xref: /src/etc/mtree/special

#	$NetBSD: special,v 1.63 2002/09/03 00:56:09 wiz Exp $
#	@(#)special	8.2 (Berkeley) 1/23/94
#
# Hand-crafted mtree specification for the dangerous files.
#
# /etc/security checks:
#	- All of these are checked if $check_mtree is enabled.
#	- Files with "nodiff" tags are highlighted if they change.
#	- Files without "nodiff" or "exclude" tags are displayed
#	  with diff(1)s if $check_changelist is enabled.
#

/set uname=root gname=wheel

.				type=dir  mode=0755

./dev				type=dir  mode=0755
./dev/drum			type=char mode=0640 gname=kmem
./dev/fd			type=dir  mode=0755 ignore
./dev/kmem			type=char mode=0640 gname=kmem
./dev/mem			type=char mode=0640 gname=kmem

./etc				type=dir  mode=0755
./etc/Distfile			type=file mode=0644 optional
./etc/amd			type=dir  mode=0755 optional
./etc/apm			type=dir  mode=0755 optional
./etc/bootparams		type=file mode=0644 optional
./etc/bootptab			type=file mode=0644 optional
./etc/ccd.conf			type=file mode=0644 optional
./etc/changelist		type=file mode=0644
./etc/crontab			type=file mode=0644 optional
./etc/csh.cshrc			type=file mode=0644
./etc/csh.login			type=file mode=0644
./etc/csh.logout		type=file mode=0644
./etc/daily			type=file mode=0644
./etc/daily.conf		type=file mode=0644
./etc/daily.local		type=file mode=0644 optional
./etc/defaultdomain		type=file mode=0644 optional
./etc/defaults			type=dir  mode=0755
./etc/defaults/daily.conf	type=file mode=0444
./etc/defaults/monthly.conf	type=file mode=0444
./etc/defaults/rc.conf		type=file mode=0444
./etc/defaults/security.conf	type=file mode=0444
./etc/defaults/weekly.conf	type=file mode=0444
./etc/dhclient-enter-hooks	type=file mode=0644 optional
./etc/dhclient-exit-hooks	type=file mode=0644 optional
./etc/dhclient.conf		type=file mode=0644 optional
./etc/dhcpd.conf		type=file mode=0644 optional
./etc/disktab			type=file mode=0644
./etc/dm.conf			type=file mode=0644
./etc/dumpdates			type=file mode=0664 gname=operator optional tags=exclude
./etc/ethers			type=file mode=0644 optional
./etc/exports			type=file mode=0644 optional
./etc/floppytab			type=file mode=0644
./etc/fstab			type=file mode=0644
./etc/ftpchroot			type=file mode=0644
./etc/ftpd.conf			type=file mode=0644 optional
./etc/ftpusers			type=file mode=0644
./etc/ftpwelcome		type=file mode=0644 optional
./etc/gateways			type=file mode=0644 optional
./etc/gettytab			type=file mode=0644
./etc/group			type=file mode=0644
./etc/hesiod.conf		type=file mode=0644 optional
./etc/hosts			type=file mode=0644
./etc/hosts.allow		type=file mode=0644 optional
./etc/hosts.deny		type=file mode=0644 optional
./etc/hosts.equiv		type=file mode=0600 optional
./etc/hosts.lpd			type=file mode=0644 optional
./etc/ifaliases			type=file mode=0644 optional
./etc/inetd.conf		type=file mode=0644
./etc/ipf.conf			type=file mode=0644 optional
./etc/ipf6.conf			type=file mode=0644 optional
./etc/ipnat.conf		type=file mode=0644 optional
./etc/ipsec.conf		type=file mode=0644 optional
./etc/kerberosIV		type=dir  mode=0755 ignore optional
./etc/ld.so.conf		type=file mode=0644 optional
./etc/lkm.conf			type=file mode=0644 optional
./etc/localtime			type=link mode=0755
./etc/login.conf		type=file mode=0644 optional
./etc/mail			type=dir  mode=0755
./etc/mail/aliases		type=file mode=0644
./etc/mail/aliases.db		type=file mode=0644 tags=exclude
./etc/mail/helpfile		type=file mode=0444
./etc/mail/local-host-names	type=file mode=0644 optional
./etc/mail/sendmail.cf		type=file mode=0444
