1# $NetBSD: special,v 1.66 2002/10/09 14:55:54 elric Exp $ 2# @(#)special 8.2 (Berkeley) 1/23/94 3# 4# Hand-crafted mtree specification for the dangerous files. 5# 6# /etc/security checks: 7# - All of these are checked if $check_mtree is enabled. 8# - Files with "nodiff" tags are highlighted if they change. 9# - Files without "nodiff" or "exclude" tags are displayed 10# with diff(1)s if $check_changelist is enabled. 11# 12 13/set uname=root gname=wheel 14 15. type=dir mode=0755 16 17./dev type=dir mode=0755 18./dev/drum type=char mode=0640 gname=kmem 19./dev/fd type=dir mode=0755 ignore 20./dev/kmem type=char mode=0640 gname=kmem 21./dev/mem type=char mode=0640 gname=kmem 22 23./etc type=dir mode=0755 24./etc/Distfile type=file mode=0644 optional 25./etc/amd type=dir mode=0755 optional 26./etc/apm type=dir mode=0755 optional 27./etc/bootparams type=file mode=0644 optional 28./etc/bootptab type=file mode=0644 optional 29./etc/ccd.conf type=file mode=0644 optional 30./etc/cgd type=dir mode=0700 optional 31./etc/cgd/cgd.conf type=file mode=0600 optional 32./etc/changelist type=file mode=0644 33./etc/crontab type=file mode=0644 optional 34./etc/csh.cshrc type=file mode=0644 35./etc/csh.login type=file mode=0644 36./etc/csh.logout type=file mode=0644 37./etc/daily type=file mode=0644 38./etc/daily.conf type=file mode=0644 39./etc/daily.local type=file mode=0644 optional 40./etc/defaultdomain type=file mode=0644 optional 41./etc/defaults type=dir mode=0755 42./etc/defaults/daily.conf type=file mode=0444 43./etc/defaults/monthly.conf type=file mode=0444 44./etc/defaults/rc.conf type=file mode=0444 45./etc/defaults/security.conf type=file mode=0444 46./etc/defaults/weekly.conf type=file mode=0444 47./etc/dhclient-enter-hooks type=file mode=0644 optional 48./etc/dhclient-exit-hooks type=file mode=0644 optional 49./etc/dhclient.conf type=file mode=0644 optional 50./etc/dhcpd.conf type=file mode=0644 optional 51./etc/disktab type=file mode=0644 52./etc/dm.conf type=file mode=0644 53./etc/dumpdates type=file mode=0664 gname=operator optional tags=exclude 54./etc/ethers type=file mode=0644 optional 55./etc/exports type=file mode=0644 optional 56./etc/floppytab type=file mode=0644 57./etc/fstab type=file mode=0644 58./etc/ftpchroot type=file mode=0644 59./etc/ftpd.conf type=file mode=0644 optional 60./etc/ftpusers type=file mode=0644 61./etc/ftpwelcome type=file mode=0644 optional 62./etc/gateways type=file mode=0644 optional 63./etc/gettytab type=file mode=0644 64./etc/group type=file mode=0644 65./etc/hesiod.conf type=file mode=0644 optional 66./etc/hosts type=file mode=0644 67./etc/hosts.allow type=file mode=0644 optional 68./etc/hosts.deny type=file mode=0644 optional 69./etc/hosts.equiv type=file mode=0600 optional 70./etc/hosts.lpd type=file mode=0644 optional 71./etc/ifaliases type=file mode=0644 optional 72./etc/inetd.conf type=file mode=0644 73./etc/ipf.conf type=file mode=0644 optional 74./etc/ipf6.conf type=file mode=0644 optional 75./etc/ipnat.conf type=file mode=0644 optional 76./etc/ipsec.conf type=file mode=0644 optional 77./etc/kerberosIV type=dir mode=0755 ignore optional 78./etc/ld.so.conf type=file mode=0644 optional 79./etc/lkm.conf type=file mode=0644 optional 80./etc/localtime type=link mode=0755 81./etc/login.conf type=file mode=0644 optional 82./etc/mail type=dir mode=0755 83./etc/mail/aliases type=file mode=0644 84./etc/mail/aliases.db type=file mode=0644 tags=exclude 85./etc/mail/helpfile type=file mode=0444 86./etc/mail/local-host-names type=file mode=0644 optional 87./etc/mail/sendmail.cf