Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5633 Commits
49 Branches
66 MiB
Tree: 4aaa4831a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4aaa4831a6'
${ noResults }
openntpd-openbsd/src/etc/rc

869 lines
20 KiB
Raw Normal View History

in the most trivial way, request that the kernel arc4random re-key after we run netstart ok tedu, djm liked it too
13 years ago
initial import of NetBSD tree
29 years ago
Adda a stripcom function to strip comments (and leading whitespace, depending on IFS). This replaces the ed and sed code previously used to do this.
24 years ago
o move sysctl and mixerctl parsing into a subroutine instead of a subshell o update resource limits if kern.maxproc or kern.maxfiles is changed
19 years ago
o change wsconsctl.conf subshell into a function o move test for foo.conf into the foo_conf function proper
19 years ago
o move sysctl and mixerctl parsing into a subroutine instead of a subshell o update resource limits if kern.maxproc or kern.maxfiles is changed
19 years ago
o change wsconsctl.conf subshell into a function o move test for foo.conf into the foo_conf function proper
19 years ago
o move sysctl and mixerctl parsing into a subroutine instead of a subshell o update resource limits if kern.maxproc or kern.maxfiles is changed
19 years ago
o change wsconsctl.conf subshell into a function o move test for foo.conf into the foo_conf function proper
19 years ago
-w flag for wsconsctl is deprecated; from Tim van der Molen
16 years ago
o change wsconsctl.conf subshell into a function o move test for foo.conf into the foo_conf function proper
19 years ago
Try to load host.random before starting the network, no network randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
16 years ago
talk to /dev/arandom as a single read or write. in particular a single write will result in a single re-key event, rather than 64 writes causing 64 re-keys -- wasting the kernel's time. ok guenther
13 years ago
Try to load host.random before starting the network, no network randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
16 years ago
extra spaces found during inspection of other goo
15 years ago
Try to load host.random before starting the network, no network randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
16 years ago
talk to /dev/arandom as a single read or write. in particular a single write will result in a single re-key event, rather than 64 writes causing 64 re-keys -- wasting the kernel's time. ok guenther
13 years ago
Try to load host.random before starting the network, no network randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
16 years ago
automatically populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so as to avoid randomly allocating source ports that correspond to well-known services. Auto-filling of the baddynamic tables is performed before reading sysctl.conf, so it is still possible to add or subtract ports, or override the autofilling entirely there. Note that this requires a new kernel and /sbin/sysctl. feedback markus@ ok markus@ deraadt@ millert@
16 years ago
extra spaces found during inspection of other goo
15 years ago
automatically populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so as to avoid randomly allocating source ports that correspond to well-known services. Auto-filling of the baddynamic tables is performed before reading sysctl.conf, so it is still possible to add or subtract ports, or override the autofilling entirely there. Note that this requires a new kernel and /sbin/sysctl. feedback markus@ ok markus@ deraadt@ millert@
16 years ago
extra spaces found during inspection of other goo
15 years ago
automatically populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so as to avoid randomly allocating source ports that correspond to well-known services. Auto-filling of the baddynamic tables is performed before reading sysctl.conf, so it is still possible to add or subtract ports, or override the autofilling entirely there. Note that this requires a new kernel and /sbin/sysctl. feedback markus@ ok markus@ deraadt@ millert@
16 years ago
Adda a stripcom function to strip comments (and leading whitespace, depending on IFS). This replaces the ed and sed code previously used to do this.
24 years ago
initial import of NetBSD tree
29 years ago
Add a simple 'rc' system to base in order to start/stop/restart/reload services installed by the ports system (for now). It only uses pgrep/pkill to handle these processes. A manual page will come later. 'put it in' deraadt@
13 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
talk to /dev/arandom as a single read or write. in particular a single write will result in a single re-key event, rather than 64 writes causing 64 re-keys -- wasting the kernel's time. ok guenther
13 years ago
have shutdown code run /etc/rc with arg of "shutdown"; rc.shutdown becomes completely admin-editable
25 years ago
Pass pfsync and carp traffic in the boot-time pf configuration. Bring carp interfaces down at shutdown, to make a graceful exit if we're master. ok deraadt@
20 years ago
- specifically match carp+([0-9]):, not just carp*:. avoids spurious attempts to "ifconfig carp down" noticed by david@. - use non-descriptive variables names rather than $if/$junk to encourage people reading the code to think what it's doing; many of the output lines are not interface names. ok david@
15 years ago
Don't use grep/cut during shutdown, /usr might not be mounted. Spotted by deraadt@. These were used to bring down carp ifaces cleanly; replace with shell features. ok deraadt@, henning@. "Much mo' better" blambert@.
15 years ago
Pass pfsync and carp traffic in the boot-time pf configuration. Bring carp interfaces down at shutdown, to make a graceful exit if we're master. ok deraadt@
20 years ago
Bring down carp interfaces gracefully even if powerdown=YES in rc.shutdown. ok krw@ deraadt@
20 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Bring down carp interfaces gracefully even if powerdown=YES in rc.shutdown. ok krw@ deraadt@
20 years ago
have shutdown code run /etc/rc with arg of "shutdown"; rc.shutdown becomes completely admin-editable
25 years ago
initial import of NetBSD tree
29 years ago
move std stuff from rc.local to rc
28 years ago
initial import of NetBSD tree
29 years ago
Configure raid devices at boot (from NetBSD, ok by niklas@).
25 years ago
raid(4) parity check simplification
22 years ago
quiet raid check
22 years ago
raid(4) parity check simplification
22 years ago
With recent changes to swapctl(8), replace the invocation of swapon with two swapctl invocations. Swap on block devices is enabled before fscking filesystems, swap on files is enabled after all filesystems (including remote) are mounted.
23 years ago
swapon -a before fsck is run
23 years ago
move std stuff from rc.local to rc
28 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
initial import of NetBSD tree
29 years ago
fsck now raises datasize limit itself.
27 years ago
initial import of NetBSD tree
29 years ago
introduce {fsck,mount}_vnd tools to be able to describe vnd images in /etc/fstab instead of using some weird homegrown scripts. No support for boot time mounting yet, so "noauto" is still needed. original idea from david@ help and discussion todd@ bluhm@ beck@, manpage help jmc@ ok simon@ tedu@ bluhm@ todd@, "looks good" thib@
17 years ago
Diskless root mounts were ro too long
26 years ago
initial import of NetBSD tree
29 years ago
Try to load host.random before starting the network, no network randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
16 years ago
ooopppssss, backout last, lots of unrelated changes creeped in, noticed by jmc
20 years ago
initial import of NetBSD tree
29 years ago
Set up alternate keyboard encoding earlier in rc. ok miod@ henning@ deraadt@
20 years ago
move wsconsctl up earlier, so that any key changes made can be used to (for instance) interrupt dhclient with a ^C instead of a 'CAPS-LOCK C' from e@molioner.dk checked by matthieu
18 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Simpler default block. ok deraadt@
21 years ago
"pass on lo0" in the intermediate pf ruleset loaded during boot. solves PR3376 by matthew.gream@pobox.com, fix slightly different ok mcbride@ deraadt@
21 years ago
Sigh, add the rule in the right place (not just when NFS is used). From Dries Schellekens
22 years ago
Allow host to do dns lookups in the initial ruleset. This way, pfctl can properly boot rulesets with dns addresses in it.
21 years ago
Allow outbound ping in initial pf rules. dhclient needs this to validate old (but valid) leases in /var/db/dhclient.leases in case it needs to fall back to such a lease. (the dhcp server can be down or not responding) Reported by Chris Jepeway. "makes sense" henning dhartmei
21 years ago
Use inet6 pf rules only for inet6-capable setups, first spotted by form@pdp-11.org.ru. ok todd@ henning@
19 years ago
default pf rule too restrictive for IPv6 (need to allow NS/NA). deraadt ok
19 years ago
Use inet6 pf rules only for inet6-capable setups, first spotted by form@pdp-11.org.ru. ok todd@ henning@
19 years ago
Don't synchronise carp states in default PF ruleset, these get created on each host and end up conflicting, so they never sync anyways. ok dlg henning
15 years ago
be silent on kernels which lack nfs; d.doroshenko@omnitel.net
22 years ago
start pflogd in a different place; do not block NFS in diskless situations; danh & cedric@wireless-networks.com
23 years ago
