diff options
| author | Alan Somers <asomers@FreeBSD.org> | 2019-06-06 16:20:50 +0000 |
|---|---|---|
| committer | Alan Somers <asomers@FreeBSD.org> | 2019-06-06 16:20:50 +0000 |
| commit | 0269ae4c19ad779b43b0d6e2416ac7386945d692 (patch) | |
| tree | ab5e303c6cb3ded1f908fed5b0cd47780ddda696 /etc | |
| parent | d10b757886cc63e5f5f5b6e798a20e339d5937bb (diff) | |
| parent | fbc27301ba4280886011dfb924c78402829b57cc (diff) | |
Notes
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Makefile | 34 | ||||
| -rw-r--r-- | etc/login.access | 46 | ||||
| -rw-r--r-- | etc/mtree/BSD.tests.dist | 14 | ||||
| -rw-r--r-- | etc/rc.bsdextended | 138 | ||||
| -rw-r--r-- | etc/rc.firewall | 557 | ||||
| -rw-r--r-- | etc/rc.sendmail | 277 | ||||
| -rw-r--r-- | etc/shells | 9 | ||||
| -rw-r--r-- | etc/termcap.small | 315 |
8 files changed, 24 insertions, 1366 deletions
diff --git a/etc/Makefile b/etc/Makefile index 4714b580cc82a..7ee9eca7eb189 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -6,6 +6,7 @@ FILESGROUPS= FILES NLS_ALIASES= POSIX C \ en_US.US_ASCII C +PWD_MKDB_CMD?= pwd_mkdb # No need as it is empty and just causes rebuilds since this file does so much. UPDATE_DEPENDFILE= no @@ -14,19 +15,8 @@ UPDATE_DEPENDFILE= no SUBDIR+=sendmail .endif -BIN1= \ - group \ - login.access \ - rc.bsdextended \ - rc.firewall \ - termcap.small - # NB: keep these sorted by MK_* knobs -.if ${MK_SENDMAIL} != "no" -BIN1+= rc.sendmail -.endif - .if ${MK_SENDMAIL} == "no" ETCMAIL=mailer.conf aliases .else @@ -63,23 +53,6 @@ distribution: @echo "set DESTDIR before running \"make ${.TARGET}\"" @false .endif - cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ - ${BIN1} ${DESTDIR}/etc; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ - master.passwd ${DESTDIR}/etc; - -.if ${MK_TCSH} == "no" - sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd -.endif - pwd_mkdb -i -p -d ${DESTDIR}/etc ${DESTDIR}/etc/master.passwd -.if defined(NO_ROOT) - ( \ - echo "./etc/passwd type=file mode=0644 uname=root gname=wheel"; \ - echo "./etc/pwd.db type=file mode=0644 uname=root gname=wheel"; \ - echo "./etc/spwd.db type=file mode=0600 uname=root gname=wheel"; \ - ) | ${METALOG.add} -.endif ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/mtree; ${MAKE} install ${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap @@ -189,11 +162,6 @@ distrib-dirs: ${MTREES:N/*} distrib-cleanup .PHONY .endfor .endif -etc-examples: ${META_DEPS} - cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \ - ${BIN1} ${BIN2} \ - ${DESTDIR}${SHAREDIR}/examples/etc - .include <bsd.prog.mk> .if ${MK_INSTALL_AS_USER} == "yes" && ${_uid} != 0 diff --git a/etc/login.access b/etc/login.access deleted file mode 100644 index ffe5fff0abea7..0000000000000 --- a/etc/login.access +++ /dev/null @@ -1,46 +0,0 @@ -# $FreeBSD$ -# -# Login access control table. -# -# When someone logs in, the table is scanned for the first entry that -# matches the (user, host) combination, or, in case of non-networked -# logins, the first entry that matches the (user, tty) combination. The -# permissions field of that table entry determines whether the login will -# be accepted or refused. -# -# Format of the login access control table is three fields separated by a -# ":" character: -# -# permission : users : origins -# -# The first field should be a "+" (access granted) or "-" (access denied) -# character. The second field should be a list of one or more login names, -# group names, or ALL (always matches). The third field should be a list -# of one or more tty names (for non-networked logins), host names, domain -# names (begin with "."), host addresses, internet network numbers (end -# with "."), ALL (always matches) or LOCAL (matches any string that does -# not contain a "." character). If you run NIS you can use @netgroupname -# in host or user patterns. -# -# The EXCEPT operator makes it possible to write very compact rules. -# -# The group file is searched only when a name does not match that of the -# logged-in user. Only groups are matched in which users are explicitly -# listed: the program does not look at a user's primary group id value. -# -############################################################################## -# -# Disallow console logins to all but a few accounts. -# -#-:ALL EXCEPT wheel shutdown sync:console -# -# Disallow non-local logins to privileged accounts (group wheel). -# -#-:wheel:ALL EXCEPT LOCAL .win.tue.nl -# -# Some accounts are not allowed to login from anywhere: -# -#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL -# -# All other accounts are allowed to login from anywhere. -# diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist index a2377c8511023..b3c059cd52dfa 100644 --- a/etc/mtree/BSD.tests.dist +++ b/etc/mtree/BSD.tests.dist @@ -238,6 +238,20 @@ version .. .. + i386 + arrays + .. + funcs + .. + pid + .. + ustack + .. + .. + amd64 + arrays + .. + .. .. zfsd .. diff --git a/etc/rc.bsdextended b/etc/rc.bsdextended deleted file mode 100644 index b933a96fbcb71..0000000000000 --- a/etc/rc.bsdextended +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2004 Tom Rhodes -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -#### -# Sample startup policy for the mac_bsdextended(4) security