type=file mode=0444 88./etc/mail.rc type=file mode=0644 89./etc/mailer.conf type=file mode=0644 90./etc/man.conf type=file mode=0644 91./etc/master.passwd type=file mode=0600 tags=nodiff 92./etc/mk.conf type=file mode=0644 optional 93./etc/moduli type=file mode=0444 94./etc/monthly type=file mode=0644 95./etc/monthly.conf type=file mode=0644 96./etc/monthly.local type=file mode=0644 optional 97./etc/mrouted.conf type=file mode=0644 98./etc/mtree type=dir mode=0755 99./etc/mtree/special type=file mode=0444 100./etc/mtree/special.local type=file mode=0644 optional 101./etc/mygate type=file mode=0644 optional 102./etc/myname type=file mode=0644 optional 103./etc/named.conf type=file mode=0644 optional 104./etc/namedb type=dir mode=0755 105./etc/netconfig type=file mode=0644 106./etc/netgroup type=file mode=0644 optional 107./etc/netgroup.db type=file mode=0644 optional tags=exclude 108./etc/netstart.local type=file mode=0644 optional 109./etc/networks type=file mode=0644 110./etc/newsyslog.conf type=file mode=0644 111./etc/nsswitch.conf type=file mode=0644 112./etc/ntp.conf type=file mode=0644 optional 113./etc/passwd type=file mode=0644 114./etc/passwd.conf type=file mode=0644 optional 115./etc/phones type=file mode=0644 116./etc/postfix type=dir mode=0755 uname=root gname=wheel optional 117./etc/postfix/main.cf type=file mode=0444 uname=root gname=wheel optional 118./etc/postfix/master.cf type=file mode=0444 uname=root gname=wheel optional 119./etc/postfix/postfix-script type=file mode=0555 uname=root gname=wheel optional 120./etc/postinstall type=file mode=0555 optional 121./etc/ppp type=dir mode=0755 optional 122./etc/ppp/options type=file mode=0644 optional 123./etc/printcap type=file mode=0644 124./etc/profile type=file mode=0644 125./etc/protocols type=file mode=0644 126./etc/rbootd.conf type=file mode=0644 optional 127./etc/rc type=file mode=0644 128./etc/rc.conf type=file mode=0644 129./etc/rc.d type=dir mode=0755 130./etc/rc.d/DAEMON type=file mode=0555 131./etc/rc.d/LOGIN type=file mode=0555 132./etc/rc.d/NETWORKING type=file mode=0555 133./etc/rc.d/SERVERS type=file mode=0555 134./etc/rc.d/accounting type=file mode=0555 135./etc/rc.d/altqd type=file mode=0555 136./etc/rc.d/amd type=file mode=0555 137./etc/rc.d/apmd type=file mode=0555 138./etc/rc.d/bootconf.sh type=file mode=0555 139./etc/rc.d/bootparams type=file mode=0555 140./etc/rc.d/ccd type=file mode=0555 141./etc/rc.d/cleartmp type=file mode=0555 142./etc/rc.d/cron type=file mode=0555 143./etc/rc.d/dhclient type=file mode=0555 144./etc/rc.d/dhcpd type=file mode=0555 145./etc/rc.d/dhcrelay type=file mode=0555 146./etc/rc.d/dmesg type=file mode=0555 147./etc/rc.d/downinterfaces type=file mode=0555 148./etc/rc.d/fsck type=file mode=0555 149./etc/rc.d/inetd type=file mode=0555 150./etc/rc.d/ipfilter type=file mode=0555 151./etc/rc.d/ipmon type=file mode=0555 152./etc/rc.d/ipnat type=file mode=0555 153./etc/rc.d/ipsec type=file mode=0555 154./etc/rc.d/isdnd type=file mode=0555 155./etc/rc.d/kdc type=file mode=0555 156./etc/rc.d/ldconfig type=file mode=0555 157./etc/rc.d/lkm1 type=file mode=0555 158./etc/rc.d/lkm2 type=file mode=0555 159./etc/rc.d/lkm3 type=file mode=0555 160./etc/rc.d/local type=file mode=0555 161./etc/rc.d/lpd type=file mode=0555 162./etc/rc.d/mixerctl type=file mode=0555 163./etc/rc.d/mopd type=file mode=0555 164./etc/rc.d/motd type=file mode=0555 165./etc/rc.d/mountall type=file mode=0555 166./etc/rc.d/mountcritlocal type=file mode=0555 167./etc/rc.d/mountcritremote type=file mode=0555 168./etc/rc.d/mountd