special revision 1.156
1# $NetBSD: special,v 1.156 2017/01/07 22:37:22 christos Exp $ 2# @(#)special 8.2 (Berkeley) 1/23/94 3# 4# This file may be overwritten on upgrades. 5# Put your custom specifications in /etc/mtree/special.local instead. 6# See security.conf(5) for details. 7 8# 9# /etc/security checks: 10# - All of these are checked if $check_mtree is enabled. 11# - Files with "nodiff" tags are highlighted if they change. 12# - Files without "nodiff" or "exclude" tags are displayed 13# with diff(1)s if $check_changelist is enabled. 14# 15 16/set uname=root gname=wheel 17 18. type=dir mode=0755 19 20./boot.cfg type=file mode=0644 optional 21 22./dev type=dir mode=0755 23./dev/drum type=char mode=0640 gname=kmem 24./dev/fd type=dir mode=0755 ignore 25./dev/kmem type=char mode=0640 gname=kmem 26./dev/mem type=char mode=0640 gname=kmem 27 28./etc type=dir mode=0755 29./etc/Distfile type=file mode=0644 optional 30./etc/amd type=dir mode=0755 optional 31./etc/apm type=dir mode=0755 optional 32./etc/blacklistd.conf type=file mode=0644 optional 33./etc/bluetooth type=dir mode=0755 34./etc/bluetooth/btattach.conf type=file mode=0644 35./etc/bluetooth/btdevctl.conf type=file mode=0644 36./etc/bluetooth/hosts type=file mode=0644 37./etc/bluetooth/protocols type=file mode=0644 38./etc/bootparams type=file mode=0644 optional 39./etc/bootptab type=file mode=0644 optional 40./etc/ccd.conf type=file mode=0644 optional 41./etc/cgd type=dir mode=0700 optional 42./etc/cgd/cgd.conf type=file mode=0600 optional tags=nodiff 43./etc/changelist type=file mode=0644 44./etc/crontab type=file mode=0644 optional 45./etc/csh.cshrc type=file mode=0644 46./etc/csh.login type=file mode=0644 47./etc/csh.logout type=file mode=0644 48./etc/daily type=file mode=0644 49./etc/daily.conf type=file mode=0644 50./etc/daily.local type=file mode=0644 optional 51./etc/defaultdomain type=file mode=0644 optional 52./etc/defaults type=dir mode=0755 53./etc/defaults/daily.conf type=file mode=0444 54./etc/defaults/monthly.conf type=file mode=0444 55./etc/defaults/rc.conf type=file mode=0444 56./etc/defaults/security.conf type=file mode=0444 57./etc/defaults/weekly.conf type=file mode=0444 58./etc/dhclient-enter-hooks type=file mode=0644 optional 59./etc/dhclient-exit-hooks type=file mode=0644 optional 60./etc/dhclient.conf type=file mode=0644 optional 61./etc/dhcpcd.conf type=file mode=0644 62./etc/dhcpcd.duid type=file mode=0644 optional 63./etc/dhcpcd.hook type=file mode=0644 optional 64./etc/dhcpd.conf type=file mode=0644 optional 65./etc/disktab type=file mode=0644 66./etc/dm.conf type=file mode=0644 67./etc/dumpdates type=file mode=0664 gname=operator optional tags=exclude 68./etc/envsys.conf type=file mode=0644 optional 69./etc/ethers type=file mode=0644 optional 70./etc/exports type=file mode=0644 optional 71./etc/floppytab type=file mode=0644 72./etc/fstab type=file mode=0644 73./etc/ftpchroot type=file mode=0644 74./etc/ftpd.conf type=file mode=0644 optional 75./etc/ftpusers type=file mode=0644 76./etc/ftpwelcome type=file mode=0644 optional 77./etc/gateways type=file mode=0644 optional 78./etc/gettytab type=file mode=0644 79./etc/gpio.conf type=file mode=0644 80./etc/group type=file mode=0644 81./etc/hesiod.conf type=file mode=0644 optional 82./etc/hosts type=file mode=0644 83./etc/hosts.allow type=file mode=0644 