a scrub was hiding here when nfs was enabled. since we want the no-df behaviour here replace by an explicit set reassemble yes no-df. noticed by Valery Masiutsin <val.masutin at gmail dot com>
15 years ago
permit tcp 111/2049 at boot too, for tcp nfs mounts; Jim Rees
16 years ago
start pflogd in a different place; do not block NFS in diskless situations; danh & cedric@wireless-networks.com
23 years ago
split the dummy ruleset pfctl -f - -e into separate -f - and -e. relevant when the dummy ruleset can't be loaded, we still want to enable pf, otherwise the real ruleset (even if that does load correctly) won't be active. might happen on a non-GENERIC kernel or after an update (before /etc is manually updated). reported by Jim Rees. ok frantzen@
19 years ago
Initialization infrastruture for pf. Based on initial patches by ian@, and much input and mangling from theo.
23 years ago
automatically populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so as to avoid randomly allocating source ports that correspond to well-known services. Auto-filling of the baddynamic tables is performed before reading sysctl.conf, so it is still possible to add or subtract ports, or override the autofilling entirely there. Note that this requires a new kernel and /sbin/sysctl. feedback markus@ ok markus@ deraadt@ millert@
16 years ago
o change wsconsctl.conf subshell into a function o move test for foo.conf into the foo_conf function proper
19 years ago
process sysctl.conf way earlier
24 years ago
initial import of NetBSD tree
29 years ago
increase the carp demotion counter by 128 instead of 1 while rc runs. you do not want a machine that is in the middle of rc and does not have all network daemons (that possibly increase the carp demotion counter further) to become master just because the other one lost 2 bgp sessions or similar for other daemons (esp sasyncd) and as such has a demotion count of >1. ok mcbride mpf deraadt
18 years ago
if, at boot time, a /etc/resolv.conf.save is found, assume this is from a dhclient that crashed so hard it was unable to swap the file back, and hence, finish that job. i convinced krw and henning that this is right right place (not in netstart)
19 years ago
use mv -f to avoid stopping during wrongly mounted root; sbeyer@reactor.de
14 years ago
if, at boot time, a /etc/resolv.conf.save is found, assume this is from a dhclient that crashed so hard it was unable to swap the file back, and hence, finish that job. i convinced krw and henning that this is right right place (not in netstart)
19 years ago
initial import of NetBSD tree
29 years ago
in the most trivial way, request that the kernel arc4random re-key after we run netstart ok tedu, djm liked it too
13 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Initialization infrastruture for pf. Based on initial patches by ian@, and much input and mangling from theo.
23 years ago
pfctl -f instead of -N/-R, ok deraadt@
22 years ago
Initialization infrastruture for pf. Based on initial patches by ian@, and much input and mangling from theo.
23 years ago
Do not bring up pfsync(4) before the working ruleset has been loaded. Otherwise, states that are received during the initial bulk update mismatch the correct pf-checksum and do not attach to the rules. Problem identified by david@. Fix done in collaboration. OK henning@
16 years ago
Initialization infrastruture for pf. Based on initial patches by ian@, and much input and mangling from theo.
23 years ago
Use the new -s flag to mount the /usr and /var partitions. Avoids doubly mounted mfs partitions. Also, at the end of the mount dance, try mount all partitions, not just nfs partitions. Handles a case where local paritition mounted inside a nfs partition where not mounted by rc (/usr on nfs with a local /usr/obj, for example). ok deraadt@ henning@
18 years ago
initial import of NetBSD tree
29 years ago
Consistantly use /dev/arandom for feeding entropy to the kernel. ok kjell otto miod
13 years ago
host.random whacking must be after /var is mounted, obviously
24 years ago
talk to /dev/arandom as a single read or write. in particular a single write will result in a single re-key event, rather than 64 writes causing 64 re-keys -- wasting the kernel's time. ok guenther
13 years ago
host.random whacking must be after /var is mounted, obviously
24 years ago
Try to load host.random before starting the network, no network randomisations (among other things) benefit from it. We still try again after /var has been definitely mounted in case it is on NFS; ok deraadt@
16 years ago
duh -- on first boot, do not build the host.random file twice; ok djm
17 years ago
after seeding from the host.random file, immediately reset the seed file, so that if a shutdown-less reboot occurs, the next re-seed is not a repeat
24 years ago
clean /var earlier
27 years ago
dhclient doesn't write a pid file any more; do remove the code that deals with it at startup; noticed by wilfried, millert ok
20 years ago
clear /var/authpf on bootup - ensure we don't kill things we shouldn't
22 years ago
Save a copy of the boot messages in /var/run/dmesg.boot.
25 years ago
sigh; move syslog up nearer the top. Any failures from this?
26 years ago
Make syslogd create a socket in /var/www/dev when httpd is enabled in order to make logging to syslog work with php for example. ok deraadt@, henning@
15 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
remove support for named_chroot and named_user; always run named as user named and chrooted to /var/named. ok deraadt@
21 years ago
Add named_user and named_chroot variables to simplify chroot'd named setup.
26 years ago
start nsd(8); ok deraadt
13 years ago
Add a /var/empty/dev/log socket for things that chroot to /var/empty.
21 years ago
fix typo
26 years ago
sigh; move syslog up nearer the top. Any failures from this?
26 years ago
create pflog0 whenever pf is enabled, not just when pflogd_flags!=NO fixes spamlogd with pflogd disabled. ok henning
16 years ago
when pf and pflogd are enabled, do a "ifconfig pflog0 create" early. rc checks pflog0 existance before starting pflogd0, pbly to not print an error message on pflog-less kernels... ugh. ok mcbride
17 years ago
Only try to run pflogd if pflog0 exists; from mpech@ OK deraadt@ and fgsch@
19 years ago
create pflog0 whenever pf is enabled, not just when pflogd_flags!=NO fixes spamlogd with pflogd disabled. ok henning
16 years ago
Only try to run pflogd if pflog0 exists; from mpech@ OK deraadt@ and fgsch@
19 years ago
start pflogd in a different place; do not block NFS in diskless situations; danh & cedric@wireless-networks.com
23 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
only generate shared secret for rndc if named will be started. tested by grange@, ok millert@
21 years ago
sigh; move syslog up nearer the top. Any failures from this?
26 years ago
start named earlier; this is an experiment
27 years ago
start nsd(8); ok deraadt
13 years ago
Move ipsec key creation before isakmpd, and sshd to become the first of the network daemons so that it can be used if another daemon stops in its tracks. ok claudio markus sthen
14 years ago
Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var. Also copy the generated RSA key for isakmpd into the iked directory; this way we share the same RSA key by default. ok deraadt@ jsg@
14 years ago
Move ipsec key creation before isakmpd, and sshd to become the first of the network daemons so that it can be used if another daemon stops in its tracks. ok claudio markus sthen
14 years ago
Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var. Also copy the generated RSA key for isakmpd into the iked directory; this way we share the same RSA key by default. ok deraadt@ jsg@
14 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Switch boot order: isakmpd starts before sasyncd. If a user is running sasyncd, start isakmpd with -S. In this mode isakmpd starts off passsive and doesn't delete SA's on shutdown. OK ho@, hshoexer@, deraadt@
18 years ago
isakmpd startup stuff
25 years ago
Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var. Also copy the generated RSA key for isakmpd into the iked directory; this way we share the same RSA key by default. ok deraadt@ jsg@
14 years ago
Switch boot order: isakmpd starts before sasyncd. If a user is running sasyncd, start isakmpd with -S. In this mode isakmpd starts off passsive and doesn't delete SA's on shutdown. OK ho@, hshoexer@, deraadt@
18 years ago
As the isakmpd fifo race is fixed, hook ipsecctl to rc. ok naddy@ todd@
18 years ago
Change "starting rpc daemons" to "starting initial daemons" as we also start ntpd at this time. discussed with jmc@; ok deraadt@
18 years ago
typo + comment
28 years ago
control portmap, inetd, and lpd from netstart; idea from tqbf@enteract.com
28 years ago
initial import of NetBSD tree
29 years ago
split ypserv & ypbind startup; ypserv does not depend on you being a client; from amh@POBOX.COM
19 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
split ypserv & ypbind startup; ypserv does not depend on you being a client; from amh@POBOX.COM
19 years ago
Put in hooks to start ypserv with flags
27 years ago
no ypxfrd
28 years ago
ypserv, ypbind, then rpc.yppasswdd
28 years ago
split ypserv & ypbind startup; ypserv does not depend on you being a client; from amh@POBOX.COM
19 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
permit rpc.yppasswdd run to be blocked, and block by default; ok henning tedu
20 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
fix test for yp in resolv.conf
28 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