type=file mode=0555 169./etc/rc.d/mrouted type=file mode=0555 170./etc/rc.d/named type=file mode=0555 171./etc/rc.d/ndbootd type=file mode=0555 172./etc/rc.d/network type=file mode=0555 173./etc/rc.d/newsyslog type=file mode=0555 174./etc/rc.d/nfsd type=file mode=0555 175./etc/rc.d/nfslocking type=file mode=0555 176./etc/rc.d/ntpd type=file mode=0555 177./etc/rc.d/ntpdate type=file mode=0555 178./etc/rc.d/poffd type=file mode=0555 179./etc/rc.d/postfix type=file mode=0555 180./etc/rc.d/ppp type=file mode=0555 181./etc/rc.d/pwcheck type=file mode=0555 182./etc/rc.d/quota type=file mode=0555 183./etc/rc.d/racoon type=file mode=0555 184./etc/rc.d/raidframe type=file mode=0555 185./etc/rc.d/raidframeparity type=file mode=0555 186./etc/rc.d/rarpd type=file mode=0555 187./etc/rc.d/rbootd type=file mode=0555 188./etc/rc.d/root type=file mode=0555 189./etc/rc.d/route6d type=file mode=0555 190./etc/rc.d/routed type=file mode=0555 191./etc/rc.d/rpcbind type=file mode=0555 192./etc/rc.d/rtadvd type=file mode=0555 193./etc/rc.d/rtsold type=file mode=0555 194./etc/rc.d/rwho type=file mode=0555 195./etc/rc.d/savecore type=file mode=0555 196./etc/rc.d/screenblank type=file mode=0555 197./etc/rc.d/securelevel type=file mode=0555 198./etc/rc.d/sendmail type=file mode=0555 199./etc/rc.d/sshd type=file mode=0555 200./etc/rc.d/swap1 type=file mode=0555 201./etc/rc.d/swap2 type=file mode=0555 202./etc/rc.d/sysctl type=file mode=0555 203./etc/rc.d/sysdb type=file mode=0555 204./etc/rc.d/syslogd type=file mode=0555 205./etc/rc.d/timed type=file mode=0555 206./etc/rc.d/ttys type=file mode=0555 207./etc/rc.d/virecover type=file mode=0555 208./etc/rc.d/wdogctl type=file mode=0555 209./etc/rc.d/wscons type=file mode=0555 210./etc/rc.d/wsmoused type=file mode=0555 211./etc/rc.d/xdm type=file mode=0555 212./etc/rc.d/xfs type=file mode=0555 213./etc/rc.d/ypbind type=file mode=0555 214./etc/rc.d/yppasswdd type=file mode=0555 215./etc/rc.d/ypserv type=file mode=0555 216./etc/rc.lkm type=file mode=0644 217./etc/rc.local type=file mode=0644 optional 218./etc/rc.shutdown type=file mode=0644 219./etc/rc.shutdown.local type=file mode=0644 optional 220./etc/rc.subr type=file mode=0644 221./etc/remote type=file mode=0644 222./etc/resolv.conf type=file mode=0644 optional 223./etc/rpc type=file mode=0644 224./etc/rtadvd.conf type=file mode=0644 optional 225./etc/security type=file mode=0644 226./etc/security.conf type=file mode=0644 227./etc/security.local type=file mode=0644 optional 228./etc/services type=file mode=0644 229./etc/shells type=file mode=0644 230./etc/shosts.equiv type=file mode=0600 optional 231./etc/spwd.db type=file mode=0600 tags=exclude 232./etc/ssh type=dir mode=0755 optional 233./etc/ssh/ssh_config type=file mode=0644 optional 234./etc/ssh/ssh_host_dsa_key type=file mode=0600 optional tags=nodiff 235./etc/ssh/ssh_host_dsa_key.pub type=file mode=0644 optional 236./etc/ssh/ssh_host_key type=file mode=0600 optional tags=nodiff 237./etc/ssh/ssh_host_key.pub type=file mode=0644 optional 238./etc/ssh/ssh_host_rsa_key type=file mode=0600 optional tags=nodiff 239./etc/ssh/ssh_host_rsa_key.pub type=file mode=0644 optional 240./etc/ssh/ssh_known_hosts type=file mode=0644 optional 241./etc/ssh/ssh_known_hosts2 type=file mode=0644 optional 242./etc/ssh/sshd_config type=file mode=0644 optional 243./etc/sysctl.conf type=file mode=0644 244./etc/syslog.conf type=file mode=0644 245./etc/ttyaction type=file mode=0644 optional 246./etc/ttys type=file mode=0644 247./etc/usermgmt.conf type=file mode=0644 optional 248./etc/weekly