special revision 1.52
11.52Swiz# $NetBSD: special,v 1.52 2002/02/24 17:17:48 wiz Exp $ 21.1Scgd# @(#)special 8.2 (Berkeley) 1/23/94 31.1Scgd# 41.1Scgd# Hand-crafted mtree specification for the dangerous files. 51.1Scgd# 61.47Slukem# /etc/security checks: 71.47Slukem# - All of these are checked if $check_mtree is enabled. 81.49Slukem# - Files with "nodiff" tags are highlighted if they change. 91.49Slukem# - Files without "nodiff" or "exclude" tags are displayed 101.47Slukem# with diff(1)s if $check_changelist is enabled. 111.47Slukem# 121.1Scgd 131.46Slukem/set uname=root gname=wheel 141.1Scgd 151.46Slukem. type=dir mode=0755 161.1Scgd 171.46Slukem./dev type=dir mode=0755 181.46Slukem./dev/drum type=char mode=0640 gname=kmem 191.46Slukem./dev/fd type=dir mode=0755 ignore 201.46Slukem./dev/kmem type=char mode=0640 gname=kmem 211.46Slukem./dev/mem type=char mode=0640 gname=kmem 221.1Scgd 231.46Slukem./etc type=dir mode=0755 241.46Slukem./etc/Distfile type=file mode=0644 optional 251.46Slukem./etc/amd type=dir mode=0755 optional 261.46Slukem./etc/apm type=dir mode=0755 optional 271.46Slukem./etc/bootparams type=file mode=0644 optional 281.46Slukem./etc/bootptab type=file mode=0644 optional 291.46Slukem./etc/ccd.conf type=file mode=0644 optional 301.48Slukem./etc/changelist type=file mode=0644 311.46Slukem./etc/crontab type=file mode=0644 optional 321.46Slukem./etc/csh.cshrc type=file mode=0644 331.46Slukem./etc/csh.login type=file mode=0644 341.46Slukem./etc/csh.logout type=file mode=0644 351.46Slukem./etc/daily type=file mode=0644 361.46Slukem./etc/daily.conf type=file mode=0644 371.46Slukem./etc/daily.local type=file mode=0644 optional 381.46Slukem./etc/defaultdomain type=file mode=0644 optional 391.46Slukem./etc/defaults type=dir mode=0755 401.46Slukem./etc/defaults/daily.conf type=file mode=0444 411.46Slukem./etc/defaults/monthly.conf type=file mode=0444 421.46Slukem./etc/defaults/rc.conf type=file mode=0444 431.46Slukem./etc/defaults/security.conf type=file mode=0444 441.46Slukem./etc/defaults/weekly.conf type=file mode=0444 451.46Slukem./etc/dhclient-enter-hooks type=file mode=0644 optional 461.46Slukem./etc/dhclient-exit-hooks type=file mode=0644 optional 471.46Slukem./etc/dhclient.conf type=file mode=0644 optional 481.46Slukem./etc/dhcpd.conf type=file mode=0644 optional 491.46Slukem./etc/disktab type=file mode=0644 501.46Slukem./etc/dm.conf type=file mode=0644 511.46Slukem./etc/dumpdates type=file mode=0664 gname=operator optional 521.46Slukem./etc/ethers type=file mode=0644 optional 531.46Slukem./etc/exports type=file mode=0644 optional 541.46Slukem./etc/floppytab type=file mode=0644 551.46Slukem./etc/fstab type=file mode=0644 561.46Slukem./etc/ftpchroot type=file mode=0644 571.46Slukem./etc/ftpd.conf type=file mode=0644 optional 581.46Slukem./etc/ftpusers type=file mode=0644 591.46Slukem./etc/ftpwelcome type=file mode=0644 optional 601.46Slukem./etc/gateways type=file mode=0644 optional 611.46Slukem./etc/gettytab type=file mode=0644 621.46Slukem./etc/group type=file mode=0644 631.46Slukem./etc/hesiod.conf type=file mode=0644 optional 641.46Slukem./etc/hosts type=file mode=0644 651.46Slukem./etc/hosts.allow type=file mode=0644 optional 661.46Slukem./etc/hosts.deny type=file mode=0644 optional 671.46Slukem./etc/hosts.equiv type=file mode=0600 optional 