OK, this is an insane commit. Comes from johnb@ugrad.cs.ualberta.ca, pr 3589. somehow he got his YP and DNS screwed up and nslookup $h was dealing with h = "" which was doing nslookup "", which is bad and hangs boots. be more careful by doing echo $h | nslookup instead.
19 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
OK, this is an insane commit. Comes from johnb@ugrad.cs.ualberta.ca, pr 3589. somehow he got his YP and DNS screwed up and nslookup $h was dealing with h = "" which was doing nslookup "", which is bad and hangs boots. be more careful by doing echo $h | nslookup instead.
19 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
fix rpc.yppasswdd conditional
28 years ago
Put in hooks to start rpc.yppasswdd with flags
27 years ago
intuit whether ypbind, ypserv, and rpc.yppasswdd should run
28 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
avoid a few extra processes; d.doroshenko@omnitel.net
24 years ago
Kill whitespace at eol.
26 years ago
initial import of NetBSD tree
29 years ago
revert vfs.nfs.privport sysctl, broke a few architectures requested by deraadt@
18 years ago
Add hook for rpc.lockd, make nfsd flags settable in netstart
27 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Add hook for rpc.lockd, make nfsd flags settable in netstart
27 years ago
start rpc.statd together with rpc.lockd "just get it in" deraadt
16 years ago
Add hook for rpc.lockd, make nfsd flags settable in netstart
27 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
initial import of NetBSD tree
29 years ago
change some defaults inside amd itself, so that the rc scripts no longer have to pass those options. this makes amd much easier to restart by hand (though it still remains a nasty daemon do that with) ok millert
15 years ago
initial import of NetBSD tree
29 years ago
ooopppssss, backout last, lots of unrelated changes creeped in, noticed by jmc
20 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
ooopppssss, backout last, lots of unrelated changes creeped in, noticed by jmc
20 years ago
Replace nmeattach (which will be removed) with ldattach.
16 years ago
Allow nmeaattach to start a sensor before starting ntpd. Many modern receivers can cold start in the time it takes the boot process to get close to starting ntpd. Even if the gps is not ready or the fix is not valid, at least the sensor has been created; ntpd won't have to wait a few minutes before scanning for the sensor. This makes using GPS as the sole source of time a bit easier. ok deraadt
17 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
ntpd -s by default is just a pause if there is no net
19 years ago
ooopppssss, backout last, lots of unrelated changes creeped in, noticed by jmc
20 years ago
initial import of NetBSD tree
29 years ago
Use the new -s flag to mount the /usr and /var partitions. Avoids doubly mounted mfs partitions. Also, at the end of the mount dance, try mount all partitions, not just nfs partitions. Handles a case where local paritition mounted inside a nfs partition where not mounted by rc (/usr on nfs with a local /usr/obj, for example). ok deraadt@ henning@
18 years ago
sigh; move syslog up nearer the top. Any failures from this?
26 years ago
With recent changes to swapctl(8), replace the invocation of swapon with two swapctl invocations. Swap on block devices is enabled before fscking filesystems, swap on files is enabled after all filesystems (including remote) are mounted.
23 years ago
initial import of NetBSD tree
29 years ago
Permit flags to be set for savecore, e.g. to compress core dumps ok millert@ fgsch@
22 years ago
initial import of NetBSD tree
29 years ago
Arla client rename from xfs to nnpfs for later upgrades. Tested on various arches. ok todd@ beck@
15 years ago
startup code for AFS
26 years ago
simplify afs startup so all you have to do is say "YES" to get basic AFS functionality (enough to to pkg_add's)
20 years ago
Arla client rename from xfs to nnpfs for later upgrades. Tested on various arches. ok todd@ beck@
15 years ago
spacing
20 years ago
startup code for AFS
26 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Make quotas optional; wedged into netstart for the time being. /etc/rc.conf, anyone?
27 years ago
initial import of NetBSD tree
29 years ago
split database line up nicely; krw@tcn.net
25 years ago
When running kvm_mkdb, don't specify /bsd so we can use /dev/ksyms if it exists and is configured
26 years ago
split database line up nicely; krw@tcn.net
25 years ago
initial import of NetBSD tree
29 years ago
split database line up nicely; krw@tcn.net
25 years ago
initial import of NetBSD tree
29 years ago
chmod/chown all the ptys
25 years ago
fix another non-POSIX chown; Chuck Yerkes
21 years ago
initial import of NetBSD tree
29 years ago
move std stuff from rc.local to rc
28 years ago
initial import of NetBSD tree
29 years ago
Clear /tmp before running /etc/rc.securelevel. Brian Candler <btc@demon.net>
27 years ago
When cleaning /tmp at boot, run the slower find unconditionally. Previously if the quick rm -rf failed, find was not run, so some files were not removed. Looks good to tedu@.
14 years ago
Clear /tmp before running /etc/rc.securelevel. Brian Candler <btc@demon.net>
27 years ago
Use -execdir not -exec in find; deraadt@
25 years ago
Clear /tmp before running /etc/rc.securelevel. Brian Candler <btc@demon.net>
27 years ago
kill double whitespace, PR3934, for rea this time and without unrelated changes
20 years ago
Prevent possible races by moving .X11 fixups to before the system goes multiuser. In consultation with dynamo; cleared by millert.
22 years ago
kill whitespace at EOL; David Krause
21 years ago
Prevent possible races by moving .X11 fixups to before the system goes multiuser. In consultation with dynamo; cleared by millert.
22 years ago
kill whitespace at EOL; David Krause
21 years ago
Prevent possible races by moving .X11 fixups to before the system goes multiuser. In consultation with dynamo; cleared by millert.
22 years ago
test -> [
26 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Don't source /etc/rc.securelevel if it doesn't exist and be more verbose when upping the securelevel.
27 years ago
remove -w option to sysctl; diffs from Paul de Weerd; ok deraadt@
20 years ago
split rc.local, creating rc.securelevel. Read the comments. If you believe in securelevels, follow them religiously. Problem found by millert...
27 years ago
move motd generation to avoid user races; kashmir@umiacs.umd.edu
27 years ago
Adda a stripcom function to strip comments (and leading whitespace, depending on IFS). This replaces the ed and sed code previously used to do this.
24 years ago
typo; -eq not -ne
25 years ago
Use mktemp(1) for motd /tmp file during boot. This fixes a potential problem noted by hugh@openbsd.org whereby a user could create the well-known /tmp/_motd file and use chflags to make it unremovable. Then at the next reboot the user's /tmp/_motd would end up in the system motd.
25 years ago
move motd generation to avoid user races; kashmir@umiacs.umd.edu
27 years ago
- add a new "accounting" variable (default to NO) to enable accouting (if the file /var/account/acct does not exist it will be created) ok mk@
17 years ago
initial import of NetBSD tree
29 years ago
do ldconfig before all ssh; because they need /usr/local/lib for searching
25 years ago
re-order shlib_dirs, now X11R6/lib, local/lib, then custom libdirs concept originally from Joshua Stein <jcs@rt.fm>, thanks! markus@, espie@ ok; based on useful discussion from fgsch@, espie@, heko@
23 years ago
do ldconfig before all ssh; because they need /usr/local/lib for searching
25 years ago
re-order shlib_dirs, now X11R6/lib, local/lib, then custom libdirs concept originally from Joshua Stein <jcs@rt.fm>, thanks! markus@, espie@ ok; based on useful discussion from fgsch@, espie@, heko@
23 years ago
do ldconfig before all ssh; because they need /usr/local/lib for searching
25 years ago
Move vi.recover invocation until after after ldconf is run. Fixes a problem when postfix w/ sasl & tls is used instead of sendmail and perl is dynamically linked anyway. Closes PR 3605. OK deraadt@ and drahn@
20 years ago
- add a full stop for consistency ok deraadt@ dlg@
16 years ago
Move vi.recover invocation until after after ldconf is run. Fixes a problem when postfix w/ sasl & tls is used instead of sendmail and perl is dynamically linked anyway. Closes PR 3605. OK deraadt@ and drahn@
20 years ago
move ssh config files to /etc/ssh
22 years ago
build DSA keys automatically at boot time
24 years ago
move ssh config files to /etc/ssh
22 years ago
generate all 3 keys, use -t xxx
23 years ago
add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste <mattieu.b@gmail.com> ok deraadt@
14 years ago
move ssh config files to /etc/ssh
22 years ago
generate all 3 keys, use -t xxx
23 years ago
move ssh config files to /etc/ssh
22 years ago
build DSA keys automatically at boot time
24 years ago
move ssh config files to /etc/ssh
22 years ago
print "RSA1" for protocol v1
22 years ago
move ssh config files to /etc/ssh
22 years ago
start ssh as part of base system; if no host key, build it upon boot
25 years ago
initial import of NetBSD tree
29 years ago
Move ipsec key creation before isakmpd, and sshd to become the first of the network daemons so that it can be used if another daemon stops in its tracks. ok claudio markus sthen
14 years ago
delete excessive ; use
13 years ago
Move ipsec key creation before isakmpd, and sshd to become the first of the network daemons so that it can be used if another daemon stops in its tracks. ok claudio markus sthen
14 years ago
enable snmpd in the build approved by deraadt@, ok thib@
