e6e85f600d
Install npppd.conf(5) with mode 0600 instead of 0640. npppd.conf(5) can
store radius passwords and nothing requires it to be group readable.
ok yasuoka@
4 years ago
f95d9f00de
Load RFC 7217 key material and generate if it does not already exist.
Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).
OK naddy, sthen, rpe, tb
6 years ago
fc35552ad7
add vm.conf to changelist and mtree/special
OK reyk mlarkin
7 years ago
b556ef0aed
Add /root/.ssh/authorized_keys to /etc/mtree/special so that security(8)
checks for the correct mode/ownership.
prodded by ajacoutot@
7 years ago
22411cb254
Remove user uucp and group news from base.
7 years ago
602fe81286
Add /etc/acme-client.conf to mtree/special and changelist.
ok deraadt@ sthen@ florian@
7 years ago
b21b9aedfb
remove pointless csh placeholder files from /etc
ok jung@ (some time ago) phessler@
7 years ago
dfb3f10f6b
burn down the systrace
8 years ago
10faadba9b
Remove the requirement that /etc/printcap must be a regular file.
CUPS wants it to be a symlink, and that is probably the most common
printing system. Bad idea to constantly spam everybody about that!
Antoine already adjusted the file permissions in pkg/cupsd.rc rev. 1.24.
OK ajacoutot@ (print/cups MAINTAINER).
8 years ago
0027fc4bce
adjust for lpd(8) top spool dir permissions change, so security(8)
won't complain in the daily(8) mail.
ok ajacoutot@
8 years ago
50650f2a7b
remove doas.conf since the permission check is too onerous.
the doas program itself will refuse to use an insecure config file.
(changelist will continue to watch for changes, as well.)
8 years ago
9493d88593
Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt
9 years ago
2d23f289ed
add doas.conf to mtree (from Theo Buehler) and changelist. ok phessler@
9 years ago
9eb85f0322
Remove sudoers
9 years ago
3d5ec16db0
the kvm.db is now kmem owned. noticed by Steven Roberts
9 years ago
7c7337bc31
Remove sendmail queue directories.
ok matthieu@
9 years ago
83e7c629b9
More sendmail removal.
ok matthieu@
9 years ago
9842e10cd1
Add httpd.conf.
10 years ago
05894e184c
match current permissions
10 years ago
0b9011095e
add optional keywords all over the place, and some missing files.
likely to be more changes here to match the new layout.
ok ingo aja
10 years ago
08e366a469
Add ed25519 ssh host keys to /etc/mtree/special.
From inframare at arachnogoat dot com; OK deraadt@ sthen@
10 years ago
7ff02e8812
remove /usr/src. avoids useless whining from daily security mail.
ok landry@ ajacoutot@
10 years ago
9a6537b480
tedu ~/.klogin
10 years ago
43494a61b1
Remove kerberosV, it is not special anymore.
ok henning@
10 years ago
e6ebb39335
Remove kerberosV from etc/
ok deraadt@ guenther@
10 years ago
2238e58bfc
Bye bye *hosts.equiv.
ok deraadt@
10 years ago
f5ca212c7d
Stop security(8) whining about /etc/nsd.conf which has moved, pointed out
by Bjorn Ketelaars. Check that the /var/nsd/etc directory is protected
instead, it may contain zone-transfer keys etc.
10 years ago
65f2789cd0
Proper indent.
11 years ago
04cad6151e
Add /var/kerberosV to hier(7)+mtree.
Make sure the directory, DB and master keys have secure permissions.
ok dcoppa@ robert@ beck@
11 years ago
966d9d4e41
Sort the npppd entries.
ok schwarze@ giovanni@ sthen@
11 years ago
3b625a67be
Tell security(8) how to check npppd(8) configuration files
11 years ago
dd2c1227ad
Missed in previous: ypldap.conf(5) is installed now, remove optional.
ok deraadt@
13 years ago
ce5534d329
Remove yet another mention of /etc/security that i missed (doh).
Also pointed out by Mattieu Baptiste <mattieu dot b at gmail dot com>, thanks.
13 years ago
54d47ad369
UUCP is no longer contained in the base system, so its home directory
does not require special permissions. The security(8) scripts hates
group-writeable home directories, so remove the needless permissions.
Issue noticed by Andrew Fresh <andrew at afresh1 dot com>.
If i understand naddy@ correctly, this is unlikely to harm even UUCP users.
"Just remove the group writeable bit" deraadt@.
13 years ago
dd75794eda
add ldapd.conf; ok sthen@
13 years ago
e37a14dd0b
update location of host.random: it moved from /etc to /var/db in 1999...
13 years ago
f5152e9a3d
add nsd.conf; ok deraadt
13 years ago
76c47babcc
add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste <mattieu.b@gmail.com>
ok deraadt@
13 years ago
c64c4eb017
switch iked pki files to /etc/iked, discussed with reyk.
14 years ago
22d0cb2081
add iked.conf default configuration file example.
ok jsg@
14 years ago
e9c0134a9a
add ldpd.conf to changelist and mtree/special
14 years ago
e64f15e172
Add entry for ypldap.conf (may contain a password).
ok pyr@
15 years ago
bc9cb7a339
revert previous, requested by kettenis@ and deraadt@
15 years ago
777cc77bd8
remove the empty script /etc/monthly
in preparation for improvements in /etc/daily and /etc/weekly
using feedback and suggestions from jmc@ and sthen@
ok jmc@, and sthen@ agreed with the general direction
15 years ago
8f8cd51cc5
add secrets.db; ok gilles@
15 years ago
ed9222e821
add smtpd files and dirs; ok gilles@
15 years ago
061cd7baf3
Remove /dev/drum and related code.
15 years ago
0e104c7690
enable snmpd in the build
approved by deraadt@, ok thib@
16 years ago
d7d68e3694
hoststated.conf got renamed to relayd.conf
From Daniel Ouellet (daniel at presscom dot net)
16 years ago
86d88e353e
Change chio.conf's group ownership to operator and mode to 644.
At this time, there is no sensitive information in that file.
ok beck@, millert@, jdixon@, deraadt@
16 years ago
mvs