| History log of /src/share/man/man5/security.conf.5 |
| Revision | | Date | Author | Comments |
| 1.44 |
| 14-Nov-2024 |
plunky | default backup_dir is actually /var/backup*s*
|
| 1.43 |
| 10-Jan-2021 |
riastradh | branches: 1.43.6; 1.43.8;
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
|
| 1.42 |
| 02-Dec-2020 |
wiz | Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb.
|
| 1.41 |
| 06-Dec-2019 |
riastradh | Save the entropy seed daily in /etc/security.
|
| 1.40 |
| 06-Nov-2013 |
spz | branches: 1.40.26;
Introduce a variable for security.conf, default empty, to list users
whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can
make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
| 1.39 |
| 05-Apr-2012 |
wiz | branches: 1.39.2;
Bump date for previous.
|
| 1.38 |
| 05-Apr-2012 |
spz | add a description for the new check_passwd_permit_dups variable
|
| 1.37 |
| 05-Feb-2010 |
wiz | branches: 1.37.6;
Mark up PKGDB_DIR with Dv (same as in pkg_install.conf).
|
| 1.36 |
| 05-Feb-2010 |
jmmv | Note that pkgdb_dir is deprecated and point to the alternative setting.
|
| 1.35 |
| 20-Jan-2010 |
wiz | Remove trailing whitespace.
|
| 1.34 |
| 19-Jan-2010 |
jmmv | Document the new package-related maintenance options and security checks
in daily.conf and security.conf.
|
| 1.33 |
| 29-May-2008 |
mrg | remove clause #3 from my license where there are no other
copyright holders involved.
|
| 1.32 |
| 08-Apr-2008 |
sborrill | branches: 1.32.2; 1.32.4;
Note that /etc/mtree/special.local can override entries in
/etc/mtree/special not just add new entries.
Explain that check_mtree_follow_symlinks will give reports of links not
being links (notably /etc/localtime)
|
| 1.31 |
| 29-May-2006 |
wiz | branches: 1.31.18;
Improve documentation for ! in check_devices_ignore_paths.
|
| 1.30 |
| 25-May-2006 |
lukem | Implement check_devices_ignore_paths, which is a list of paths to
avoid traversing during check_devices.
|
| 1.29 |
| 05-Feb-2005 |
wiz | branches: 1.29.2; 1.29.6;
Fix Dd argument, and a grammar fix.
|
| 1.28 |
| 05-Feb-2005 |
jdolecek | add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
|
| 1.27 |
| 28-Sep-2004 |
wiz | Bump date for *ignore_fstypes addition; new sentence, new line;
mark up the bang.
|
| 1.26 |
| 28-Sep-2004 |
erh | PR misc/7716: document the check_devices_ignore_fstypes and
find_core_ignore_fstypes options.
|
| 1.25 |
| 18-Nov-2003 |
wiz | Drop trailing space.
|
| 1.24 |
| 18-Nov-2003 |
jhawk | Document check_homes_permit_usergroups.
/etc/defaults/security.conf in FILES.
Bump Dd.
|
| 1.23 |
| 26-Jun-2003 |
wiz | There will be no NetBSD-1.7.
|
| 1.22 |
| 31-Mar-2003 |
perry | spelling errors, some from Igor Sobrado in PR misc/19909
|
| 1.21 |
| 03-Mar-2003 |
wiz | New sentence, new line.
|
| 1.20 |
| 21-Feb-2003 |
jhawk | Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.
Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
| 1.19 |
| 13-Feb-2003 |
jhawk | Document check_mtree_follow_symlinks.
|
| 1.18 |
| 13-Feb-2003 |
jhawk | Document check_passwd_nowarn_shells, check_passwd_nowarn_users, and
check_passwd_permit_star; really the HISTORY section is kind of long in
the tooth.
|
| 1.17 |
| 18-Jan-2003 |
grant | Fix some typos. From Igor Sobrado in PR pkg/19907.
While I'm here, new sentence, new line.
|
| 1.16 |
| 15-Oct-2001 |
lukem | - expand check_homes description
- check_disklabels now backs up fdisk output if /sbin/fdisk exists
- expand check_mtree description
- s/pkg_dbdir/pkgdb_dir/
|
| 1.15 |
| 01-Oct-2001 |
atatat | Man page updates to cover recent work and work that I did before I
realized there was a man page for this stuff.
|
| 1.14 |
| 11-Sep-2001 |
wiz | Sort SEE ALSO correctly; trade empty lines for .Pp; drop superfluous .Pp's;
correct oder of sections; even comment in some .Xr's in one case.
|
| 1.13 |
| 08-Sep-2001 |
wiz | Whitespace/punctuation fixes.
|
| 1.12 |
| 15-Mar-2001 |
hubertf | Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's
some risk that the users don't get warned if an admin turns off running
/etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
| 1.11 |
| 11-Feb-2001 |
jdolecek | Introduce max_grouplen - this determines the maximum permitted length
of group names, similarily to max_loginlen
|
| 1.10 |
| 09-Jan-2001 |
abs | Add a new variable 'backup_dir', which can be used to change the backup
directory from /var/backup (useful for those of us who have a separate /var
and would like to have our backup disklabels on the root filesystem).
Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
| 1.9 |
| 26-May-2000 |
ad | We may as well allow local additions to /etc/security, since it gets done
for the other periodic checks.
|
| 1.8 |
| 05-May-2000 |
itojun | check /etc/mail/aliases on check_aliases.
/etc/aliases will be checked as well, if exists (for backward compatibility).
|
| 1.7 |
| 24-Apr-2000 |
fair | Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
| 1.6 |
| 17-Mar-1999 |
garbled | More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages. Many more to
come.
|
| 1.5 |
| 18-Feb-1999 |
abs | Handle + in master.passwd (From PR#4802).
Also, handle + in group and allow max_loginlen to be configurable.
|
| 1.4 |
| 25-Aug-1998 |
lukem | document check_disklabels
|
| 1.3 |
| 10-Oct-1997 |
mrg | remove advertising clause from all my licenses.
|
| 1.2 |
| 01-Jul-1997 |
rat | 'backsups' --> 'backups'
|
| 1.1 |
| 05-Jan-1997 |
mrg | add man pages for mostly new and some old configuration files.
|
| 1.29.6.1 |
| 19-Jun-2006 |
chap | Sync with head.
|
| 1.29.2.2 |
| 12-Jul-2006 |
tron | Pull up following revision(s) (requested by lukem in ticket #1377):
share/man/man5/security.conf.5: revision 1.31
Improve documentation for ! in check_devices_ignore_paths.
|
| 1.29.2.1 |
| 12-Jul-2006 |
tron | Pull up following revision(s) (requested by lukem in ticket #1377):
etc/security: revision 1.98
share/man/man5/security.conf.5: revision 1.30 by patch
etc/defaults/security.conf: revision 1.18
Implement check_devices_ignore_paths, which is a list of paths to
avoid traversing during check_devices.
|
| 1.31.18.1 |
| 02-Jun-2008 |
mjf | Sync with HEAD.
|
| 1.32.4.1 |
| 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.32.2.1 |
| 04-Jun-2008 |
yamt | sync with head
|
| 1.37.6.2 |
| 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.37.6.1 |
| 17-Apr-2012 |
yamt | sync with head
|
| 1.39.2.1 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.40.26.1 |
| 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.43.8.1 |
| 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.43.6.1 |
| 17-Nov-2024 |
martin | Pull up following revision(s) (requested by plunky in ticket #1006):
share/man/man5/security.conf.5: revision 1.44
default backup_dir is actually /var/backup*s*
|