type=file mode=0644 249./etc/weekly.conf type=file mode=0644 250./etc/weekly.local type=file mode=0644 optional 251./etc/wscons.conf type=file mode=0644 252 253./root type=dir mode=0755 254./root/.cshrc type=file mode=0644 255./root/.klogin type=file mode=0600 optional 256./root/.login type=file mode=0644 257./root/.profile type=file mode=0644 258./root/.rhosts type=file mode=0600 optional 259./root/.shosts type=file mode=0600 optional 260./root/.ssh type=dir mode=0700 optional 261./root/.ssh/authorized_keys type=file mode=0600 optional 262./root/.ssh/authorized_keys2 type=file mode=0600 optional 263./root/.ssh/config type=file mode=0644 optional 264./root/.ssh/id_dsa type=file mode=0600 optional tags=nodiff 265./root/.ssh/id_dsa.pub type=file mode=0644 optional 266./root/.ssh/id_rsa type=file mode=0600 optional tags=nodiff 267./root/.ssh/id_rsa.pub type=file mode=0644 optional 268./root/.ssh/identity type=file mode=0600 optional tags=nodiff 269./root/.ssh/identity.pub type=file mode=0644 optional 270./root/.ssh/known_hosts type=file mode=0644 optional 271./root/.ssh/known_hosts2 type=file mode=0644 optional 272 273./sbin type=dir mode=0755 ignore 274 275./usr type=dir mode=0755 276./usr/bin type=dir mode=0755 ignore 277./usr/games type=dir mode=0755 optional 278./usr/games/hide type=dir mode=0750 gname=games ignore optional 279./usr/include type=dir mode=0755 ignore 280./usr/lib type=dir mode=0755 ignore 281./usr/libdata type=dir mode=0755 ignore 282./usr/libexec type=dir mode=0755 ignore 283./usr/local type=dir mode=0755 284./usr/local/bin type=dir mode=0755 ignore 285./usr/local/lib type=dir mode=0755 ignore 286./usr/pkg type=dir mode=0755 ignore optional 287./usr/sbin type=dir mode=0755 ignore 288./usr/share type=dir mode=0755 ignore 289 290./var type=dir mode=0755 291./var/account type=dir mode=0755 292./var/account/acct type=file mode=0644 optional tags=exclude 293./var/at type=dir mode=0755 ignore 294./var/backups type=dir mode=0755 ignore 295./var/cron type=dir mode=0755 296./var/cron/tabs type=dir mode=0700 297./var/cron/tabs/root type=file mode=0600 298./var/db type=dir mode=0755 299./var/db/kvm.db type=file mode=0644 tags=exclude 300./var/log type=dir mode=0755 301./var/log/authlog type=file mode=0600 optional tags=exclude 302./var/log/wtmp type=file mode=0644 tags=exclude 303./var/log/wtmpx type=file mode=0644 tags=exclude 304./var/mail type=dir mode=1777 ignore 305./var/preserve type=dir mode=0755 ignore 306./var/run type=dir mode=0755 307./var/run/utmp type=file mode=0664 gname=utmp tags=exclude 308./var/run/utmpx type=file mode=0664 gname=utmp tags=exclude 309./var/spool type=dir mode=0755 310./var/spool/ftp type=dir mode=0755 optional 311./var/spool/ftp/bin type=dir mode=0755 optional 312./var/spool/ftp/bin/ls type=file mode=0555 optional 313./var/spool/ftp/etc type=dir mode=0755 optional 314./var/spool/ftp/etc/group type=file mode=0644 optional 315./var/spool/ftp/etc/localtime type=file mode=0644 optional 316./var/spool/ftp/etc/master.passwd type=file mode=0600 optional 317./var/spool/ftp/etc/passwd type=file mode=0644 optional 318./var/spool/ftp/hidden type=dir mode=0111 ignore optional 319./var/spool/ftp/pub type=dir mode=0775 ignore optional 320./var/spool/mqueue type=dir mode=0755 ignore 321./var/spool/output type=dir mode=0755 ignore 322./var/spool/uucp type=dir mode=0755 uname=uucp gname=daemon ignore optional 323./var/spool/uucppublic type=dir mode=1777 uname=uucp gname=daemon ignore optional 324./var/yp type=dir mode=0755 325./var/yp/Makefile type=file mode=0644 optional 326