1*1528aeb4Sderaadt# $OpenBSD: rc,v 1.385 2011/07/11 17:20:09 deraadt Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 97cffa29c0Sderaadt eval wsconsctl $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1028f0921ecSdjmrandom_seed() 1038f0921ecSdjm{ 1048f0921ecSdjm if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then 10595800214Sderaadt dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \ 1068f0921ecSdjm > /dev/null 2>&1 1078f0921ecSdjm 1088f0921ecSdjm # reset seed file, so that if a shutdown-less reboot occurs, 1098f0921ecSdjm # the next seed is not a repeat 11095800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ 1118f0921ecSdjm > /dev/null 2>&1 1128f0921ecSdjm 1138f0921ecSdjm random_seed_done=1 1148f0921ecSdjm fi 1158f0921ecSdjm} 1168f0921ecSdjm 117e27ad5ceSdjmfill_baddynamic() 118e27ad5ceSdjm{ 119e27ad5ceSdjm local _service="$1" 120e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 121e27ad5ceSdjm local _name _port _srv _junk _ban 122e27ad5ceSdjm local _i=0 123e27ad5ceSdjm grep "/${_service}" /etc/services | { 124e27ad5ceSdjm IFS=" /" 125e27ad5ceSdjm while read _name _port _srv _junk; do 126e27ad5ceSdjm [ "x${_srv}" = "x${_service}" ] || continue; 127e27ad5ceSdjm if [ "x${_ban}" = "x" ]; then 128e27ad5ceSdjm _ban="+${_port}" 129e27ad5ceSdjm else 130e27ad5ceSdjm _ban="${_ban},+${_port}" 131e27ad5ceSdjm fi 132e27ad5ceSdjm # Flush before argv gets too long 133e27ad5ceSdjm if [ $((++_i)) -gt 128 ]; then 134e27ad5ceSdjm sysctl ${_sysctl}=${_ban} >/dev/null 135e27ad5ceSdjm _ban="" 136e27ad5ceSdjm _i=0 137e27ad5ceSdjm fi 138e27ad5ceSdjm done; 139e27ad5ceSdjm if [ "x${_ban}" != "x" ]; then 140e27ad5ceSdjm sysctl ${_sysctl}=${_ban} >/dev/null 141e27ad5ceSdjm fi 142e27ad5ceSdjm } 143e27ad5ceSdjm} 144e27ad5ceSdjm 145833ea469Srobertstart_daemon() 146833ea469Srobert{ 147598b0ae3Srobert local _n 148833ea469Srobert for _n; do 149833ea469Srobert eval _do=\${${_n}_flags} 150833ea469Srobert if [ X"${_do}" != X"NO" ]; then 151833ea469Srobert /etc/rc.d/${_n} start 152833ea469Srobert fi 153833ea469Srobert done 154833ea469Srobert} 155833ea469Srobert 1563e77ed4cSderaadtmake_keys() 1573e77ed4cSderaadt{ 1583e77ed4cSderaadt if [ X"${named_flags}" != X"NO" ]; then 1593e77ed4cSderaadt if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then 1603e77ed4cSderaadt echo -n "rndc-confgen: generating shared secret... " 1613e77ed4cSderaadt if rndc-confgen -a -t /var/named >/dev/null 2>&1; then 1623e77ed4cSderaadt chmod 0640 /var/named/etc/rndc.key \ 1633e77ed4cSderaadt >/dev/null 2>&1 1643e77ed4cSderaadt echo done. 1653e77ed4cSderaadt else 1663e77ed4cSderaadt echo failed. 1673e77ed4cSderaadt fi 1683e77ed4cSderaadt fi 1693e77ed4cSderaadt fi 1703e77ed4cSderaadt 1713e77ed4cSderaadt if [ ! -f /etc/isakmpd/private/local.key ]; then 1723e77ed4cSderaadt echo -n "openssl: generating isakmpd/iked RSA key... " 1733e77ed4cSderaadt if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ 1743e77ed4cSderaadt >/dev/null 2>&1; then 1753e77ed4cSderaadt chmod 600 /etc/isakmpd/private/local.key 1763e77ed4cSderaadt openssl rsa -out /etc/isakmpd/local.pub -in \ 1773e77ed4cSderaadt /etc/isakmpd/private/local.key -pubout \ 1783e77ed4cSderaadt >/dev/null 2>&1 1793e77ed4cSderaadt echo done. 1803e77ed4cSderaadt else 1813e77ed4cSderaadt echo failed. 