Browse Source

split rc.local, creating rc.securelevel. Read the comments. If you believe

in securelevels, follow them religiously. Problem found by millert...
OPENBSD_2_1
deraadt 28 years ago
parent
commit
604b4a0b2e
4 changed files with 39 additions and 11 deletions
  1. +3
    -3
      src/etc/Makefile
  2. +6
    -1
      src/etc/rc
  3. +7
    -7
      src/etc/rc.local
  4. +23
    -0
      src/etc/rc.securelevel

+ 3
- 3
src/etc/Makefile View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.43 1997/04/09 10:59:56 kstailey Exp $
# $OpenBSD: Makefile,v 1.44 1997/04/15 09:26:44 deraadt Exp $
TZDIR= /usr/share/zoneinfo
LOCALTIME= US/Pacific
@ -18,8 +18,8 @@ BIN1= aliases bootptab changelist ccd.conf csh.cshrc csh.login csh.logout \
hosts.equiv hosts.lpd ifaliases inetd.conf ipf.rules ksh.kshrc \
locate.rc man.conf monthly motd mrouted.conf myname nat.rules \
netstart networks newsyslog.conf passwd.conf phones printcap \
protocols rbootd.conf rc rc.local remote rpc security services \
shells syslog.conf virc weekly etc.${MACHINE}/disktab
protocols rbootd.conf rc rc.local rc.securelevel remote rpc security \
services shells syslog.conf virc weekly etc.${MACHINE}/disktab
# -rw-rw-r--
BIN2= motd


+ 6
- 1
src/etc/rc View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.31 1997/02/28 07:53:33 millert Exp $
# $OpenBSD: rc,v 1.32 1997/04/15 09:26:47 deraadt Exp $
# System startup script run by init on autoboot
# or after single-user.
@ -202,6 +202,11 @@ if [ -f /etc/ptmp ]; then
'password file may be incorrect -- /etc/ptmp exists'
fi
. /etc/rc.securelevel
if [ X${securelevel} != X"" ]; then
sysctl -w kern.securelevel=${securelevel}
fi
virecovery=/var/tmp/vi.recover/recover.*
if [ "$virecovery" != "/var/tmp/vi.recover/recover.*" ]; then
echo preserving editor files


+ 7
- 7
src/etc/rc.local View File

@ -1,6 +1,11 @@
# $OpenBSD: rc.local,v 1.9 1997/01/03 07:48:50 deraadt Exp $
# $OpenBSD: rc.local,v 1.10 1997/04/15 09:26:47 deraadt Exp $
# site-specific startup actions, daemons
# site-specific startup actions, daemons, and other things which
# can be done AFTER your system goes into securemode. For actions
# which should be done BEFORE your system has gone into securemode
# please see /etc/rc.securelevel
# site-specific startup actions, daemons which can be run
# Add your local changes additions to this file
echo -n 'starting local daemons:'
@ -13,11 +18,6 @@ echo -n 'starting local daemons:'
# echo -n ' sshd'; /usr/local/sbin/sshd
#fi
# Alternatively, xdm smay be started in /etc/ttys.
#if [ -x /usr/X11R6/bin/xdm ]; then
# echo -n ' xdm'; /usr/X11R6/bin/xdm
#fi
#if [ -x /usr/local/bin/xntpd ]; then
# /usr/local/sbin/tickadj -Aq
# echo -n ' xntpd'; /usr/local/sbin/xntpd


+ 23
- 0
src/etc/rc.securelevel View File

@ -0,0 +1,23 @@
# $OpenBSD: rc.securelevel,v 1.1 1997/04/15 09:26:48 deraadt Exp $
#
# site-specific startup actions, daemons, and other things which
# can be done BEFORE your system goes into securemode. For actions
# which should be done AFTER your system has gone into securemode
# please see /etc/rc.local
# This is the desired security level
# XXX
# XXX it is not really acceptable to put this value in a special
# XXX file, because locking it down requires immutability on about
# XXX 5 files instead of 2 (the kernel and init)
# XXX
securelevel=1
echo -n 'starting pre-securelevel daemons:'
# Alternatively, xdm smay be started in /etc/ttys.
#if [ -x /usr/X11R6/bin/xdm ]; then
# echo -n ' xdm'; /usr/X11R6/bin/xdm
#fi
echo '.'

Loading…
Cancel
Save