module. -# -# Suck in the system configuration variables. -#### -if [ -z "${source_rc_confs_defined}" ]; then - if [ -r /etc/defaults/rc.conf ]; then - . /etc/defaults/rc.conf - source_rc_confs - elif [ -r /etc/rc.conf ]; then - . /etc/rc.conf - fi -fi - -#### -# Set ugidfw(8) to CMD: -#### -CMD=/usr/sbin/ugidfw - -#### -# WARNING: recommended reading is the handbook's MAC -# chapter and the ugidfw(8) manual page. You can -# lock yourself out of the system very quickly by setting -# incorrect values here. These are only examples. -#### - -#### -# Build a generic list of rules here, these should be -# modified before using this script. -# -# For apache to read user files, the ruleadd must give -# it permissions by default. -#### -#${CMD} add subject uid 80 object not uid 80 mode rxws; -#${CMD} add subject gid 80 object not gid 80 mode rxws; - -#### -# majordomo compat: -#${CMD} add subject uid 54 object not uid 54 mode rxws; -#${CMD} add subject gid 26 object gid 54 mode rxws; - -#### -# This is for root: -${CMD} add subject uid 0 object not uid 0 mode arxws; -${CMD} add subject gid 0 object not gid 0 mode arxws; - -#### -# And for majordomo: -#${CMD} add subject uid 54 object not uid 54 mode rxws; -#${CMD} add subject gid 54 object not gid 54 mode rxws; - -#### -# And for bin: -${CMD} add subject uid 3 object not uid 3 mode rxws; -${CMD} add subject gid 7 object not gid 7 mode rxws; - -#### -# And for mail/pop: -#${CMD} add subject uid 68 object not uid 68 mode rxws; -#${CMD} add subject gid 6 object not gid 6 mode arxws; - -#### -# And for smmsp: -${CMD} add subject uid 25 object not uid 25 mode rxws; -${CMD} add subject gid 25 object not gid 25 mode rxws; - -#### -# And for mailnull: -${CMD} add subject uid 26 object not uid 26 mode rxws; -${CMD} add subject gid 26 object not gid 26 mode rxws; - -#### -# For cyrus: -#${CMD} add subject uid 60 object not uid 60 mode rxws; -#${CMD} add subject gid 60 object not gid 60 mode rxws; - -#### -# For stunnel: -#${CMD} add subject uid 1018 object not uid 1018 mode rxws; -#${CMD} add subject gid 1018 object not gid 1018 mode rxws; - -#### -# For the nobody account: -${CMD} add subject uid 65534 object not uid 65534 mode rxws; -${CMD} add subject gid 65534 object not gid 65534 mode rxws; - -#### -# NOTICE: The next script adds a rule to allow -# access their mailbox which is owned by GID `6'. -# Removing this will give mailbox lock issues. -for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`; - do ${CMD} add subject uid $x object gid 6 mode arwxs; -done; - -#### -# Use some script to get a list of users and -# add all users to mode n for all other users. This -# will isolate all users from other user home directories while -# permitting them to use commands and browse the system. -for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`; - do ${CMD} add subject not uid $x object uid $x mode n; -done; - -### -# Do the same thing but only for group ids in place of -# user IDs. -for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $3 }' /etc/passwd`; - do ${CMD} add subject not gid $x object uid $x mode n; -done; diff --git a/etc/rc.firewall b/etc/rc.firewall deleted file mode 100644 index 8389d76c5cc61..0000000000000 --- a/etc/rc.firewall +++ /dev/null @@ -1,557 +0,0 @@ -#!/bin/sh - -# Copyright (c) 1996 Poul-Henning Kamp -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# -# Setup system for ipfw(4) firewall service. -# - -# Suck in the configuration variables. -if [ -z "${source_rc_confs_defined}" ]; then - if [ -r /etc/defaults/rc.conf ]; then - . /etc/defaults/rc.conf - source_rc_confs - elif [ -r /etc/rc.conf ]; then - . /etc/rc.conf - fi -fi - -############ -# Define the firewall type in /etc/rc.conf. Valid values are: -# open - will allow anyone in -# client - will try to protect just this machine -# simple - will try to protect a whole network -# closed - totally disables IP services except via lo0 interface -# workstation - will try to protect just this machine using stateful -# firewalling. See below for rc.conf variables used -# UNKNOWN - disables the loading of firewall rules. -# filename - will load the rules in the given filename (full path required) -# -# For ``client'' and ``simple'' the entries below should be customized -# appropriately. - -############ -# -# If you don't know enough about packet filtering, we suggest that you -# take time to read this book: -# -# Building Internet Firewalls, 2nd Edition -# Brent Chapman and Elizabeth Zwicky -# -# O'Reilly & Associates, Inc -# ISBN 1-56592-871-7 -# http://www.ora.com/ -# http://www.oreilly.com/catalog/fire2/ -# -# For a more advanced treatment of Internet Security read: -# -# Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition -# William R. Cheswick, Steven M. Bellowin, Aviel D. Rubin -# -# Addison-Wesley / Prentice Hall -# ISBN 0-201-63466-X -# http://www.pearsonhighered.com/ -# http://www.pearsonhighered.com/educator/academic/product/0,3110,020163466X,00.html -# - -setup_loopback() { - ############ - # Only in rare cases do you want to change these rules - # - ${fwcmd} add 100 pass all from any to any via lo0 - ${fwcmd} add 200 deny all from any to 127.0.0.0/8 - ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any - if [ $ipv6_available -eq 0 ]; then - ${fwcmd} add 400 deny all from any to ::1 - ${fwcmd} add 500 deny all from ::1 to any - fi -} - -setup_ipv6_mandatory() { - [ $ipv6_available -eq 0 ] || return 0 - - ############ - # Only in rare cases do you want to change these rules - # - # ND - # - # DAD - ${fwcmd} add pass ipv6-icmp from :: to ff02::/16 - # RS, RA, NS, NA, redirect... - ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10 - ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16 - - # Allow ICMPv6 destination unreachable - ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1 - - # Allow NS/NA/toobig (don't filter it out) - ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136 -} - -. /etc/rc.subr -. /etc/network.subr - -if [ -n "${1}" ]; then - firewall_type="${1}" -fi -if [ -z "${firewall_rc_config_load}" ]; then - load_rc_config ipfw -else - for i in ${firewall_rc_config_load}; do - load_rc_config $i - done -fi - -afexists inet6 -ipv6_available=$? - -############ -# Set quiet mode if requested -# -case ${firewall_quiet} in -[Yy][Ee][Ss]) - fwcmd="/sbin/ipfw -q" - ;; -*) - fwcmd="/sbin/ipfw" - ;; -esac - -############ -# Flush out the list before we begin. -# -${fwcmd} -f flush - -setup_loopback -setup_ipv6_mandatory - -############ -# Network Address Translation. All packets are passed to natd(8) -# before they encounter your remaining rules. The firewall rules -# will then be run again on each packet after translation by natd -# starting at the rule number following the divert rule. -# -# For ``simple'' firewall type the divert rule should be put to a -# different place to not interfere with address-checking rules. -# -case ${firewall_type} in -[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface} - fi - ;; - esac - case ${firewall_nat_enable} in - [Yy][Ee][Ss]) - if [ -n "${firewall_nat_interface}" ]; then - if echo "${firewall_nat_interface}" | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" - else - firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" - fi - ${fwcmd} nat 123 config log ${firewall_nat_flags} - ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface} - fi - ;; - esac -esac - -############ -# If you just configured ipfw in the kernel as a tool to solve network -# problems or you just want to disallow some particular kinds of traffic -# then you will want to change the default policy to open. You can also -# do this as your only action by setting the firewall_type to ``open''. -# -# ${fwcmd} add 65000 pass all from any to any - - -# Prototype setups. -# -case ${firewall_type} in -[Oo][Pp][Ee][Nn]) - ${fwcmd} add 65000 pass all from any to any - ;; - -[Cc][Ll][Ii][Ee][Nn][Tt]) - ############ - # This is a prototype setup that will protect your system somewhat - # against people from outside your own network. - # - # Configuration: - # firewall_client_net: Network address of local IPv4 network. - # firewall_client_net_ipv6: Network address of local IPv6 network. - ############ - - # set this to your local network - net="$firewall_client_net" - net6="$firewall_client_net_ipv6" - - # Allow limited broadcast traffic from my own net. - ${fwcmd} add pass all from ${net} to 255.255.255.255 - - # Allow any traffic to or from my own net. - ${fwcmd} add pass all from me to ${net} - ${fwcmd} add pass all from ${net} to me - if [ -n "$net6" ]; then - ${fwcmd} add pass all from me to ${net6} - ${fwcmd} add pass all from ${net6} to me - fi - - if [ -n "$net6" ]; then - # Allow any link-local multicast traffic - ${fwcmd} add pass all from fe80::/10 to ff02::/16 - ${fwcmd} add pass all from ${net6} to ff02::/16 - # Allow DHCPv6 - ${fwcmd} add pass udp from fe80::/10 to me 546 - fi - - # Allow TCP through if setup succeeded - ${fwcmd} add pass tcp from any to any established - - # Allow IP fragments to pass through - ${fwcmd} add pass all from any to any frag - - # Allow setup of incoming email - ${fwcmd} add pass tcp from any to me 25 setup - - # Allow setup of outgoing TCP connections only - ${fwcmd} add pass tcp from me to any setup - - # Disallow setup of all other TCP connections - ${fwcmd} add deny tcp from any to any setup - - # Allow DNS queries out in the world - ${fwcmd} add pass udp from me to any 53 keep-state - - # Allow NTP queries out in the world - ${fwcmd} add pass udp from me to any 123 keep-state - - # Everything else is denied by default, unless the - # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel - # config file. - ;; - -[Ss][Ii][Mm][Pp][Ll][Ee]) - ############ - # This is a prototype setup for a simple firewall. Configure this - # machine as a DNS and NTP server, and point all the machines - # on the inside at this machine for those services. - # - # Configuration: - # firewall_simple_iif: Inside IPv4 network interface. - # firewall_simple_inet: Inside IPv4 network address. - # firewall_simple_oif: Outside IPv4 network interface. - # firewall_simple_onet: Outside IPv4 network address. - # firewall_simple_iif_ipv6: Inside IPv6 network interface. - # firewall_simple_inet_ipv6: Inside IPv6 network prefix. - # firewall_simple_oif_ipv6: Outside IPv6 network interface. - # firewall_simple_onet_ipv6: Outside IPv6 network prefix. - ############ - BAD_ADDR_TBL=13 - - # set these to your outside interface network - oif="$firewall_simple_oif" - onet="$firewall_simple_onet" - oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}" - onet6="$firewall_simple_onet_ipv6" - - # set these to your inside interface network - iif="$firewall_simple_iif" - inet="$firewall_simple_inet" - iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}" - inet6="$firewall_simple_inet_ipv6" - - # Stop spoofing - ${fwcmd} add deny all from ${inet} to any in via ${oif} - ${fwcmd} add deny all from ${onet} to any in via ${iif} - if [ -n "$inet6" ]; then - ${fwcmd} add deny all from ${inet6} to any in via ${oif6} - if [ -n "$onet6" ]; then - ${fwcmd} add deny all from ${onet6} to any in \ - via ${iif6} - fi - fi - - # Define stuff we should never send out or receive in. - # Stop RFC1918 nets on the outside interface - ${fwcmd} table ${BAD_ADDR_TBL} flush - ${fwcmd} table ${BAD_ADDR_TBL} add 10.0.0.0/8 - ${fwcmd} table ${BAD_ADDR_TBL} add 172.16.0.0/12 - ${fwcmd} table ${BAD_ADDR_TBL} add 192.168.0.0/16 - - # And stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, - # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) - # on the outside interface - ${fwcmd} table ${BAD_ADDR_TBL} add 0.0.0.0/8 - ${fwcmd} table ${BAD_ADDR_TBL} add 169.254.0.0/16 - ${fwcmd} table ${BAD_ADDR_TBL} add 192.0.2.0/24 - ${fwcmd} table ${BAD_ADDR_TBL} add 224.0.0.0/4 - ${fwcmd} table ${BAD_ADDR_TBL} add 240.0.0.0/4 - - ${fwcmd} add deny all from any to "table($BAD_ADDR_TBL)" via ${oif} - - # Network Address Translation. This rule is placed here deliberately - # so that it does not interfere with the surrounding address-checking - # rules. If for example one of your internal LAN machines had its IP - # address set to 192.0.2.1 then an incoming packet for it after being - # translated by natd(8) would match the `deny' rule above. Similarly - # an outgoing packet originated from it before being translated would - # match the `deny' rule below. - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - ${fwcmd} add divert natd ip4 from any to any via ${natd_interface} - fi - ;; - esac - - ${fwcmd} add deny all from "table($BAD_ADDR_TBL)" to any via ${oif} - if [ -n "$inet6" ]; then - # Stop unique local unicast address on the outside interface - ${fwcmd} add deny all from fc00::/7 to any via ${oif6} - ${fwcmd} add deny all from any to fc00::/7 via ${oif6} - - # Stop site-local on the outside interface - ${fwcmd} add deny all from fec0::/10 to any via ${oif6} - ${fwcmd} add deny all from any to fec0::/10 via ${oif6} - - # Disallow "internal" addresses to appear on the wire. - ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \ - via ${oif6} - ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \ - via ${oif6} - - # Disallow packets to malicious IPv4 compatible prefix. - ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6} - ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6} - ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6} - ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6} - ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6} - ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6} - ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6} - ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6} - - ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6} - ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6} - - # Disallow packets to malicious 6to4 prefix. - ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6} - ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6} - ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6} - ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6} - - ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6} - ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6} - ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6} - ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6} - - ${fwcmd} add deny all from ff05::/16 to any via ${oif6} - ${fwcmd} add deny all from any to ff05::/16 via ${oif6} - fi - - # Allow TCP through if setup succeeded - ${fwcmd} add pass tcp from any to any established - - # Allow IP fragments to pass through - ${fwcmd} add pass all from any to any frag - - # Allow setup of incoming email - ${fwcmd} add pass tcp from any to me 25 setup - - # Allow access to our DNS - ${fwcmd} add pass tcp from any to me 53 setup - ${fwcmd} add pass udp from any to me 53 - ${fwcmd} add pass udp from me 53 to any - - # Allow access to our WWW - ${fwcmd} add pass tcp from any to me 80 setup - - # Reject&Log all setup of incoming connections from the outside - ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp - if [ -n "$inet6" ]; then - ${fwcmd} add deny log ip6 from any to any in via ${oif6} \ - setup proto tcp - fi - - # Allow setup of any other TCP connection - ${fwcmd} add pass tcp from any to any setup - - # Allow DNS queries out in the world - ${fwcmd} add pass udp from me to any 53 keep-state - - # Allow NTP queries out in the world - ${fwcmd} add pass udp from me to any 123 keep-state - - # Everything else is denied by default, unless the - # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel - # config file. - ;; - -[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) - # Configuration: - # firewall_myservices: List of ports/protocols