mvs
e6e85f600d
Install npppd.conf(5) with mode 0600 instead of 0640. npppd.conf(5) can
store radius passwords and nothing requires it to be group readable.
ok yasuoka@
4 years ago
florian
f95d9f00de
Load RFC 7217 key material and generate if it does not already exist.
Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).
OK naddy, sthen, rpe, tb
6 years ago
gsoares
fc35552ad7
add vm.conf to changelist and mtree/special
OK reyk mlarkin
7 years ago
landry
b556ef0aed
Add /root/.ssh/authorized_keys to /etc/mtree/special so that security(8)
checks for the correct mode/ownership.
prodded by ajacoutot@
7 years ago
jca
22411cb254
Remove user uucp and group news from base.
7 years ago
ajacoutot
602fe81286
Add /etc/acme-client.conf to mtree/special and changelist.
ok deraadt@ sthen@ florian@
7 years ago
halex
b21b9aedfb
remove pointless csh placeholder files from /etc
ok jung@ (some time ago) phessler@
7 years ago
tedu
dfb3f10f6b
burn down the systrace
8 years ago
schwarze
10faadba9b
Remove the requirement that /etc/printcap must be a regular file.
CUPS wants it to be a symlink, and that is probably the most common
printing system. Bad idea to constantly spam everybody about that!
Antoine already adjusted the file permissions in pkg/cupsd.rc rev. 1.24.
OK ajacoutot@ (print/cups MAINTAINER).
8 years ago
tb
0027fc4bce
adjust for lpd(8) top spool dir permissions change, so security(8)
won't complain in the daily(8) mail.
ok ajacoutot@
8 years ago
tedu
50650f2a7b
remove doas.conf since the permission check is too onerous.
the doas program itself will refuse to use an insecure config file.
(changelist will continue to watch for changes, as well.)
8 years ago
yasuoka
9493d88593
Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt
9 years ago
sthen
2d23f289ed
add doas.conf to mtree (from Theo Buehler) and changelist. ok phessler@
9 years ago
millert
9eb85f0322
Remove sudoers
9 years ago
tedu
3d5ec16db0
the kvm.db is now kmem owned. noticed by Steven Roberts
9 years ago
ajacoutot
7c7337bc31
Remove sendmail queue directories.
ok matthieu@
9 years ago
ajacoutot
83e7c629b9
More sendmail removal.
ok matthieu@
9 years ago
ajacoutot
9842e10cd1
Add httpd.conf.
10 years ago
deraadt
05894e184c
match current permissions
10 years ago
deraadt
0b9011095e
add optional keywords all over the place, and some missing files.
likely to be more changes here to match the new layout.
ok ingo aja
10 years ago
millert
08e366a469
Add ed25519 ssh host keys to /etc/mtree/special.
From inframare at arachnogoat dot com; OK deraadt@ sthen@
10 years ago
halex
7ff02e8812
remove /usr/src. avoids useless whining from daily security mail.
ok landry@ ajacoutot@
10 years ago
dcoppa
9a6537b480
tedu ~/.klogin
10 years ago
reyk
43494a61b1
Remove kerberosV, it is not special anymore.
ok henning@
10 years ago
reyk
e6ebb39335
Remove kerberosV from etc/
ok deraadt@ guenther@
10 years ago
ajacoutot
2238e58bfc
Bye bye *hosts.equiv.
ok deraadt@
10 years ago
sthen
f5ca212c7d
Stop security(8) whining about /etc/nsd.conf which has moved, pointed out
by Bjorn Ketelaars. Check that the /var/nsd/etc directory is protected
instead, it may contain zone-transfer keys etc.
10 years ago
ajacoutot
65f2789cd0
Proper indent.
11 years ago
ajacoutot
04cad6151e
Add /var/kerberosV to hier(7)+mtree.
Make sure the directory, DB and master keys have secure permissions.
ok dcoppa@ robert@ beck@
11 years ago
ajacoutot
966d9d4e41
Sort the npppd entries.
ok schwarze@ giovanni@ sthen@
11 years ago
giovanni
3b625a67be
Tell security(8) how to check npppd(8) configuration files
11 years ago
ajacoutot
dd2c1227ad
Missed in previous: ypldap.conf(5) is installed now, remove optional.
ok deraadt@
13 years ago
schwarze
ce5534d329
Remove yet another mention of /etc/security that i missed (doh).
Also pointed out by Mattieu Baptiste <mattieu dot b at gmail dot com>, thanks.
13 years ago
schwarze
54d47ad369
UUCP is no longer contained in the base system, so its home directory
does not require special permissions. The security(8) scripts hates
group-writeable home directories, so remove the needless permissions.
Issue noticed by Andrew Fresh <andrew at afresh1 dot com>.
If i understand naddy@ correctly, this is unlikely to harm even UUCP users.
"Just remove the group writeable bit" deraadt@.
13 years ago
david
dd75794eda
add ldapd.conf; ok sthen@
13 years ago
david
e37a14dd0b
update location of host.random: it moved from /etc to /var/db in 1999...
13 years ago
jakob
f5152e9a3d
add nsd.conf; ok deraadt
13 years ago
naddy
76c47babcc
add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste <mattieu.b@gmail.com>
ok deraadt@
13 years ago
jsg
c64c4eb017
switch iked pki files to /etc/iked, discussed with reyk.
14 years ago
reyk
22d0cb2081
add iked.conf default configuration file example.
ok jsg@
14 years ago
claudio
e9c0134a9a
add ldpd.conf to changelist and mtree/special
14 years ago
ajacoutot
e64f15e172
Add entry for ypldap.conf (may contain a password).
ok pyr@
15 years ago
schwarze
bc9cb7a339
revert previous, requested by kettenis@ and deraadt@
15 years ago
schwarze
777cc77bd8
remove the empty script /etc/monthly
in preparation for improvements in /etc/daily and /etc/weekly
using feedback and suggestions from jmc@ and sthen@
ok jmc@, and sthen@ agreed with the general direction
15 years ago
jacekm
8f8cd51cc5
add secrets.db; ok gilles@
15 years ago
jacekm
ed9222e821
add smtpd files and dirs; ok gilles@
15 years ago
miod
061cd7baf3
Remove /dev/drum and related code.
15 years ago
reyk
0e104c7690
enable snmpd in the build
approved by deraadt@, ok thib@
16 years ago
reyk
d7d68e3694
hoststated.conf got renamed to relayd.conf
From Daniel Ouellet (daniel at presscom dot net)
16 years ago
merdely
86d88e353e
Change chio.conf's group ownership to operator and mode to 644.
At this time, there is no sensitive information in that file.
ok beck@, millert@, jdixon@, deraadt@
16 years ago