681.46Slukem./etc/hosts.lpd type=file mode=0644 optional 691.46Slukem./etc/ifaliases type=file mode=0644 optional 701.46Slukem./etc/inetd.conf type=file mode=0644 711.46Slukem./etc/ipf.conf type=file mode=0644 optional 721.51Sveego./etc/ipf6.conf type=file mode=0644 optional 731.46Slukem./etc/ipnat.conf type=file mode=0644 optional 741.46Slukem./etc/ipsec.conf type=file mode=0644 optional 751.46Slukem./etc/kerberosIV type=dir mode=0755 ignore optional 761.46Slukem./etc/ld.so.conf type=file mode=0644 optional 771.46Slukem./etc/lkm.conf type=file mode=0644 optional 781.46Slukem./etc/localtime type=link mode=0755 791.46Slukem./etc/login.conf type=file mode=0644 optional 801.46Slukem./etc/mail type=dir mode=0755 811.46Slukem./etc/mail/aliases type=file mode=0644 821.47Slukem./etc/mail/aliases.db type=file mode=0644 tags=exclude 831.46Slukem./etc/mail/helpfile type=file mode=0444 841.46Slukem./etc/mail/local-host-names type=file mode=0644 optional 851.46Slukem./etc/mail/sendmail.cf type=file mode=0444 861.46Slukem./etc/mail.rc type=file mode=0644 871.46Slukem./etc/mailer.conf type=file mode=0644 881.46Slukem./etc/man.conf type=file mode=0644 891.49Slukem./etc/master.passwd type=file mode=0600 tags=nodiff 901.52Swiz./etc/mk.conf type=file mode=0644 optional 911.46Slukem./etc/moduli type=file mode=0444 921.46Slukem./etc/monthly type=file mode=0644 931.46Slukem./etc/monthly.conf type=file mode=0644 941.46Slukem./etc/monthly.local type=file mode=0644 optional 951.46Slukem./etc/mrouted.conf type=file mode=0644 961.46Slukem./etc/mtree type=dir mode=0755 971.46Slukem./etc/mtree/special type=file mode=0444 981.47Slukem./etc/mtree/special.local type=file mode=0644 optional 991.46Slukem./etc/mygate type=file mode=0644 optional 1001.46Slukem./etc/myname type=file mode=0644 optional 1011.46Slukem./etc/named.conf type=file mode=0644 optional 1021.46Slukem./etc/namedb type=dir mode=0755 1031.46Slukem./etc/netconfig type=file mode=0644 1041.46Slukem./etc/netgroup type=file mode=0644 optional 1051.47Slukem./etc/netgroup.db type=file mode=0644 optional tags=exclude 1061.46Slukem./etc/netstart.local type=file mode=0644 optional 1071.46Slukem./etc/networks type=file mode=0644 1081.46Slukem./etc/newsyslog.conf type=file mode=0644 1091.46Slukem./etc/nsswitch.conf type=file mode=0644 1101.46Slukem./etc/ntp.conf type=file mode=0644 optional 1111.46Slukem./etc/passwd type=file mode=0644 1121.46Slukem./etc/passwd.conf type=file mode=0644 optional 1131.46Slukem./etc/phones type=file mode=0644 1141.46Slukem./etc/ppp type=dir mode=0755 optional 1151.46Slukem./etc/ppp/options type=file mode=0644 optional 1161.46Slukem./etc/printcap type=file mode=0644 1171.46Slukem./etc/profile type=file mode=0644 1181.46Slukem./etc/protocols type=file mode=0644 1191.46Slukem./etc/rbootd.conf type=file mode=0644 optional 1201.46Slukem./etc/rc type=file mode=0644 1211.46Slukem./etc/rc.conf type=file mode=0644 1221.46Slukem./etc/rc.d type=dir mode=0755 1231.46Slukem./etc/rc.d/DAEMON type=file mode=0555 1241.46Slukem./etc/rc.d/LOGIN type=file mode=0555 1251.50Sveego./etc/rc.d/NETWORKING type=file mode=0555 1261.46Slukem./etc/rc.d/SERVERS type=file mode=0555 1271.46Slukem./etc/rc.d/accounting type=file mode=0555 1281.46Slukem./etc/rc.d/altqd type=file mode=0555 1291.46Slukem./etc/rc.d/amd type=file mode=0555 