optional 84./etc/hosts.deny type=file mode=0644 optional 85./etc/hosts.equiv type=file mode=0600 optional tags=nodiff 86./etc/hosts.lpd type=file mode=0644 optional 87./etc/ifaliases type=file mode=0644 optional 88./etc/inetd.conf type=file mode=0644 89./etc/ipf.conf type=file mode=0644 optional 90./etc/ipf6.conf type=file mode=0644 optional 91./etc/ipnat.conf type=file mode=0644 optional 92./etc/ipsec.conf type=file mode=0600 optional tags=nodiff 93./etc/iscsi type=dir mode=0755 94./etc/iscsi/auths type=file mode=0600 tags=nodiff 95./etc/iscsi/targets type=file mode=0644 96./etc/ld.so.conf type=file mode=0644 optional 97./etc/localtime type=link mode=0755 98./etc/locate.conf type=file mode=0644 optional 99./etc/login.conf type=file mode=0644 optional 100./etc/mail type=dir mode=0755 101./etc/mail/aliases type=file mode=0644 102./etc/mail/aliases.db type=file mode=0644 optional tags=exclude 103./etc/mail.rc type=file mode=0644 104./etc/mailer.conf type=file mode=0644 105./etc/man.conf type=file mode=0644 106./etc/master.passwd type=file mode=0600 tags=nodiff 107./etc/mk.conf type=file mode=0644 optional 108./etc/moduli type=file mode=0444 109./etc/monthly type=file mode=0644 110./etc/monthly.conf type=file mode=0644 111./etc/monthly.local type=file mode=0644 optional 112./etc/mrouted.conf type=file mode=0644 113./etc/mtree type=dir mode=0755 114./etc/mtree/special type=file mode=0444 115./etc/mtree/special.local type=file mode=0644 optional 116./etc/mygate type=file mode=0644 optional 117./etc/mygate6 type=file mode=0644 optional 118./etc/myname type=file mode=0644 optional 119./etc/named.conf type=file mode=0644 optional 120./etc/namedb type=dir mode=0755 121./etc/netconfig type=file mode=0644 122./etc/netgroup type=file mode=0644 optional 123./etc/netstart.local type=file mode=0644 optional 124./etc/networks type=file mode=0644 125./etc/newsyslog.conf type=file mode=0644 126./etc/nsswitch.conf type=file mode=0644 127./etc/ntp.conf type=file mode=0644 optional 128./etc/npf.conf type=file mode=0644 optional 129./etc/pam.conf type=file mode=0644 optional 130./etc/pam.d type=dir mode=0755 131./etc/pam.d/display_manager type=file mode=0644 132./etc/pam.d/ftpd type=file mode=0644 133./etc/pam.d/gdm type=file mode=0644 134./etc/pam.d/imap type=file mode=0644 135./etc/pam.d/kde type=file mode=0644 136./etc/pam.d/login type=file mode=0644 137./etc/pam.d/other type=file mode=0644 138./etc/pam.d/passwd type=file mode=0644 139./etc/pam.d/pop3 type=file mode=0644 140./etc/pam.d/ppp type=file mode=0644 141./etc/pam.d/rexecd type=file mode=0644 142./etc/pam.d/rsh type=file mode=0644 143./etc/pam.d/sshd type=file mode=0644 144./etc/pam.d/su type=file mode=0644 145./etc/pam.d/system type=file mode=0644 146./etc/pam.d/telnetd type=file mode=0644 147./etc/pam.d/xdm type=file mode=0644 148./etc/pam.d/xserver type=file mode=0644 149./etc/passwd type=file mode=0644 150./etc/passwd.conf type=file mode=0644 optional 151./etc/pf.conf type=file mode=0644 152./etc/pf.os type=file mode=0444 153./etc/phones type=file mode=0644 154./etc/postfix type=dir mode=0755 optional 155./etc/postfix/main.cf type=file mode=0644 optional 156./etc/postfix/master.cf type=file mode=0644 optional 157./etc/powerd type=dir mode=0755 optional 158./etc/powerd/scripts type=dir mode=0755 optional 159./etc/powerd/scripts/acadapter type=file