diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2003-09-25 09:19:12 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2003-09-25 09:19:12 +0000 |
commit | ffffffb63517d8c60f0aa8706a37a08edc91442a (patch) | |
tree | 92c65ec7343b3be298b31d913972b2cbc098af2d | |
parent | 5abb311e8db4a478e5d920ceafe1b80b90c49f4e (diff) |
man page for /etc/changelist format;
ok deraadt@
-rw-r--r-- | share/man/man5/Makefile | 16 | ||||
-rw-r--r-- | share/man/man5/changelist.5 | 143 |
2 files changed, 151 insertions, 8 deletions
diff --git a/share/man/man5/Makefile b/share/man/man5/Makefile index 88934a7ed6f..a37635563bc 100644 --- a/share/man/man5/Makefile +++ b/share/man/man5/Makefile @@ -1,15 +1,15 @@ -# $OpenBSD: Makefile,v 1.34 2003/08/21 19:12:59 frantzen Exp $ +# $OpenBSD: Makefile,v 1.35 2003/09/25 09:19:11 jmc Exp $ # $NetBSD: Makefile,v 1.14 1995/05/11 23:13:15 cgd Exp $ # missing: dump.5 plot.5 -MAN= a.out.5 acct.5 bsd.port.mk.5 bsd.regress.mk.5 core.5 dir.5 disktab.5 \ - elf.5 ethers.5 fbtab.5 files.conf.5 forward.5 fs.5 fstab.5 \ - genassym.cf.5 group.5 hostname.if.5 hosts.equiv.5 hosts.5 intro.5 \ - link.5 login.conf.5 mk.conf.5 moduli.5 motd.5 myname.5 netgroup.5 \ - networks.5 passwd.5 passwd.conf.5 pf.conf.5 pf.os.5 phones.5 \ - printcap.5 protocols.5 remote.5 resolv.conf.5 rpc.5 services.5 \ - shells.5 stab.5 spamd.conf.5 sysctl.conf.5 types.5 utmp.5 \ +MAN= a.out.5 acct.5 bsd.port.mk.5 bsd.regress.mk.5 changelist.5 core.5 \ + dir.5 disktab.5 elf.5 ethers.5 fbtab.5 files.conf.5 forward.5 fs.5 \ + fstab.5 genassym.cf.5 group.5 hostname.if.5 hosts.equiv.5 hosts.5 \ + intro.5 link.5 login.conf.5 mk.conf.5 moduli.5 motd.5 myname.5 \ + netgroup.5 networks.5 passwd.5 passwd.conf.5 pf.conf.5 pf.os.5 \ + phones.5 printcap.5 protocols.5 remote.5 resolv.conf.5 rpc.5 \ + services.5 shells.5 stab.5 spamd.conf.5 sysctl.conf.5 types.5 utmp.5 \ wsconsctl.conf.5 MLINKS= dir.5 dirent.5 fs.5 inode.5 utmp.5 wtmp.5 utmp.5 lastlog.5 MLINKS+= hosts.equiv.5 .rhosts.5 diff --git a/share/man/man5/changelist.5 b/share/man/man5/changelist.5 new file mode 100644 index 00000000000..75c01ce1387 --- /dev/null +++ b/share/man/man5/changelist.5 @@ -0,0 +1,143 @@ +.\" $OpenBSD: changelist.5,v 1.1 2003/09/25 09:19:11 jmc Exp $ +.\" +.\" Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd September 11, 2003 +.Dt CHANGELIST 5 +.Os +.Sh NAME +.Nm changelist +.Nd list of backup files +.Sh SYNOPSIS +.Nm /etc/changelist +.Sh DESCRIPTION +The +.Pa /etc/changelist +file is a simple text file containing the names of files to be backed up +and checked for modification by the system security script, +.Xr security 8 . +It is checked daily by the +.Pa /etc/daily +script. +See +.Xr daily 8 +for further details. +.Pp +Each line of the file contains the name of a file, +specified by its absolute pathname, +one per line. +By default, configuration files in +.Pa /etc , +.Pa /root , +and +.Pa /var +are added during system install. +Administrators may add additional files at their discretion. +.Pp +Backup files are held in the directory +.Pa /var/backups . +A backup of the current version of a file is kept in this directory, marked +.Qq current . +When the file is altered, the old version is marked as +.Qq backup +and the new version becomes +.Qq current . +.Pp +For example, +the system shell database, +.Pa /etc/shells , +is held as +.Pa /var/backups/etc_shells.current . +When this file is modified, it is renamed to +.Pa /var/backups/etc_shells.backup +and the new version becomes +.Pa /var/backups/etc_shells.current . +Thereafter, these files are rotated. +.Pp +Diffs are mailed to the root administrator, in unified +.Xr diff 1 +format, via +.Xr daily 8 , +in the following format: +.Bd -unfilled -offset indent +===== +/etc/shells diffs (-OLD -NEW) +===== +.Ed +.Pp +Files in +.Pa /etc/changelist +beginning with a +.Sq + +character +.Pq generally non-text files +are stored as +.Xr md5 1 +checksums. +Results are mailed in the following format: +.Bd -unfilled -offset indent +====== +/etc/ssh/ssh_host_key MD5 checksums +====== +OLD: +NEW: +.Ed +.Pp +Lines beginning with the comment character +.Pq Sq # , +blank lines, +and non-existent files are all silently ignored. +.\" .Sh ENVIRONMENT +.Sh FILES +.Bl -tag -width /etc/changelist -compact +.It Pa /etc/changelist +Default changelist. +.It Pa /etc/daily +Maintenance script which runs +.Xr security 8 . +.It Pa /etc/security +Shell script which reads +.Pa /etc/changelist . +.It /var/backups/ +Directory containing file backups. +.El +.Sh SEE ALSO +.Xr diff 1 , +.Xr md5 1 , +.Xr daily 8 , +.Xr security 8 +.Sh HISTORY +The +.Nm +manual page first appeared in +.Ox 3.5 . +.Sh CAVEATS +Anyone with the privileges to alter system configuration files +could also alter the backup files in +.Pa /var/backups . +It is important that this directory be owned by root:wheel +and have permissions 0700 set. +.Pp +Removal of the +.Pa /etc/changelist +file itself could cause confusion. +.Pp +.Nm +cannot warn about files being added to the system. +.Pp +If you hose your system configuration files, +you just might be able to find the information you need in +.Pa /var/backups . +This is not a CAVEAT, but we had to warn you somehow! |