From c2221b0cd436d38a4c55c591feff7f2c035f8604 Mon Sep 17 00:00:00 2001 From: pyr <> Date: Wed, 31 Jan 2007 08:32:16 +0000 Subject: [PATCH] link hoststated to the builds. ok miod@, henning@ --- src/etc/Makefile | 5 +++-- src/etc/changelist | 3 ++- src/etc/ftpusers | 3 ++- src/etc/group | 1 + src/etc/hoststated.conf | 39 +++++++++++++++++++++++++++++++++++++++ src/etc/mail/aliases | 3 ++- src/etc/master.passwd | 1 + src/etc/rc | 6 +++++- src/etc/rc.conf | 3 ++- src/etc/relayd.conf | 39 +++++++++++++++++++++++++++++++++++++++ 10 files changed, 96 insertions(+), 7 deletions(-) create mode 100644 src/etc/hoststated.conf create mode 100644 src/etc/relayd.conf diff --git a/src/etc/Makefile b/src/etc/Makefile index 43d284a0..03c99a8d 100644 --- a/src/etc/Makefile +++ b/src/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.245 2006/12/14 18:49:44 kettenis Exp $ +# $OpenBSD: Makefile,v 1.246 2007/01/31 08:32:16 pyr Exp $ TZDIR= /usr/share/zoneinfo LOCALTIME= Canada/Mountain @@ -81,6 +81,7 @@ distribution-etc-root-var: distrib-dirs ${INSTALL} -c -o root -g wheel -m 600 pf.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 chio.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 hostapd.conf ${DESTDIR}/etc + ${INSTALL} -c -o root -g wheel -m 600 hoststated.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 ipsec.conf ${DESTDIR}/etc ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 \ etc.${MACHINE}/MAKEDEV ${DESTDIR}/dev @@ -339,7 +340,7 @@ distrib: DHSIZE=1024 1536 2048 3072 4096 update-moduli: ( \ - echo '# $$OpenBSD: Makefile,v 1.245 2006/12/14 18:49:44 kettenis Exp $$'; \ + echo '# $$OpenBSD: Makefile,v 1.246 2007/01/31 08:32:16 pyr Exp $$'; \ echo '# Time Type Tests Tries Size Generator Modulus'; \ ( for i in ${DHSIZE}; do \ ssh-keygen -b $$i -G /dev/stdout; \ diff --git a/src/etc/changelist b/src/etc/changelist index 7a3f3562..bbb67ccb 100644 --- a/src/etc/changelist +++ b/src/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.49 2006/12/27 23:32:49 msf Exp $ +# $OpenBSD: changelist,v 1.50 2007/01/31 08:32:16 pyr Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -39,6 +39,7 @@ /etc/gettytab /etc/group /etc/hostapd.conf +/etc/hoststated.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny diff --git a/src/etc/ftpusers b/src/etc/ftpusers index c069a263..3fe61a9a 100644 --- a/src/etc/ftpusers +++ b/src/etc/ftpusers @@ -1,4 +1,4 @@ -# $OpenBSD: ftpusers,v 1.29 2006/10/29 18:58:57 norby Exp $ +# $OpenBSD: ftpusers,v 1.30 2007/01/31 08:32:16 pyr Exp $ # # list of users disallowed any ftp access. # read by ftpd(8). @@ -40,3 +40,4 @@ _ospfd _hostapd _dvmrpd _ripd +_hoststated diff --git a/src/etc/group b/src/etc/group index 7ff0d796..7a640ead 100644 --- a/src/etc/group +++ b/src/etc/group @@ -53,6 +53,7 @@ _ospfd:*:85: _hostapd:*:86: _dvmrpd:*:87: _ripd:*:88: +_hoststated:*:89: dialer:*:117: nogroup:*:32766: nobody:*:32767: diff --git a/src/etc/hoststated.conf b/src/etc/hoststated.conf new file mode 100644 index 00000000..800ce69e --- /dev/null +++ b/src/etc/hoststated.conf @@ -0,0 +1,39 @@ +# $OpenBSD: hoststated.conf,v 1.1 2007/01/31 08:32:16 pyr Exp $ +# +# Macros +# +webhost1="10.0.0.1" +webhost2="10.0.0.2" + +# +# Global Options +# +# interval 10 +# timeout 200 + +# +# Each table will be mapped to a pf table. +# +table webhosts { + check http "/" code 200 + host webhost1 + host webhost2 +} + +table fallback { + check icmp + host 127.0.0.1 +} + +# +# Services will be