-# $OpenBSD: Makefile,v 1.372 2014/07/14 09:11:27 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.373 2014/07/15 08:28:43 deraadt Exp $
TZDIR= /usr/share/zoneinfo
LOCALTIME= Canada/Mountain
chown ${BINOWN} ${DESTDIR}/etc/ttys && \
chgrp ${BINGRP} ${DESTDIR}/etc/ttys && \
chmod 644 ${DESTDIR}/etc/ttys
- cat sysctl.conf etc.${MACHINE}/sysctl.conf > ${DESTDIR}/etc/sysctl.conf && \
- chown ${BINOWN} ${DESTDIR}/etc/sysctl.conf && \
- chgrp ${BINGRP} ${DESTDIR}/etc/sysctl.conf && \
- chmod 644 ${DESTDIR}/etc/sysctl.conf
+ cat sysctl.conf etc.${MACHINE}/sysctl.conf > \
+ ${DESTDIR}/etc/examples/sysctl.conf && \
+ chown ${BINOWN} ${DESTDIR}/etc/examples/sysctl.conf && \
+ chgrp ${BINGRP} ${DESTDIR}/etc/examples/sysctl.conf && \
+ chmod 644 ${DESTDIR}/etc/examples/sysctl.conf
cat fbtab.head etc.${MACHINE}/fbtab fbtab.tail > ${DESTDIR}/etc/fbtab && \
chown ${BINOWN} ${DESTDIR}/etc/fbtab && \
chgrp ${BINGRP} ${DESTDIR}/etc/fbtab && \
-# $OpenBSD: changelist,v 1.93 2014/07/14 09:04:02 deraadt Exp $
+# $OpenBSD: changelist,v 1.94 2014/07/15 08:28:43 deraadt Exp $
#
# List of files which the security script backs up and checks
# for modifications.
/etc/ssl/cert.pem
/etc/sudoers
/etc/suid_profile
-/etc/sysctl.conf
++/etc/sysctl.conf
/etc/syslog.conf
/etc/sysmerge.ignore
/etc/ttys
--- /dev/null
+# $OpenBSD: sysctl.conf,v 1.1 2014/07/15 08:28:43 deraadt Exp $
+#
+# This file contains a list of sysctl options the user wants set at
+# boot time. See sysctl(3) and sysctl(8) for more information on
+# the many available variables.
+#
+#net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
+#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
+#net.inet.ip.multipath=1 # 1=Enable IP multipath routing
+#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
+#net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)
+#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
+#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets
+#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
+#net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT)
+#net.inet.tcp.keepidle=100 # 100=send TCP keepalives every 50 seconds
+#net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
+#net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
+#net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
+#net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
+#net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
+#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
+#net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
+#net.inet.carp.log=3 # log level of carp(4) info, default 2
+#net.pipex.enable=1 # 1=Enable pipex(4) for npppd(8)
+#ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
+#ddb.console=1 # 1=Permit entry of ddb from the console
+#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
+#vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
+#vfs.nfs.iothreads=4 # Number of nfsio kernel threads
+#net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
+#kern.usercrypto=1 # 1=Enable userland use of /dev/crypto
+#kern.userasymcrypto=1 # 1=Permit userland to do asymmetric crypto
+#kern.splassert=2 # 2=Enable with verbose error messages
+#kern.nosuidcoredump=3 # 3=Put suid coredumps in /var/crash/progname
+#kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
+#kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering
+#hw.allowpowerdown=0 # 0=Disable power button shutdown
+++ /dev/null
-# $OpenBSD: sysctl.conf,v 1.58 2014/07/11 16:43:07 henning Exp $
-#
-# This file contains a list of sysctl options the user wants set at
-# boot time. See sysctl(3) and sysctl(8) for more information on
-# the many available variables.
-#
-#net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
-#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
-#net.inet.ip.multipath=1 # 1=Enable IP multipath routing
-#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
-#net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)
-#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
-#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets
-#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
-#net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT)
-#net.inet.tcp.keepidle=100 # 100=send TCP keepalives every 50 seconds
-#net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
-#net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
-#net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
-#net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
-#net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
-#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
-#net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
-#net.inet.carp.log=3 # log level of carp(4) info, default 2
-#net.pipex.enable=1 # 1=Enable pipex(4) for npppd(8)
-#ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
-#ddb.console=1 # 1=Permit entry of ddb from the console
-#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
-#vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
-#vfs.nfs.iothreads=4 # Number of nfsio kernel threads
-#net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
-#kern.usercrypto=1 # 1=Enable userland use of /dev/crypto
-#kern.userasymcrypto=1 # 1=Permit userland to do asymmetric crypto
-#kern.splassert=2 # 2=Enable with verbose error messages
-#kern.nosuidcoredump=3 # 3=Put suid coredumps in /var/crash/progname
-#kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
-#kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering
-#hw.allowpowerdown=0 # 0=Disable power button shutdown
projects / openbsd / commitdiff