on which this - # host offers services. - # firewall_allowservices: List of IPv4 and/or IPv6 addresses - # that have access to - # $firewall_myservices. - # firewall_trusted: List of IPv4 and/or IPv6 addresses - # that have full access to this host. - # Be very careful when setting this. - # This option can seriously degrade - # the level of protection provided by - # the firewall. - # firewall_logdeny: Boolean (YES/NO) specifying if the - # default denied packets should be - # logged (in /var/log/security). - # firewall_nologports: List of TCP/UDP ports for which - # denied incoming packets are not - # logged. - - # Allow packets for which a state has been built. - ${fwcmd} add check-state - - # For services permitted below. - ${fwcmd} add pass tcp from me to any established - - # Allow any connection out, adding state for each. - ${fwcmd} add pass tcp from me to any setup keep-state - ${fwcmd} add pass udp from me to any keep-state - ${fwcmd} add pass icmp from me to any keep-state - if [ $ipv6_available -eq 0 ]; then - ${fwcmd} add pass ipv6-icmp from me to any keep-state - fi - - # Allow DHCP. - ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out - ${fwcmd} add pass udp from any 67 to me 68 in - ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in - if [ $ipv6_available -eq 0 ]; then - ${fwcmd} add pass udp from fe80::/10 to me 546 in - fi - # Some servers will ping the IP while trying to decide if it's - # still in use. - ${fwcmd} add pass icmp from any to any icmptype 8 - if [ $ipv6_available -eq 0 ]; then - ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 - fi - - # Allow "mandatory" ICMP in. - ${fwcmd} add pass icmp from any to any icmptype 3,4,11 - if [ $ipv6_available -eq 0 ]; then - ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 - fi - - # Add permits for this workstations published services below - # Only IPs and nets in firewall_allowservices is allowed in. - # If you really wish to let anyone use services on your - # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf - # - # Note: We don't use keep-state as that would allow DoS of - # our statetable. - # You can add 'keep-state' to the lines for slightly - # better performance if you fell that DoS of your - # workstation won't be a problem. - # - for i in ${firewall_allowservices} ; do - for j in ${firewall_myservices} ; do - case $j in - [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo]) - ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me - ;; - [0-9A-Za-z]*/[Tt][Cc][Pp]) - ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]} - ;; - [0-9A-Za-z]*/[Uu][Dd][Pp]) - ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]} - ;; - *[0-9A-Za-z]) - echo "Consider using ${j}/tcp in firewall_myservices." \ - > /dev/stderr - ${fwcmd} add pass tcp from $i to me $j - ;; - *) - echo "Invalid port in firewall_myservices: $j" > /dev/stderr - ;; - esac - done - done - - # Allow all connections from trusted IPs. - # Playing with the content of firewall_trusted could seriously - # degrade the level of protection provided by the firewall. - for i in ${firewall_trusted} ; do - ${fwcmd} add pass ip from $i to me - done - - ${fwcmd} add 65000 count ip from any to any - - # Drop packets to ports where we don't want logging - for i in ${firewall_nologports} ; do - ${fwcmd} add deny { tcp or udp } from any to any $i in - done - - # Broadcasts and multicasts - ${fwcmd} add deny ip from any to 255.255.255.255 - ${fwcmd} add deny ip from any to 224.0.0.0/24 in # XXX - - # Noise from routers - ${fwcmd} add deny udp from any to any 520 in - - # Noise from webbrowsing. - # The stateful filter is a bit aggressive, and will cause some - # connection teardowns to be logged. - ${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in - - # Deny and (if wanted) log the rest unconditionally. - log="" - if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then - log="log logamount 500" # The default of 100 is too low. - sysctl net.inet.ip.fw.verbose=1 >/dev/null - fi - ${fwcmd} add deny $log ip from any to any - ;; - -[Cc][Ll][Oo][Ss][Ee][Dd]) - ${fwcmd} add 65000 deny ip from any to any - ;; -[Uu][Nn][Kk][Nn][Oo][Ww][Nn]) - ;; -*) - if [ -r "${firewall_type}" ]; then - ${fwcmd} ${firewall_flags} ${firewall_type} - fi - ;; -esac diff --git a/etc/rc.sendmail b/etc/rc.sendmail deleted file mode 100644 index b025bc0bd62cb..0000000000000 --- a/etc/rc.sendmail +++ /dev/null @@ -1,277 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2002 Gregory Neil Shapiro. All Rights Reserved. -# Copyright (c) 2000, 2002 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This script is used by /etc/rc at boot time to start sendmail. It -# is meant to be sendmail specific and not a generic script for all -# MTAs. It is only called by /etc/rc if the rc.conf mta_start_script is -# set to /etc/rc.sendmail. This provides the opportunity for other MTAs -# to provide their own startup script. - -# The script is also used by /etc/mail/Makefile to enable the -# start/stop/restart targets. - -# The source for the script can be found in src/etc/sendmail/rc.sendmail. - -if [ -r /etc/defaults/rc.conf ]; then - . /etc/defaults/rc.conf - source_rc_confs -elif [ -r /etc/rc.conf ]; then - . /etc/rc.conf -fi - -# The