summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2014-07-09do locatedb as part of the build processMarc Espie
"works for me" deraadt@
2014-07-09Update the default relayd.conf with the new filtering grammar.Reyk Floeter
OK benno@
2014-07-09I hate eval. Apart from when it's really needed.Alexander Hall
Eval'ing constant expressions is not such a case. "...fine with me" krw@
2014-07-09Add a daemon_timeout variable for rc_wait().Antoine Jacoutot
It represents the maximum time in seconds to wait for the start, stop and reload actions to return. Defaults to "30". No default behavior is changed. ok beck@ sthen@ jasper@ giovanni@
2014-07-09White spaces.Antoine Jacoutot
2014-07-02don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael ZalamenaStuart Henderson
ok schwarze@
2014-06-25ensure rc.d/nsd uses a correct exit code as per rc.subr(8); reported byStuart Henderson
Ben Lovett, simpler diff from aja@
2014-06-10Add ed25519 ssh host keys to /etc/mtree/special.Todd C. Miller
From inframare at arachnogoat dot com; OK deraadt@ sthen@
2014-06-09add cron_flags which seemed to have been forgotten here.Jasper Lievisse Adriaanse
ok aja@ dcoppa@
2014-06-06replace sendmail with smtpd in a commentGilles Chehade
reported by Scott McEachern <scott@blackstaff.ca> ok deraadt@ and todd@
2014-05-26remove /usr/src. avoids useless whining from daily security mail.Alexander Hall
ok landry@ ajacoutot@
2014-05-22update nosuidcoredump example. mentioned by stefan wollnyTed Unangst
2014-05-09wording improvements; David VasekTheo de Raadt
2014-05-08regenMiod Vallat
2014-05-08Remove irrelevant devices from the ramdisk target; spotted by deraadtMiod Vallat
2014-05-07pass daemon_flags to nsd-control when used to check/reload/stop nsd,Stuart Henderson
the only useful option here is to specify an alternative config path, which must be used for these operations as well as for startup.
2014-05-06don't give people bad ideas about pool_debugTed Unangst
2014-04-29tedu ~/.kloginDavid Coppa
ok henning@ deraadt@
2014-04-28re-add _ppp for npppd here as well; ok ajacoutotOkan Demirmen
2014-04-27Get back "_ppp" user and "_ppp" group. From now they will be solelyYASUOKA Masahiko
used by npppd. ok deraadt
2014-04-25Redirecting stderr to /dev/null suppresses all errors. Instead useAlexander Bluhm
the new status=none feature to make dd quiet. OK halex@
2014-04-24jmc spotted more ruptime tentaclesTed Unangst
2014-04-24rm rwhod tentaclesTed Unangst
2014-04-24regenKenji Aoyama
2014-04-24Add pcex{mem,io} entries to MAKEDEV.Kenji Aoyama
ok miod@
2014-04-23Remove krb5 bits from rc(8).Antoine Jacoutot
ok reyk@
2014-04-22Remove the kerberos login methods.Reyk Floeter
ok henning@
2014-04-22Remove kerberosV, it is not special anymore.Reyk Floeter
ok henning@
2014-04-22Remove kerberosV from etc/Reyk Floeter
ok deraadt@ guenther@
2014-04-21remove rshd example; ok sthenOkan Demirmen
2014-04-21Bye bye *hosts.equiv.Antoine Jacoutot
ok deraadt@
2014-04-20hosts.equiv is a ghost from bsd pastTed Unangst
2014-04-19stop "advertising" disabling pmtud and window size increasingHenning Brauer
very rarely if ever needed any more. we should not trick people into thinking they are impoving sth doing so, it's rather the opposite these days. ok claudio
2014-04-19use "!received-on any" to absolutely ensure that we're not forwardingHenning Brauer
carp, rpc or nfs traffic in the initial ruleset active during network startup for a short time (or a much longer time if /etc/pf.conf is screwed up). ok phessler
2014-04-18Switch to the new makewhatis(8)/apropos(1)/whatis(1) combo.Ingo Schwarze
"commit the switch now" espie@ "go for it" deraadt@ See the apropos(1) manual for a description of what's new. On machines where you want the full functionality, run "sudo makewhatis" and put "MAKEWHATISARGS=' '" into weekly.local(8). Otherwise, when upgrading via source, run "sudo makewhatis -Q".
2014-04-11Move build machinery for libcrypto from libssl/crypto to libcrypto, as wellMiod Vallat
as configuration files; split manpages and .pc files between libcrypto and libssl. No functional change, only there to make engineering easier, and libcrypto sources are still found in libssl/src/crypto at the moment. ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
2014-04-03regenMiod Vallat
2014-04-03Add wskbd nodes to the bsd.rd /dev posse; allows kbd -l to work as intendedMiod Vallat
in the install media. Reported by Donovan Watteau
2014-04-02Fix syntax error in commented out local-zone entry. OK sthen@Todd C. Miller
2014-03-30increase size of iso media (try 2)Theo de Raadt
2014-03-30increase size of iso mediaTheo de Raadt
2014-03-27do not keep hoststat and purgestat, they are pointing to the sendmailGilles Chehade
executable and will not serve any purpose with smtpd by default ok jmc@ tedu@
2014-03-26end experimental login.conf template support. one file per machine.Ted Unangst
ok deraadt millert
2014-03-24sum -> cksum, ok deraadtStuart Henderson
2014-03-24okan reminds me hosts.allow lived here tooTed Unangst
2014-03-24Stop monitoring apache files.Antoine Jacoutot
ok florian@ jung@ sthen@
2014-03-24Add /var/unbound/dev/log, it isn't needed for initial startup because UnboundStuart Henderson
opens the log before chrooting, but this handles the case where syslogd is restarted during Unbound's runtime.
2014-03-23Remove commented-out module-config line, it is already set to "validatorStuart Henderson
iterator" by default. Pointed out by Patrik Lundin.
2014-03-21Add nginx default log files to the rotation.Antoine Jacoutot
ok jung@ stephan@ tweaks and ok sthen@
2014-03-21Install a /var/unbound/db directory, writable by the _unbound daemon,Stuart Henderson
and use it as the default location for the DNSSEC root key. Update default config for this location. With this, the only step required to enable DNSSEC validation is to uncomment these default config entries and restart: #module-config: "validator iterator" #auto-trust-anchor-file: "/var/unbound/db/root.key" There is no longer a requirement to run unbound-anchor manually to update the root key. The rc.d script will take care of updates at boot, and Unbound will manage the file itself at runtime. Test with "dig test.dnssec-or-not.net txt @127.0.0.1" or similar.