mode=0555 optional 160./etc/powerd/scripts/hotkey_button type=file mode=0555 optional 161./etc/powerd/scripts/lid_switch type=file mode=0555 optional 162./etc/powerd/scripts/power_button type=file mode=0555 optional 163./etc/powerd/scripts/reset_button type=file mode=0555 optional 164./etc/powerd/scripts/sensor_battery type=file mode=0555 optional 165./etc/powerd/scripts/sensor_drive type=file mode=0555 optional 166./etc/powerd/scripts/sensor_fan type=file mode=0555 optional 167./etc/powerd/scripts/sensor_indicator type=file mode=0555 optional 168./etc/powerd/scripts/sensor_power type=file mode=0555 optional 169./etc/powerd/scripts/sensor_resistance type=file mode=0555 optional 170./etc/powerd/scripts/sensor_temperature type=file mode=0555 optional 171./etc/powerd/scripts/sensor_voltage type=file mode=0555 optional 172./etc/powerd/scripts/sleep_button type=file mode=0555 optional 173./etc/ppp type=dir mode=0755 optional 174./etc/ppp/options type=file mode=0644 optional 175./etc/printcap type=file mode=0644 176./etc/profile type=file mode=0644 177./etc/protocols type=file mode=0644 178./etc/racoon type=dir mode=0755 optional 179./etc/racoon/racoon.conf type=file mode=0644 optional 180./etc/racoon/psk.txt type=file mode=0600 optional tags=nodiff 181./etc/rbootd.conf type=file mode=0644 optional 182./etc/rc type=file mode=0644 183./etc/rc.conf type=file mode=0644 184./etc/rc.d type=dir mode=0755 185./etc/rc.d/DAEMON type=file mode=0555 186./etc/rc.d/DISKS type=file mode=0555 187./etc/rc.d/LOGIN type=file mode=0555 188./etc/rc.d/NETWORKING type=file mode=0555 189./etc/rc.d/SERVERS type=file mode=0555 190./etc/rc.d/accounting type=file mode=0555 191./etc/rc.d/altqd type=file mode=0555 192./etc/rc.d/amd type=file mode=0555 193./etc/rc.d/apmd type=file mode=0555 194./etc/rc.d/bluetooth type=file mode=0555 195./etc/rc.d/bootconf.sh type=file mode=0555 196./etc/rc.d/bootparams type=file mode=0555 197./etc/rc.d/ccd type=file mode=0555 198./etc/rc.d/cgd type=file mode=0555 199./etc/rc.d/cleartmp type=file mode=0555 200./etc/rc.d/cron type=file mode=0555 201./etc/rc.d/devpubd type=file mode=0555 202./etc/rc.d/dhclient type=file mode=0555 203./etc/rc.d/dhcpcd type=file mode=0555 204./etc/rc.d/dhcpd type=file mode=0555 205./etc/rc.d/dhcrelay type=file mode=0555 206./etc/rc.d/dmesg type=file mode=0555 207./etc/rc.d/downinterfaces type=file mode=0555 208./etc/rc.d/envsys type=file mode=0555 209./etc/rc.d/fsck type=file mode=0555 210./etc/rc.d/fsck_root type=file mode=0555 211./etc/rc.d/ftp_proxy type=file mode=0555 212./etc/rc.d/ftpd type=file mode=0555 213./etc/rc.d/gpio type=file mode=0555 214./etc/rc.d/hostapd type=file mode=0555 215./etc/rc.d/httpd type=file mode=0555 216./etc/rc.d/identd type=file mode=0555 217./etc/rc.d/ifwatchd type=file mode=0555 218./etc/rc.d/inetd type=file mode=0555 219./etc/rc.d/ipfilter type=file mode=0555 220./etc/rc.d/ipfs type=file mode=0555 221./etc/rc.d/ipmon type=file mode=0555 222./etc/rc.d/ipnat type=file mode=0555 223./etc/rc.d/ipsec type=file mode=0555 224./etc/rc.d/irdaattach type=file mode=0555 225./etc/rc.d/iscsi_target type=file mode=0555 226./etc/rc.d/iscsid type=file mode=0555 227./etc/rc.d/isdnd type=file mode=0555 228./etc/rc.d/isibootd type=file mode=0555 229./etc/rc.d/kdc type=file mode=0555 230./etc/rc.d/ldconfig type=file mode=0555 231./etc/rc.d/ldpd