1301.46Slukem./etc/rc.d/apmd type=file mode=0555 1311.46Slukem./etc/rc.d/bootconf.sh type=file mode=0555 1321.46Slukem./etc/rc.d/bootparams type=file mode=0555 1331.46Slukem./etc/rc.d/ccd type=file mode=0555 1341.46Slukem./etc/rc.d/cleartmp type=file mode=0555 1351.46Slukem./etc/rc.d/cron type=file mode=0555 1361.46Slukem./etc/rc.d/dhclient type=file mode=0555 1371.46Slukem./etc/rc.d/dhcpd type=file mode=0555 1381.46Slukem./etc/rc.d/dhcrelay type=file mode=0555 1391.46Slukem./etc/rc.d/dmesg type=file mode=0555 1401.46Slukem./etc/rc.d/downinterfaces type=file mode=0555 1411.46Slukem./etc/rc.d/fsck type=file mode=0555 1421.46Slukem./etc/rc.d/inetd type=file mode=0555 1431.46Slukem./etc/rc.d/ipfilter type=file mode=0555 1441.46Slukem./etc/rc.d/ipmon type=file mode=0555 1451.46Slukem./etc/rc.d/ipnat type=file mode=0555 1461.46Slukem./etc/rc.d/ipsec type=file mode=0555 1471.46Slukem./etc/rc.d/isdnd type=file mode=0555 1481.46Slukem./etc/rc.d/kdc type=file mode=0555 1491.46Slukem./etc/rc.d/ldconfig type=file mode=0555 1501.46Slukem./etc/rc.d/lkm1 type=file mode=0555 1511.46Slukem./etc/rc.d/lkm2 type=file mode=0555 1521.46Slukem./etc/rc.d/lkm3 type=file mode=0555 1531.46Slukem./etc/rc.d/local type=file mode=0555 1541.46Slukem./etc/rc.d/lpd type=file mode=0555 1551.46Slukem./etc/rc.d/mopd type=file mode=0555 1561.46Slukem./etc/rc.d/motd type=file mode=0555 1571.46Slukem./etc/rc.d/mountall type=file mode=0555 1581.46Slukem./etc/rc.d/mountcritlocal type=file mode=0555 1591.46Slukem./etc/rc.d/mountcritremote type=file mode=0555 1601.46Slukem./etc/rc.d/mountd type=file mode=0555 1611.46Slukem./etc/rc.d/mrouted type=file mode=0555 1621.46Slukem./etc/rc.d/named type=file mode=0555 1631.46Slukem./etc/rc.d/ndbootd type=file mode=0555 1641.46Slukem./etc/rc.d/network type=file mode=0555 1651.46Slukem./etc/rc.d/newsyslog type=file mode=0555 1661.46Slukem./etc/rc.d/nfsd type=file mode=0555 1671.46Slukem./etc/rc.d/nfslocking type=file mode=0555 1681.46Slukem./etc/rc.d/ntpd type=file mode=0555 1691.46Slukem./etc/rc.d/ntpdate type=file mode=0555 1701.46Slukem./etc/rc.d/poffd type=file mode=0555 1711.46Slukem./etc/rc.d/postfix type=file mode=0555 1721.46Slukem./etc/rc.d/ppp type=file mode=0555 1731.46Slukem./etc/rc.d/pwcheck type=file mode=0555 1741.46Slukem./etc/rc.d/quota type=file mode=0555 1751.46Slukem./etc/rc.d/racoon type=file mode=0555 1761.46Slukem./etc/rc.d/raidframe type=file mode=0555 1771.46Slukem./etc/rc.d/rarpd type=file mode=0555 1781.46Slukem./etc/rc.d/rbootd type=file mode=0555 1791.46Slukem./etc/rc.d/root type=file mode=0555 1801.46Slukem./etc/rc.d/route6d type=file mode=0555 1811.46Slukem./etc/rc.d/routed type=file mode=0555 1821.46Slukem./etc/rc.d/rpcbind type=file mode=0555 1831.46Slukem./etc/rc.d/rtadvd type=file mode=0555 1841.46Slukem./etc/rc.d/rtsold type=file mode=0555 1851.46Slukem./etc/rc.d/rwho type=file mode=0555 1861.46Slukem./etc/rc.d/savecore type=file mode=0555 1871.46Slukem./etc/rc.d/screenblank type=file mode=0555 1881.46Slukem./etc/rc.d/securelevel type=file mode=0555 1891.46Slukem./etc/rc.d/sendmail type=file mode=0555 1901.46Slukem./etc/rc.d/sshd type=file mode=0555 1911.46Slukem./etc/rc.d/swap1 type=file mode=0555 1921.46Slukem./etc/rc.d/swap2 type=file mode=0555 1931.46Slukem./etc/rc.d/sysctl type=file mode=0555 1941.46Slukem./etc/rc.d/sysdb