#################################################################
#
# cf.solaris - for iu.hioslo.no
#
# This file contains solaris specific patches
#
#################################################################
###
#
# BEGIN cf.solaris
#
###
directories:
#
# httpd/netscape want this to exist for some bizarre reason
#
/usr/lib/X11/nls
/var/run
################################################################
tidy:
/usr/tmp pattern=* age=1
MailHub::
/var/mail pattern=lp age=0
#################################################################
files:
#
# If this doesn't exist fork will not work and the
# system will not even be able to run the /etc/rc
# scripts at boottime
#
/etc/system o=root g=root m=644 action=touch
/usr/sbin/mount o=bin g=bin m=555 action=fixplain
/usr/sbin/ping m=4555 action=fixplain
#############################################################
links:
sunos_5_6::
/usr/lib/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_6
/usr/sbin/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_6
sunos_5_5::
/usr/lib/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_5
any::
/opt/gnu -> /local/gnu
/etc/sendmail.cf ->! /etc/mail/sendmail.cf
/etc/services ->! /etc/inet/services
/var/spool/mail -> /var/mail
/usr/bin/perl -> /local/bin/perl
##############################################################
copy:
#
# Some standard setup files, can't link because
# machine won't boot if their not on / partition.
#
/local/bin/tcsh dest=/bin/tcsh mode=755
/local/iu/etc/nsswitch.standalone dest=/etc/nsswitch.conf
/local/iu/etc/S99rc-local dest=/etc/rc2.d/S99rc-local mode=755
##############################################################
disable:
/etc/.login type=file
/etc/aliases
/bin/rdist
#
# These files are ENORMOUS, don't let them fill the disk
#
Hr00::
/var/lp/logs/lpsched rotate=empty
# Day1.Hr00:: # each month
# /var/adm/wtmpx rotate=2
# /var/adm/wtmp rotate=2
# /var/adm/utmpx rotate=2
# /var/adm/utmp rotate=2
##############################################################
files:
/etc/passwd m=0644 o=root g=other action=fixplain
/etc/shadow m=0600 o=root g=other action=fixplain
/etc/defaultrouter m=0644 o=root g=other action=touch
/etc/inet m=755 o=root g=other action=fixdirs
/var/adm/wtmpx m=0664 o=adm g=adm action=touch
/var/adm/wtmp m=0644 o=root g=adm action=touch
/var/adm/utmp m=0644 o=root g=adm action=fixplain
/var/adm/utmpx m=0664 o=adm g=adm action=fixplain
/tmp m=1777 action=fixdirs
/usr/openwin/bin/xdm m=0755 o=root g=bin action=fixplain
/var/mail m=1777 o=root g=mail action=fixdirs
##############################################################
disable:
#
# CERT security patch
#
/usr/openwin/bin/kcms_calibrate
/usr/openwin/bin/kcms_configure
/usr/bin/admintool
/etc/rc2.d/S99dtlogin
################################################################
shellcommands:
AllBinaryServers.Saturday.longjob.Hr00::
#
# Make sure the man -k / apropos data are up to date
#
"/usr/bin/catman -M /local/man"
"/usr/bin/catman -M /local/X11R5/man"
"/usr/bin/catman -M /usr/man"
"/usr/bin/catman -M /local/gnu/man"
"/usr/bin/catman -M /usr/openwin/share/man"
"/usr/bin/catman -M /local/X11R5/man"
"/usr/bin/catman -M /usr/share/man"
"/usr/bin/catman -M /opt/SUNWspro/man"
##############################################################
editfiles:
#
# Solaris configuration for extra logins
#
{ /etc/system
AppendIfNoSuchLine "set pt_cnt=128"
}
{ /etc/netmasks
AppendIfNoSuchLine "128.39 255.255.255.0"
}
{ /etc/defaultrouter
AppendIfNoSuchLine "128.39.89.1"
}
{ /usr/openwin/lib/app-defaults/XConsole
AppendIfNoSuchLine "XConsole.autoRaise: on"
}
#
# CERT security patch for vold vulnerability
#
{ /etc/rmmount.conf
HashCommentLinesContaining "action cdrom"
HashCommentLinesContaining "action floppy"
}
{ /etc/inet/inetd.conf
ReplaceAll "/usr/sbin/in.ftpd" With "/local/iu/sbin/tcpd"
ReplaceAll "/usr/sbin/in.telnetd" With "/local/iu/sbin/tcpd"
ReplaceAll "/usr/sbin/in.rshd" With "/local/iu/sbin/tcpd"
ReplaceAll "/usr/sbin/in.rlogind" With "/local/iu/sbin/tcpd"
HashCommentLinesContaining "rwall"
HashCommentLinesContaining "/usr/sbin/in.fingerd"
HashCommentLinesContaining "comsat"
HashCommentLinesContaining "exec"
# HashCommentLinesContaining "talk"
HashCommentLinesContaining "echo"
HashCommentLinesContaining "discard"
HashCommentLinesContaining "charge"
HashCommentLinesContaining "quotas"
HashCommentLinesContaining "users"
HashCommentLinesContaining "spray"
HashCommentLinesContaining "sadmin"
HashCommentLinesContaining "rstat"
HashCommentLinesContaining "kcms"
HashCommentLinesContaining "comsat"
HashCommentLinesContaining "xaudio"
HashCommentLinesContaining "uucp"
}
#
# A painless way to add an rc.local script to the rc files
# under solaris without having to fight though inittab
#
#
# { /etc/rc3.d/S15nfs.server
#
# AppendIfNoSuchLine "sh /local/iu/etc/rc.local"
# }
#
#
# umask define when inetd starts is inherited by all subprocesses
# this makes ftp post files open to the world
# { /etc/rc2.d/S72inetsvc
#
# PrependIfNoSuchLine "umask 022"
# }
#
############################################################################
processes:
#
# Don't need CDE stuff
#
"ttdbserverd" signal=kill
"nfsd" restart /usr/lib/nfs/nfsd useshell=false
"mountd" restart /usr/lib/nfs/mountd useshell=false
"automount" signal=kill
"kwmsound" signal=kill
"xntp" matches=1 restart "/local/sbin/xntpd" useshell=false
###
#
# END cf.solaris
#
###