16 years ago
Add ldpd(8) to /etc/rc* files. It needs to be started before the routing daemons. In this way every new prefix learnt by them already has a label associated. discussed with and ok'ed by claudio@
14 years ago
Add the _ripd user and startup stuff. ok claudio@
17 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
from netbsd: start mrouted like routed
28 years ago
add all the goo to hook dvmrp into the system ok derradt@
18 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
add ospfd, ok theo From: Jason Crawford <jasonrcrawford@gmail.com>, whitespace fixes me
19 years ago
Add the user _ospf6d otherwise the newly imported ospf6d daemon will not start. ok dlg@
16 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
add the goo for bgpd, theo ok
20 years ago
Add ifstated(8) startup bits. OK deraadt@, henning@, mcbride@
18 years ago
hoststated gets renamed to relayd. easier to type, and actually says what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
16 years ago
link hoststated to the builds. ok miod@, henning@
17 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
dhcpd: start from rc, controlled by rc.conf; sample config files
26 years ago
Deprecate /etc/dhcpd.interfaces. This is made unnecessary by dhcpd_flags. ok deraadt@ beck@ reyk@ phessler@
16 years ago
dhcpd: start from rc, controlled by rc.conf; sample config files
26 years ago
Hook dhcrelay(8) into the startup process. ok henning@
18 years ago
add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags
24 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags
24 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags
24 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags
24 years ago
add hostapd to rc/rc.conf glue suggested and ok by kettenis@
18 years ago
delete excessive ; use
13 years ago
add hostapd to rc/rc.conf glue suggested and ok by kettenis@
18 years ago
Add bt=YES to /etc/rc.conf.local to start the daemon
15 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
initial import of NetBSD tree
29 years ago
control portmap, inetd, and lpd from netstart; idea from tqbf@enteract.com
28 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
change printed line from `printer' to `lpd'; deraadt@ ok.
19 years ago
control portmap, inetd, and lpd from netstart; idea from tqbf@enteract.com
28 years ago
initial import of NetBSD tree
29 years ago
Add ldapd to rc and rc.conf. Enable it at boot with ldapd_flags=. ok deraadt@ gilles@
14 years ago
delete excessive ; use
13 years ago
Add ldapd to rc and rc.conf. Enable it at boot with ldapd_flags=. ok deraadt@ gilles@
14 years ago
remove redundant comments; noted by mpf; ok deraadt, millert
18 years ago
If /etc/mailer.conf specifies a mailer other than sendmail, there may be no /etc/mail/sendmail.cf so don't include that in the check for whether or not to run /usr/sbin/sendmail. Instead, check for the existence of /etc/mailer.conf. Pointed out by Theo.
24 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
When starting up sendmail in the background, redirect stderr to /dev/null too. Otherwise, if there is a name resolution problem the rc files may finish before sendmail forks into a daemon and it will complain about EBADF on stderr (since init revoked it). From a discussion between Theo and myself.
24 years ago
initial import of NetBSD tree
29 years ago
support for smtpd(8); ok gilles@
15 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Clean-up after httpd
24 years ago
Back-out use of apachectl to start httpd: 1) It's one more dependency in /etc/rc 2) It's one more script that starts from /etc/rc (slowdown) 3) We're only going to be starting httpd in /etc/rc anyway (no other weird operations), so there's no reason to force a change in rc.conf 4) apachectl(8) doesn't mention "startssl" directive 5) Admins can use apachectl to manage httpd regardless of how the latter was started Thanks to fgs@ for yelling about this :-)
23 years ago
httpd is now in the tree, and an rc.conf flag turns it on
26 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Add option for running ftpd out of rc.
26 years ago
add new ftp-proxy startup bits ok henning beck
18 years ago
Add option for running ftpd out of rc.
26 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Allow identd to be used w/o inetd.
24 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
control portmap, inetd, and lpd from netstart; idea from tqbf@enteract.com
28 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
spamd_grey=YES should really be spamd_black=NO as disscussed with jmc and millert. ok millert@
17 years ago
Flag day for spamd - 1) config files move to /etc/mail 2) -g option goes away in spamd-setup and spamd - greylisting is now the default 3) option change to spamd, -b addr becomes -l addr. 4) -b option in spamd-setup and spamd to turn on old blacklisting mode. Man page shortly to be flensed to make this easier to explain ok deraadt@ millert@
17 years ago
move spamd to a better place; ok henning beck
20 years ago
Allow spamd_flags banner to contain spaces. Resolves PR 3720. ok beck@ millert@
20 years ago
New option -D to daemonize spamd-setup for early bootup use. This avoids spamd-setup hanging if there are various (network?) issues and the system not proceeding to multiuser so that this can be debugged. We do not use & for startup in /etc/rc because this makes the spamd-setup a child of the rc scripts after bootup (that is gross) Problem reported in PR 5864, change discussed with beck, ok millert
15 years ago
catch second instance of spamd_grey - thanks millert and jmc
17 years ago
move spamd to a better place; ok henning beck
20 years ago
introduce spamlogd_flags to make it easier to e. g. bind spamlogd to an interface; no change in default config from Toni Mueller <support@oeko.net>, ja ja ja ja bob
19 years ago
move spamd to a better place; ok henning beck
20 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
initial import of NetBSD tree
29 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
Add support for mopd. -moj
26 years ago
initial import of NetBSD tree
29 years ago
configure mixers late; obsd@enop.org 4970
18 years ago
start ``aucat -l'' from /etc/rc, unless aucat_flags=NO, which is the default setting in rc.conf. ok deraadt
14 years ago
KerberosV support. Kerberos related cleanup.
23 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
KerberosV support. Kerberos related cleanup.
23 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
KerberosV support. Kerberos related cleanup.
23 years ago
If a /etc/rc.firsttime file exists, run it just once, mailing the output to root. If anyone wants to use this in a siteXX.tgz file, please be sure to *concatenate* to the file -- not replace it -- since the installer is going to be using this file itself. discussed with todd and halex
14 years ago
Don't print 'Null message body; hope that's ok' in the rc output if the call to rc.firstime doesn't output anything to mail(1). ok deraadt@ halex@
13 years ago
If a /etc/rc.firsttime file exists, run it just once, mailing the output to root. If anyone wants to use this in a siteXX.tgz file, please be sure to *concatenate* to the file -- not replace it -- since the installer is going to be using this file itself. discussed with todd and halex
14 years ago
test -> [
26 years ago
move std stuff from rc.local to rc
28 years ago
move cron to the end so users cannot run cron jobs before the system is all the way up
26 years ago
put back recent change (apmd flags) that was accidently removed
26 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
spacing
20 years ago
put back recent change (apmd flags) that was accidently removed
26 years ago
sensorsd startup via rc/rc.conf ok millert@
20 years ago
hotplugd startup. ok deraadt@
20 years ago
add bits for watchdogd startup, PR4540 Michael Knudsen <e@molioner.dk> but I put it at a different place, watchdogd is really not a network daemon
18 years ago
move cron to the end so users cannot run cron jobs before the system is all the way up
26 years ago
put back recent change (apmd flags) that was accidently removed
26 years ago
Carp demotion interlock. Prevents carp from preempting until the system is booted, allowing for daemons to sync with peers before we take over. ok deraadt@ mpf@ moritz@
18 years ago
increase the carp demotion counter by 128 instead of 1 while rc runs. you do not want a machine that is in the middle of rc and does not have all network daemons (that possibly increase the carp demotion counter further) to become master just because the other one lost 2 bgp sessions or similar for other daemons (esp sasyncd) and as such has a demotion count of >1. ok mcbride mpf deraadt
18 years ago
Carp demotion interlock. Prevents carp from preempting until the system is booted, allowing for daemons to sync with peers before we take over. ok deraadt@ mpf@ moritz@
18 years ago
move cron to the end so users cannot run cron jobs before the system is all the way up
26 years ago
initial import of NetBSD tree
29 years ago
add xdm control to /etc/rc.conf; X11 docs need updating
26 years ago
Make test(1) usage consistent when testing a variable that may not be set. OK deraadt@
19 years ago
oops
23 years ago
moused will now co-exist with X
24 years ago
add xdm control to /etc/rc.conf; X11 docs need updating
26 years ago
Make sure xdm is installed before trying to run it ok deraadt@
15 years ago
Actually use $xdm_flags.
26 years ago
add xdm control to /etc/rc.conf; X11 docs need updating
26 years ago
initial import of NetBSD tree
29 years ago
 
