summaryrefslogtreecommitdiff
path: root/etc/rc
AgeCommit message (Collapse)Author
2015-08-28Changes for start_daemon():Robert Peichaer
- use more descriptive variable name Changes for make_keys(): - use variables for file paths - key -> keys in message - take into account the return codes of isakmpd private *and* public key generation OK krw@ halex@
2015-08-22- add usage infoRobert Peichaer
- initialize _ban variable - style OK halex@
2015-08-22Restore previous behaviour for wsconsctl_conf().Robert Peichaer
In wsconsctl.conf configuration variables can contain doublequotes which are removed by the shell if wsconsctl is used interactively. In scripts, without using eval, these doublequotes are preserved and the wsconsctl command complains about "illegal character in input". Found by and OK jmc@ With feedback from and OK krw@, halex@
2015-08-13Changes to sysctl_conf(), mixerctl_conf() and wsconsctl_conf():Robert Peichaer
- no need to check for non-empty *.conf files, stripcom handles that now - pipe stripcom output directly to while-read-loop - quote the argument to the *ctl commands - no need to double shutup mixerctl, -q already means quiet OK krw@, halex@
2015-08-12Start the rework of the /etc/rc shell script.Robert Peichaer
General changes: - apply a similar 'style' as used in the installer scripts - improve comments to be more to the point, remove where code is obvious - document usage of functions if they have arguments - rename variables where it improves readability - replace really old-school shell code with more contemporary idioms Changes to stripcom(): - skip empty files (eleminates tests for this before calling stripcom) - remove {} around the while-loop, feed file directly - instead of continue if empty and then print, print only if non-empty - use the safer "print -r --" instead of plain "echo" - quote "$_line" on output to prevent globbing Changes to update_limit(): - use {,-cur,-max} instead of "" -cur -max - eleminate if-block with reverse test and continue OK halex@ krw@
2015-08-03Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rcYASUOKA Masahiko
to hook the rc script and modify etc/rc.conf to make it disable by default. Also add an entry for /etc/radiusd.conf to etc/changelist and etc/mtree/special. ok deraadt
2015-07-20Disable Strict Bourne shell mode for /etc/rc and /etc/netstart to beRobert Peichaer
able to use ksh syntax within these scripts. This way init doesn't need to be changed, which starts /etc/rc using /bin/sh and people can still use "sh /etc/netstart ifname". Idea from and OK halex@ OK deraadt@ krw@ guenther@
2015-07-19Replace test command with [].Robert Peichaer
OK halex@ krw@
2015-07-18Put the opening curley brackets on the same line as the function name.Robert Peichaer
OK krw@ halex@
2015-07-18- remove trailing blanks introduced in previous commitRobert Peichaer
- no space in redirections like </foo or >$bar - few other minor whitespaces OK krw@
2015-07-18Improve commentsRobert Peichaer
- Add comments for functions - Start comments with capital letters - End comments with a full stop - Allow comments to extend up to column 80 OK krw@
2015-05-02Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been madeAntoine Jacoutot
tweakable: there's no real point and these files support the 'include' option so one can always get its config from whatever path... especially useful when testing a new ruleset. man page inputs from schwarze@ ok halex@ schwarze@ rpe@ deraadt@
2015-03-11'rc.firstime' -> 'rc.firsttime' in comment.Kenneth R Westerback
Diff from Navan Carson via tech@
2015-01-22Use /etc/services names in all the default pf rules (most alreadyKenneth R Westerback
did). This allows any local changes to /etc/services to be effective if all you have is the default. Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks! ok phessler@ deraadt@
2014-12-03Unhook rtsol(8) and rtsold(8) from the build.Florian Obser
OK deraadt@
2014-11-30Fix comment: We don't use RC4 anymore, it's better to be moreDavid Coppa
generic. ok miod@
2014-11-17Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in theTheo de Raadt
often space-constrained /var filesystem was a historical mistake. There are big implications for the daemons which assume they won't run out of space, and this is a first step towards trying to improve the situation. Move /tmp to the same 7-day expiration rules that /var/tmp had. vi.recover works just as well as before, except on memory filesystems; indicating that vi should be repaired to write files into homedirs or something. done with rpe ok many
2014-11-05When clearing /tmp, use "-maxdepth -1" instead of "-type d -prune".Todd C. Miller
