HardenedBSD/etc/rc.conf
Matthew Dillon eb127873d5 Take bind out of sandbox and run it as root again, but leave support
mechanisms ('bind' user and group) in place so the feature can be easily
    turned on.  There were too many complaints.  The security(1) man
    page will be created/updated to include the appropriate info.
1998-12-19 07:25:56 +00:00

186 lines
9.3 KiB
Bash

#!/bin/sh
#
# This is rc.conf - a file full of useful variables that you can set
# to change the default startup behavior of your system.
#
# All arguments must be in double or single quotes.
#
# $Id: rc.conf,v 1.66 1998/12/16 17:14:16 ghelmer Exp $
##############################################################
### Important initial Boot-time options #####################
##############################################################
swapfile="NO" # Set to name of swapfile if aux swapfile desired.
apm_enable="NO" # Set to YES if you want APM enabled.
pccard_enable="NO" # Set to YES if you want to configure PCCARD devices.
pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address.
pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO).
local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs.
local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # periodic script dirs
##############################################################
### Network configuration sub-section ######################
##############################################################
### Basic network options: ###
hostname="myname.my.domain" # Set this!
nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
firewall_enable="NO" # Set to YES to enable firewall functionality
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
natd_enable="NO" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface to use with natd.
natd_flags="" # Additional flags for natd.
tcp_extensions="NO" # Disallow RFC1323 extensions (or YES).
network_interfaces="lo0" # List of network interfaces (lo0 is loopback).
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
### Network daemon (miscellaneous) & NFS options: ###
syslogd_enable="YES" # Run syslog daemon (or NO).
syslogd_flags="" # Flags to syslogd (if enabled).
inetd_enable="YES" # Run the network daemon dispatcher (or NO).
inetd_flags="" # Optional flags to inetd.
#
# named. It may be possible to run named in a sandbox, man security for
# details.
#
named_enable="NO" # Run named, the DNS server (or NO).
named_program="named" # path to named, if you want a different one.
named_flags="" # Flags for named
#named_flags="-u bind -g bind" # Flags for named
kerberos_server_enable="NO" # Run a kerberos master server (or NO).
kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on
# a slave kerberos server
kerberos_stash="" # Is the kerberos master key stashed?
rwhod_enable="NO" # Run the rwho daemon (or NO).
amd_enable="NO" # Run amd service with $amd_flags (or NO).
amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map"
amd_map_program="NO" # Can be set to "ypcat -k amd.master"
nfs_client_enable="NO" # This host is an NFS client (or NO).
nfs_client_flags="-n 4" # Flags to nfsiod (if enabled).
nfs_access_cache="2" # Client cache timeout in seconds
nfs_server_enable="NO" # This host is an NFS server (or NO).
nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled).
mountd_flags="-r" # Flags to mountd (if NFS server enabled).
nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server.
rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO).
portmap_enable="YES" # Run the portmapper service (or NO).
portmap_flags="" # Flags to portmap (if enabled).
rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO).
keyserv_enable="NO" # Run the SecureRPC keyserver (or NO).
keyserv_flags="" # Flags to keyserv (if enabled).
rarpd_enable="NO" # Run rarpd (or NO).
rarpd_flags="" # Flags to rarpd.
xtend_enable="NO" # Run the X-10 power controller daemon.
xtend_flags="" # Flags to xtend (if enabled).
### Network Time Services options: ###
timed_enable="NO" # Run the time daemon (or NO).
timed_flags="" # Flags to timed (if enabled).
ntpdate_enable="NO" # Run the ntpdate to sync time (or NO).
ntpdate_program="ntpdate" # path to ntpdate, if you want a different one.
ntpdate_flags="" # Flags to ntpdate (if enabled).
xntpd_enable="NO" # Run xntpd Network Time Protocol (or NO).
xntpd_program="xntpd" # path to xntpd, if you want a different one.
xntpd_flags="-p /var/run/xntpd.pid" # Flags to xntpd (if enabled).
# Network Information Services (NIS) options: ###
nis_client_enable="NO" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
nis_ypset_enable="NO" # Run ypset at boot time (or NO).
nis_ypset_flags="" # Flags to ypset (if enabled).
nis_server_enable="NO" # We're an NIS server (or NO).
nis_server_flags="" # Flags to ypserv (if enabled).
nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO).
nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
### Network routing options: ###
defaultrouter="NO" # Set to default gateway (or NO).
static_routes="" # Set to static route list (or leave empty).
gateway_enable="NO" # Set to YES if this host will be a gateway.
router_enable="NO" # Set to YES to enable a routing daemon.
router="routed" # Name of routing daemon to use if enabled.
router_flags="-q" # Flags for routing daemon.
mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf).
mrouted_flags="" # Flags for multicast routing daemon.
ipxgateway_enable="NO" # Set to YES to enable IPX routing.
ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon.
ipxrouted_flags="" # Flags for IPX routing daemon.
arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL.
forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES")
accept_sourceroute="NO" # accept source routed packets to us
### ATM interface options: ###
atm_enable="NO" # Configure ATM interfaces (or NO).
#atm_netif_hea0="atm 1" # Network interfaces for physical interface.
#atm_sigmgr_hea0="uni31" # Signalling manager for physical interface.
#atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI).
#atm_macaddr_hea0="NO" # Override physical MAC address (or NO).
#atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local).
#atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO).
atm_pvcs="" # Set to PVC list (or leave empty).
atm_arps="" # Set to permanent ARP list (or leave empty).
### Miscellaneous network options: ###
icmp_bmcastecho="NO" # respond to broadcast ping packets
##############################################################
### System console options #################################
##############################################################
keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO).
keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
keybell="NO" # bell to duration.pitch or normal or visual (or NO).
keychange="NO" # function keys default values (or NO).
cursor="NO" # cursor type {normal|blink|destructive} (or NO).
scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO).
font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO).
font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO).
blanktime="300" # blank time (in seconds) or "NO" to turn it off.
saver="NO" # screen saver: blank/daemon/green/snake/star/NO.
moused_enable="NO" # Run the mouse daemon.
moused_type="auto" # See man page for rc.conf(5) for available settings.
moused_port="/dev/cuaa0" # Set to your mouse port.
moused_flags="" # Any additional flags to moused.
allscreens_flags="" # Set this vidcontrol mode for all virtual screens
##############################################################
### Miscellaneous administrative options ###################
##############################################################
cron_enable="YES" # Run the periodic job daemon.
lpd_enable="NO" # Run the line printer daemon.
lpd_flags="" # Flags to lpd (if enabled).
sendmail_enable="YES" # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
dumpdev="NO" # Device name to crashdump to (if enabled).
check_quotas="NO" # Check quotas (or NO).
accounting_enable="NO" # Turn on process accounting (or NO).
ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO).
linux_enable="NO" # Linux emulation loaded at startup (or NO).
rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO).
clear_tmp_enable="NO" # Clear /tmp at startup.
ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths
ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aout" # a.out shared library search paths
kern_securelevel_enable="NO" # kernel security level (see init(8)),
kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure
update_motd="YES" # update version info in /etc/motd (or NO)
##############################################################
### Allow local configuration override at the very end here ##
##############################################################
if [ -f /etc/rc.conf.local ]; then
. /etc/rc.conf.local
fi