type=file mode=0555 232./etc/rc.d/local type=file mode=0555 233./etc/rc.d/lpd type=file mode=0555 234./etc/rc.d/lvm type=file mode=0555 235./etc/rc.d/makemandb type=file mode=0555 236./etc/rc.d/mdnsd type=file mode=0555 237./etc/rc.d/mixerctl type=file mode=0555 238./etc/rc.d/modules type=file mode=0555 239./etc/rc.d/mopd type=file mode=0555 240./etc/rc.d/motd type=file mode=0555 241./etc/rc.d/mountall type=file mode=0555 242./etc/rc.d/mountcritlocal type=file mode=0555 243./etc/rc.d/mountcritremote type=file mode=0555 244./etc/rc.d/mountd type=file mode=0555 245./etc/rc.d/moused type=file mode=0555 246./etc/rc.d/mrouted type=file mode=0555 247./etc/rc.d/named type=file mode=0555 248./etc/rc.d/ndbootd type=file mode=0555 249./etc/rc.d/network type=file mode=0555 250./etc/rc.d/newsyslog type=file mode=0555 251./etc/rc.d/nfsd type=file mode=0555 252./etc/rc.d/nfslocking type=file mode=0555 253./etc/rc.d/npf type=file mode=0555 254./etc/rc.d/npfd type=file mode=0555 255./etc/rc.d/nsd type=file mode=0555 256./etc/rc.d/ntpd type=file mode=0555 257./etc/rc.d/ntpdate type=file mode=0555 258./etc/rc.d/perusertmp type=file mode=0555 259./etc/rc.d/pf type=file mode=0555 260./etc/rc.d/pf_boot type=file mode=0555 261./etc/rc.d/pflogd type=file mode=0555 262./etc/rc.d/postfix type=file mode=0555 263./etc/rc.d/powerd type=file mode=0555 264./etc/rc.d/ppp type=file mode=0555 265./etc/rc.d/pwcheck type=file mode=0555 266./etc/rc.d/quota type=file mode=0555 267./etc/rc.d/racoon type=file mode=0555 268./etc/rc.d/raidframe type=file mode=0555 269./etc/rc.d/raidframeparity type=file mode=0555 270./etc/rc.d/random_seed type=file mode=0555 271./etc/rc.d/rarpd type=file mode=0555 272./etc/rc.d/rbootd type=file mode=0555 273./etc/rc.d/rndctl type=file mode=0555 274./etc/rc.d/root type=file mode=0555 275./etc/rc.d/route6d type=file mode=0555 276./etc/rc.d/routed type=file mode=0555 277./etc/rc.d/rpcbind type=file mode=0555 278./etc/rc.d/rtadvd type=file mode=0555 279./etc/saslc.d type=dir mode=0755 280./etc/saslc.d/postfix type=dir mode=0755 281./etc/saslc.d/postfix/mech type=dir mode=0755 282./etc/saslc.d/saslc type=dir mode=0755 283./etc/saslc.d/saslc/mech type=dir mode=0755 284./etc/rc.d/rtclocaltime type=file mode=0555 285./etc/rc.d/rwho type=file mode=0555 286./etc/rc.d/savecore type=file mode=0555 287./etc/rc.d/screenblank type=file mode=0555 288./etc/rc.d/securelevel type=file mode=0555 289./etc/rc.d/sshd type=file mode=0555 290./etc/rc.d/staticroute type=file mode=0555 291./etc/rc.d/swap1 type=file mode=0555 292./etc/rc.d/swap2 type=file mode=0555 293./etc/rc.d/sysctl type=file mode=0555 294./etc/rc.d/sysdb type=file mode=0555 295./etc/rc.d/syslogd type=file mode=0555 296./etc/rc.d/timed type=file mode=0555 297./etc/rc.d/tpctl type=file mode=0555 298./etc/rc.d/ttys type=file mode=0555 299./etc/rc.d/veriexec type=file mode=0555 300./etc/rc.d/virecover type=file mode=0555 301./etc/rc.d/wdogctl type=file mode=0555 302./etc/rc.d/wpa_supplicant type=file mode=0555 303./etc/rc.d/wscons type=file mode=0555 304./etc/rc.d/wsmoused type=file mode=0555 305./etc/rc.d/xdm type=file mode=0555 optional 306./etc/rc.d/xfs type=file mode=0555 optional 307./etc/rc.d/ypbind type=file mode=0555 308./etc/rc.d/yppasswdd type=file mode=0555 309./etc/rc.d/ypserv type=file mode=0555 310./etc/rc.local type=file mode=0644 