special revision 1.61
1# $NetBSD: special,v 1.61 2002/07/30 09:11:27 lukem Exp $ 2# @(#)special 8.2 (Berkeley) 1/23/94 3# 4# Hand-crafted mtree specification for the dangerous files. 5# 6# /etc/security checks: 7# - All of these are checked if $check_mtree is enabled. 8# - Files with "nodiff" tags are highlighted if they change. 9# - Files without "nodiff" or "exclude" tags are displayed 10# with diff(1)s if $check_changelist is enabled. 11# 12 13/set uname=root gname=wheel 14 15. type=dir mode=0755 16 17./dev type=dir mode=0755 18./dev/drum type=char mode=0640 gname=kmem 19./dev/fd type=dir mode=0755 ignore 20./dev/kmem type=char mode=0640 gname=kmem 21./dev/mem type=char mode=0640 gname=kmem 22 23./etc type=dir mode=0755 24./etc/Distfile type=file mode=0644 optional 25./etc/amd type=dir mode=0755 optional 26./etc/apm type=dir mode=0755 optional 27./etc/bootparams type=file mode=0644 optional 28./etc/bootptab type=file mode=0644 optional 29./etc/ccd.conf type=file mode=0644 optional 30./etc/changelist type=file mode=0644 31./etc/crontab type=file mode=0644 optional 32./etc/csh.cshrc type=file mode=0644 33./etc/csh.login type=file mode=0644 34./etc/csh.logout type=file mode=0644 35./etc/daily type=file mode=0644 36./etc/daily.conf type=file mode=0644 37./etc/daily.local type=file mode=0644 optional 38./etc/defaultdomain type=file mode=0644 optional 39./etc/defaults type=dir mode=0755 40./etc/defaults/daily.conf type=file mode=0444 41./etc/defaults/monthly.conf type=file mode=0444 42./etc/defaults/rc.conf type=file mode=0444 43./etc/defaults/security.conf type=file mode=0444 44./etc/defaults/weekly.conf type=file mode=0444 45./etc/dhclient-enter-hooks type=file mode=0644 optional 46./etc/dhclient-exit-hooks type=file mode=0644 optional 47./etc/dhclient.conf type=file mode=0644 optional 48./etc/dhcpd.conf type=file mode=0644 optional 49./etc/disktab type=file mode=0644 50./etc/dm.conf type=file mode=0644 51./etc/dumpdates type=file mode=0664 gname=operator optional 52./etc/ethers type=file mode=0644 optional 53./etc/exports type=file mode=0644 optional 54./etc/floppytab type=file mode=0644 55./etc/fstab type=file mode=0644 56./etc/ftpchroot type=file mode=0644 57./etc/ftpd.conf type=file mode=0644 optional 58./etc/ftpusers type=file mode=0644 59./etc/ftpwelcome type=file mode=0644 optional 60./etc/gateways type=file mode=0644 optional 61./etc/gettytab type=file mode=0644 62./etc/group type=file mode=0644 63./etc/hesiod.conf type=file mode=0644 optional 64./etc/hosts type=file mode=0644 65./etc/hosts.allow type=file mode=0644 optional 66./etc/hosts.deny type=file mode=0644 optional 67./etc/hosts.equiv type=file mode=0600 optional 68./etc/hosts.lpd type=file mode=0644 optional 69./etc/ifaliases type=file mode=0644 optional 70./etc/inetd.conf type=file mode=0644 71./etc/ipf.conf type=file mode=0644 optional 72./etc/ipf6.conf type=file mode=0644 optional 73./etc/ipnat.conf type=file mode=0644 optional 74./etc/ipsec.conf type=file mode=0644 optional 75./etc/kerberosIV type=dir mode=0755 ignore optional 76./etc/ld.so.conf type=file mode=0644 optional 77./etc/lkm.conf type=file mode=0644 optional 78./etc/localtime type=link mode=0755 79./etc/login.conf type=file mode=0644 optional 80./etc/mail type=dir mode=0755 81./etc/mail/aliases type=file mode=0644 82./etc/mail/aliases.db type=file mode=0644 tags=exclude 83./etc/mail/helpfile type=file mode=0444 84./etc/mail/local-host-names type=file mode=0644 optional 85./etc/mail/sendmail.cf type=file mode=0444 86./etc/mail.rc type=file mode=0644 87./etc/mailer.conf type=file mode=0644 88./etc/man.conf type=file mode=0644 89./etc/master.passwd type=file mode=0600 tags=nodiff 90./etc/mk.conf type=file mode=0644 optional 91./etc/moduli type=file mode=0444 92./etc/monthly type=file mode=0644 93./etc/monthly.conf type=file mode=0644 94./etc/monthly.local type=file mode=0644 optional 95./etc/mrouted.conf type=file mode=0644 96./etc/mtree type=dir mode=0755 97./etc/mtree/special type=file mode=0444 98./etc/mtree/special.local type=file mode=0644 optional 99./etc/mygate type=file mode=0644 optional 100./etc/myname type=file mode=0644 optional 101./etc/named.conf type=file mode=0644 optional 102./etc/namedb type=dir mode=0755 103./etc/netconfig type=file mode=0644 104./etc/netgroup type=file mode=0644 optional 105./etc/netgroup.db type=file mode=0644 optional tags=exclude 106./etc/netstart.local type=file mode=0644 optional 107./etc/networks type=file mode=0644 108./etc/newsyslog.conf type=file mode=0644 109./etc/nsswitch.conf type=file mode=0644 110./etc/ntp.conf type=file mode=0644 optional 111./etc/passwd type=file mode=0644 112./etc/passwd.conf type=file mode=0644 optional 113./etc/phones type=file mode=0644 114./etc/postfix type=dir mode=0755 uname=root gname=wheel optional 115./etc/postfix/main.cf type=file mode=0444 uname=root gname=wheel optional 116./etc/postfix/master.cf type=file mode=0444 uname=root gname=wheel optional 117./etc/postfix/postfix-script type=file mode=0555 uname=root gname=wheel optional 118./etc/postinstall type=file mode=0555 optional 119./etc/ppp type=dir mode=0755 optional 120./etc/ppp/options type=file mode=0644 optional 121./etc/printcap type=file mode=0644 122./etc/profile type=file mode=0644 123./etc/protocols type=file mode=0644 124./etc/rbootd.conf type=file mode=0644 optional 125./etc/rc type=file mode=0644 126./etc/rc.conf type=file mode=0644 127./etc/rc.d type=dir mode=0755 128./etc/rc.d/DAEMON type=file mode=0555 129./etc/rc.d/LOGIN type=file mode=0555 130./etc/rc.d/NETWORKING type=file mode=0555 131./etc/rc.d/SERVERS type=file mode=0555 132./etc/rc.d/accounting type=file mode=0555 133./etc/rc.d/altqd type=file mode=0555 134./etc/rc.d/amd type=file mode=0555 135./etc/rc.d/apmd type=file mode=0555 136./etc/rc.d/bootconf.sh type=file mode=0555 137./etc/rc.d/bootparams type=file mode=0555 138./etc/rc.d/ccd type=file mode=0555 139./etc/rc.d/cleartmp type=file mode=0555 140./etc/rc.d/cron type=file mode=0555 141./etc/rc.d/dhclient type=file mode=0555 142./etc/rc.d/dhcpd type=file mode=0555 143./etc/rc.d/dhcrelay type=file mode=0555 144./etc/rc.d/dmesg type=file mode=0555 145./etc/rc.d/downinterfaces type=file mode=0555 146./etc/rc.d/fsck type=file mode=0555 147./etc/rc.d/inetd type=file mode=0555 148./etc/rc.d/ipfilter type=file mode=0555 149./etc/rc.d/ipmon type=file mode=0555 150./etc/rc.d/ipnat type=file mode=0555 151./etc/rc.d/ipsec type=file mode=0555 152./etc/rc.d/isdnd type=file mode=0555 153./etc/rc.d/kdc type=file mode=0555 154./etc/rc.d/ldconfig type=file mode=0555 155./etc/rc.d/lkm1 type=file mode=0555 156./etc/rc.d/lkm2 type=file mode=0555 157./etc/rc.d/lkm3 type=file mode=0555 158./etc/rc.d/local type=file mode=0555 159./etc/rc.d/lpd type=file mode=0555 160./etc/rc.d/mixerctl type=file mode=0555 161./etc/rc.d/mopd type=file mode=0555 162./etc/rc.d/motd type=file mode=0555 163./etc/rc.d/mountall type=file mode=0555 164./etc/rc.d/mountcritlocal type=file mode=0555 165./etc/rc.d/mountcritremote type=file mode=0555 166./etc/rc.d/mountd type=file mode=0555 167./etc/rc.d/mrouted type=file mode=0555 168./etc/rc.d/named type=file mode=0555 169./etc/rc.d/ndbootd type=file mode=0555 170./etc/rc.d/network type=file mode=0555 171./etc/rc.d/newsyslog type=file mode=0555 172./etc/rc.d/nfsd type=file mode=0555 173./etc/rc.d/nfslocking type=file mode=0555 174./etc/rc.d/ntpd type=file mode=0555 175./etc/rc.d/ntpdate type=file mode=0555 176./etc/rc.d/poffd type=file mode=0555 177./etc/rc.d/postfix type=file mode=0555 178./etc/rc.d/ppp type=file mode=0555 179./etc/rc.d/pwcheck type=file mode=0555 180./etc/rc.d/quota type=file mode=0555 181./etc/rc.d/racoon type=file mode=0555 182./etc/rc.d/raidframe type=file mode=0555 183./etc/rc.d/rarpd type=file mode=0555 184./etc/rc.d/rbootd type=file mode=0555 185./etc/rc.d/root type=file mode=0555 186./etc/rc.d/route6d type=file mode=0555 187./etc/rc.d/routed type=file mode=0555 188./etc/rc.d/rpcbind type=file mode=0555 189./etc/rc.d/rtadvd type=file mode=0555 190./etc/rc.d/rtsold type=file mode=0555 191./etc/rc.d/rwho type=file mode=0555 192./etc/rc.d/savecore type=file mode=0555 193./etc/rc.d/screenblank type=file mode=0555 194./etc/rc.d/securelevel type=file mode=0555 195./etc/rc.d/sendmail type=file mode=0555 196./etc/rc.d/sshd type=file mode=0555 197./etc/rc.d/swap1 type=file mode=0555 198./etc/rc.d/swap2 type=file mode=0555 199./etc/rc.d/sysctl type=file mode=0555 200./etc/rc.d/sysdb type=file mode=0555 201./etc/rc.d/syslogd type=file mode=0555 202./etc/rc.d/timed type=file mode=0555 203./etc/rc.d/ttys type=file mode=0555 204./etc/rc.d/virecover type=file mode=0555 205./etc/rc.d/wdogctl type=file mode=0555 206./etc/rc.d/wscons type=file mode=0555 207./etc/rc.d/wsmoused type=file mode=0555 208./etc/rc.d/xdm type=file mode=0555 209./etc/rc.d/xfs type=file mode=0555 210./etc/rc.d/ypbind type=file mode=0555 211./etc/rc.d/yppasswdd type=file mode=0555 212./etc/rc.d/ypserv type=file mode=0555 213./etc/rc.lkm type=file mode=0644 214./etc/rc.local type=file mode=0644 optional 215./etc/rc.shutdown type=file mode=0644 216./etc/rc.shutdown.local type=file mode=0644 optional 217./etc/rc.subr type=file mode=0644 218./etc/remote type=file mode=0644 219./etc/resolv.conf type=file mode=0644 optional 220./etc/rpc type=file mode=0644 221./etc/rtadvd.conf type=file mode=0644 optional 222./etc/security type=file mode=0644 223./etc/security.conf type=file mode=0644 224./etc/security.local type=file mode=0644 optional 225./etc/services type=file mode=0644 226./etc/shells type=file mode=0644 227./etc/shosts.equiv type=file mode=0600 optional 228./etc/spwd.db type=file mode=0600 tags=exclude 229./etc/ssh type=dir mode=0755 optional 230./etc/ssh/ssh_config type=file mode=0644 optional 231./etc/ssh/ssh_host_dsa_key type=file mode=0600 optional tags=nodiff 232./etc/ssh/ssh_host_dsa_key.pub type=file mode=0644 optional 233./etc/ssh/ssh_host_key type=file mode=0600 optional tags=nodiff 234./etc/ssh/ssh_host_key.pub type=file mode=0644 optional 235./etc/ssh/ssh_host_rsa_key type=file mode=0600 optional tags=nodiff 236./etc/ssh/ssh_host_rsa_key.pub type=file mode=0644 optional 237./etc/ssh/ssh_known_hosts type=file mode=0644 optional 238./etc/ssh/ssh_known_hosts2 type=file mode=0644 optional 239./etc/ssh/sshd_config type=file mode=0644 optional 240./etc/sysctl.conf type=file mode=0644 241./etc/syslog.conf type=file mode=0644 242./etc/ttyaction type=file mode=0644 optional 243./etc/ttys type=file mode=0644 244./etc/usermgmt.conf