1823e77ed4cSderaadt fi 1833e77ed4cSderaadt fi 1843e77ed4cSderaadt 1853e77ed4cSderaadt if [ ! -f /etc/iked/private/local.key ]; then 1863e77ed4cSderaadt # Just copy the generated isakmpd key 1873e77ed4cSderaadt cp /etc/isakmpd/private/local.key /etc/iked/private/local.key 1883e77ed4cSderaadt chmod 600 /etc/iked/private/local.key 1893e77ed4cSderaadt cp /etc/isakmpd/local.pub /etc/iked/local.pub 1903e77ed4cSderaadt fi 1913e77ed4cSderaadt 1923e77ed4cSderaadt ssh-keygen -A 1933e77ed4cSderaadt} 1943e77ed4cSderaadt 1953e77ed4cSderaadt# create Unix sockets directories for X if needed and make sure they have 1963e77ed4cSderaadt# correct permissions 1973e77ed4cSderaadtsetup_X_sockets() 1983e77ed4cSderaadt{ 1993e77ed4cSderaadt if [ -d /usr/X11R6/lib ]; then 2003e77ed4cSderaadt for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 2013e77ed4cSderaadt if [ -d $d ]; then 2023e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f4` \ 2033e77ed4cSderaadt != root ]; then 2043e77ed4cSderaadt chown root $d 2053e77ed4cSderaadt fi 2063e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f1` \ 2073e77ed4cSderaadt != drwxrwxrwt ]; then 2083e77ed4cSderaadt chmod 1777 $d 2093e77ed4cSderaadt fi 2103e77ed4cSderaadt elif [ -e $d ]; then 2113e77ed4cSderaadt echo "Error: $d exists and isn't a directory." 2123e77ed4cSderaadt else 2133e77ed4cSderaadt mkdir -m 1777 $d 2143e77ed4cSderaadt fi 2153e77ed4cSderaadt done 2163e77ed4cSderaadt fi 2173e77ed4cSderaadt} 2183e77ed4cSderaadt 2195420764bSmillert# End subroutines 2205420764bSmillert 221df930be7Sderaadtstty status '^T' 222df930be7Sderaadt 223df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 224df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 225df930be7Sderaadttrap : 2 226df930be7Sderaadttrap : 3 # shouldn't be needed 227df930be7Sderaadt 228df930be7SderaadtHOME=/; export HOME 229102e9b47SrobertINRC=1; export INRC 230df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 231df930be7Sderaadtexport PATH 232df930be7Sderaadt 233d9f03edaSrobert# pick up option configuration 234d9f03edaSrobert. /etc/rc.conf 235d9f03edaSrobert 2369969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 23795800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1 23875a54d2eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 239bbe1205bSajacoutot local _c=$? 240931d9abfSajacoutot if [ ${_c} -eq 0 -a -n "${pkg_scripts}" ]; then 241bbe1205bSajacoutot echo -n 'stopping package daemons:' 242931d9abfSajacoutot while [ -n "${pkg_scripts}" ]; do 243931d9abfSajacoutot _r=${pkg_scripts##* } 244931d9abfSajacoutot pkg_scripts=${pkg_scripts%%*( )${_r}} 245bbe1205bSajacoutot [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop 246bbe1205bSajacoutot done 247bbe1205bSajacoutot echo '.' 248bbe1205bSajacoutot fi 249bbe1205bSajacoutot if [ ${_c} -eq 0 -a -f /etc/rc.shutdown ]; then 25075a54d2eSderaadt echo /etc/rc.shutdown in progress... 25175a54d2eSderaadt . /etc/rc.shutdown 25275a54d2eSderaadt echo /etc/rc.shutdown complete. 2539e07bef9Smcbride 2549e07bef9Smcbride # bring carp interfaces down gracefully 2554375b688Ssthen ifconfig | while read a b; do 2564375b688Ssthen case $a in 2574375b688Ssthen carp+([0-9]):) ifconfig ${a%:} down ;; 258b7f7a928Ssthen esac 2599e07bef9Smcbride done 2602ee46d13Smcbride 2619969bcb5Smillert if [ X"${powerdown}" = X"YES" ]; then 2622ee46d13Smcbride exit 2 2632ee46d13Smcbride fi 2642ee46d13Smcbride 26575a54d2eSderaadt else 26675a54d2eSderaadt echo single user: not running /etc/rc.shutdown 26775a54d2eSderaadt fi 26875a54d2eSderaadt exit 0 26975a54d2eSderaadtfi 27075a54d2eSderaadt 271df930be7Sderaadt# Configure ccd devices. 2728b7444a6Sderaadtif [ -f /etc/ccd.conf ]; then 273df930be7Sderaadt ccdconfig -C 274df930be7Sderaadtfi 275df930be7Sderaadt 276c5858a2aSjakob# Configure raid devices. 277c5858a2aSjakobfor dev in 0 1 2 3; do 278c5858a2aSjakob if [ -f /etc/raid$dev.conf ]; then 279c5858a2aSjakob raidctl -c /etc/raid$dev.conf raid$dev 280c5858a2aSjakob fi 281c5858a2aSjakobdone 282c5858a2aSjakob 2835a87f599Stdeval# Check parity on raid devices. 2844d6c2f1bSderaadtraidctl -P all 2855a87f599Stdeval 286638be0f1Smiodswapctl -A -t blk 287920abb1bSderaadt 2888b7444a6Sderaadtif [ -e /fastboot ]; then 289df930be7Sderaadt echo "Fast boot: skipping disk checks." 