optional 311./etc/rc.shutdown type=file mode=0644 312./etc/rc.shutdown.local type=file mode=0644 optional 313./etc/rc.subr type=file mode=0644 314./etc/remote type=file mode=0644 315./etc/resolv.conf type=file mode=0644 optional 316./etc/rpc type=file mode=0644 317./etc/rtadvd.conf type=file mode=0644 optional 318./etc/security type=file mode=0644 319./etc/security.conf type=file mode=0644 320./etc/security.local type=file mode=0644 optional 321./etc/services type=file mode=0644 322./etc/shells type=file mode=0644 323./etc/shosts.equiv type=file mode=0600 optional tags=nodiff 324./etc/skel type=dir mode=0755 optional 325./etc/spwd.db type=file mode=0600 tags=exclude tags=nodiff 326./etc/ssh type=dir mode=0755 optional 327./etc/ssh/ssh_config type=file mode=0644 optional 328./etc/ssh/ssh_host_dsa_key type=file mode=0600 optional tags=nodiff 329./etc/ssh/ssh_host_dsa_key.pub type=file mode=0644 optional 330./etc/ssh/ssh_host_ecdsa_key type=file mode=0600 optional tags=nodiff 331./etc/ssh/ssh_host_ecdsa_key.pub type=file mode=0644 optional 332./etc/ssh/ssh_host_key type=file mode=0600 optional tags=nodiff tags=nodiff 333./etc/ssh/ssh_host_key.pub type=file mode=0644 optional 334./etc/ssh/ssh_host_rsa_key type=file mode=0600 optional tags=nodiff 335./etc/ssh/ssh_host_rsa_key.pub type=file mode=0644 optional 336./etc/ssh/ssh_known_hosts type=file mode=0644 optional 337./etc/ssh/ssh_known_hosts2 type=file mode=0644 optional 338./etc/ssh/sshd_config type=file mode=0644 optional 339./etc/sysctl.conf type=file mode=0644 340./etc/syslog.conf type=file mode=0644 341./etc/ttyaction type=file mode=0644 optional 342./etc/ttys type=file mode=0644 343./etc/usermgmt.conf type=file mode=0644 optional 344./etc/weekly type=file mode=0644 345./etc/weekly.conf type=file mode=0644 346./etc/weekly.local type=file mode=0644 optional 347./etc/wscons.conf type=file mode=0644 348./etc/zfs type=dir mode=0755 349 350./private type=dir mode=0755 optional 351./private/tmp type=dir mode=0111 optional ignore 352 353./root type=dir mode=0755 354./root/.cshrc type=file mode=0644 355./root/.klogin type=file mode=0600 optional tags=nodiff 356./root/.login type=file mode=0644 357./root/.profile type=file mode=0644 358./root/.rhosts type=file mode=0600 optional tags=nodiff 359./root/.shosts type=file mode=0600 optional tags=nodiff 360./root/.ssh type=dir mode=0700 optional 361./root/.ssh/authorized_keys type=file mode=0600 optional tags=nodiff 362./root/.ssh/authorized_keys2 type=file mode=0600 optional tags=nodiff 363./root/.ssh/config type=file mode=0644 optional 364./root/.ssh/id_dsa type=file mode=0600 optional tags=nodiff 365./root/.ssh/id_dsa.pub type=file mode=0644 optional 366./root/.ssh/id_rsa type=file mode=0600 optional tags=nodiff 367./root/.ssh/id_rsa.pub type=file mode=0644 optional 368./root/.ssh/identity type=file mode=0600 optional tags=nodiff 369./root/.ssh/identity.pub type=file mode=0644 optional 370./root/.ssh/known_hosts type=file mode=0644 optional 371./root/.ssh/known_hosts2 type=file mode=0644 optional 372 373./sbin type=dir mode=0755 ignore 374 375./usr type=dir mode=0755 376./usr/bin type=dir mode=0755 ignore 377./usr/games type=dir mode=0755 optional 378./usr/games/hide type=dir mode=0750 gname=games ignore optional 379./usr/include type=dir mode=0755 ignore 380./usr/lib type=dir mode=0755 ignore 