split rc.local, creating rc.securelevel. Read the comments. If you believe

in securelevels, follow them religiously. Problem found by millert...
27 years ago · 604b4a0b2e
--- a/src/etc/Makefile
+++ b/src/etc/Makefile
@ -1,4 +1,4 @@
 #	$OpenBSD: Makefile,v 1.43 1997/04/09 10:59:56 kstailey Exp $
 #	$OpenBSD: Makefile,v 1.44 1997/04/15 09:26:44 deraadt Exp $

 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	US/Pacific
@ -18,8 +18,8 @@ BIN1=	aliases bootptab changelist ccd.conf csh.cshrc csh.login csh.logout \
 	hosts.equiv hosts.lpd ifaliases inetd.conf ipf.rules ksh.kshrc \
 	locate.rc man.conf monthly motd mrouted.conf myname nat.rules \
 	netstart networks newsyslog.conf passwd.conf phones printcap \
 	protocols rbootd.conf rc rc.local remote rpc security services \
 	shells syslog.conf virc weekly etc.${MACHINE}/disktab
 	protocols rbootd.conf rc rc.local rc.securelevel remote rpc security \
 	services shells syslog.conf virc weekly etc.${MACHINE}/disktab

 # -rw-rw-r--
 BIN2=	motd
--- a/src/etc/rc
+++ b/src/etc/rc
@ -1,4 +1,4 @@
 #	$OpenBSD: rc,v 1.31 1997/02/28 07:53:33 millert Exp $
 #	$OpenBSD: rc,v 1.32 1997/04/15 09:26:47 deraadt Exp $

 # System startup script run by init on autoboot
 # or after single-user.
@ -202,6 +202,11 @@ if [ -f /etc/ptmp ]; then
 	'password file may be incorrect -- /etc/ptmp exists'
 fi

 . /etc/rc.securelevel
 if [ X${securelevel} != X"" ]; then
 	sysctl -w kern.securelevel=${securelevel}
 fi

 virecovery=/var/tmp/vi.recover/recover.*
 if [ "$virecovery" != "/var/tmp/vi.recover/recover.*" ]; then
 	echo preserving editor files
--- a/src/etc/rc.local
+++ b/src/etc/rc.local
@ -1,6 +1,11 @@
 #	$OpenBSD: rc.local,v 1.9 1997/01/03 07:48:50 deraadt Exp $
 #	$OpenBSD: rc.local,v 1.10 1997/04/15 09:26:47 deraadt Exp $

 # site-specific startup actions, daemons
 # site-specific startup actions, daemons, and other things which
 # can be done AFTER your system goes into securemode.  For actions
 # which should be done BEFORE your system has gone into securemode
 # please see /etc/rc.securelevel

 # site-specific startup actions, daemons which can be run
 # Add your local changes additions to this file

 echo -n 'starting local daemons:'
@ -13,11 +18,6 @@ echo -n 'starting local daemons:'
 #	echo -n ' sshd';	/usr/local/sbin/sshd
 #fi

 # Alternatively, xdm smay be started in /etc/ttys.
 #if [ -x /usr/X11R6/bin/xdm ]; then
 #	echo -n ' xdm';		/usr/X11R6/bin/xdm
 #fi

 #if [ -x /usr/local/bin/xntpd ]; then
 #	/usr/local/sbin/tickadj -Aq
 #	echo -n ' xntpd';	/usr/local/sbin/xntpd
--- a/src/etc/rc.securelevel
+++ b/src/etc/rc.securelevel
@ -0,0 +1,23 @@
 #	$OpenBSD: rc.securelevel,v 1.1 1997/04/15 09:26:48 deraadt Exp $
 #
 # site-specific startup actions, daemons, and other things which
 # can be done BEFORE your system goes into securemode.  For actions
 # which should be done AFTER your system has gone into securemode
 # please see /etc/rc.local

 # This is the desired security level
 # XXX
 # XXX it is not really acceptable to put this value in a special
 # XXX file, because locking it down requires immutability on about
 # XXX 5 files instead of 2 (the kernel and init)
 # XXX
 securelevel=1

 echo -n 'starting pre-securelevel daemons:'

 # Alternatively, xdm smay be started in /etc/ttys.
 #if [ -x /usr/X11R6/bin/xdm ]; then
 #	echo -n ' xdm';		/usr/X11R6/bin/xdm
 #fi

 echo '.'