home *** CD-ROM | disk | FTP | other *** search
- #################################################################
- #
- # cf.solaris - for iu.hioslo.no
- #
- # This file contains solaris specific patches
- #
- #################################################################
-
- ###
- #
- # BEGIN cf.solaris
- #
- ###
-
- directories:
-
- #
- # httpd/netscape want this to exist for some bizarre reason
- #
-
- /usr/lib/X11/nls
- /var/run
-
- ################################################################
-
- tidy:
-
- /usr/tmp pattern=* age=1
-
- MailHub::
-
- /var/mail pattern=lp age=0
-
- #################################################################
-
- files:
-
- #
- # If this doesn't exist fork will not work and the
- # system will not even be able to run the /etc/rc
- # scripts at boottime
- #
-
- /etc/system o=root g=root m=644 action=touch
- /usr/sbin/mount o=bin g=bin m=555 action=fixplain
- /usr/sbin/ping m=4555 action=fixplain
-
- #############################################################
-
- links:
-
- sunos_5_6::
-
- /usr/lib/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_6
- /usr/sbin/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_6
-
-
- sunos_5_5::
-
- /usr/lib/sendmail ->! /local/iu/mail/bin/sendmail-8.9.1-sunos5_5
-
- any::
-
- /opt/gnu -> /local/gnu
- /etc/sendmail.cf ->! /etc/mail/sendmail.cf
- /etc/services ->! /etc/inet/services
- /var/spool/mail -> /var/mail
- /usr/bin/perl -> /local/bin/perl
-
-
- ##############################################################
-
- copy:
-
- #
- # Some standard setup files, can't link because
- # machine won't boot if their not on / partition.
- #
-
- /local/bin/tcsh dest=/bin/tcsh mode=755
-
- /local/iu/etc/nsswitch.standalone dest=/etc/nsswitch.conf
-
- /local/iu/etc/S99rc-local dest=/etc/rc2.d/S99rc-local mode=755
-
-
- ##############################################################
-
- disable:
-
- /etc/.login type=file
- /etc/aliases
- /bin/rdist
-
- #
- # These files are ENORMOUS, don't let them fill the disk
- #
-
- Hr00::
-
- /var/lp/logs/lpsched rotate=empty
-
- # Day1.Hr00:: # each month
-
- # /var/adm/wtmpx rotate=2
- # /var/adm/wtmp rotate=2
- # /var/adm/utmpx rotate=2
- # /var/adm/utmp rotate=2
-
-
- ##############################################################
-
- files:
-
- /etc/passwd m=0644 o=root g=other action=fixplain
- /etc/shadow m=0600 o=root g=other action=fixplain
- /etc/defaultrouter m=0644 o=root g=other action=touch
- /etc/inet m=755 o=root g=other action=fixdirs
- /var/adm/wtmpx m=0664 o=adm g=adm action=touch
- /var/adm/wtmp m=0644 o=root g=adm action=touch
- /var/adm/utmp m=0644 o=root g=adm action=fixplain
- /var/adm/utmpx m=0664 o=adm g=adm action=fixplain
- /tmp m=1777 action=fixdirs
- /usr/openwin/bin/xdm m=0755 o=root g=bin action=fixplain
- /var/mail m=1777 o=root g=mail action=fixdirs
-
-
- ##############################################################
-
- disable:
-
- #
- # CERT security patch
- #
-
- /usr/openwin/bin/kcms_calibrate
- /usr/openwin/bin/kcms_configure
- /usr/bin/admintool
- /etc/rc2.d/S99dtlogin
-
- ################################################################
-
- shellcommands:
-
- AllBinaryServers.Saturday.longjob.Hr00::
-
- #
- # Make sure the man -k / apropos data are up to date
- #
-
- "/usr/bin/catman -M /local/man"
- "/usr/bin/catman -M /local/X11R5/man"
- "/usr/bin/catman -M /usr/man"
- "/usr/bin/catman -M /local/gnu/man"
- "/usr/bin/catman -M /usr/openwin/share/man"
- "/usr/bin/catman -M /local/X11R5/man"
- "/usr/bin/catman -M /usr/share/man"
- "/usr/bin/catman -M /opt/SUNWspro/man"
-
- ##############################################################
-
- editfiles:
-
-
- #
- # Solaris configuration for extra logins
- #
-
- { /etc/system
-
- AppendIfNoSuchLine "set pt_cnt=128"
- }
-
- { /etc/netmasks
-
- AppendIfNoSuchLine "128.39 255.255.255.0"
- }
-
- { /etc/defaultrouter
-
- AppendIfNoSuchLine "128.39.89.1"
- }
-
- { /usr/openwin/lib/app-defaults/XConsole
-
- AppendIfNoSuchLine "XConsole.autoRaise: on"
- }
-
- #
- # CERT security patch for vold vulnerability
- #
-
- { /etc/rmmount.conf
-
- HashCommentLinesContaining "action cdrom"
- HashCommentLinesContaining "action floppy"
- }
-
- { /etc/inet/inetd.conf
-
- ReplaceAll "/usr/sbin/in.ftpd" With "/local/iu/sbin/tcpd"
- ReplaceAll "/usr/sbin/in.telnetd" With "/local/iu/sbin/tcpd"
- ReplaceAll "/usr/sbin/in.rshd" With "/local/iu/sbin/tcpd"
- ReplaceAll "/usr/sbin/in.rlogind" With "/local/iu/sbin/tcpd"
- HashCommentLinesContaining "rwall"
- HashCommentLinesContaining "/usr/sbin/in.fingerd"
- HashCommentLinesContaining "comsat"
- HashCommentLinesContaining "exec"
- # HashCommentLinesContaining "talk"
- HashCommentLinesContaining "echo"
- HashCommentLinesContaining "discard"
- HashCommentLinesContaining "charge"
- HashCommentLinesContaining "quotas"
- HashCommentLinesContaining "users"
- HashCommentLinesContaining "spray"
- HashCommentLinesContaining "sadmin"
- HashCommentLinesContaining "rstat"
- HashCommentLinesContaining "kcms"
- HashCommentLinesContaining "comsat"
- HashCommentLinesContaining "xaudio"
- HashCommentLinesContaining "uucp"
- }
-
- #
- # A painless way to add an rc.local script to the rc files
- # under solaris without having to fight though inittab
- #
- #
- # { /etc/rc3.d/S15nfs.server
- #
- # AppendIfNoSuchLine "sh /local/iu/etc/rc.local"
- # }
- #
- #
- # umask define when inetd starts is inherited by all subprocesses
- # this makes ftp post files open to the world
-
- # { /etc/rc2.d/S72inetsvc
- #
- # PrependIfNoSuchLine "umask 022"
- # }
- #
-
-
- ############################################################################
-
- processes:
-
- #
- # Don't need CDE stuff
- #
-
- "ttdbserverd" signal=kill
-
- "nfsd" restart /usr/lib/nfs/nfsd useshell=false
- "mountd" restart /usr/lib/nfs/mountd useshell=false
- "automount" signal=kill
- "kwmsound" signal=kill
-
- "xntp" matches=1 restart "/local/sbin/xntpd" useshell=false
-
- ###
- #
- # END cf.solaris
- #
- ###
-
-