This is easier to understand and fixes a bug where the "-type d -prune" was misplaced as noticed by pirofti@. OK deraadt@
2014-09-15Remove sendmail tentacles. ok krw@ ajacoutot@Matthieu Herrb
2014-08-26usr.sbinRobert Nagy
2014-08-22disable use of bind in base; in the base use nsd/unbound instead.Theo de Raadt
a proper & complete bind port will show up. discussed with many for years
2014-08-17Execute /etc/netstart using sh(1) instead of sourcing it.Antoine Jacoutot
Committing early to make sure we have time to fix any side-effect. ok deraadt@
2014-08-04enable httpd; ok deraadt@Christian Weisgerber
2014-07-19Print a warning message if the files with the random seed are notAlexander Bluhm
writeable during shutdown. This prevents ugly error messages when the machine is rebooted from singe-user without mounting the file systems read-write. suggested by deraadt@
2014-07-18ugly ugly whitespaceTheo de Raadt
2014-07-17sh netstart, instead of using .Theo de Raadt
We don't want any of the variables created inside netstart to infect the rc script. ok claudio sthen aja
2014-07-14quiet /etc/rc.shutdown, it may not exist.Antoine Jacoutot
ok deraadt@
2014-07-14This isn't C.Antoine Jacoutot
2014-07-14Only set kern.securelevel=1 if it was not lowered nor bumped byAntoine Jacoutot
rc.securelevel, with deraadt@
2014-07-14rc.{local,securelevel,shutdown} become examples. If versions of themTheo de Raadt
are created in /etc, they are executed (they used to be sourced) to avoid polluting the rc variable space. The powerdown= and securelevel= features are removed; they are likely only used by 2 people. the secureleve is now always raised; this is the only sensible default. ok ajacoutot
2014-07-14check for existance of rc.shutdown, before sourcing itTheo de Raadt
2014-07-13rc bits for iscsid. Start iscsid as early as possible. Use the new -NClaudio Jeker
flag for fsck and mount to check and mount the iscsi file systems (marked with option net) right after the mount -a. "Get it in" deraadt@ rpe@ is OK with this going in but it may need further changes
2014-07-12Make rc.conf a parsed configuration file and stop sourcing it as a shellRobert Nagy
script. From now on rc.conf has a fixed syntax (key=val) and it is not allowed to add anything to it besides the supported syntax, it all going to be ignored. discussed with and help from deraadt@ and halex@
2014-04-25Redirecting stderr to /dev/null suppresses all errors. Instead useAlexander Bluhm
the new status=none feature to make dd quiet. OK halex@
2014-04-24rm rwhod tentaclesTed Unangst
2014-04-23Remove krb5 bits from rc(8).Antoine Jacoutot
ok reyk@
2014-04-19use "!received-on any" to absolutely ensure that we're not forwardingHenning Brauer
carp, rpc or nfs traffic in the initial ruleset active during network startup for a short time (or a much longer time if /etc/pf.conf is screwed up). ok phessler
2014-03-15Enable Unbound in base, ok deraadt@Stuart Henderson
2014-03-13Unhook httpd(8) from build; etc bitsFlorian Obser
OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@ "The time is right." and much help getting the show on the road deraadt@
2014-02-19Ignore blank characters at the end of ${pkg_scripts} in orderIngo Schwarze
to refrain from trying to execute /etc/rc.d/ in that case. Problem noticed by jasper@. Opinions on this patch vary: "much nicer, ok" sthen@ "good god, what horrible shell voodoo, ok" ajacoutot@
2014-01-19Extend the initial pf ruleset to explicitly allow dhcp / bootp and dhcpv6.Claudio Jeker
Our dhclient only uses the bpf tap for broadcast packets (which bypass pf) but lease renewals will use a regular socket and are blocked without this change. Rules are written so that accidential forwarding of packets is not possible. Diff from brad@, OK henning@, benno@, mikeb@
2014-01-03Use kern.securelevel to determine whether or not we are in singleTodd C. Miller
user mode now that init no longer raises securelevel during reboot. OK deraadt@
2013-12-28document a hack we want fixed laterTheo de Raadt
2013-12-27- add chmod of seedfile in /etcRobert Peichaer
- use its return code for single/multiuser detection ok deraadt
2013-12-27re-use random_seed in shutdown sectionRobert Peichaer
ok deraadt
2013-12-27create a seed file for the bootloader in /etc/random.seedTheo de Raadt
2013-12-27nest random_seed() contents into a single redirectionTheo de Raadt
idea from rpe
2013-12-27re-do shutdown operations. Run the scripts if we may; take down carpTheo de Raadt
unconditionally, and then do the optional powerdown discussed at length with rpe
2013-12-27when forcing a re-key, might as well toss in dmesg as additional seedTheo de Raadt
material
2013-12-27all the random devices have been the same for a while; so let us avoidTheo de Raadt
being obtuse and use /dev/random