./etc/mail.rc			type=file mode=0644
./etc/mailer.conf		type=file mode=0644
./etc/man.conf			type=file mode=0644
./etc/master.passwd		type=file mode=0600 tags=nodiff
./etc/mk.conf			type=file mode=0644 optional
./etc/moduli			type=file mode=0444
./etc/monthly			type=file mode=0644
./etc/monthly.conf		type=file mode=0644
./etc/monthly.local		type=file mode=0644 optional
./etc/mrouted.conf		type=file mode=0644
./etc/mtree			type=dir  mode=0755
./etc/mtree/special		type=file mode=0444
./etc/mtree/special.local	type=file mode=0644 optional
./etc/mygate			type=file mode=0644 optional
./etc/myname			type=file mode=0644 optional
./etc/named.conf		type=file mode=0644 optional
./etc/namedb			type=dir  mode=0755
./etc/netconfig			type=file mode=0644
./etc/netgroup			type=file mode=0644 optional
./etc/netgroup.db		type=file mode=0644 optional tags=exclude
./etc/netstart.local		type=file mode=0644 optional
./etc/networks			type=file mode=0644
./etc/newsyslog.conf		type=file mode=0644
./etc/nsswitch.conf		type=file mode=0644
./etc/ntp.conf			type=file mode=0644 optional
./etc/passwd			type=file mode=0644
./etc/passwd.conf		type=file mode=0644 optional
./etc/phones			type=file mode=0644
./etc/postfix			type=dir  mode=0755 uname=root gname=wheel optional
./etc/postfix/main.cf		type=file mode=0444 uname=root gname=wheel optional
./etc/postfix/master.cf		type=file mode=0444 uname=root gname=wheel optional
./etc/postfix/postfix-script	type=file mode=0555 uname=root gname=wheel optional
./etc/postinstall		type=file mode=0555 optional
./etc/ppp			type=dir  mode=0755 optional
./etc/ppp/options		type=file mode=0644 optional
./etc/printcap			type=file mode=0644
./etc/profile			type=file mode=0644
./etc/protocols			type=file mode=0644
./etc/rbootd.conf		type=file mode=0644 optional
./etc/rc			type=file mode=0644
./etc/rc.conf			type=file mode=0644
./etc/rc.d			type=dir  mode=0755
./etc/rc.d/DAEMON		type=file mode=0555
./etc/rc.d/LOGIN		type=file mode=0555
./etc/rc.d/NETWORKING		type=file mode=0555
./etc/rc.d/SERVERS		type=file mode=0555
./etc/rc.d/accounting		type=file mode=0555
./etc/rc.d/altqd		type=file mode=0555
./etc/rc.d/amd			type=file mode=0555
./etc/rc.d/apmd			type=file mode=0555
./etc/rc.d/bootconf.sh		type=file mode=0555
./etc/rc.d/bootparams		type=file mode=0555
./etc/rc.d/ccd			type=file mode=0555
./etc/rc.d/cleartmp		type=file mode=0555
./etc/rc.d/cron			type=file mode=0555
./etc/rc.d/dhclient		type=file mode=0555
./etc/rc.d/dhcpd		type=file mode=0555
./etc/rc.d/dhcrelay		type=file mode=0555
./etc/rc.d/dmesg		type=file mode=0555
./etc/rc.d/downinterfaces	type=file mode=0555
./etc/rc.d/fsck			type=file mode=0555
./etc/rc.d/inetd		type=file mode=0555
./etc/rc.d/ipfilter		type=file mode=0555
./etc/rc.d/ipmon		type=file mode=0555
./etc/rc.d/ipnat		type=file mode=0555
./etc/rc.d/ipsec		type=file mode=0555
./etc/rc.d/isdnd		type=file mode=0555
./etc/rc.d/kdc			type=file mode=0555
./etc/rc.d/ldconfig		type=file mode=0555
./etc/rc.d/lkm1			type=file mode=0555
./etc/rc.d/lkm2			type=file mode=0555
./etc/rc.d/lkm3			type=file mode=0555
./etc/rc.d/local		type=file mode=0555
./etc/rc.d/lpd			type=file mode=0555
./etc/rc.d/mixerctl		type=file mode=0555
./etc/rc.d/mopd			type=file mode=0555
./etc/rc.d/motd			type=file mode=0555
./etc/rc.d/mountall		type=file mode=0555
./etc/rc.d/mountcritlocal	type=file mode=0555
./etc/rc.d/mountcritremote	type=file mode=0555
./etc/rc.d/mountd		type=file mode=0555
./etc/rc.d/mrouted		type=file mode=0555
