |
@@ -14,26 +14,26 @@ | |
"man afterboot"). If you are not familiar with how to read man pages, type | |
"man man" at a shell prompt and read the entire thing. Pay specific | |
attention to the "man -k keyword" option, which will permit you to find the | |
-man page you are looking for more easily; for instance, "man -k ethernet". The | |
-GNU "info" subsystem is also installed with further documentation resources: | |
-to read info pages type "info". (The info subsystem behaves like the | |
-popular emacs editor.) | |
+man page you are looking for more easily; for instance, "man -k ethernet". | |
+The GNU "info" subsystem is also installed with further documentation | |
+resources: to read info pages type "info". (The info subsystem behaves like | |
+the popular emacs editor.) | |
Again, PLEASE READ THE MANUAL PAGES. Our developers have spent countless | |
hours improving them so that they are clear and precise. | |
-If you have installed the X11 packages during the install process, you can find | |
-further information regarding configuration in the file /usr/X11R6/README. | |
+If you have installed the X11 packages during the install process, you can | |
+find further information regarding configuration in the file /usr/X11R6/README. | |
Several popular binary packages (pre-compiled applications) are available | |
for most architectures. If you installed from a CD-ROM the packages | |
-are on the same CD-ROM you installed from in the directory 4.5/packages. | |
+are on the same CD-ROM you installed from in the directory 4.6/packages. | |
CD-ROM space permitted us to include a subset of the full FTP packages | |
for the most common architectures. Please see the FTP sites to see a | |
full list of packages for each architecture: | |
- ftp://ftp.openbsd.org/pub/OpenBSD/4.5/packages/ | |
+ ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/ | |
If you do not find a package you want on the CD, please go look at your | |
nearest FTP mirror site. | |
@@ -41,15 +41,10 @@ | |
Select your architecture and download the tarballs of your choice. For example | |
to install the emacs package for i386, execute: | |
# mount /dev/cd0a /cdrom | |
- # pkg_add -v /cdrom/4.5/packages/i386/emacs-21.4p7.tgz | |
+ # pkg_add -v /cdrom/4.6/packages/i386/emacs-21.4p8.tgz | |
or alternatively install them via FTP this way: | |
- # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.5/packages/i386/emacs-21.4p7.tgz | |
+ # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/emacs-21.4p8.tgz | |
-You are STRONGLY urged to use ssh instead of telnet, rlogin, or rsh! ssh is | |
-included in all OpenBSD systems. The implementation is OpenSSH, which we are | |
-the developers of. For more information, see | |
- http://www.OpenSSH.com | |
- | |
Significant efforts were made to centralize all system configuration in the | |
/etc directory. You should be able to find each of the configuration files | |
you seek there, lightly documented. In particular, much of the configuration | |
@@ -86,6 +81,5 @@ | |
and GENERIC kernels are appreciated.) The device driver information we get from | |
this helps us fix existing drivers. Thank you! | |
-(If you used 'mail' to read this message and it scrolled by too quickly, | |
-type "more ." If you wish to save it, use the "x" command.) | |
+(If you wish to save it, use the "x" command.) | |
diff -ur etc45/var/www/conf/httpd.conf etc46/var/www/conf/httpd.conf | |
--- etc45/var/www/conf/httpd.conf Sat Feb 28 22:29:32 2009 | |
+++ etc46/var/www/conf/httpd.conf Fri Jul 10 05:01:12 2009 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: httpd.conf,v 1.24 2008/06/07 01:59:36 jdixon Exp $ | |
+# $OpenBSD: httpd.conf,v 1.26 2009/06/03 18:28:21 robert Exp $ | |
# | |
# Based upon the NCSA server configuration files originally by Rob McCool. | |
# | |
@@ -169,7 +169,7 @@ | |
# | |
# MaxFOOPerChild: these directives set the current and hard rlimits for | |
-# the child processes. Attempts to exceed them will cause the the OS to | |
+# the child processes. Attempts to exceed them will cause the OS to | |
# take appropriate action. See the setrlimit(2) and signal(3). | |
# | |
MaxCPUPerChild 0 | |
@@ -850,14 +850,17 @@ | |
# | |
# Allow server status reports, with the URL of http://servername/server-status | |
-# Change the ".your_domain.com" to match your domain to enable. | |
+# Change the ".your_domain.com" to match your domain to enable. By default we | |
+# allow server-status requests from 127.0.0.1 to make apachectl's status and | |
+# fullstatus commands work. | |
# | |
-#<Location /server-status> | |
-# SetHandler server-status | |
-# Order deny,allow | |
-# Deny from all | |
-# Allow from .your_domain.com | |
-#</Location> | |
+<Location /server-status> | |
+ SetHandler server-status | |
+ Order deny,allow | |
+ Deny from all | |
+ Allow from 127.0.0.1 | |
+# Allow from .your_domain.com | |
+</Location> | |
# | |
# Allow remote server configuration reports, with the URL of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment