################################################################# # # cf.solaris - for iu.hioslo.no # # This file contains solaris specific patches # ################################################################# ### # # BEGIN cf.solaris # ### directories: # # httpd/netscape want this to exist for some bizarre reason # /usr/lib/X11/nls /var/run ################################################################ tidy: /usr/tmp pattern=* age=1 MailHub:: /var/mail pattern=lp age=0 ################################################################# files: # # If this doesn't exist fork will not work and the # system will not even be able to run the /etc/rc # scripts at boottime # /etc/system o=root g=root m=644 action=touch /usr/sbin/mount o=bin g=bin m=555 action=fixplain /usr/sbin/ping m=4555 action=fixplain ############################################################# links: sunos_5_6:: /usr/lib/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_6 /usr/sbin/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_6 sunos_5_5:: /usr/lib/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_5 any:: /opt/gnu -> /local/gnu /etc/sendmail.cf ->! /etc/mail/sendmail.cf /etc/services ->! /etc/inet/services /var/spool/mail -> /var/mail /usr/bin/perl -> /local/bin/perl ############################################################## copy: # # Some standard setup files, can't link because # machine won't boot if their not on / partition. # /local/bin/tcsh dest=/bin/tcsh mode=755 /local/iu/etc/nsswitch.standalone dest=/etc/nsswitch.conf /local/iu/etc/S99rc-local dest=/etc/rc2.d/S99rc-local mode=755 ############################################################## disable: /etc/.login type=file /etc/aliases /bin/rdist # # These files are ENORMOUS, don't let them fill the disk # Hr00:: /var/lp/logs/lpsched rotate=empty # Day1.Hr00:: # each month # /var/adm/wtmpx rotate=2 # /var/adm/wtmp rotate=2 # /var/adm/utmpx rotate=2 # /var/adm/utmp rotate=2 ############################################################## files: /etc/passwd m=0644 o=root g=other action=fixplain /etc/shadow m=0600 o=root g=other action=fixplain /etc/defaultrouter m=0644 o=root g=other action=touch /etc/inet m=755 o=root g=other action=fixdirs /var/adm/wtmpx m=0664 o=adm g=adm action=touch /var/adm/wtmp m=0644 o=root g=adm action=touch /var/adm/utmp m=0644 o=root g=adm action=fixplain /var/adm/utmpx m=0664 o=adm g=adm action=fixplain /tmp m=1777 action=fixdirs /usr/openwin/bin/xdm m=0755 o=root g=bin action=fixplain /var/mail m=1777 o=root g=mail action=fixdirs ############################################################## disable: # # CERT security patch # /usr/openwin/bin/kcms_calibrate /usr/openwin/bin/kcms_configure /usr/bin/admintool /etc/rc2.d/S99dtlogin ################################################################ shellcommands: AllBinaryServers.Saturday.longjob.Hr00:: # # Make sure the man -k / apropos data are up to date # "/usr/bin/catman -M /local/man" "/usr/bin/catman -M /local/X11R5/man" "/usr/bin/catman -M /usr/man" "/usr/bin/catman -M /local/gnu/man" "/usr/bin/catman -M /usr/openwin/share/man" "/usr/bin/catman -M /local/X11R5/man" "/usr/bin/catman -M /usr/share/man" "/usr/bin/catman -M /opt/SUNWspro/man" ############################################################## editfiles: # # Solaris configuration for extra logins # { /etc/system AppendIfNoSuchLine "set pt_cnt=128" } { /etc/netmasks AppendIfNoSuchLine "128.39 255.255.255.0" } { /etc/defaultrouter AppendIfNoSuchLine "128.39.89.1" } { /usr/openwin/lib/app-defaults/XConsole AppendIfNoSuchLine "XConsole.autoRaise: on" } # # CERT security patch for vold vulnerability # { /etc/rmmount.conf HashCommentLinesContaining "action cdrom" HashCommentLinesContaining "action floppy" } { /etc/inet/inetd.conf ReplaceAll "/usr/sbin/in.ftpd" With "/local/iu/sbin/tcpd" ReplaceAll "/usr/sbin/in.telnetd" With "/local/iu/sbin/tcpd" ReplaceAll "/usr/sbin/in.rshd" With "/local/iu/sbin/tcpd" ReplaceAll "/usr/sbin/in.rlogind" With "/local/iu/sbin/tcpd" HashCommentLinesContaining "rwall" HashCommentLinesContaining "/usr/sbin/in.fingerd" HashCommentLinesContaining "comsat" HashCommentLinesContaining "exec" # HashCommentLinesContaining "talk" HashCommentLinesContaining "echo" HashCommentLinesContaining "discard" HashCommentLinesContaining "charge" HashCommentLinesContaining "quotas" HashCommentLinesContaining "users" HashCommentLinesContaining "spray" HashCommentLinesContaining "sadmin" HashCommentLinesContaining "rstat" HashCommentLinesContaining "kcms" HashCommentLinesContaining "comsat" HashCommentLinesContaining "xaudio" HashCommentLinesContaining "uucp" } # # A painless way to add an rc.local script to the rc files # under solaris without having to fight though inittab # # # { /etc/rc3.d/S15nfs.server # # AppendIfNoSuchLine "sh /local/iu/etc/rc.local" # } # # # umask define when inetd starts is inherited by all subprocesses # this makes ftp post files open to the world # { /etc/rc2.d/S72inetsvc # # PrependIfNoSuchLine "umask 022" # } # ############################################################################ processes: # # Don't need CDE stuff # "ttdbserverd" signal=kill "nfsd" restart /usr/lib/nfs/nfsd useshell=false "mountd" restart /usr/lib/nfs/mountd useshell=false "automount" signal=kill "kwmsound" signal=kill "xntp" matches=1 restart "/local/sbin/xntpd" useshell=false ### # # END cf.solaris # ###