summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2008-04-27Add section n for Tcl/Tk related pages.Deanna Phillips
ok jmc@, no objections espie@
2008-04-25express hopeTheo de Raadt
2008-04-17Teach security(8) to check for world-readable hostname.if files.Stuart Henderson
An increasing number of types of these files (e.g. ppp, carp and wlan adapters) may contain secrets. ok deraadt oga johan
2008-04-17before using them, force hostname.* files to be unreadable by worldTheo de Raadt
first version from todd, ok millert
2008-04-15- make it clear that hosts.lpd follows the same syntax that hosts.equiv(5)Antoine Jacoutot
inputs from jmc@ "looks ok" beck@ (similar older diff), "fine by me" jmc@
2008-04-02no more /usr/share/pf; pointed out by Rod WhitworthJason McIntyre
2008-03-19remove superfluous backslashes and semicolonsIgor Sobrado
ok deraadt@
2008-03-06Change ramdisk filesystem size from 4352 to 4000 blocks, so thatTheo de Raadt
bsd.rd does not overlap the boot code... this problem is starting to feel familiar.. tested by myself and claudio
2008-03-06sector size for ramdisk should be 512Theo de Raadt
2008-03-04bsd.rd's physical memory usage collided with the bootblocks... TheTheo de Raadt
bootblocks have been moved, but we want 4.2 to be upgradeable. So reduce the footprint of the bsd.rd by shrinking the ramdisk filesystem because it is way too large. tested by sthen and kettenis
2008-03-03log a different notification message when the tcp check times out.Reyk Floeter
also adjust the documentation a little bit to decrease confusion about the check timeout. From pyr@ ok deraadt@
2008-02-29add configuration examples to the default pf.conf file (commented out):Reyk Floeter
- rdr-anchor "relayd/*": the anchor used by relayd to load redirections into pf. - pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to block icmp, this example proposes to allow it by default. ok henning@
2008-02-27Try to load host.random before starting the network, no networkDamien Miller
randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
2008-02-24Add entry for an iso image. -mojMats O Jansson
2008-02-204.3-betaMiod Vallat
2008-02-15Add /var/www/conf/modules and /var/www/conf/modules.sample.Bernd Ahlers
ok espie@, henning@
2008-02-09Add .ssh and authorized keys to /etc/skel, makes setting up newRyan Thomas McBride
pubkey authentication users with the correct file permissions a bit easier. ok djm krw henning miod and many others
2008-02-04add IPv6 addresses for the root servers.Jakob Schlyter
http://www.iana.org/reports/root-aaaa-announcement.html
2008-01-31remove /usr/share/pfHenning Brauer
2008-01-31enable snmpd in the buildReyk Floeter
approved by deraadt@, ok thib@
2008-01-30make clear that the nms should run in a local networkReyk Floeter
2008-01-21move snmpd.conf to the etc/ directory. it is not installed yet by the build.Reyk Floeter
2008-01-17Execute rtsol after turning up trunk(4) and vlan(4) interfaces so they'reBrad Smith
taken into consideration for rtsol. ok reyk@ dlg@
2008-01-16create pflog0 whenever pf is enabled, not just when pflogd_flags!=NOStuart Henderson
fixes spamlogd with pflogd disabled. ok henning
2008-01-09Do not bring up pfsync(4) before the working rulesetMarco Pfatschbacher
has been loaded. Otherwise, states that are received during the initial bulk update mismatch the correct pf-checksum and do not attach to the rules. Problem identified by david@. Fix done in collaboration. OK henning@
2008-01-09Try to make /etc/ttys more consistent accross platforms, which will alsoMiod Vallat
make the installation media's life easier: - stop using ``Pc'' as a getty terminal type, use std.9600 instead. - on platforms with multiple virtual consoles (alpha, amd64, i386, zaurus), console is disabled, various ttyC* are enabled. - on other platforms, console is enabled, all other devices are disabled. This only changes armish, mac68k, sgi. - default terminal for console is unknown on serial-only machines, vt220 on glass-capable machines (questionable, but done for consistency). - minor whitespace changes. - glass console forgotten on a couple platforms (luna88k, sparc64, vax). eyeballed by deraadt@, ok krw@
2008-01-08switch console to std.9600 (suncons is the same); ok miodTheo de Raadt
2008-01-06Update fbtab with the glass console devices.Miod Vallat
2008-01-05Add commented out entries for watchdog timers. If you enable the watchdogMarc Balmer
timeout, either set auto retriggering or start watchdogd(8)... From Mitja Muzenic. ok deraadt.
2008-01-04Use consistent capitalization in comments. From mitja@muzenic.net.Marc Balmer
2008-01-03create directory againTheo de Raadt
2008-01-03revert back to using local zones for localhost. and IPv4/IPv6 reverse untilJakob Schlyter
we've found a better solution for chrooted applications.
2008-01-01Updated moduli file; ok djm@Darren Tucker
2007-12-20typoJakob Schlyter
2007-12-20add OpenBSD-tagJakob Schlyter
2007-12-18add commented entry for machdep.kbdresetJasper Lievisse Adriaanse
ok jsing@ miod@
2007-12-16remove localhost. zone (localhost. queries are handled by /etc/hosts)Jakob Schlyter
replace IPv4 and IPv6 loopback zones with BIND's autogenerated empty zones. move root.hint to /var/named/etc remove empty directory /var/named/standard
2007-12-14Enable console support for SGI O2 workstations. Switch between the serialJoel Sing
and graphical console based on the selection made in the ARCBIOS. Early attachment of gbe(4) is still required, otherwise we have a working graphical console. ok miod@
2007-12-13add explicit allow-recursion for recursive viewJakob Schlyter
2007-12-11mention starttls(8)Todd C. Miller
2007-12-09_hoststated got renamed to _relaydReyk Floeter
2007-12-09hoststated.conf got renamed to relayd.confReyk Floeter
From Daniel Ouellet (daniel at presscom dot net)
2007-12-08make the generic handler for TCP-based protocols the default (allowsReyk Floeter
to use "protocol foo" without defining a type).
2007-12-08some changes to the relayd.conf configuration language and grammar.Reyk Floeter
the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
2007-12-07oops, _relayd not _relay; spotted by reykTheo de Raadt
2007-12-07hoststated gets renamed to relayd. easier to type, and actually saysReyk Floeter
what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
2007-12-07hoststated gets renamed to relayd. easier to type, and actually saysTheo de Raadt
what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
2007-11-28extend proxy exampleReyk Floeter
2007-11-26regenReyk Floeter
2007-11-26fix new agp code on amd64Reyk Floeter
- internal intel graphics semi-agp chipsets need special handling in pchb.c - re-add the i965GM device - use the correct major device id for /dev/agp0 on amd64 (not the i386 one) ok deraadt@