mapped to a rdr rule. +# +service www { + virtual ip www.example.com port http interface trunk0 + + # tag every packet that goes thru the rdr rule with HOSTSTATED + tag HOSTSTATED + + table webhosts + backup table fallback +} diff --git a/src/etc/mail/aliases b/src/etc/mail/aliases index 14bf547f..864101c5 100644 --- a/src/etc/mail/aliases +++ b/src/etc/mail/aliases @@ -1,5 +1,5 @@ # -# $OpenBSD: aliases,v 1.20 2006/10/29 18:58:57 norby Exp $ +# $OpenBSD: aliases,v 1.21 2007/01/31 08:32:16 pyr Exp $ # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /usr/libexec/mail.local. @@ -28,6 +28,7 @@ _dvmrpd: /dev/null _fingerd: /dev/null _ftp: /dev/null _hostapd: /dev/null +_hoststated: /dev/null _identd: /dev/null _isakmpd: /dev/null _kadmin: /dev/null diff --git a/src/etc/master.passwd b/src/etc/master.passwd index 9baa7dbb..89afebd5 100644 --- a/src/etc/master.passwd +++ b/src/etc/master.passwd @@ -35,4 +35,5 @@ _ospfd:*:85:85::0:0:OSPF Daemon:/var/empty:/sbin/nologin _hostapd:*:86:86::0:0:HostAP Daemon:/var/empty:/sbin/nologin _dvmrpd:*:87:87::0:0:DVMRP Daemon:/var/empty:/sbin/nologin _ripd:*:88:88::0:0:RIP Daemon:/var/empty:/sbin/nologin +_hoststated:*:89:89::0:0:HostState Daemon:/var/empty:/sbin/nologin nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin diff --git a/src/etc/rc b/src/etc/rc index 1e2b14f6..06f04631 100644 --- a/src/etc/rc +++ b/src/etc/rc @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.296 2007/01/06 12:00:06 matthieu Exp $ +# $OpenBSD: rc,v 1.297 2007/01/31 08:32:16 pyr Exp $ # System startup script run by init on autoboot # or after single-user. @@ -583,6 +583,10 @@ if [ X"${ifstated_flags}" != X"NO" ]; then echo -n ' ifstated'; ifstated $ifstated_flags fi +if [ X"${hoststated_flags}" != X"NO" ]; then + echo -n ' hoststated'; /usr/sbin/hoststated $hoststated_flags +fi + if [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then touch /var/db/dhcpd.leases if [ -f /etc/dhcpd.interfaces ]; then diff --git a/src/etc/rc.conf b/src/etc/rc.conf index ef6f7156..a07a34a6 100644 --- a/src/etc/rc.conf +++ b/src/etc/rc.conf @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: rc.conf,v 1.119 2007/01/06 12:00:06 matthieu Exp $ +# $OpenBSD: rc.conf,v 1.120 2007/01/31 08:32:16 pyr Exp $ # set these to "NO" to turn them off. otherwise, they're used as flags routed_flags=NO # for normal use: "-q" @@ -38,6 +38,7 @@ watchdogd_flags=NO # for normal use: "" ftpproxy_flags=NO # for normal use: "" hostapd_flags=NO # for normal use: "" ifstated_flags=NO # for normal use: "" +hoststated_flags=NO # for normal use: "" # use -u to disable chroot, see httpd(8) httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8)) diff --git a/src/etc/relayd.conf b/src/etc/relayd.conf new file mode 100644 index 00000000..99193237 --- /dev/null +++ b/src/etc/relayd.conf @@ -0,0 +1,39 @@ +# $OpenBSD: relayd.conf,v 1.1 2007/01/31 08:32:16 pyr Exp $ +# +# Macros +# +webhost1="10.0.0.1" +webhost2="10.0.0.2" + +# +# Global Options +# +# interval 10 +# timeout 200 + +# +# Each table will be mapped to a pf table. +# +table webhosts { + check http "/" code 200 + host webhost1 + host webhost2 +} + +table fallback { + check icmp + host 127.0.0.1 +} + +# +# Services will be mapped to a rdr rule. +# +service www { + virtual ip www.example.com port http interface trunk0 + + # tag every packet that goes thru the rdr rule with HOSTSTATED + tag HOSTSTATED + + table webhosts + backup table fallback +}