Next: , Previous: cf.users, Up: Example configuration file


5.7 cf.solaris

     #################################################################
     #
     # cf.solaris - for iu.hioslo.no
     #
     # This file contains solaris specific patches
     #
     #################################################################
     
     ###
     #
     # BEGIN cf.solaris
     #
     ###
     
     directories:
     
          #
          # httpd/netscape want this to exist for some bizarre reason
          #
     
           /usr/lib/X11/nls
     
     ################################################################
     
     tidy:
     
          /var/log  pattern=syslog.* age=0
     
        MailHub::
     
          /var/mail pattern=lp       age=0
     
     #################################################################
     
     files:
     
       #
       # If this doesn't exist fork will not work and the
       # system will not even be able to run the /etc/rc
       # scripts at boottime
       #
     
       /etc/system     o=root g=root m=644 action=touch
     
       /var/log/syslog o=root        m=666 action=touch
     
     #############################################################
     
     copy:
     
        #
        # Some standard setup files, can't link because
        # machine won't boot if their not on / partition.
        #
     
        /local/bin/tcsh dest=/bin/tcsh mode=755
     
        /local/iu/etc/nsswitch.standalone dest=/etc/nsswitch.conf
     
       #
       # Our named server uses a newer BIND
       # Put this here so that it will be preserved under
       # solaris reinstallation
       #
     
       NameServers::
     
        /local/iu/sbin/in.named         dest=/usr/sbin/in.named         mode=555
        /local/iu/sbin/in.named.reload  dest=/usr/sbin/in.named.reload  mode=555
        /local/iu/sbin/in.named.restart dest=/usr/sbin/in.named.restart mode=555
        /local/iu/sbin/in.ndc           dest=/usr/sbin/in.ndc           mode=555
        /local/iu/sbin/named-xfer       dest=/usr/sbin/named-xfer       mode=555
        /local/iu/lib/nslookup.help     dest=/usr/lib/nslookup.help     mode=444
     
       any::
        /local/iu/lib/libresolv.a        dest=/usr/lib/libresolv.a      mode=444
        /local/iu/lib/libresolv.so.2     dest=/usr/lib/libresolv.so.2   mode=444
        /local/bin/nslookup              dest=/usr/sbin/nslookup        mode=444
     
     ##############################################################
     
     editfiles:
     
           { /etc/netmasks
     
           AppendIfNoSuchLine "128.39  255.255.255.0"
           }
     
           { /etc/defaultrouter
     
           AppendIfNoSuchLine "128.39.89.1"
           }
     
           { /usr/openwin/lib/app-defaults/XConsole
     
           AppendIfNoSuchLine "XConsole.autoRaise: on"
           }
     
        #
        # CERT security patch for vold vulnerability
        #
     
        { /etc/rmmount.conf
     
        HashCommentLinesContaining "action cdrom"
        HashCommentLinesContaining "action floppy"
        }
     
     ##############################################################
     
     disable:
     
         /etc/.login  type=file
         /etc/aliases
     
        #
        # These files are ENORMOUS, don't let them fill the disk
        #
     
        Wednesday::
     
           /var/lp/logs/lpsched rotate=empty
     
           /var/adm/wtmpx       rotate=empty
           /var/adm/wtmp        rotate=empty
     
     ##############################################################
     
     files:
     
         /etc/passwd        m=0644 o=root g=other action=fixplain
         /etc/shadow        m=0600 o=root g=other action=fixplain
         /etc/defaultrouter m=0644 o=root g=other action=touch
         /var/adm/wtmpx     m=0664 o=adm  g=adm   action=touch
         /var/adm/wtmp      m=0644 o=root g=adm   action=touch
         /var/adm/utmp      m=0644 o=root g=adm   action=fixplain
         /var/adm/utmpx     m=0664 o=adm  g=adm   action=fixplain
     
         /tmp m=1777                              action=fixdirs
     
     ##############################################################
     
     disable:
     
        #
        # CERT security patch
        #
     
        /usr/openwin/bin/kcms_calibrate
        /usr/openwin/bin/kcms_configure
        /usr/bin/admintool
     
     ################################################################
     
     shellcommands:
     
        AllBinaryServers.Saturday.longjob.Hr00::
     
           #
           # Make sure the man -k / apropos data are up to date
           #
     
           "/usr/bin/catman  -M /local/man"
           "/usr/bin/catman  -M /local/X11R5/man"
           "/usr/bin/catman  -M /usr/man"
           "/usr/bin/catman  -M /local/gnu/man"
           "/usr/bin/catman  -M /usr/openwin/share/man"
           "/usr/bin/catman  -M /local/X11R5/man"
           "/usr/bin/catman  -M /usr/share/man"
     
     ################################################################
     
     editfiles:
     
     
           #
           # A painless way to add an rc.local script to the rc files
           # under solaris without having to fight though inittab
           #
     
           { /etc/rc3.d/S15nfs.server
     
           AppendIfNoSuchLine "sh /local/iu/etc/rc.local"
           }
     
           #
           # umask defined when inetd starts is inherited by all subprocesses
           # including ftpd which saves with mode 666 (!) unless we do this
           #
     
           { /etc/rc2.d/S72inetsvc
     
           PrependIfNoSuchLine "umask 022"
           }
     
     
     ###
     #
     # END cf.solaris
     #
     ###