  1. #	$OpenBSD: rc,v 1.348 2011/01/14 00:05:42 deraadt Exp $
  2. 

  3. # System startup script run by init on autoboot
  4. # or after single-user.
  5. # Output and error are redirected to console by init,
  6. # and the console is the controlling terminal.
  7. 

  8. # Subroutines (have to come first).
  9. 

  10. # Strip comments (and leading/trailing whitespace if IFS is set)
  11. # from a file and spew to stdout
  12. stripcom() {
  13. 	local _file="$1"
  14. 	local _line
  15. 

  16. 	{
  17. 		while read _line ; do
  18. 			_line=${_line%%#*}		# strip comments
  19. 			test -z "$_line" && continue
  20. 			echo $_line
  21. 		done
  22. 	} < $_file
  23. }
  24. 

  25. # Update resource limits when sysctl changes
  26. # Usage: update_limit -X loginconf_name
  27. update_limit() {
  28. 	local _fl="$1"	# ulimit flag
  29. 	local _lc="$2"	# login.conf name
  30. 	local _new _suf
  31. 

  32. 	for _suf in "" -cur -max; do
  33. 		_new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null`
  34. 		if [ X"$_new" != X"" ]; then
  35. 			if [ X"$_new" = X"infinity" ]; then
  36. 				_new=unlimited
  37. 			fi
  38. 			case "$_suf" in
  39. 			-cur)
  40. 				ulimit -S $_fl $_new
  41. 				;;
  42. 			-max)
  43. 				ulimit -H $_fl $_new
  44. 				;;
  45. 			*)
  46. 				ulimit $_fl $_new
  47. 				return
  48. 				;;
  49. 			esac
  50. 		fi
  51. 	done
  52. }
  53. 

  54. sysctl_conf() {
  55. 	test -s /etc/sysctl.conf || return
  56. 

  57. 	# delete comments and blank lines
  58. 	set -- `stripcom /etc/sysctl.conf`
  59. 	while [ $# -ge 1 ] ; do
  60. 		sysctl $1
  61. 		# update limits if needed
  62. 		case $1 in
  63. 		kern.maxproc=*)
  64. 			update_limit -p maxproc
  65. 			;;
  66. 		kern.maxfiles=*)
  67. 			update_limit -n openfiles
  68. 			;;
  69. 		esac
  70. 		shift
  71. 	done
  72. }
  73. 

  74. mixerctl_conf()
  75. {
  76. 	test -s /etc/mixerctl.conf || return
  77. 

  78. 	# delete comments and blank lines
  79. 	set -- `stripcom /etc/mixerctl.conf`
  80. 	while [ $# -ge 1 ] ; do
  81. 		mixerctl -q $1 > /dev/null 2>&1
  82. 		shift
  83. 	done
  84. }
  85. 

  86. wsconsctl_conf()
  87. {
  88. 	local save_IFS="$IFS"
  89. 

  90. 	test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return
  91. 	# delete comments and blank lines
  92. 	IFS="
  93. "
  94. 	set -- `stripcom /etc/wsconsctl.conf`
  95. 	IFS="$save_IFS"
  96. 	while [ $# -ge 1 ] ; do
  97. 		eval /sbin/wsconsctl $1
  98. 		shift
  99. 	done
  100. }
  101. 

  102. random_seed()
  103. {
  104. 	if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then
  105. 		dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \
  106. 		    > /dev/null 2>&1
  107. 

  108. 		# reset seed file, so that if a shutdown-less reboot occurs,
  109. 		# the next seed is not a repeat
  110. 		dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
  111. 		    > /dev/null 2>&1
  112. 

  113. 		random_seed_done=1
  114. 	fi
  115. }
  116. 

  117. fill_baddynamic()
  118. {
  119. 	local _service="$1"
  120. 	local _sysctl="net.inet.${_service}.baddynamic"
  121. 	local _name _port _srv _junk _ban
  122. 	local _i=0
  123. 	grep "/${_service}" /etc/services | {
  124. 		IFS=" 	/"
  125. 		while read _name _port _srv _junk; do
  126. 			[ "x${_srv}" = "x${_service}" ] || continue;
  127. 			if [ "x${_ban}" = "x" ]; then
  128. 				_ban="+${_port}"
  129. 			else
  130. 				_ban="${_ban},+${_port}"
  131. 			fi
  132. 			# Flush before argv gets too long
  133. 			if [ $((++_i)) -gt 128 ]; then
  134. 				sysctl ${_sysctl}=${_ban} >/dev/null
  135. 				_ban=""
  136. 				_i=0
  137. 			fi
  138. 		done;
  139. 		if [ "x${_ban}" != "x" ]; then
  140. 			sysctl ${_sysctl}=${_ban} >/dev/null
  141. 		fi
  142. 	}
  143. }
  144. 

  145. # End subroutines
  146. 

  147. stty status '^T'
  148. 

  149. # Set shell to ignore SIGINT (2), but not children;
  150. # shell catches SIGQUIT (3) and returns to single user after fsck.
  151. trap : 2
  152. trap : 3	# shouldn't be needed
  153. 

  154. HOME=/; export HOME
  155. PATH=/sbin:/bin:/usr/sbin:/usr/bin
  156. export PATH
  157. 

  158. # pick up option configuration
  159. . /etc/rc.conf
  160. 

  161. if [ X"$1" = X"shutdown" ]; then
  162. 	dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1
  163. 	chmod 600 /var/db/host.random >/dev/null 2>&1
  164. 	if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then
  165. 		echo /etc/rc.shutdown in progress...
  166. 		. /etc/rc.shutdown
  167. 		echo /etc/rc.shutdown complete.
  168. 

  169. 		# bring carp interfaces down gracefully
  170. 		ifconfig | while read a b; do
  171. 			case $a in
  172. 			carp+([0-9]):) ifconfig ${a%:} down ;;
  173. 			esac
  174. 		done
  175. 

  176. 		if [ X"${powerdown}" = X"YES" ]; then
  177. 			exit 2
  178. 		fi
  179. 

  180. 	else
  181. 		echo single user: not running /etc/rc.shutdown
  182. 	fi
  183. 	exit 0
  184. fi
  185. 

  186. # Configure ccd devices.
  187. if [ -f /etc/ccd.conf ]; then
  188. 	ccdconfig -C
  189. fi
  190. 

  191. # Configure raid devices.
  192. for dev in 0 1 2 3; do
  193. 	if [ -f /etc/raid$dev.conf ]; then
  194. 		raidctl -c /etc/raid$dev.conf raid$dev
  195. 	fi
  196. done
  197. 

  198. # Check parity on raid devices.
  199. raidctl -P all
  200. 

  201. swapctl -A -t blk
  202. 

  203. if [ -e /fastboot ]; then
  204. 	echo "Fast boot: skipping disk checks."
  205. elif [ X"$1" = X"autoboot" ]; then
  206. 	echo "Automatic boot in progress: starting file system checks."
  207. 	fsck -p
  208. 	case $? in
  209. 	0)
  210. 		;;
  211. 	2)
  212. 		exit 1
  213. 		;;
  214. 	4)
  215. 		echo "Rebooting..."
  216. 		reboot
  217. 		echo "Reboot failed; help!"
  218. 		exit 1
  219. 		;;
  220. 	8)
  221. 		echo "Automatic file system check failed; help!"
  222. 		exit 1
  223. 		;;
  224. 	12)
  225. 		echo "Boot interrupted."
  226. 		exit 1
  227. 		;;
  228. 	130)
  229. 		# interrupt before catcher installed
  230. 		exit 1
  231. 		;;
  232. 	*)
  233. 		echo "Unknown error; help!"
  234. 		exit 1
  235. 		;;
  236. 	esac
  237. fi
  238. 

  239. trap "echo 'Boot interrupted.'; exit 1" 3
  240. 

  241. umount -a >/dev/null 2>&1
  242. mount -a -t nonfs,vnd
  243. mount -uw /		# root on nfs requires this, others aren't hurt
  244. rm -f /fastboot		# XXX (root now writeable)
  245. 

