-# $OpenBSD: changelist,v 1.118 2018/01/19 00:19:58 gsoares Exp $
+# $OpenBSD: changelist,v 1.119 2018/02/10 05:56:47 florian Exp $
#
# List of files which the security script backs up and checks
# for modifications.
/etc/services
/etc/shells
+/etc/snmpd.conf
++/etc/soii.key
+/etc/spwd.db
/etc/ssh/ssh_config
+/etc/ssh/ssh_host_dsa_key
-# $OpenBSD: special,v 1.124 2017/05/03 11:55:36 gsoares Exp $
+# $OpenBSD: special,v 1.125 2018/02/10 05:56:47 florian Exp $
#
# Hand-crafted mtree specification for the dangerous files.
#
skey type=dir mode=01730 uname=root gname=auth optional
.. #skey
snmpd.conf type=file mode=0600 uname=root gname=wheel optional
+soii.key type=file mode=0600 uname=root gname=wheel optional
spwd.db type=file mode=0640 uname=root gname=_shadow
ssh type=dir mode=0755 uname=root gname=wheel optional
ssh_config type=file mode=0644 uname=root gname=wheel
#!/bin/sh -
#
-# $OpenBSD: netstart,v 1.188 2018/02/06 19:53:50 tb Exp $
+# $OpenBSD: netstart,v 1.189 2018/02/10 05:56:47 florian Exp $
# Turn off Strict Bourne shell mode.
set +o sh
exit 1
fi
+$PRINT_ONLY || [[ ! -f /etc/soii.key ]] ||
+ sysctl -q "net.inet6.ip6.soiikey=$(</etc/soii.key)"
+
# If we were invoked with a list of interface names, just reconfigure these
# interfaces (or bridges), add default routes and return.
if (($# > 0)); then
-# $OpenBSD: rc,v 1.523 2017/11/09 11:02:10 tb Exp $
+# $OpenBSD: rc,v 1.524 2018/02/10 05:56:47 florian Exp $
# System startup script run by init on autoboot or after single-user.
# Output and error are redirected to console by init, and the console is the
fi
ssh-keygen -A
+
+ if [[ ! -f /etc/soii.key ]]; then
+ openssl rand -hex 16 > /etc/soii.key && \
+ chmod 600 /etc/soii.key && sysctl -q \
+ "net.inet6.ip6.soiikey=$(</etc/soii.key)"
+ fi
}
# Re-link libraries, placing the objects in a random order.
projects / openbsd / commitdiff