type=file mode=0644 optional 245./etc/weekly type=file mode=0644 246./etc/weekly.conf type=file mode=0644 247./etc/weekly.local type=file mode=0644 optional 248./etc/wscons.conf type=file mode=0644 249 250./root type=dir mode=0755 251./root/.cshrc type=file mode=0644 252./root/.klogin type=file mode=0600 optional 253./root/.login type=file mode=0644 254./root/.profile type=file mode=0644 255./root/.rhosts type=file mode=0600 optional 256./root/.shosts type=file mode=0600 optional 257./root/.ssh type=dir mode=0700 optional 258./root/.ssh/authorized_keys type=file mode=0600 optional 259./root/.ssh/authorized_keys2 type=file mode=0600 optional 260./root/.ssh/config type=file mode=0644 optional 261./root/.ssh/id_dsa type=file mode=0600 optional tags=nodiff 262./root/.ssh/id_dsa.pub type=file mode=0644 optional 263./root/.ssh/id_rsa type=file mode=0600 optional tags=nodiff 264./root/.ssh/id_rsa.pub type=file mode=0644 optional 265./root/.ssh/identity type=file mode=0600 optional tags=nodiff 266./root/.ssh/identity.pub type=file mode=0644 optional 267./root/.ssh/known_hosts type=file mode=0644 optional 268./root/.ssh/known_hosts2 type=file mode=0644 optional 269 270./sbin type=dir mode=0755 ignore 271 272./usr type=dir mode=0755 273./usr/bin type=dir mode=0755 ignore 274./usr/games type=dir mode=0755 optional 275./usr/games/hide type=dir mode=0750 gname=games ignore optional 276./usr/include type=dir mode=0755 ignore 277./usr/lib type=dir mode=0755 ignore 278./usr/libdata type=dir mode=0755 ignore 279./usr/libexec type=dir mode=0755 ignore 280./usr/local type=dir mode=0755 281./usr/local/bin type=dir mode=0755 ignore 282./usr/local/lib type=dir mode=0755 ignore 283./usr/pkg type=dir mode=0755 ignore optional 284./usr/sbin type=dir mode=0755 ignore 285./usr/share type=dir mode=0755 ignore 286 287./var type=dir mode=0755 288./var/account type=dir mode=0755 289./var/account/acct type=file mode=0644 optional tags=exclude 290./var/at type=dir mode=0755 ignore 291./var/backups type=dir mode=0755 ignore 292./var/cron type=dir mode=0755 293./var/cron/tabs type=dir mode=0700 294./var/cron/tabs/root type=file mode=0600 295./var/db type=dir mode=0755 296./var/db/kvm.db type=file mode=0644 tags=exclude 297./var/log type=dir mode=0755 298./var/log/authlog type=file mode=0600 optional tags=exclude 299./var/log/wtmp type=file mode=0644 tags=exclude 300./var/mail type=dir mode=1777 ignore 301./var/preserve type=dir mode=0755 ignore 302./var/run type=dir mode=0755 303./var/run/utmp type=file mode=0664 gname=utmp tags=exclude 304./var/spool type=dir mode=0755 305./var/spool/ftp type=dir mode=0755 optional 306./var/spool/ftp/bin type=dir mode=0755 optional 307./var/spool/ftp/bin/ls type=file mode=0555 optional 308./var/spool/ftp/etc type=dir mode=0755 optional 309./var/spool/ftp/etc/group type=file mode=0644 optional 310./var/spool/ftp/etc/localtime type=file mode=0644 optional 311./var/spool/ftp/etc/master.passwd type=file mode=0600 optional 312./var/spool/ftp/etc/passwd type=file mode=0644 optional 313./var/spool/ftp/hidden type=dir mode=0111 ignore optional 314./var/spool/ftp/pub type=dir mode=0775 ignore optional 315./var/spool/mqueue type=dir mode=0755 ignore 316./var/spool/output type=dir mode=0755 ignore 317./var/spool/uucp type=dir mode=0755 uname=uucp gname=daemon ignore optional 318./var/spool/uucppublic type=dir mode=1777 uname=uucp gname=daemon ignore optional 319./var/yp type=dir mode=0755 320./var/yp/Makefile type=file mode=0644 optional 321