./etc/rc.d/named		type=file mode=0555
./etc/rc.d/ndbootd		type=file mode=0555
./etc/rc.d/network		type=file mode=0555
./etc/rc.d/newsyslog		type=file mode=0555
./etc/rc.d/nfsd			type=file mode=0555
./etc/rc.d/nfslocking		type=file mode=0555
./etc/rc.d/ntpd			type=file mode=0555
./etc/rc.d/ntpdate		type=file mode=0555
./etc/rc.d/poffd		type=file mode=0555
./etc/rc.d/postfix		type=file mode=0555
./etc/rc.d/ppp			type=file mode=0555
./etc/rc.d/pwcheck		type=file mode=0555
./etc/rc.d/quota		type=file mode=0555
./etc/rc.d/racoon		type=file mode=0555
./etc/rc.d/raidframe		type=file mode=0555
./etc/rc.d/rarpd		type=file mode=0555
./etc/rc.d/rbootd		type=file mode=0555
./etc/rc.d/root			type=file mode=0555
./etc/rc.d/route6d		type=file mode=0555
./etc/rc.d/routed		type=file mode=0555
./etc/rc.d/rpcbind		type=file mode=0555
./etc/rc.d/rtadvd		type=file mode=0555
./etc/rc.d/rtsold		type=file mode=0555
./etc/rc.d/rwho			type=file mode=0555
./etc/rc.d/savecore		type=file mode=0555
./etc/rc.d/screenblank		type=file mode=0555
./etc/rc.d/securelevel		type=file mode=0555
./etc/rc.d/sendmail		type=file mode=0555
./etc/rc.d/sshd			type=file mode=0555
./etc/rc.d/swap1		type=file mode=0555
./etc/rc.d/swap2		type=file mode=0555
./etc/rc.d/sysctl		type=file mode=0555
./etc/rc.d/sysdb		type=file mode=0555
./etc/rc.d/syslogd		type=file mode=0555
./etc/rc.d/timed		type=file mode=0555
./etc/rc.d/ttys			type=file mode=0555
./etc/rc.d/virecover		type=file mode=0555
./etc/rc.d/wdogctl		type=file mode=0555
./etc/rc.d/wscons		type=file mode=0555
./etc/rc.d/wsmoused		type=file mode=0555
./etc/rc.d/xdm			type=file mode=0555
./etc/rc.d/xfs			type=file mode=0555
./etc/rc.d/ypbind		type=file mode=0555
./etc/rc.d/yppasswdd		type=file mode=0555
./etc/rc.d/ypserv		type=file mode=0555
./etc/rc.lkm			type=file mode=0644
./etc/rc.local			type=file mode=0644 optional
./etc/rc.shutdown		type=file mode=0644
./etc/rc.shutdown.local		type=file mode=0644 optional
./etc/rc.subr			type=file mode=0644
./etc/remote			type=file mode=0644
./etc/resolv.conf		type=file mode=0644 optional
./etc/rpc			type=file mode=0644
./etc/rtadvd.conf		type=file mode=0644 optional
./etc/security			type=file mode=0644
./etc/security.conf		type=file mode=0644
./etc/security.local		type=file mode=0644 optional
./etc/services			type=file mode=0644
./etc/shells			type=file mode=0644
./etc/shosts.equiv		type=file mode=0600 optional
./etc/spwd.db			type=file mode=0600 tags=exclude
./etc/ssh			type=dir  mode=0755 optional
./etc/ssh/ssh_config		type=file mode=0644 optional
./etc/ssh/ssh_host_dsa_key	type=file mode=0600 optional tags=nodiff
./etc/ssh/ssh_host_dsa_key.pub	type=file mode=0644 optional
./etc/ssh/ssh_host_key		type=file mode=0600 optional tags=nodiff
./etc/ssh/ssh_host_key.pub	type=file mode=0644 optional
./etc/ssh/ssh_host_rsa_key	type=file mode=0600 optional tags=nodiff
./etc/ssh/ssh_host_rsa_key.pub	type=file mode=0644 optional
./etc/ssh/ssh_known_hosts	type=file mode=0644 optional
./etc/ssh/ssh_known_hosts2	type=file mode=0644 optional
./etc/ssh/sshd_config		type=file mode=0644 optional
./etc/sysctl.conf		type=file mode=0644
./etc/syslog.conf		type=file mode=0644
./etc/ttyaction			type=file mode=0644 optional
./etc/ttys			type=file mode=0644
./etc/usermgmt.conf		type=file mode=0644 optional
./etc/weekly			type=file mode=0644
./etc/weekly.conf		type=file mode=0644
./etc/weekly.local		type=file mode=0644 optional
./etc/wscons.conf		type=file mode=0644