381./usr/libdata type=dir mode=0755 ignore 382./usr/libexec type=dir mode=0755 ignore 383./usr/pkg type=dir mode=0755 ignore optional 384./usr/sbin type=dir mode=0755 ignore 385./usr/share type=dir mode=0755 ignore 386 387./var type=dir mode=0755 388./var/account type=dir mode=0755 389./var/account/acct type=file mode=0644 optional tags=exclude 390./var/at type=dir mode=0755 ignore 391./var/backups type=dir mode=0755 ignore 392./var/chroot type=dir mode=0755 393./var/chroot/ftp-proxy type=dir mode=0755 394./var/chroot/named type=dir mode=0755 395./var/chroot/named/dev type=dir mode=0755 396./var/chroot/named/etc type=dir mode=0755 397./var/chroot/named/etc/namedb type=dir mode=0755 398./var/chroot/named/etc/namedb/cache type=dir mode=0775 uname=named gname=named 399./var/chroot/named/etc/namedb/keys type=dir mode=0775 uname=named gname=named 400./var/chroot/named/usr type=dir mode=0755 401./var/chroot/named/usr/libexec type=dir mode=0755 402./var/chroot/named/var type=dir mode=0755 403./var/chroot/named/var/run type=dir mode=0775 gname=named 404./var/chroot/named/var/tmp type=dir mode=01775 gname=named 405./var/chroot/ntpd type=dir mode=0755 406./var/chroot/ntpd/dev type=dir mode=0755 407./var/chroot/ntpd/etc type=dir mode=0755 408./var/chroot/ntpd/var type=dir mode=0755 409./var/chroot/ntpd/var/db type=dir mode=0775 gname=ntpd 410./var/chroot/ntpd/var/run type=dir mode=0775 gname=ntpd 411./var/chroot/pflogd type=dir mode=0755 412./var/chroot/rtadvd type=dir mode=0755 413./var/chroot/rtadvd/etc type=dir mode=0755 414./var/chroot/rtadvd/var type=dir mode=0755 415./var/chroot/rtadvd/var/run type=dir mode=0775 gname=_rtadvd 416./var/chroot/sshd type=dir mode=0755 417./var/chroot/tcpdump type=dir mode=0755 418./var/chroot/tftp-proxy type=dir mode=0755 419./var/cron type=dir mode=0755 420./var/cron/tabs type=dir mode=0700 421./var/cron/tabs/root type=file mode=0600 tags=nodiff 422./var/db type=dir mode=0755 423./var/log type=dir mode=0755 424./var/log/authlog type=file mode=0600 optional tags=exclude 425./var/log/lastlog type=file mode=0664 gname=utmp tags=exclude 426./var/log/lastlogx type=file mode=0664 gname=utmp tags=exclude 427./var/log/wtmp type=file mode=0664 gname=utmp tags=exclude 428./var/log/wtmpx type=file mode=0664 gname=utmp tags=exclude 429./var/mail type=dir mode=1777 ignore 430./var/preserve type=dir mode=0755 ignore 431./var/run type=dir mode=0755 432./var/run/mdnsd type=dir mode=0755 gname=_mdnsd uname=_mdnsd optional 433./var/run/utmp type=file mode=0664 gname=utmp tags=exclude 434./var/run/utmpx type=file mode=0664 gname=utmp tags=exclude 435./var/spool type=dir mode=0755 436./var/spool/ftp type=dir mode=0755 optional 437./var/spool/ftp/bin type=dir mode=0755 optional 438./var/spool/ftp/bin/ls type=file mode=0555 optional 439./var/spool/ftp/etc type=dir mode=0755 optional 440./var/spool/ftp/etc/group type=file mode=0644 optional 441./var/spool/ftp/etc/localtime type=file mode=0644 optional 442./var/spool/ftp/etc/master.passwd type=file mode=0600 optional tags=nodiff 443./var/spool/ftp/etc/passwd type=file mode=0644 optional 444./var/spool/ftp/hidden type=dir mode=0111 ignore optional 445./var/spool/ftp/pub type=dir mode=0775 ignore optional 446./var/spool/output type=dir mode=0755 ignore 447./var/yp type=dir mode=0755 448./var/yp/Makefile type=file mode=0644 optional 449