2909969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 291df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 292b39bbe87Smillert fsck -p 293df930be7Sderaadt case $? in 294df930be7Sderaadt 0) 295df930be7Sderaadt ;; 296df930be7Sderaadt 2) 297df930be7Sderaadt exit 1 298df930be7Sderaadt ;; 299df930be7Sderaadt 4) 300df930be7Sderaadt echo "Rebooting..." 301df930be7Sderaadt reboot 302df930be7Sderaadt echo "Reboot failed; help!" 303df930be7Sderaadt exit 1 304df930be7Sderaadt ;; 305df930be7Sderaadt 8) 306df930be7Sderaadt echo "Automatic file system check failed; help!" 307df930be7Sderaadt exit 1 308df930be7Sderaadt ;; 309df930be7Sderaadt 12) 310df930be7Sderaadt echo "Boot interrupted." 311df930be7Sderaadt exit 1 312df930be7Sderaadt ;; 313df930be7Sderaadt 130) 314df930be7Sderaadt # interrupt before catcher installed 315df930be7Sderaadt exit 1 316df930be7Sderaadt ;; 317df930be7Sderaadt *) 318df930be7Sderaadt echo "Unknown error; help!" 319df930be7Sderaadt exit 1 320df930be7Sderaadt ;; 321df930be7Sderaadt esac 322df930be7Sderaadtfi 323df930be7Sderaadt 324df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 325df930be7Sderaadt 326df930be7Sderaadtumount -a >/dev/null 2>&1 3276e571508Sgrunkmount -a -t nonfs,vnd 3284515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 329df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 330df930be7Sderaadt 3318f0921ecSdjmrandom_seed 3328f0921ecSdjm 333df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 334df930be7Sderaadtecho 'setting tty flags' 335df930be7Sderaadtttyflags -a 336df930be7Sderaadt 33748390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 33848390b59Smcbride kbd `cat /etc/kbdtype` 33948390b59Smcbridefi 34048390b59Smcbride 341cc294143Sderaadtwsconsctl_conf 342cc294143Sderaadt 3439969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3447b24ca9eSmcbride RULES="block all" 3454dd40d42Shenning RULES="$RULES\npass on lo0" 3467637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 347ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 3483dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 349e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 350ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 351ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 35263c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 35363c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 354e24e98b3Sgrange fi 355c9c12644Smcbride RULES="$RULES\npass proto carp keep state (no-sync)" 3563dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 35718db1430Sderaadt *[1-9]*) 35818db1430Sderaadt # don't kill NFS 359649b49daShenning RULES="set reassemble yes no-df\n$RULES" 360befcbaa2Sderaadt RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" 361befcbaa2Sderaadt RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" 36218db1430Sderaadt ;; 36318db1430Sderaadt esac 3644616f5d9Sdhartmei echo $RULES | pfctl -f - 3654616f5d9Sdhartmei pfctl -e 3661097c023Skjellfi 3671097c023Skjell 368e27ad5ceSdjm# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services 369e27ad5ceSdjmfill_baddynamic udp 370e27ad5ceSdjmfill_baddynamic tcp 371e27ad5ceSdjm 3720e47d797Smillertsysctl_conf 373f753b29fSderaadt 374df930be7Sderaadt# set hostname, turn on network 375df930be7Sderaadtecho 'starting network' 376a1f52e7fShenningifconfig -g carp carpdemote 128 377053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 3787d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 379053628caSderaadt touch /etc/resolv.conf 380053628caSderaadtfi 381df930be7Sderaadt. /etc/netstart 382c5f87768Sderaadtecho rekey > /dev/arandom # any write triggers an RC4 rekey 383df930be7Sderaadt 3849969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3851097c023Skjell if [ -f ${pf_rules} ]; then 