type=file mode=0555 1951.46Slukem./etc/rc.d/syslogd type=file mode=0555 1961.46Slukem./etc/rc.d/timed type=file mode=0555 1971.46Slukem./etc/rc.d/ttys type=file mode=0555 1981.46Slukem./etc/rc.d/virecover type=file mode=0555 1991.46Slukem./etc/rc.d/wscons type=file mode=0555 2001.46Slukem./etc/rc.d/xdm type=file mode=0555 2011.46Slukem./etc/rc.d/xfs type=file mode=0555 2021.46Slukem./etc/rc.d/ypbind type=file mode=0555 2031.46Slukem./etc/rc.d/yppasswdd type=file mode=0555 2041.46Slukem./etc/rc.d/ypserv type=file mode=0555 2051.46Slukem./etc/rc.lkm type=file mode=0644 2061.46Slukem./etc/rc.local type=file mode=0644 optional 2071.46Slukem./etc/rc.shutdown type=file mode=0644 2081.46Slukem./etc/rc.shutdown.local type=file mode=0644 optional 2091.46Slukem./etc/rc.subr type=file mode=0644 2101.46Slukem./etc/remote type=file mode=0644 2111.46Slukem./etc/resolv.conf type=file mode=0644 optional 2121.46Slukem./etc/rpc type=file mode=0644 2131.46Slukem./etc/rtadvd.conf type=file mode=0644 optional 2141.46Slukem./etc/security type=file mode=0644 2151.46Slukem./etc/security.conf type=file mode=0644 2161.46Slukem./etc/security.local type=file mode=0644 optional 2171.46Slukem./etc/services type=file mode=0644 2181.46Slukem./etc/shells type=file mode=0644 2191.47Slukem./etc/shosts.equiv type=file mode=0600 optional 2201.47Slukem./etc/spwd.db type=file mode=0600 tags=exclude 2211.46Slukem./etc/ssh.conf type=file mode=0644 optional 2221.49Slukem./etc/ssh_host_dsa_key type=file mode=0600 optional tags=nodiff 2231.46Slukem./etc/ssh_host_dsa_key.pub type=file mode=0644 optional 2241.49Slukem./etc/ssh_host_key type=file mode=0600 optional tags=nodiff 2251.46Slukem./etc/ssh_host_key.pub type=file mode=0644 optional 2261.49Slukem./etc/ssh_host_rsa_key type=file mode=0600 optional tags=nodiff 2271.46Slukem./etc/ssh_host_rsa_key.pub type=file mode=0644 optional 2281.46Slukem./etc/ssh_known_hosts type=file mode=0644 optional 2291.46Slukem./etc/ssh_known_hosts2 type=file mode=0644 optional 2301.46Slukem./etc/sshd.conf type=file mode=0644 optional 2311.46Slukem./etc/sysctl.conf type=file mode=0644 2321.46Slukem./etc/syslog.conf type=file mode=0644 2331.46Slukem./etc/ttyaction type=file mode=0644 optional 2341.46Slukem./etc/ttys type=file mode=0644 2351.46Slukem./etc/usermgmt.conf type=file mode=0644 optional 2361.46Slukem./etc/weekly type=file mode=0644 2371.46Slukem./etc/weekly.conf type=file mode=0644 2381.46Slukem./etc/weekly.local type=file mode=0644 optional 2391.46Slukem./etc/wscons.conf type=file mode=0644 2401.1Scgd 2411.46Slukem./root type=dir mode=0755 2421.46Slukem./root/.cshrc type=file mode=0644 2431.46Slukem./root/.klogin type=file mode=0600 optional 2441.46Slukem./root/.login type=file mode=0644 2451.46Slukem./root/.profile type=file mode=0644 2461.46Slukem./root/.rhosts type=file mode=0600 optional 2471.47Slukem./root/.shosts type=file mode=0600 optional 2481.47Slukem./root/.ssh type=dir mode=0700 optional 2491.47Slukem./root/.ssh/authorized_keys type=file mode=0600 optional 2501.47Slukem./root/.ssh/authorized_keys2 type=file mode=0600 optional 2511.47Slukem./root/.ssh/config type=file mode=0644 optional 2521.49Slukem./root/.ssh/id_dsa type=file mode=0600 optional tags=nodiff 2531.47Slukem./root/.ssh/id_dsa.pub type=file mode=0644 optional 2541.49Slukem./root/.ssh/id_rsa