  246. random_seed
  247. 

  248. # set flags on ttys.  (do early, in case they use tty for SLIP in netstart)
  249. echo 'setting tty flags'
  250. ttyflags -a
  251. 

  252. if [ -f /sbin/kbd -a -f /etc/kbdtype ]; then
  253. 	kbd `cat /etc/kbdtype`
  254. fi
  255. 

  256. wsconsctl_conf
  257. 

  258. if [ X"${pf}" != X"NO" ]; then
  259. 	RULES="block all"
  260. 	RULES="$RULES\npass on lo0"
  261. 	RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
  262. 	RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state"
  263. 	RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state"
  264. 	if ifconfig lo0 inet6 >/dev/null 2>&1; then
  265. 		RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol"
  266. 		RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv"
  267. 		RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol"
  268. 		RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv"
  269. 	fi
  270. 	RULES="$RULES\npass proto carp keep state (no-sync)"
  271. 	case `sysctl vfs.mounts.nfs 2>/dev/null` in
  272. 	*[1-9]*)
  273. 		# don't kill NFS
  274. 		RULES="set reassemble yes no-df\n$RULES"
  275. 		RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any"
  276. 		RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }"
  277. 		;;
  278. 	esac
  279. 	echo $RULES | pfctl -f -
  280. 	pfctl -e
  281. fi
  282. 

  283. # Fill net.inet.(tcp|udp).baddynamic lists from /etc/services
  284. fill_baddynamic udp
  285. fill_baddynamic tcp
  286. 

  287. sysctl_conf
  288. 

  289. # set hostname, turn on network
  290. echo 'starting network'
  291. ifconfig -g carp carpdemote 128
  292. if [ -f /etc/resolv.conf.save ]; then
  293. 	mv -f /etc/resolv.conf.save /etc/resolv.conf
  294. 	touch /etc/resolv.conf
  295. fi
  296. . /etc/netstart
  297. echo rekey > /dev/arandom	# any write triggers an RC4 rekey
  298. 

  299. if [ X"${pf}" != X"NO" ]; then
  300. 	if [ -f ${pf_rules} ]; then
  301. 		pfctl -f ${pf_rules}
  302. 	fi
  303. 	# bring up pfsync after the working ruleset has been loaded
  304. 	if [ -f /etc/hostname.pfsync0 ]; then
  305. 		. /etc/netstart pfsync0
  306. 	fi
  307. fi
  308. 

  309. mount -s /usr >/dev/null 2>&1
  310. mount -s /var >/dev/null 2>&1
  311. 

  312. # if there's no /var/db/host.random, use /dev/arandom to create one
  313. if [ ! -f /var/db/host.random ]; then
  314. 	dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
  315. 		>/dev/null 2>&1
  316. 	chmod 600 /var/db/host.random >/dev/null 2>&1
  317. else
  318. 	# Try to read seed if it was not initially present (e.g. /var on NFS)
  319. 	random_seed
  320. fi
  321. 

  322. # clean up left-over files
  323. rm -f /etc/nologin
  324. rm -f /var/spool/lock/LCK.*
  325. rm -f /var/spool/uucp/STST/*
  326. (cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; })
  327. (cd /var/authpf && rm -rf -- *)
  328. 

  329. # save a copy of the boot messages
  330. dmesg >/var/run/dmesg.boot
  331. 

  332. echo 'starting system logger'
  333. rm -f /dev/log
  334. if [ X"${httpd_flags}" != X"-u" ]; then
  335. 	rm -f /var/www/dev/log
  336. 	syslogd_flags="${syslogd_flags} -a /var/www/dev/log"
  337. fi
  338. if [ X"${named_flags}" != X"NO" ]; then
  339. 	rm -f /var/named/dev/log
  340. 	syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
  341. fi
  342. if [ X"${nsd_flags}" != X"NO" ]; then
  343. 	rm -f /var/nsd/dev/log
  344. 	syslogd_flags="${syslogd_flags} -a /var/nsd/dev/log"
  345. fi
  346. if [ -d /var/empty ]; then
  347. 	rm -f /var/empty/dev/log
  348. 	mkdir -p -m 0555 /var/empty/dev
  349. 	syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
  350. fi
  351. syslogd ${syslogd_flags}
  352. 

  353. if [ X"${pf}" != X"NO" ]; then
  354. 	ifconfig pflog0 create >/dev/null 2>&1
  355. 	if ifconfig pflog0 >/dev/null 2>&1; then
  356. 		ifconfig pflog0 up
  357. 		if [ X"${pflogd_flags}" != X"NO" ]; then
  358. 			pflogd ${pflogd_flags}
  359. 		fi
  360. 	fi
  361. fi
  362. 

  363. if [ X"${named_flags}" != X"NO" ]; then
  364. 	if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
  365. 		echo -n "rndc-confgen: generating new shared secret... "
  366. 		if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then
  367. 			chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1
  368. 			echo done.
  369. 		else
  370. 			echo failed.
  371. 		fi
  372. 	fi
  373. 

  374. 	echo 'starting named';		named $named_flags
  375. fi
  376. 

  377. if [ X"${nsd_flags}" != X"NO" ]; then
  378. 	echo 'starting nsd';		nsd $nsd_flags
  379. fi
  380. 

  381. if [ ! -f /etc/isakmpd/private/local.key ]; then
  382. 	echo -n "openssl: generating new isakmpd/iked RSA key... "
  383. 	if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
  384. 	    > /dev/null 2>&1; then
  385. 		chmod 600 /etc/isakmpd/private/local.key
  386. 		openssl rsa -out /etc/isakmpd/local.pub \
  387. 		    -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1
  388. 		echo done.
  389. 	else
  390. 		echo failed.
  391. 	fi
  392. fi
  393. 

  394. if [ ! -f /etc/iked/private/local.key ]; then
  395. 	# Just copy the generated isakmpd key
  396. 	cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
  397. 	chmod 600 /etc/iked/private/local.key
  398. 	cp /etc/isakmpd/local.pub /etc/iked/local.pub
  399. fi
  400. 

  401. if [ X"${isakmpd_flags}" != X"NO" ]; then
  402. 	if [ X"${sasyncd_flags}" != X"NO" ]; then
  403. 		isakmpd_flags="-S ${isakmpd_flags}"
  404. 	fi
  405. 	echo 'starting isakmpd';	isakmpd ${isakmpd_flags}
  406. fi
  407. 

  408. if [ X"${iked_flags}" != X"NO" ]; then
  409. 	if [ X"${sasyncd_flags}" != X"NO" ]; then
  410. 		iked_flags="-S ${iked_flags}"
  411. 	fi
  412. 	echo 'starting iked';		iked ${iked_flags}
  413. fi
  414. 

  415. if [ X"${sasyncd_flags}" != X"NO" ]; then
  416. 	echo 'starting sasyncd';	sasyncd ${sasyncd_flags}
  417. fi
  418. 

  419. if [ X"${ipsec}" != X"NO" ]; then
  420. 	if [ -f ${ipsec_rules} ]; then
  421. 		ipsecctl -f ${ipsec_rules}
  422. 	fi
  423. fi
  424. 

  425. echo -n 'starting initial daemons:'
  426. 

  427. if [ X"${portmap}" = X"YES" ]; then
  428. 	echo -n ' portmap';		portmap
  429. fi
  430. 

  431. if [ X`domainname` != X ]; then
  432. 	if [ -d /var/yp/`domainname` ]; then
  433. 		# YP server capabilities needed...
  434. 		echo -n ' ypserv';		ypserv ${ypserv_flags}
  435. 		#echo -n ' ypxfrd';		ypxfrd
  436. 	fi
  437. 

  438. 	if [ -d /var/yp/binding ]; then
  439. 		# YP client capabilities needed...
  440. 		echo -n ' ypbind';		ypbind
  441. 	fi
  442. 

  443. 	if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then
  444. 		# if we are the master server, run rpc.yppasswdd
  445. 		_host1=`ypwhich -m passwd 2> /dev/null`
  446. 		_host2=`hostname`
  447. 		if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then
  448. 			_host1=`ypmatch $_host1 hosts | cut -d'	' -f2`
  449. 			_host2=`ypmatch $_host2 hosts | cut -d'	' -f2 | head -1`
  450. 		else
  451. 			_host1=`echo $_host1 | nslookup | grep '^Name: ' | \
  452. 			    sed -e 's/^Name:    //'`
  453. 			_host2=`echo $_host2 | nslookup | grep '^Name: ' | \
  454. 			    sed -e 's/^Name:    //'`
  455. 		fi
  456. 		if [ "$_host2" = "$_host1" ]; then
  457. 			echo -n ' rpc.yppasswdd'
  458. 			rpc.yppasswdd ${yppasswdd_flags}
  459. 		fi
  460. 	fi
  461. fi
  462. 