386616367a9Sdhartmei pfctl -f ${pf_rules} 3871097c023Skjell fi 388f5262b16Smpf # bring up pfsync after the working ruleset has been loaded 389df0568a3Sderaadt if [ -f /etc/hostname.pfsync0 ]; then 390f5262b16Smpf . /etc/netstart pfsync0 391f5262b16Smpf fi 392df0568a3Sderaadtfi 3931097c023Skjell 394cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 395cc3d9aa9Sottomount -s /var >/dev/null 2>&1 396df930be7Sderaadt 397939aa86aSderaadt# if there's no /var/db/host.random, use /dev/arandom to create one 398f26db62bSderaadtif [ ! -f /var/db/host.random ]; then 39995800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ 400f26db62bSderaadt >/dev/null 2>&1 401f26db62bSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 402f26db62bSderaadtelse 4038f0921ecSdjm # Try to read seed if it was not initially present (e.g. /var on NFS) 4048f0921ecSdjm random_seed 405f8a8db05Sderaadtfi 40674af54b4Sderaadt 407f0550eb3Sderaadt# clean up left-over files 40847a1f8faSderaadtrm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* 4092402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 41023d49488Sbeck(cd /var/authpf && rm -rf -- *) 41123d49488Sbeck 4126c0a0b4aSalex# save a copy of the boot messages 4136c0a0b4aSalexdmesg >/var/run/dmesg.boot 4146c0a0b4aSalex 4153e77ed4cSderaadtmake_keys 4163e77ed4cSderaadt 417cc027ce3Sderaadtecho -n 'starting early daemons:' 4180ead0716Sderaadtstart_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd 419833ea469Srobertecho '.' 420096ed560Sderaadt 42179ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 42279ec6e47Shshoexer if [ -f ${ipsec_rules} ]; then 42379ec6e47Shshoexer ipsecctl -f ${ipsec_rules} 42479ec6e47Shshoexer fi 42579ec6e47Shshoexerfi 42679ec6e47Shshoexer 427cc027ce3Sderaadtecho -n 'starting RPC daemons:' 428ca760277Srobertstart_daemon portmap 42947a1f8faSderaadtif [ X"`domainname`" != X"" ]; then 430*1528aeb4Sderaadt start_daemon ypserv ypbind yppasswdd 43147a1f8faSderaadtfi 432*1528aeb4Sderaadtstart_daemon ypldap mountd nfsd lockd statd amd 433df930be7Sderaadtecho '.' 434df930be7Sderaadt 435cc3d9aa9Sottomount -a 436638be0f1Smiodswapctl -A -t noblk 437638be0f1Smiod 438df930be7Sderaadt# /var/crash should be a directory or a symbolic link 439df930be7Sderaadt# to the crash directory if core dumps are to be saved. 440df930be7Sderaadtif [ -d /var/crash ]; then 4419d112a13Stholo savecore ${savecore_flags} /var/crash 442df930be7Sderaadtfi 443df930be7Sderaadt 4449969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 445df930be7Sderaadt echo -n 'checking quotas:' 446df930be7Sderaadt quotacheck -a 447df930be7Sderaadt echo ' done.' 448df930be7Sderaadt quotaon -a 44936a647e7Sdownsjfi 450df930be7Sderaadt 45147a1f8faSderaadtkvm_mkdb # build kvm(3) databases 452df930be7Sderaadtdev_mkdb 453e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 454a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 455df930be7Sderaadt 456df930be7Sderaadt# check the password temp/lock file 4578b7444a6Sderaadtif [ -f /etc/ptmp ]; then 458df930be7Sderaadt logger -s -p auth.err \ 459df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 460df930be7Sderaadtfi 461df930be7Sderaadt 462e65724e6Smillertecho clearing /tmp 463e65724e6Smillert 464e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 465e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 46668b9454cSsthen(cd /tmp && rm -rf [a-km-pr-zA-Z]*) 46768b9454cSsthen(cd /tmp && 468e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 4698b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 470e65724e6Smillert 4713e77ed4cSderaadtsetup_X_sockets 4723e77ed4cSderaadt 4732f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel 4749969bcb5Smillertif [ X"${securelevel}" != X"" ]; then 475e31a5b5aSmillert echo -n 'setting kernel security