sendmail binary -sendmail_program=${sendmail_program:-/usr/sbin/sendmail} - -# The pid is used to stop and restart the running daemon(s). -sendmail_pidfile=${sendmail_pidfile:-/var/run/sendmail.pid} -sendmail_mspq_pidfile=${sendmail_mspq_pidfile:-/var/spool/clientmqueue/sm-client.pid} - -start_mta() -{ - case ${sendmail_enable} in - [Nn][Oo][Nn][Ee]) - ;; - [Yy][Ee][Ss]) - echo -n ' sendmail' - ${sendmail_program} ${sendmail_flags} - ;; - *) - case ${sendmail_submit_enable} in - [Yy][Ee][Ss]) - echo -n ' sendmail-submit' - ${sendmail_program} ${sendmail_submit_flags} - ;; - *) - case ${sendmail_outbound_enable} in - [Yy][Ee][Ss]) - echo -n ' sendmail-outbound' - ${sendmail_program} ${sendmail_outbound_flags} - ;; - esac - ;; - esac - ;; - esac -} - -stop_mta() -{ - # Check to make sure we are configured to start an MTA - case ${sendmail_enable} in - [Nn][Oo][Nn][Ee]) - return - ;; - [Yy][Ee][Ss]) - ;; - *) - case ${sendmail_submit_enable} in - [Yy][Ee][Ss]) - ;; - *) - case ${sendmail_outbound_enable} in - [Yy][Ee][Ss]) - ;; - *) - return - ;; - esac - ;; - esac - ;; - esac - - if [ -r ${sendmail_pidfile} ]; then - echo -n ' sendmail' - kill -TERM `head -1 ${sendmail_pidfile}` - else - echo "$0: stop-mta: ${sendmail_pidfile} not found" - fi -} - -restart_mta() -{ - # Check to make sure we are configured to start an MTA - case ${sendmail_enable} in - [Nn][Oo][Nn][Ee]) - return - ;; - [Yy][Ee][Ss]) - ;; - *) - case ${sendmail_submit_enable} in - [Yy][Ee][Ss]) - ;; - *) - case ${sendmail_outbound_enable} in - [Yy][Ee][Ss]) - ;; - *) - return - ;; - esac - ;; - esac - ;; - esac - if [ -r ${sendmail_pidfile} ]; then - echo -n ' sendmail' - kill -HUP `head -1 ${sendmail_pidfile}` - else - echo "$0: restart-mta: ${sendmail_pidfile} not found" - fi -} - -start_mspq() -{ - case ${sendmail_enable} in - [Nn][Oo][Nn][Ee]) - ;; - *) - if [ -r /etc/mail/submit.cf ]; then - case ${sendmail_msp_queue_enable} in - [Yy][Ee][Ss]) - echo -n ' sendmail-clientmqueue' - ${sendmail_program} ${sendmail_msp_queue_flags} - ;; - esac - fi - ;; - esac -} - -stop_mspq() -{ - # Check to make sure we are configured to start an MSP queue runner - case ${sendmail_enable} in - [Nn][Oo][Nn][Ee]) - return - ;; - *) - if [ -r /etc/mail/submit.cf ]; then - case ${sendmail_msp_queue_enable} in - [Yy][Ee][Ss]) - ;; - *) - return - ;; - esac - fi - ;; - esac - - if [ -r ${sendmail_mspq_pidfile} ]; then - echo -n ' sendmail-clientmqueue' - kill -TERM `head -1 ${sendmail_mspq_pidfile}` - else - echo "$0: stop-mspq: ${sendmail_mspq_pidfile} not found" - fi -} - -restart_mspq() -{ - # Check to make sure we are configured to start an MSP queue runner - case ${sendmail_enable} in - [Nn][Oo][Nn][Ee]) - return - ;; - *) - if [ -r /etc/mail/submit.cf ]; then - case ${sendmail_msp_queue_enable} in - [Yy][Ee][Ss]) - ;; - *) - return - ;; - esac - fi - ;; - esac - - if [ -r ${sendmail_mspq_pidfile} ]; then - echo -n ' sendmail-clientmqueue' - kill -HUP `head -1 ${sendmail_mspq_pidfile}` - else - echo "$0: restart-mspq: ${sendmail_mspq_pidfile} not found" - fi -} - -# If no argument is given, assume we are being called at boot time. -_action=${1:-start} - -case ${_action} in -start) - start_mta - start_mspq - ;; - -stop) - stop_mta - stop_mspq - ;; - -restart) - restart_mta - restart_mspq - ;; - -start-mta) - start_mta - ;; - -stop-mta) - stop_mta - ;; - -restart-mta) - restart_mta - ;; - -start-mspq) - start_mspq - ;; - -stop-mspq) - stop_mspq - ;; - -restart-mspq) - restart_mspq - ;; - -*) - echo "usage: `basename $0` {start|stop|restart}" >&2 - echo " `basename $0` {start-mta|stop-mta|restart-mta}" >&2 - echo " `basename $0` {start-mspq|stop-mspq|restart-mspq}" >&2 - exit 64 - ;; - -esac -exit 0 diff --git a/etc/shells b/etc/shells new file mode 100644 index 0000000000000..fe1e0294a0103 --- /dev/null +++ b/etc/shells @@ -0,0 +1,9 @@ +# $FreeBSD$ +# +# List of acceptable shells for chpass(1). +# Ftpd will not allow users to connect who are not using +# one of these shells. + +/bin/sh +/bin/csh +/bin/tcsh diff --git a/etc/termcap.small b/etc/termcap.small deleted file mode 100644 index 7c308378250b0..0000000000000 --- a/etc/termcap.small +++ /dev/null @@ -1,315 +0,0 @@ -# Copyright (c) 1980, 1985, 1989 The Regents of the University of California. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. All advertising materials mentioning features or use of this software -# must display the following acknowledgement: -# This product includes software developed by the University of -# California, Berkeley and its contributors. -# 4. Neither the name of the University nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# @(#)termcap.src 5.88 (Berkeley) 4/30/91 -# $FreeBSD$ -# -# for syscons -# common entry without semigraphics -cons25w|ansiw|ansi80x25-raw:\ - :am:bs:NP:ms:pt:AX:eo:bw:ut:km:\ - :co#80:li#25:pa#64:Co#8:it#8:\ - :al=\E[L:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:\ - :dc=\E[P:dl=\E[M:do=\E[B:bt=\E[Z:ho=\E[H:ic=\E[@:cb=\E[1K:\ - :nd=\E[C:rs=\Ec:so=\E[7m:se=\E[27m:up=\E[A:cr=^M:ta=^I:\ - :AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:sc=\E7:rc=\E8:\ - :k1=\E[M:k2=\E[N:k3=\E[O:k4=\E[P:k5=\E[Q:k6=\E[R:k7=\E[S:k8=\E[T:\ - :k9=\E[U:k;=\E[V:F1=\E[W:F2=\E[X:K2=\E[E:nw=\E[E:ec=\E[%dX:\ - :kb=^H:kh=\E[H:ku=\E[A:kd=\E[B:kl=\E[D:kr=\E[C:le=^H:sf=\E[S:sr=\E[T:\ - :kN=\E[G:kP=\E[I:@7=\E[F:kI=\E[L:kD=\177:kB=\E[Z:\ - :IC=\E[%d@:DC=\E[%dP:SF=\E[%dS:SR=\E[%dT:AL=\E[%dL:DL=\E[%dM:\ - :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:cv=\E[%i%dd:ch=\E[%i%d`:\ - :mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:bl=^G:\ - :ve=\E[=S:vi=\E[=1S:vs=\E[=2S: -# CP437 FreeBSD console with ACS support -cons25|ansis|ansi80x25:\ - :ac=l\332m\300k\277j\331u\264t\303v\301w\302q\304x\263n\305`^Da\260f\370g\361~\371.