  463. if [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \
  464.     `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then
  465. 	rm -f /var/db/mountdtab
  466. 	echo -n > /var/db/mountdtab
  467. 	echo -n ' mountd';		mountd
  468. 	echo -n ' nfsd';		nfsd ${nfsd_flags}
  469. 	if [ X"${lockd}" = X"YES" ]; then
  470. 		echo -n ' rpc.lockd';	rpc.lockd
  471. 		echo -n ' rpc.statd';	rpc.statd
  472. 	fi
  473. fi
  474. 

  475. if [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then
  476. 	echo -n ' amd'
  477. 	(cd /etc/amd; amd `cat ${amd_master}`)
  478. fi
  479. 

  480. # run rdate before timed/ntpd
  481. if [ X"${rdate_flags}" != X"NO" ]; then
  482. 	echo -n ' rdate';	rdate -s ${rdate_flags}
  483. fi
  484. 

  485. if [ X"${timed_flags}" != X"NO" ]; then
  486. 	echo -n ' timed'; timed $timed_flags
  487. fi
  488. 

  489. if [ X"${ldattach_flags}" != X"NO" -a -n "${ldattach_flags}" ]; then
  490. 	echo -n ' ldattach'; ldattach ${ldattach_flags}
  491. fi
  492. 

  493. if [ X"${ntpd_flags}" != X"NO" ]; then
  494. 	echo -n ' ntpd'; ntpd $ntpd_flags
  495. fi
  496. echo '.'
  497. 

  498. mount -a
  499. 

  500. swapctl -A -t noblk
  501. 

  502. # /var/crash should be a directory or a symbolic link
  503. # to the crash directory if core dumps are to be saved.
  504. if [ -d /var/crash ]; then
  505. 	savecore ${savecore_flags} /var/crash
  506. fi
  507. 

  508. if [ X"${afs}" = X"YES" -a -c /dev/nnpfs0 ]; then
  509. 	echo -n 'mounting afs:'
  510. 	mkdir -p -m 0755 /afs
  511. 	mount -t nnpfs /dev/nnpfs0 /afs
  512. 	/usr/libexec/afsd ${afsd_flags}
  513. 	echo ' done.'
  514. fi
  515. 

  516. if [ X"${check_quotas}" = X"YES" ]; then
  517. 	echo -n 'checking quotas:'
  518. 	quotacheck -a
  519. 	echo ' done.'
  520. 	quotaon -a
  521. fi
  522. 

  523. # build ps databases
  524. echo -n 'building ps databases:'
  525. echo -n " kvm"
  526. kvm_mkdb
  527. echo -n " dev"
  528. dev_mkdb
  529. echo "."
  530. 

  531. chmod 666 /dev/tty[pqrstuvwxyzPQRST]*
  532. chown root:wheel /dev/tty[pqrstuvwxyzPQRST]*
  533. 

  534. # check the password temp/lock file
  535. if [ -f /etc/ptmp ]; then
  536. 	logger -s -p auth.err \
  537. 	'password file may be incorrect -- /etc/ptmp exists'
  538. fi
  539. 

  540. echo clearing /tmp
  541. 

  542. # prune quickly with one rm, then use find to clean up /tmp/[lq]*
  543. # (not needed with mfs /tmp, but doesn't hurt there...)
  544. (cd /tmp && rm -rf [a-km-pr-zA-Z]*)
  545. (cd /tmp &&
  546.     find . ! -name . ! -name lost+found ! -name quota.user \
  547. 	! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
  548. 

  549. # create Unix sockets directories for X if needed and make sure they have
  550. # correct permissions
  551. if [ -d /usr/X11R6/lib ]; then
  552. 	for d in /tmp/.X11-unix /tmp/.ICE-unix ; do
  553. 		if [ -d $d ]; then
  554. 			if [ `ls -ld $d | cut -d' ' -f4` != root ]; then
  555. 				chown root $d
  556. 			fi
  557. 			if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then
  558. 				chmod 1777 $d
  559. 			fi
  560. 		elif [ -e $d ]; then
  561. 			echo "Error: $d exists and isn't a directory."
  562. 		else
  563. 			mkdir -m 1777 $d
  564. 		fi
  565. 	done
  566. fi
  567. 

  568. [ -f /etc/rc.securelevel ] && . /etc/rc.securelevel
  569. if [ X"${securelevel}" != X"" ]; then
  570. 	echo -n 'setting kernel security level: '
  571. 	sysctl kern.securelevel=${securelevel}
  572. fi
  573. 

  574. # patch /etc/motd
  575. if [ ! -f /etc/motd ]; then
  576. 	install -c -o root -g wheel -m 664 /dev/null /etc/motd
  577. fi
  578. T=`mktemp /tmp/_motd.XXXXXXXXXX`
  579. if [ $? -eq 0 ]; then
  580. 	sysctl -n kern.version | sed 1q > $T
  581. 	echo "" >> $T
  582. 	sed '1,/^$/d' < /etc/motd >> $T
  583. 	cmp -s $T /etc/motd || cp $T /etc/motd
  584. 	rm -f $T
  585. fi
  586. 

  587. if [ X"${accounting}" = X"YES" ]; then
  588. 	if [ ! -f /var/account/acct ]; then
  589. 		touch /var/account/acct
  590. 	fi
  591. 	echo 'turning on accounting';	accton /var/account/acct
  592. fi
  593. 

  594. if [ -f /sbin/ldconfig ]; then
  595. 	echo 'creating runtime link editor directory cache.'
  596. 	if [ -d /usr/local/lib ]; then
  597. 		shlib_dirs="/usr/local/lib $shlib_dirs"
  598. 	fi
  599. 	if [ -d /usr/X11R6/lib ]; then
  600. 		shlib_dirs="/usr/X11R6/lib $shlib_dirs"
  601. 	fi
  602. 	ldconfig $shlib_dirs
  603. fi
  604. 

  605. if [ -x /usr/libexec/vi.recover ]; then
  606. 	echo 'preserving editor files.';	/usr/libexec/vi.recover
  607. fi
  608. 

  609. if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
  610. 	echo -n "ssh-keygen: generating new DSA host key... "
  611. 	if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then
  612. 		echo done.
  613. 	else
  614. 		echo failed.
  615. 	fi
  616. fi
  617. if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
  618. 	echo -n "ssh-keygen: generating new ECDSA host key... "
  619. 	if /usr/bin/ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''; then
  620. 		echo done.
  621. 	else
  622. 		echo failed.
  623. 	fi
  624. fi
  625. if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
  626. 	echo -n "ssh-keygen: generating new RSA host key... "
  627. 	if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then
  628. 		echo done.
  629. 	else
  630. 		echo failed.
  631. 	fi
  632. fi
  633. if [ ! -f /etc/ssh/ssh_host_key ]; then
  634. 	echo -n "ssh-keygen: generating new RSA1 host key... "
  635. 	if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then
  636. 		echo done.
  637. 	else
  638. 		echo failed.
  639. 	fi
  640. fi
  641. 

  642. echo -n starting network daemons:
  643. 

  644. if [ X"${sshd_flags}" != X"NO" ]; then
  645. 	echo -n ' sshd';		/usr/sbin/sshd ${sshd_flags}
  646. fi
  647. 

  648. if [ X"${snmpd_flags}" != X"NO" ]; then
  649. 	echo -n ' snmpd';		/usr/sbin/snmpd $snmpd_flags
  650. fi
  651. 

  652. if [ X"${ldpd_flags}" != X"NO" ]; then
  653. 	echo -n ' ldpd';		/usr/sbin/ldpd $ldpd_flags
  654. fi
  655. 

  656. if [ X"${ripd_flags}" != X"NO" ]; then
  657. 	echo -n ' ripd';		/usr/sbin/ripd $ripd_flags
  658. fi
  659. 

  660. if [ X"${mrouted_flags}" != X"NO" ]; then
  661. 	echo -n ' mrouted';		mrouted $mrouted_flags
  662. fi
  663. 

  664. if [ X"${dvmrpd_flags}" != X"NO" ]; then
  665. 	echo -n ' dvmrpd';		/usr/sbin/dvmrpd $dvmrpd_flags
  666. fi
  667. 