type=file mode=0600 optional tags=nodiff 2551.47Slukem./root/.ssh/id_rsa.pub type=file mode=0644 optional 2561.49Slukem./root/.ssh/identity type=file mode=0600 optional tags=nodiff 2571.47Slukem./root/.ssh/identity.pub type=file mode=0644 optional 2581.47Slukem./root/.ssh/known_hosts type=file mode=0644 optional 2591.47Slukem./root/.ssh/known_hosts2 type=file mode=0644 optional 2601.1Scgd 2611.46Slukem./sbin type=dir mode=0755 ignore 2621.1Scgd 2631.46Slukem./usr type=dir mode=0755 2641.46Slukem./usr/bin type=dir mode=0755 ignore 2651.46Slukem./usr/games type=dir mode=0755 optional 2661.46Slukem./usr/games/hide type=dir mode=0750 gname=games ignore optional 2671.46Slukem./usr/include type=dir mode=0755 ignore 2681.46Slukem./usr/lib type=dir mode=0755 ignore 2691.46Slukem./usr/libdata type=dir mode=0755 ignore 2701.46Slukem./usr/libexec type=dir mode=0755 ignore 2711.46Slukem./usr/local type=dir mode=0755 2721.46Slukem./usr/local/bin type=dir mode=0755 ignore 2731.46Slukem./usr/local/lib type=dir mode=0755 ignore 2741.46Slukem./usr/pkg type=dir mode=0755 ignore optional 2751.46Slukem./usr/sbin type=dir mode=0755 ignore 2761.46Slukem./usr/share type=dir mode=0755 ignore 2771.46Slukem 2781.46Slukem./var type=dir mode=0755 2791.46Slukem./var/account type=dir mode=0755 2801.47Slukem./var/account/acct type=file mode=0644 optional tags=exclude 2811.46Slukem./var/at type=dir mode=0755 ignore 2821.46Slukem./var/backups type=dir mode=0755 ignore 2831.46Slukem./var/cron type=dir mode=0755 2841.46Slukem./var/cron/tabs type=dir mode=0700 2851.46Slukem./var/cron/tabs/root type=file mode=0600 2861.46Slukem./var/db type=dir mode=0755 2871.47Slukem./var/db/kvm.db type=file mode=0644 tags=exclude 2881.46Slukem./var/log type=dir mode=0755 2891.47Slukem./var/log/authlog type=file mode=0600 optional tags=exclude 2901.47Slukem./var/log/wtmp type=file mode=0644 tags=exclude 2911.46Slukem./var/mail type=dir mode=1777 ignore 2921.46Slukem./var/preserve type=dir mode=0755 ignore 2931.46Slukem./var/run type=dir mode=0755 2941.47Slukem./var/run/utmp type=file mode=0664 gname=utmp tags=exclude 2951.46Slukem./var/spool type=dir mode=0755 2961.46Slukem./var/spool/ftp type=dir mode=0755 optional 2971.46Slukem./var/spool/ftp/bin type=dir mode=0755 optional 2981.46Slukem./var/spool/ftp/bin/ls type=file mode=0555 optional 2991.46Slukem./var/spool/ftp/etc type=dir mode=0755 optional 3001.46Slukem./var/spool/ftp/etc/group type=file mode=0644 optional 3011.46Slukem./var/spool/ftp/etc/localtime type=file mode=0644 optional 3021.46Slukem./var/spool/ftp/etc/master.passwd type=file mode=0600 optional 3031.46Slukem./var/spool/ftp/etc/passwd type=file mode=0644 optional 3041.46Slukem./var/spool/ftp/hidden type=dir mode=0111 ignore optional 3051.46Slukem./var/spool/ftp/pub type=dir mode=0775 ignore optional 3061.46Slukem./var/spool/mqueue type=dir mode=0755 ignore 3071.46Slukem./var/spool/news type=dir mode=0755 uname=news gname=news ignore optional 3081.46Slukem./var/spool/output type=dir mode=0755 ignore 3091.46Slukem./var/spool/uucp type=dir mode=0755 uname=uucp gname=daemon ignore optional 3101.46Slukem./var/spool/uucppublic type=dir mode=1777 uname=uucp gname=daemon ignore optional 3111.46Slukem./var/yp type=dir mode=0755 3121.46Slukem./var/yp/Makefile type=file mode=0644 optional 313