Tue Feb 3 00:33:03 PST 2004 FreeBSD 5.2-RELEASE i386 MANDY XFree86-libraries-4.3.0_6 Xaw3d-1.5 apache-2.0.48_3 autoconf-2.53_1 bash-2.05b.007 clockspeed-0.62_2 compat4x-i386-5.0.20030328 cups-base-1.1.19.0 cvsup-16.1h cvsup-mirror-1.2_1 daemontools-0.76_3 djbdns-1.05_5 emacs-21.3 expat-1.95.6_1 fontconfig-2.2.90_3 freetype2-2.1.5_1 help2man-1.29 imake-4.3.0_1 isc-dhcp3-server-3.0.1.r12 joe-2.8_5 jpeg-6b_1 lame-3.93.1 libtai-0.60_1 libtool-1.3.5_1 libtool-1.4.3_2 libungif-4.1.0b1_1 linux_base-7.1_5 lynx-2.8.4.1d m4-1.4_1 nmap-3.50 pcre-4.5 perl-5.6.1_15 pkgconfig-0.15.0 pkgdb.db png-1.2.5_2 portscanner-1.2_1 portupgrade-20030723 psmisc-17 python-2.3.2_3 qmail-1.03_2 qmail-remove-0.94 rsync-2.5.7 ruby-1.6.8.2003.10.15 ruby-bdb1-0.2.1 ruby-shim-ruby18-1.8.1.p2 samba-2.2.8a screen-4.0.1_2 tcl-8.3.5_2 tiff-3.6.0 tk-8.3.5_2 ucspi-ssl-0.50 ucspi-tcp-0.88 ==> /boot.config <== /boot/loader -Dh ==> /etc/fstab <== # Device Mountpoint FStype Options Dump Pass# /dev/ad0s1b none swap sw 0 0 /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1e /tmp ufs rw,async,noatime 2 2 /dev/ad0s1f /usr ufs rw 2 2 /dev/ad0s1d /var ufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 none /proc procfs rw 0 0 none /dev devfs rw 0 0 ==> /etc/rc.conf <== hostname=mandy.example.com ifconfig_xl0=dhcp ifconfig_fxp0="inet 10.0.1.1 netmask 255.255.255.0" ifconfig_dc0="inet 10.62.5.1 netmask 255.255.255.0" fsck_y_enable=YES font8x14="NO" font8x16="swiss-8x16" font8x8="swiss-8x8" keyrate="fast" usbd_enable="YES" linux_enable="NO" gateway_enable="YES" firewall_enable="YES" firewall_type="/etc/firewall" sendmail_enable="NONE" sshd_enable="YES" ==> /etc/firewall <== -f flush # xl0 = upstream # fxp0 = private1 10.0.1.0/24 # dc0 = private2 10.62.5.0/24 add allow ip from any to any via lo0 add deny udp from any to any 137-139 add deny tcp from any to any 137-139 add deny ip from any to 10.0.0.0/9 in recv xl0 add deny ip from 10.0.0.0/9 to any in recv xl0 add deny ip from not 10.0.1.0/24 to any recv fxp0 add deny ip from not 10.62.5.0/24 to any recv dc0 add divert natd ip from any to any add count ip from any to any in recv xl0 add count ip from any to any out xmit xl0 add count ip from any to any out recv xl0 xmit fxp0 add count ip from any to any out recv fxp0 xmit xl0 add count ip from any to any out recv xl0 xmit dc0 add count ip from any to any out recv dc0 xmit xl0 add deny ip from any to any recv fxp0 xmit dc0 add deny ip from any to any recv dc0 xmit fxp0 add allow tcp from 10.0.0.0/9 to me 22 setup add allow tcp from 24.71.16.118 to me 22 setup add allow tcp from 24.71.16.118 to me 8000 setup add allow tcp from 204.244.102.0/25 to me 22 setup add allow tcp from 10.0.1.0/24 to me 5999 setup add allow tcp from 204.244.102.66 to 10.0.1.2 11000 setup add allow tcp from 10.0.0.0/9 to any setup add allow tcp from me to any setup add unreach port tcp from any to any 113 setup add unreach port tcp from any to any setup add allow tcp from any to any established add allow udp from any to me add allow udp from me to any add deny udp from any to any add allow ip from any to any ==> /etc/hosts <== ::1 localhost localhost.example.com 127.0.0.1 localhost localhost.example.com 10.0.1.1 mandy.example.com ==> /etc/daily.local <== taiclock 204.244.102.59|clockview echo taiclock 204.244.102.59|clockadd echo taiclock 204.244.102.59|clockview ==> /etc/ssh/ssh_config <== ==> /etc/ssh/sshd_config <== Subsystem sftp /usr/libexec/sftp-server PermitRootLogin without-password ==> /etc/mail/mailer.conf <== sendmail /var/qmail/bin/sendmail send-mail /var/qmail/bin/sendmail mailq /var/qmail/bin/qmail-qread newaliases /var/qmail/bin/qmail-newu hoststat /usr/bin/true purgestat /usr/bin/true ==> /usr/local/etc/supfile.ports <== *default tag=. *default host=localhost *default prefix=/usr *default base=/usr/local/etc/cvsup *default release=cvs delete use-rel-suffix ports-all ==> /usr/local/etc/supfile.src <== *default tag=RELENG_5_2 *default host=localhost *default prefix=/usr *default base=/usr/local/etc/cvsup *default release=cvs delete use-rel-suffix src-sys ==> /etc/dhclient.conf <== interface "xl0" { supersede domain-name-servers 10.0.1.1; supersede domain-name "example.com"; } ==> /usr/local/etc/dhcpd.conf <== option domain-name "example.com"; option domain-name-servers 10.0.1.1; default-lease-time 600; max-lease-time 7200; authoritative; ddns-update-style none; log-facility local7; subnet 10.0.1.0 netmask 255.255.255.0 { range 10.0.1.100 10.0.1.149; option routers 10.0.1.1; } subnet 10.62.5.0 netmask 255.255.255.0 { range 10.62.5.100 10.62.5.149; option routers 10.62.5.1; } ==> /usr/local/etc/cvsup/config.sh <== user="cvsup" group="cvsup" cuser="cvsupin" cgroup="cvsupin" host="ned.tomclegg.net" interval="24" maxclients="1" facility="daemon" distribs="distrib.self .. . FreeBSD.cvs /home/ncvs . FreeBSD-www.current SKIP . FreeBSD-gnats.current SKIP gnats FreeBSD-mail.current SKIP ." ==> /var/service/dhcpd/run <== #!/bin/sh . /usr/local/etc/rc.isc-dhcpd.conf exec dhcpd -f ${dhcpd_ifaces} 2>&1 ==> /var/service/dnscache/run <== #!/bin/sh exec 2>&1 exec /var/service/dynip/run <== #!/bin/sh while : do ssh -n dynip@204.244.102.57 /var/service/mp3log-clean/run <== #!/bin/sh exec env - PATH="$PATH" envdir ./env nice setuidgid "mp3log" mp3dirclean ==> /var/service/mp3log/run <== #!/bin/sh exec env - PATH="$PATH" envdir ./env nice --5 setuidgid "mp3log" mp3log 2>&1 ==> /var/service/natd/run <== #!/bin/sh killall -9 natd exec env - /usr/local/bin/fghack /sbin/natd -f natd.conf ==> /var/service/qmail/run <== #!/bin/sh exec env - PATH=/bin:/usr/bin:/usr/local/bin:/var/qmail/bin \ qmail-start ./Mailbox 2>&1 ==> /var/service/dhcpd/log/run <== #!/bin/sh exec env - PATH="$PATH" setuidgid multilog multilog t ./main ==> /var/service/dnscache/log/run <== #!/bin/sh exec setuidgid dnslog multilog t ./main ==> /var/service/mp3log/log/run <== #!/bin/sh exec setuidgid "mp3logl" multilog t s99999 n2 ./main ==> /var/service/qmail/log/run <== #!/bin/sh exec setuidgid qmaill multilog t ./main ==> /var/qmail/control/me <== mandy.example.com ==> /etc/passwd <== # $FreeBSD: src/etc/master.passwd,v 1.34 2003/04/27 05:45:29 imp Exp $ # root:*:0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin operator:*:2:5:System &:/:/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8:News Subsystem:/:/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53:Bind Sandbox:/:/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin tom:*:1001:1001:User &:/home/tom:/usr/local/bin/bash alias:*:81:81:User &:/var/qmail/alias:/usr/bin/true qmaild:*:82:81:User &:/var/qmail:/usr/bin/true qmaill:*:83:81:User &:/var/qmail:/usr/bin/true qmailp:*:84:81:User &:/var/qmail:/usr/bin/true qmailq:*:85:82:User &:/var/qmail:/usr/bin/true qmailr:*:86:82:User &:/var/qmail:/usr/bin/true qmails:*:87:82:User &:/var/qmail:/usr/bin/true dnscache:*:411:411:User &:/nonexistent:/usr/bin/true tinydns:*:412:412:User &:/nonexistent:/usr/bin/true dnslog:*:413:413:User &:/nonexistent:/usr/bin/true cvsup:*:1002:1002:CVSup Daemon:/nonexistent:/nonexistent cvsupin:*:1003:1003:CVSup Client:/home/cvsupin:/nonexistent mp3log:*:1004:1004:User &:/var/service/mp3log:/usr/bin/true mp3logl:*:1005:1005:User &:/var/service/mp3log/log:/usr/bin/true multilog:*:1006:1006:User &:/nonexistent:/usr/bin/true ==> /etc/group <== # $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ # wheel:*:0:root,tom daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31: bind:*:53: uucp:*:66: dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: tom:*:1001: qmail:*:82: qnofiles:*:81: dnscache:*:411: tinydns:*:412: dnslog:*:413: cvsup:*:1002: cvsupin:*:1003: mp3log:*:1004: mp3logl:*:1005: multilog:*:1006: ==> /usr/local/etc/rc.d/md.sh <== #!