level: ' 4766a337e36Sjmc sysctl kern.securelevel=${securelevel} 47741406ee4Sderaadtfi 47841406ee4Sderaadt 479dc279d04Sderaadt# patch /etc/motd 480dc279d04Sderaadtif [ ! -f /etc/motd ]; then 481dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 482dc279d04Sderaadtfi 48322baa516Sguentherif T=`mktemp /tmp/_motd.XXXXXXXXXX`; then 484dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 485dc279d04Sderaadt echo "" >> $T 486dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 487dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 488dc279d04Sderaadt rm -f $T 4895b45527eSmillertfi 490dc279d04Sderaadt 491f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 492f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 493f0d9a157Sajacoutot touch /var/account/acct 494f0d9a157Sajacoutot fi 495df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 496df930be7Sderaadtfi 497df930be7Sderaadt 498e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then 4997e42516dSderaadt echo 'creating runtime link editor directory cache.' 5007e42516dSderaadt if [ -d /usr/local/lib ]; then 5015881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 5027e42516dSderaadt fi 5037e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 5045881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 5057e42516dSderaadt fi 5067e42516dSderaadt ldconfig $shlib_dirs 5077e42516dSderaadtfi 5087e42516dSderaadt 509747e271cSjasperecho 'preserving editor files.'; /usr/libexec/vi.recover 510f57929bcSmillert 511833ea469Srobertecho -n 'starting network daemons:' 51201c03f3dSderaadtstart_daemon sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated 51301c03f3dSderaadtstart_daemon relayd dhcpd dhcrelay mrouted dvmrpd 51495d52386Snorby 51533a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 51633a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 5179969bcb5Smillert if [ X"${fw}" = X"0" ]; then 518833ea469Srobert start_daemon rtsold 51933a0f254Sitojun else 52047a1f8faSderaadt start_daemon route6d rtadvd 52133a0f254Sitojun fi 52233a0f254Sitojunfi 52333a0f254Sitojun 52455cf1e4eSderaadtstart_daemon hostapd rwhod lpd ldapd sendmail smtpd httpd ftpd 525ac826d78Srobertstart_daemon ftpproxy identd inetd rarpd bootparamd rbootd mopd 526cc027ce3Sderaadtstart_daemon spamd spamlogd kdc kadmind kpasswdd 527ac826d78Srobertecho '.' 528a2f190fbSrobert 529cc027ce3Sderaadtif [ X"${spamd_flags}" != X"NO" ]; then 5300fad963aSderaadt /usr/libexec/spamd-setup -D 531fde3f312Shinfi 532fde3f312Shin 533fcbaa02fSderaadt# If rc.firstime exists, run it just once, and make sure it is deleted 534fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then 535fcbaa02fSderaadt mv /etc/rc.firsttime /etc/rc.firsttime.run 5369b5245e0Shalex . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | 5379b5245e0Shalex mail -s 'rc.firsttime output' root >/dev/null 538fcbaa02fSderaadtfi 539fcbaa02fSderaadtrm -f /etc/rc.firsttime.run 540fcbaa02fSderaadt 541bbe1205bSajacoutot# Run rc.d(8) scripts from packages 542931d9abfSajacoutotif [ -n "${pkg_scripts}" ]; then 543bbe1205bSajacoutot echo -n 'starting package daemons:' 544931d9abfSajacoutot for _r in $pkg_scripts; do 545324f089bSrobert [ -x /etc/rc.d/${_r} ] && start_daemon ${_r} 546bbe1205bSajacoutot done 547bbe1205bSajacoutot echo '.' 548bbe1205bSajacoutotfi 549bbe1205bSajacoutot 5502f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local 5518b7444a6Sderaadt 552cc027ce3Sderaadtifconfig -g carp -carpdemote 128 # disable carp interlock 553f026f8beSmarc 554cc027ce3Sderaadtmixerctl_conf 555cc027ce3Sderaadtecho -n 'starting local daemons:' 556cc027ce3Sderaadtstart_daemon apmd sensorsd hotplugd watchdogd cron aucat wsmoused xdm 55774491808Smillertecho '.' 55874491808Smillert 559df930be7Sderaadtdate 560df930be7Sderaadtexit 0 561