./root				type=dir  mode=0755
./root/.cshrc			type=file mode=0644
./root/.klogin			type=file mode=0600 optional
./root/.login			type=file mode=0644
./root/.profile			type=file mode=0644
./root/.rhosts			type=file mode=0600 optional
./root/.shosts			type=file mode=0600 optional
./root/.ssh			type=dir  mode=0700 optional
./root/.ssh/authorized_keys	type=file mode=0600 optional
./root/.ssh/authorized_keys2	type=file mode=0600 optional
./root/.ssh/config		type=file mode=0644 optional
./root/.ssh/id_dsa		type=file mode=0600 optional tags=nodiff
./root/.ssh/id_dsa.pub		type=file mode=0644 optional
./root/.ssh/id_rsa		type=file mode=0600 optional tags=nodiff
./root/.ssh/id_rsa.pub		type=file mode=0644 optional
./root/.ssh/identity		type=file mode=0600 optional tags=nodiff
./root/.ssh/identity.pub	type=file mode=0644 optional
./root/.ssh/known_hosts		type=file mode=0644 optional
./root/.ssh/known_hosts2	type=file mode=0644 optional

./sbin				type=dir  mode=0755 ignore

./usr				type=dir  mode=0755
./usr/bin			type=dir  mode=0755 ignore
./usr/games			type=dir  mode=0755 optional
./usr/games/hide		type=dir  mode=0750 gname=games ignore optional
./usr/include			type=dir  mode=0755 ignore
./usr/lib			type=dir  mode=0755 ignore
./usr/libdata			type=dir  mode=0755 ignore
./usr/libexec			type=dir  mode=0755 ignore
./usr/local			type=dir  mode=0755
./usr/local/bin			type=dir  mode=0755 ignore
./usr/local/lib			type=dir  mode=0755 ignore
./usr/pkg			type=dir  mode=0755 ignore optional
./usr/sbin			type=dir  mode=0755 ignore
./usr/share			type=dir  mode=0755 ignore

./var				type=dir  mode=0755
./var/account			type=dir  mode=0755
./var/account/acct		type=file mode=0644 optional tags=exclude
./var/at			type=dir  mode=0755 ignore
./var/backups			type=dir  mode=0755 ignore
./var/cron			type=dir  mode=0755
./var/cron/tabs			type=dir  mode=0700
./var/cron/tabs/root		type=file mode=0600
./var/db			type=dir  mode=0755
./var/db/kvm.db			type=file mode=0644 tags=exclude
./var/log			type=dir  mode=0755
./var/log/authlog		type=file mode=0600 optional tags=exclude
./var/log/wtmp			type=file mode=0644 tags=exclude
./var/mail			type=dir  mode=1777 ignore
./var/preserve			type=dir  mode=0755 ignore
./var/run			type=dir  mode=0755
./var/run/utmp			type=file mode=0664 gname=utmp tags=exclude
./var/run/utmpx			type=file mode=0664 gname=utmp tags=exclude
./var/spool			type=dir  mode=0755
./var/spool/ftp			type=dir  mode=0755 optional
./var/spool/ftp/bin		type=dir  mode=0755 optional
./var/spool/ftp/bin/ls		type=file mode=0555 optional
./var/spool/ftp/etc		type=dir  mode=0755 optional
./var/spool/ftp/etc/group		type=file mode=0644 optional
./var/spool/ftp/etc/localtime		type=file mode=0644 optional
./var/spool/ftp/etc/master.passwd	type=file mode=0600 optional
./var/spool/ftp/etc/passwd		type=file mode=0644 optional
./var/spool/ftp/hidden		type=dir  mode=0111 ignore optional
./var/spool/ftp/pub		type=dir  mode=0775 ignore optional
./var/spool/mqueue		type=dir  mode=0755 ignore
./var/spool/output		type=dir  mode=0755 ignore
./var/spool/uucp		type=dir  mode=0755 uname=uucp gname=daemon ignore optional
./var/spool/uucppublic		type=dir  mode=1777 uname=uucp gname=daemon ignore optional
./var/yp			type=dir  mode=0755
./var/yp/Makefile		type=file mode=0644 optional