  668. if [ X"${ospfd_flags}" != X"NO" ]; then
  669. 	echo -n ' ospfd';		/usr/sbin/ospfd $ospfd_flags
  670. fi
  671. 

  672. if [ X"${ospf6d_flags}" != X"NO" ]; then
  673. 	echo -n ' ospf6d';		/usr/sbin/ospf6d $ospf6d_flags
  674. fi
  675. 

  676. if [ X"${bgpd_flags}" != X"NO" ]; then
  677. 	echo -n ' bgpd';		/usr/sbin/bgpd $bgpd_flags
  678. fi
  679. 

  680. if [ X"${ifstated_flags}" != X"NO" ]; then
  681. 	echo -n ' ifstated';		ifstated $ifstated_flags
  682. fi
  683. 

  684. if [ X"${relayd_flags}" != X"NO" ]; then
  685. 	echo -n ' relayd';		/usr/sbin/relayd $relayd_flags
  686. fi
  687. 

  688. if [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then
  689. 	touch /var/db/dhcpd.leases
  690. 	echo -n ' dhcpd';	/usr/sbin/dhcpd ${dhcpd_flags}
  691. fi
  692. 

  693. if [ X"${dhcrelay_flags}" != X"NO" ]; then
  694. 	echo -n ' dhcrelay';		/usr/sbin/dhcrelay $dhcrelay_flags
  695. fi
  696. 

  697. if ifconfig lo0 inet6 >/dev/null 2>&1; then
  698. 	fw=`sysctl -n net.inet6.ip6.forwarding`
  699. 	if [ X"${fw}" = X"0" ]; then
  700. 		if [ X"${rtsold_flags}" != X"NO" ]; then
  701. 			echo -n ' rtsold'
  702. 			/usr/sbin/rtsold ${rtsold_flags}
  703. 		fi
  704. 	else
  705. 		if [ X"${route6d_flags}" != X"NO" ]; then
  706. 			echo -n ' route6d'
  707. 			/usr/sbin/route6d ${route6d_flags}
  708. 		fi
  709. 		if [ X"${rtadvd_flags}" != X"NO" ]; then
  710. 			echo -n ' rtadvd'
  711. 			/usr/sbin/rtadvd ${rtadvd_flags}
  712. 		fi
  713. 	fi
  714. fi
  715. 

  716. if [ X"${hostapd_flags}" != X"NO" ]; then
  717. 	echo -n ' hostapd';		/usr/sbin/hostapd ${hostapd_flags}
  718. fi
  719. 

  720. if [ X"${bt}" != X"NO" ]; then
  721. 	echo -n ' btd';			/usr/sbin/btd
  722. 	if [ -f ${bt_rules} ]; then
  723. 		btctl -f ${bt_rules}
  724. 	fi
  725. fi
  726. 

  727. if [ X"${rwhod}" = X"YES" ]; then
  728. 	echo -n ' rwhod';		rwhod
  729. fi
  730. 

  731. 

  732. if [ X"${lpd_flags}" != X"NO" ]; then
  733. 	echo -n ' lpd';			lpd ${lpd_flags}
  734. fi
  735. 

  736. if [ X"${ldapd_flags}" != X"NO" ]; then
  737. 	echo -n ' ldapd';		/usr/sbin/ldapd ${ldapd_flags}
  738. fi
  739. 

  740. # We call sendmail with a full path so that SIGHUP works.
  741. # Note that /usr/sbin/sendmail may actually call a
  742. # mailer other than sendmail, depending on /etc/mailer.conf.
  743. if [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then
  744. 	echo -n ' sendmail';		( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & )
  745. fi
  746. 

  747. if [ X"${smtpd_flags}" != X"NO" ]; then
  748. 	echo -n ' smtpd'; smtpd $smtpd_flags
  749. fi
  750. 

  751. if [ X"${httpd_flags}" != X"NO" ]; then
  752. 	# Clean up left-over httpd locks
  753. 	rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.*
  754. 	echo -n ' httpd';		/usr/sbin/httpd ${httpd_flags}
  755. fi
  756. 

  757. if [ X"${ftpd_flags}" != X"NO" ]; then
  758. 	echo -n ' ftpd';		/usr/libexec/ftpd ${ftpd_flags}
  759. fi
  760. 

  761. if [ X"${ftpproxy_flags}" != X"NO" ]; then
  762. 	echo -n ' ftp-proxy';		/usr/sbin/ftp-proxy ${ftpproxy_flags}
  763. fi
  764. 

  765. if [ X"${identd_flags}" != X"NO" ]; then
  766. 	echo -n ' identd';		/usr/libexec/identd ${identd_flags}
  767. fi
  768. 

  769. if [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then
  770. 	echo -n ' inetd';		inetd
  771. fi
  772. 

  773. if [ X"${spamd_flags}" != X"NO" ]; then
  774. 	if [ X"${spamd_black}" != X"NO" ]; then
  775. 		spamd_flags="${spamd_flags} -b"
  776. 	fi
  777. 	echo -n ' spamd';		eval /usr/libexec/spamd ${spamd_flags}
  778. 	/usr/libexec/spamd-setup -D
  779. 	if [ X"${spamd_black}" = X"NO" ]; then
  780. 		echo -n ' spamlogd'
  781. 		/usr/libexec/spamlogd ${spamlogd_flags}
  782. 	fi
  783. fi
  784. 

  785. if [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then
  786. 	echo -n ' rarpd';		rarpd ${rarpd_flags}
  787. fi
  788. 

  789. if [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then
  790. 	echo -n ' rpc.bootparamd';	rpc.bootparamd ${bootparamd_flags}
  791. fi
  792. 

  793. if [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then
  794. 	echo -n ' rbootd';		rbootd ${rbootd_flags}
  795. fi
  796. 

  797. if [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then
  798. 	echo -n ' mopd';		mopd ${mopd_flags}
  799. fi
  800. 

  801. echo '.'
  802. 

  803. mixerctl_conf
  804. 

  805. if [ X"${aucat_flags}" != X"NO" ]; then
  806. 	aucat -l ${aucat_flags}
  807. fi
  808. 

  809. # KerberosV master KDC
  810. if [ X"${krb5_master_kdc}" = X"YES" ]; then
  811. 	echo 'KerberosV master KDC'
  812. 	/usr/libexec/kdc &
  813. 	/usr/libexec/kadmind &
  814. 	/usr/libexec/kpasswdd &
  815. fi
  816. 

  817. # KerberosV slave KDC
  818. if [ X"${krb5_slave_kdc}" = X"YES" ]; then
  819. 	echo 'KerberosV slave KDC'
  820. 	/usr/libexec/kdc &
  821. 	# Remember to enable hpropd in inetd.conf
  822. fi
  823. 

  824. # If rc.firstime exists, run it just once, and make sure it is deleted
  825. if [ -f /etc/rc.firsttime ]; then
  826. 	mv /etc/rc.firsttime /etc/rc.firsttime.run
  827. 	. /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root >/dev/null
  828. fi
  829. rm -f /etc/rc.firsttime.run
  830. 

  831. [ -f /etc/rc.local ] && . /etc/rc.local
  832. 

  833. echo -n standard daemons:
  834. 

  835. if [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then
  836. 	echo -n ' apmd';	/usr/sbin/apmd ${apmd_flags}
  837. fi
  838. 

  839. if [ X"${sensorsd_flags}" != X"NO" ]; then
  840. 	echo -n ' sensorsd';	/usr/sbin/sensorsd ${sensorsd_flags}
  841. fi
  842. 

  843. if [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then
  844. 	echo -n ' hotplugd';	/usr/sbin/hotplugd ${hotplugd_flags}
  845. fi
  846. 

  847. if [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then
  848. 	echo -n ' watchdogd';	/usr/sbin/watchdogd ${watchdogd_flags}
  849. fi
  850. 

  851. echo -n ' cron';		cron
  852. 

  853. # disable carp interlock
  854. ifconfig -g carp -carpdemote 128
  855. 

  856. echo '.'
  857. 

  858. date
  859. 

  860. if [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then
  861. 	echo 'starting wsmoused...';	/usr/sbin/wsmoused ${wsmoused_flags}
  862. fi
  863. 

  864. # Alternatively, on some architectures, xdm may be started in /etc/ttys.
  865. if [ X"${xdm_flags}" != X"NO" -a -x /usr/X11R6/bin/xdm ]; then
  866. 	echo 'starting xdm...';		/usr/X11R6/bin/xdm ${xdm_flags}
  867. fi
  868. 

  869. exit 0