^Y-^Xh\261i^U0\333y\363z\362:\ - :tc=cons25w: -cons25-m|ansis-mono|ansi80x25-mono:\ - :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25: -cons30|ansi80x30:\ - :li#30:tc=cons25: -cons30-m|ansi80x30-mono:\ - :li#30:tc=cons25-m: -cons43|ansi80x43:\ - :li#43:tc=cons25: -cons43-m|ansi80x43-mono:\ - :li#43:tc=cons25-m: -cons50|ansil|ansi80x50:\ - :li#50:tc=cons25: -cons50-m|ansil-mono|ansi80x50-mono:\ - :li#50:tc=cons25-m: -cons60|ansi80x60:\ - :li#60:tc=cons25: -cons60-m|ansi80x60-mono:\ - :li#60:tc=cons25-m: -# Syscons console with 132 characters (VESA modes) -cons25-w|ansi132x25:\ - :co#132:tc=cons25: -cons30-w|ansi132x30:\ - :co#132:tc=cons30: -cons43-w|ansi132x43:\ - :co#132:tc=cons43: -cons50-w|ansil-w|ansi132x50:\ - :co#132:tc=cons50: -cons60-w|ansi132x60:\ - :co#132:tc=cons60: -# KOI8-R/KOI8-U FreeBSD console with ACS support -cons25r|cons25u|pc3r|ibmpc3r|cons25-koi8:\ - :ac=q\200x\201m\204v\211j\205t\206n\212u\207l\202w\210k\203y\230z\231f\234~\225a\220h\2210\215:\ - :tc=cons25w: -cons25r-m|cons25u-m|pc3r-m|ibmpc3r-mono|cons25-koi8-mono:\ - :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25r: -cons30r|cons30u|cons30-koi8:\ - :li#30:tc=cons25r: -cons30r-m|cons30u-m|cons30-koi8-mono:\ - :li#30:tc=cons25r-m: -cons43r|cons43u|cons43-koi8:\ - :li#43:tc=cons25r: -cons43r-m|cons43u-m|cons43-koi8-mono:\ - :li#43:tc=cons25r-m: -cons50r|cons50u|cons50-koi8:\ - :li#50:tc=cons25r: -cons50r-m|cons50u-m|cons50-koi8-mono:\ - :li#50:tc=cons25r-m: -cons60r|cons60u|cons60-koi8:\ - :li#60:tc=cons25r: -cons60r-m|cons60u-m|cons60-koi8-mono:\ - :li#60:tc=cons25r-m: -# Syscons console with 90 characters (VGA modes) -# KOI8-R/KOI8-U FreeBSD console with ACS support. -cons25r-v|cons25u-v|pc3r-v|ibmpc3r-vga|cons25-koi8-vga:\ - :co#90:tc=cons25r: -cons25r-mv|cons25u-mv|pc3r-mv|ibmpc3r-monovga|cons25-koi8-monovga:\ - :co#90:tc=cons25r-m: -cons30r-v|cons30u-v|cons30-koi8-vga:\ - :co#90:tc=cons30r: -cons30r-mv|cons30u-mv|cons30-koi8-monovga:\ - :co#90:tc=cons30r-m: -cons43r-v|cons43u-v|cons43-koi8-vga:\ - :co#90:tc=cons43r: -cons43r-mv|cons43u-mv|cons43-koi8-monovga:\ - :co#90:tc=cons43r-m: -cons50r-v|cons50u-v|cons50-koi8-vga:\ - :co#90:tc=cons50r: -cons50r-mv|cons50u-mv|cons50-koi8-monovga:\ - :co#90:tc=cons50r-m: -cons60r-v|cons60u-v|cons60-koi8-vga:\ - :co#90:tc=cons60r: -cons60r-mv|cons60u-mv|cons60-koi8-monovga:\ - :co#90:tc=cons60r-m: -# ISO 8859-2 FreeBSD console with ACS support -cons25l2|cons25-iso8859-2:\ - :ac=f\260i\247:\ - :tc=cons25w: -cons25l2-m|cons25-iso8859-2-mono:\ - :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l2: -cons30l2|cons30-iso8859-2:\ - :li#30:tc=cons25l2: -cons30l2-m|cons30-iso8859-2-mono:\ - :li#30:tc=cons25l2-m: -cons43l2|cons43-iso8859-2:\ - :li#43:tc=cons25l2: -cons43l2-m|cons43-iso8859-2-mono:\ - :li#43:tc=cons25l2-m: -cons50l2|cons50-iso8859-2:\ - :li#50:tc=cons25l2: -cons50l2-m|cons50-iso8859-2-mono:\ - :li#50:tc=cons25l2-m: -cons60l2|cons60-iso8859-2:\ - :li#60:tc=cons25l2: -cons60l2-m|cons60-iso8859-2-mono:\ - :li#60:tc=cons25l2-m: -# ISO 8859-1 FreeBSD console with ACS support -cons25l1|cons25-iso8859-1:\ - :ac=f\260g\261}\243+\253,\273i\247:\ - :tc=cons25w: -cons25l1-m|cons25-iso8859-1-mono:\ - :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l1: -cons30l1|cons30-iso8859-1:\ - :li#30:tc=cons25l1: -cons30l1-m|cons30-iso8859-1-mono:\ - :li#30:tc=cons25l1-m: -cons43l1|cons43-iso8859-1:\ - :li#43:tc=cons25l1: -cons43l1-m|cons43-iso8859-1-mono:\ - :li#43:tc=cons25l1-m: -cons50l1|cons50-iso8859-1:\ - :li#50:tc=cons25l1: -cons50l1-m|cons50-iso8859-1-mono:\ - :li#50:tc=cons25l1-m: -cons60l1|cons60-iso8859-1:\ - :li#60:tc=cons25l1: -cons60l1-m|cons60-iso8859-1-mono:\ - :li#60:tc=cons25l1-m: -# 132x25 ISO 8859-1 FreeBSD console -cons25l1-w|cons25w-iso8859-1:\ - :co#132:tc=cons25l1: -cons30l1-w|cons30w-iso8859-1:\ - :co#132:tc=cons30l1: -cons43l1-w|cons43w-iso8859-1:\ - :co#132:tc=cons43l1: -cons50l1-w|cons50w-iso8859-1:\ - :co#132:tc=cons50l1: -cons60l1-w|cons60w-iso8859-1:\ - :co#132:tc=cons60l1: -# ISO 8859-7 FreeBSD console with ACS support -cons25l7|cons25-iso8859-7:\ - :ac=f\260g\261{\360}\243+\253,\273i\247:\ - :tc=cons25w: -cons25l7-m|cons25-iso8859-7-mono:\ - :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l7: -cons30l7|cons30-iso8859-7:\ - :li#30:tc=cons25l7: -cons30l7-m|cons30-iso8859-7-mono:\ - :li#30:tc=cons25l7-m: -cons43l7|cons43-iso8859-7:\ - :li#43:tc=cons25l7: -cons43l7-m|cons43-iso8859-7-mono:\ - :li#43:tc=cons25l7-m: -cons50l7|cons50-iso8859-7:\ - :li#50:tc=cons25l7: -cons50l7-m|cons50-iso8859-7-mono:\ - :li#50:tc=cons25l7-m: -cons60l7|cons60-iso8859-7:\ - :li#60:tc=cons25l7: -cons60l7-m|cons60-iso8859-7-mono:\ - :li#60:tc=cons25l7-m: - -SC|screen|VT 100/ANSI X3.64 virtual terminal:\ - :am:xn:ms:mi:G0:km:\ - :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:bs:bt=\E[Z:\ - :cb=\E[1K:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:ct=\E[3g:\ - :do=^J:nd=\E[C:pt:rc=\E8:rs=\Ec:sc=\E7:st=\EH:up=\EM:\ - :le=^H:bl=^G:cr=^M:it#8:ho=\E[H:nw=\EE:ta=^I:is=\E)0:\ - :li#24:co#80:us=\E[4m:ue=\E[24m:so=\E[3m:se=\E[23m:\ - :mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:sr=\EM:al=\E[L:\ - :AL=\E[%dL:dl=\E[M:DL=\E[%dM:cs=\E[%i%d;%dr:dc=\E[P:\ - :DC=\E[%dP:im=\E[4h:ei=\E[4l:IC=\E[%d@:\ - :ks=\E[?1h\E=:ke=\E[?1l\E>:vb=\Eg:\ - :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=^H:\ - :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\ - :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:F1=\E[23~:F2=\E[24~:\ - :F3=\E[25~:F4=\E[26~:F5=\E[28~:F6=\E[29~:\ - :F7=\E[31~:F8=\E[32~:F9=\E[33~:FA=\E[34~:\ - :kh=\E[1~:kI=\E[2~:kD=\E[3~:@7=\E[4~:kP=\E[5~:\ - :kN=\E[6~:eA=\E(B\E)0:as=^N:ae=^O:ti=\E[?1049h:te=\E[?1049l:\ - :vi=\E[?25l:ve=\E[34h\E[?25h:vs=\E[34l:\ - :Co#8:pa#64:AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:AX:\ - :ac=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..--++,,hhII00: - -vt100|dec-vt100|vt100-am|vt100am|dec vt100:\ - :do=2\E[B:co#80:li#24:cl=50\E[H\E[J:sf=2*\ED:\ - :le=^H:bs:am:cm=5\E[%i%d;%dH:nd=2\E[C:up=2\E[A:\ - :ce=3\E[K:cd=50\E[J:so=2\E[7m:se=2\E[m:us=2\E[4m:ue=2\E[m:\ - :md=2\E[1m:mr=2\E[7m:mb=2\E[5m:me=2\E[m:\ - :is=\E>\E[?1;3;4;5l\E[?7;8h\E[1;24r\E[24;1H:\ - :if=/usr/share/tabset/vt100:nw=2\EE:ho=\E[H:\ - :as=2\E(0:ae=2\E(B:\ - :ac=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||:\ - :rs=\E>\E[?1;3;4;5l\E[?7;8h:ks=\E[?1h\E=:ke=\E[?1l\E>:\ - :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=\177:\ - :k0=\EOy:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\EOt:\ - :k6=\EOu:k7=\EOv:k8=\EOl:k9=\EOw:k;=\EOx:@8=\EOM:\ - :K1=\EOq:K2=\EOr:K3=\EOs:K4=\EOp:K5=\EOn:pt:sr=2*\EM:xn:\ - :sc=2\E7:rc=2\E8:cs=5\E[%i%d;%dr:UP=2\E[%dA:DO=2\E[%dB:RI=2\E[%dC:\ - :LE=2\E[%dD:ct=2\E[3g:st=2\EH:ta=^I:ms:bl=^G:cr=^M:eo:it#8:\ - :RA=\E[?7l:SA=\E[?7h:po=\E[5i:pf=\E[4i: - -# $XTermId: termcap,v 1.78 2009/11/09 00:24:26 tom Exp $ -# -xterm-new|modern xterm:\ - :@7=\EOF:@8=\EOM:F1=\E[23~:F2=\E[24~:K2=\EOE:Km=\E[M:\ - :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\ - :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:kI=\E[2~:\ - :kN=\E[6~:kP=\E[5~:kd=\EOB:kh=\EOH:kl=\EOD:kr=\EOC:ku=\EOA:\ - :tc=xterm-basic: -# -# This chunk is used for building the VT220/Sun/PC keyboard variants. -xterm-basic|modern xterm common:\ - :am:bs:km:mi:ms:ut:xn:AX:\ - :Co#8:co#80:kn#12:li#24:pa#64:\ - :AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:\ - :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:ae=\E(B:al=\E[L:\ - :as=\E(0:bl=^G:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\ - :cm=\E[%i%d;%dH:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:\ - :ei=\E[4l:ho=\E[H:im=\E[4h:is=\E[!p\E[?3;4l\E[4l\E>:\ - :kD=\E[3~:kb=^H:ke=\E[?1l\E>:ks=\E[?1h\E=:le=^H:md=\E[1m:\ - :me=\E[m:ml=\El:mr=\E[7m:mu=\Em:nd=\E[C:op=\E[39;49m:\ - :rc=\E8:rs=\E[!p\E[?3;4l\E[4l\E>:sc=\E7:se=\E[27m:sf=^J:\ - :so=\E[7m:sr=\EM:st=\EH:\ - :ue=\E[24m:up=\E[A:us=\E[4m:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h: -# -# This is the only entry which you should have to customize, since "xterm" -# is widely used for a variety of incompatible terminal emulations including -# color_xterm and rxvt. -xterm|X11 terminal emulator:\ - :tc=xterm-new: -# -# Add the capability to "clear the screen" after exiting vi, more/less, etc. -xterm-clear:\ - :te=\E[?1049l:ti=\E[?1049h:\ - :tc=xterm-new: -# -# This should work for the commonly used "color xterm" variations (XFree86 -# xterm, color_xterm, nxterm, rxvt). Note that it does not set 'bce', so for -# XFree86 and rxvt, some applications that use colors will be less efficient, -# and in a few special cases (with "smart" optimization) the wrong color will -# be painted in spots. -xterm-color|generic "ANSI" color xterm:\ - :Co#8:NC@:pa#64:\ - :AB=\E[4%dm:AF=\E[3%dm:ac=:op=\E[m:tc=xterm-r6: -# -# Compatible with the X11R6.3 xterm -xterm-r6|xterm-old|X11R6 xterm:\ - :am:bs:km:mi:ms:pt:xn:\ - :co#80:kn#20:li#24:\ - :*6=\E[4~:@0=\E[1~:@7=\E[4~:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:\ - :DO=\E[%dB:F1=\E[23~:F2=\E[24~:F3=\E[25~:F4=\E[26~:\ - :F5=\E[28~:F6=\E[29~:F7=\E[31~:F8=\E[32~:F9=\E[33~:\ - :FA=\E[34~:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:ae=^O:al=\E[L:\ - :as=^N:bl=^G:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:\ - :cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:eA=\E)0:ei=\E[4l:\ - :ho=\E[H:im=\E[4h:\ - :is=\E[m\E[?7h\E[4l\E>\E7\E[r\E[?1;3;4;6l\E8:\ - :k1=\E[11~:k2=\E[12~:k3=\E[13~:k4=\E[14~:k5=\E[15~:\ - :k6=\E[17~:k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:\ - :kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=^H:kd=\EOB:\ - :ke=\E[?1l\E>:kh=\E[1~:kl=\EOD:kr=\EOC:ks=\E[?1h\E=:\ - :ku=\EOA:md=\E[1m:me=\E[m:ml=\El:mr=\E[7m:mu=\Em:nd=\E[C:\ - :rc=\E8:rs=\E[m\E[?7h\E[4l\E>\E7\E[r\E[?1;3;4;6l\E8:\ - :sc=\E7:se=\E[m:sf=^J:so=\E[7m:sr=\EM:\ - :ue=\E[m:up=\E[A:us=\E[4m: -# -# Add the capability to "clear the screen" after exiting vi, more/less, etc. -xterm-r6-clear:\ - :te=\E[2J\E[?47l\E8:ti=\E7\E[?47h:ue=\E[m:\ - :tc=xterm-r6: |