/bin/sh case "$1" in start) mdconfig -a -t vnode -f /home/ftp/5.2-disc1.iso -u 5 mkdir /home/ftp/5.2-disc1 mount_cd9660 -r /dev/md5 /home/ftp/5.2-disc1 || rmdir /home/ftp/5.2-disc1 ;; stop) umount /home/ftp/5.2-disc1 rmdir /home/ftp/5.2-disc1 mdconfig -d -u 5 ;; *) echo >&2 "usage: $0 start|stop" ;; esac ==> /usr/src/sys/i386/conf/MANDY <== # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.394.2.3 2004/01/26 19:42:11 nectar Exp $ options IPFIREWALL options IPDIVERT options DUMMYNET device pcm machine i386 cpu I586_CPU cpu I686_CPU ident MANDY #To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" #Default places to look for devices. #makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols options SCHED_4BSD #4BSD scheduler options INET #InterNETworking options INET6 #IPv6 communications protocols options FFS #Berkeley Fast Filesystem options SOFTUPDATES #Enable FFS soft updates support options UFS_ACL #Support for access control lists options UFS_DIRHASH #Improve performance on big directories options MD_ROOT #MD is a potential root device options NFSCLIENT #Network Filesystem Client options NFSSERVER #Network Filesystem Server options NFS_ROOT #NFS usable as /, requires NFSCLIENT options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem options PROCFS #Process filesystem (requires PSEUDOFS) options PSEUDOFS #Pseudo-filesystem framework options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 #Compatible with FreeBSD4 options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. options PFIL_HOOKS # pfil(9) framework # Debugging for use in -current #options DDB #Enable the kernel debugger #options INVARIANTS #Enable calls of extra sanity checking options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required by INVARIANTS #options WITNESS #Enable checks to detect deadlocks and cycles #options WITNESS_SKIPSPIN #Don't run witness on spinlocks for speed # To make an SMP kernel, the next two are needed options SMP # Symmetric MultiProcessor Kernel device apic # I/O APIC device isa device eisa device pci # Floppy drives device fdc # ATA and ATAPI devices device ata device atadisk # ATA disk drives device ataraid # ATA RAID drives device atapicd # ATAPI CDROM drives device atapifd # ATAPI floppy drives device atapist # ATAPI tape drives options ATA_STATIC_ID #Static device numbering # SCSI Controllers device ahb # EISA AHA1742 family device ahc # AHA2940 and onboard AIC7xxx devices device ahd # AHA39320/29320 and onboard AIC79xx devices device amd # AMD 53C974 (Tekram DC-390(T)) device isp # Qlogic family device mpt # LSI-Logic MPT-Fusion #device ncr # NCR/Symbios Logic device sym # NCR/Symbios Logic (newer chipsets + those of `ncr') device trm # Tekram DC395U/UW/F DC315U adapters device adv # Advansys SCSI adapters device adw # Advansys wide SCSI adapters device aha # Adaptec 154x SCSI adapters device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60. device bt # Buslogic/Mylex MultiMaster SCSI adapters device ncv # NCR 53C500 device nsp # Workbit Ninja SCSI-3 device stg # TMC 18C30/18C50 # SCSI peripherals device scbus # SCSI bus (required for SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) device ses # SCSI Environmental Services (and SAF-TE) # RAID controllers interfaced to the SCSI subsystem device amr # AMI MegaRAID device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID device ciss # Compaq Smart RAID 5* device dpt # DPT Smartcache III, IV - See NOTES for options device iir # Intel Integrated RAID device ips # IBM (Adaptec) ServeRAID device mly # Mylex AcceleRAID/eXtremeRAID # RAID controllers device aac # Adaptec FSA RAID device aacp # SCSI passthrough for aac (requires CAM) device ida # Compaq Smart RAID device mlx # Mylex DAC960 family device pst # Promise Supertrak SX6000 device twe # 3ware ATA RAID # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device vga # VGA video card driver device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc # Enable this for the pcvt (VT220 compatible) console driver #device vt #options XSERVER # support for X server on a vt console #options FAT_CURSOR # start with block cursor device agp # support several AGP chipsets # Floating point support - do not disable. device npx # Power management support (see NOTES for more options) #device apm # Add suspend/resume support for the i8254. device pmtimer # PCCARD (PCMCIA) support # Pcmcia and cardbus bridge support device cbb # cardbus (yenta) bridge #device pcic # ExCA ISA and PCI bridges device pccard # PC Card (16-bit) bus device cardbus # CardBus (32-bit) bus # Serial (COM) ports device sio # 8250, 16[45]50 based serial ports # Parallel port device ppc device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device #device vpo # Requires scbus and da # If you've got a "dumb" serial or parallel PCI card that is # supported by the puc(4) glue driver, uncomment the following # line to enable it (connects to the sio and/or ppc drivers): #device puc # PCI Ethernet NICs. device de # DEC/Intel DC21x4x (``Tulip'') device em # Intel PRO/1000 adapter Gigabit Ethernet Card device txp # 3Com 3cR990 (``Typhoon'') device vx # 3Com 3c590, 3c595 (``Vortex'') # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device bfe # Broadcom BCM440x 10/100 ethernet device bge # Broadcom BCM570xx Gigabit Ethernet device dc # DEC/Intel 21143 and various workalikes device fxp # Intel EtherExpress PRO/100B (82557, 82558) device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') device re # RealTek 8139C+/8169/8169S/8110S device rl # RealTek 8129/8139 device sf # Adaptec AIC-6915 (``Starfire'') device sis # Silicon Integrated Systems SiS 900/SiS 7016 device sk # SysKonnect SK-984x and SK-982x gigabit ethernet device ste # Sundance ST201 (D-Link DFE-550TX) device ti # Alteon Networks Tigon I/II gigabit ethernet device tl # Texas Instruments ThunderLAN device tx # SMC EtherPower II (83c170 ``EPIC'') device vr # VIA Rhine, Rhine II device wb # Winbond W89C840F device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. pccard nics included. device cs # Crystal Semiconductor CS89x0 NIC # 'device ed' requires 'device miibus' device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards device ex # Intel EtherExpress Pro/10 and Pro/10+ device ep # Etherlink III based cards device fe # Fujitsu MB8696x based cards device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. device lnc # NE2100, NE32-VL Lance Ethernet cards device sn # SMC's 9000 series of ethernet chips device xe # Xircom pccard ethernet # ISA devices that use the old ISA shims #device le # Wireless NIC cards device wlan # 802.11 support device an # Aironet 4500/4800 802.11 wireless NICs. device awi # BayStack 660 and others device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. #device wl # Older non 802.11 Wavelan wireless NIC. # Pseudo devices - the number indicates how many units to allocate. device random # Entropy device device loop # Network loopback device ether # Ethernet support device sl # Kernel SLIP device ppp # Kernel PPP device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf # Berkeley packet filter # USB support device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device usb # USB Bus (required) #device udbp # USB Double Bulk Pipe devices device ugen # Generic device uhid # "Human Interface Devices" device ukbd # Keyboard device ulpt # Printer device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse device urio # Diamond Rio 500 MP3 player device uscanner # Scanners # USB Ethernet, requires mii device aue # ADMtek USB ethernet device axe # ASIX Electronics USB ethernet device cue # CATC USB ethernet device kue # Kawasaki LSI USB ethernet # FireWire support device firewire # FireWire bus code device sbp # SCSI over FireWire (Requires scbus and da) device fwe # Ethernet over FireWire (non-standard!)