en Copyright 2015 Java http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#b2f03d66fa0b190f219b8b07d774d1ad307eae3e etc/security: emit proper error message when there are dup groups....instead of erroring with "[: $grpname: unexpected operator". List of files: /netbsd-src/etc/security Sun, 21 Jul 2024 14:56:16 +0000 he <he@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#1095510aeddc8e2ba31aa4e1368e71ffede556bc Fix sysctl invocation testing for missing entropy. List of files: /netbsd-src/etc/security Wed, 05 Jul 2023 12:07:21 +0000 martin <martin@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#2cfa14dfd43d01924e43355d027ce1bfeb933ed2 security(5): Check kern.entropy.needed for confident entropy.Don't test whether a non-blocking read from /dev/random would returndata.For the sake of availability, /dev/random will unblock based on sourceslike timer interrupts, which we can't confidently assert anything aboutthe actual unpredictability of.Here, the goal is to highlight systems that have neither obtainedentropy from an HWRNG with a confident entropy assessment, nor beenseeded from a source the operator knows about.XXX pullup-10 List of files: /netbsd-src/etc/security Fri, 30 Jun 2023 21:42:29 +0000 riastradh <riastradh@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#8e79eccae6c7bf3a06d0e7e883130ed51d3b56d8 Recognize argon2 passwords as valid in daily security reports.from RVP in misc/56486 List of files: /netbsd-src/etc/security Thu, 04 Nov 2021 12:40:00 +0000 nia <nia@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#cba96d16f7761373cca40f6996dfc63450933ac1 Various entropy integration improvements.- New /etc/security check for entropy in daily security report.- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to check for entropy at boot -- in rc.conf, you can: . set `entropy=check' to halt multiuser boot and enter single-user mode if not enough entropy . set `entropy=wait' to make multiuser boot wait until enough entropy Default is to always boot without waiting -- and rely on other channels like security report to alert the operator if there's a problem.- New man page entropy(7) discussing the higher-level concepts and system integration with cross-references.- New paragraph in afterboot(8) about entropy citing entropy(7) for more details.This change addresses many of the issues discussed in security/55659.This is a first draft; happy to take improvements to the man pages andscripted messages to improve clarity.I considered changing motd to include an entropy warning with areference to the entropy(7) man page, but it's a little trickier:- Not sure it's appropriate for all users to see at login rather than users who have power to affect the entropy estimate (maybe it is, just haven't decided).- We only have a mechanism for changing once at boot; the message would remain until next boot even if an operator adds enough entropy.- The mechanism isn't really conducive to making a message appear conditionally from boot to boot. List of files: /netbsd-src/etc/security Sun, 10 Jan 2021 23:24:25 +0000 riastradh <riastradh@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#d5fdd803ef49be66a05b970aa42aa81efcf20c52 Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb. List of files: /netbsd-src/etc/security Wed, 02 Dec 2020 14:18:13 +0000 wiz <wiz@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#c91905c4bef1ad6c90c6987f614caa657bad5d41 Save the entropy seed daily in /etc/security. List of files: /netbsd-src/etc/security Fri, 06 Dec 2019 14:43:29 +0000 riastradh <riastradh@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#c3e808d5974c722c624aa7c8dbe2c567c10dfbdf Use $file instead of $(echo $file). I don't think the extra round ofword expansions was really intended here. List of files: /netbsd-src/etc/security Wed, 18 Sep 2019 22:27:55 +0000 uwe <uwe@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#d65b3b7a40a907812e0c55be0c4ebd1a61f35f8b Fix an obvious botch in the previous rev, found by martin@ List of files: /netbsd-src/etc/security Thu, 04 Oct 2018 11:50:34 +0000 kre <kre@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#9ae2b31ff95afe565df79a423b9dcf509b232df1 Convert uses of test (aka '[') to use only posix specified forms,mostly just on general principle... this resulted in one or two minorcode reformattings to keep 80 char limits - a few needless uses ofquotes ("no" ??) were also removed (sh is not C. strings are stringswithout quotes around them...) List of files: /netbsd-src/etc/security Sun, 23 Sep 2018 23:48:33 +0000 kre <kre@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#2f6dbbcf885144245fc3e418249d8d2cb34a8570 Use sysctl to retrieve iostat names instead of parsing possiblytruncated iostat output.Check dkctl listwedges output with grep.Fixes PR 59205. List of files: /netbsd-src/etc/security Sat, 06 Jan 2018 23:44:06 +0000 mlelstv <mlelstv@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#25e09ac3be6ab4ac73c4a7cb008df22a63c5be97 Record current raid configurations too in /etc/security. List of files: /netbsd-src/etc/security Mon, 29 Feb 2016 16:16:42 +0000 riastradh <riastradh@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#6b45f4ed792cb4ee138076290c0e32aa77829d6d Set the redirection correctly, so that stderr gets duped to thealready redirected stdout, rather than duping stdout to stderr!Without this fix, the disklabel output is included in the log filerather than being discarded as intended. (The purpose of runningdisklabel this first time is only to check for success.) List of files: /netbsd-src/etc/security Mon, 20 Apr 2015 22:46:35 +0000 pgoyette <pgoyette@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#29acffa014f9676c78f99e23e006ea8a5bff0bfa Avoid nfs devices correctly. List of files: /netbsd-src/etc/security Sat, 14 Feb 2015 19:46:55 +0000 nakayama <nakayama@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#b249d4b6e0480e0618279f5cfce47f10913ec175 Indent and space fixes. List of files: /netbsd-src/etc/security Sat, 13 Dec 2014 02:17:35 +0000 uebayasi <uebayasi@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#3c3f7bb88ad7959050b696b30fcd3f40c18c8ecd - generate the list of disks only once and select from them later- don't generate empty/useless files when disklabel or dkctl don't have data List of files: /netbsd-src/etc/security Sun, 23 Nov 2014 16:36:03 +0000 christos <christos@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#8ce568ce8829a608f780ac1f08f34738abe1eae5 Split some long lines. List of files: /netbsd-src/etc/security Wed, 27 Aug 2014 13:56:02 +0000 apb <apb@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#acaf72ec02016972413fda77f9fbbdc439b4f098 Introduce a variable for security.conf, default empty, to list userswhose home is (allowed to be) owned by another user.It's a separate variable and not just check_passwd_permit_dups so I canmake security shut up about my uucp users.Fixes the second half of PR misc/36063 List of files: /netbsd-src/etc/security Wed, 06 Nov 2013 19:37:05 +0000 spz <spz@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#0d7af235a1ede7e6ea733eded47a51830ae7be22 having more than one line with the same group name and gid is not onlyallowed, it's even recommended for groups with lots of members, sodo not warn about duplicate group name lines if the gid is the same List of files: /netbsd-src/etc/security Wed, 06 Nov 2013 19:30:20 +0000 spz <spz@NetBSD.org> http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/etc/security#dc76b0b0031e55829050c246144296cb6edb1248 Add defaults for pkg_info and pkg_admin variables in case pkgpath.confis not installed. List of files: /netbsd-src/etc/security Sun, 08 Sep 2013 08:19:40 +0000 prlw1 <prlw1@NetBSD.org>