1*300d0407Srpe# $OpenBSD: rc,v 1.450 2015/07/18 00:03:34 rpe Exp $ 2df930be7Sderaadt 3*300d0407Srpe# System startup script run by init on autoboot or after single-user. 4*300d0407Srpe# Output and error are redirected to console by init, and the console is the 5*300d0407Srpe# controlling terminal. 6df930be7Sderaadt 75420764bSmillert# Subroutines (have to come first). 85420764bSmillert 9*300d0407Srpe 10*300d0407Srpe# Strip comments (and leading/trailing whitespace if IFS is set) from a file 11*300d0407Srpe# and spew to stdout. 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 25*300d0407Srpe# Update resource limits when sysctl changes. 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 54*300d0407Srpe# Apply sysctl(8) settings. 550e47d797Smillertsysctl_conf() { 566be3177eSmillert test -s /etc/sysctl.conf || return 576be3177eSmillert 580e47d797Smillert # delete comments and blank lines 590e47d797Smillert set -- `stripcom /etc/sysctl.conf` 600e47d797Smillert while [ $# -ge 1 ] ; do 610e47d797Smillert sysctl $1 620e47d797Smillert # update limits if needed 630e47d797Smillert case $1 in 640e47d797Smillert kern.maxproc=*) 650e47d797Smillert update_limit -p maxproc 660e47d797Smillert ;; 670e47d797Smillert kern.maxfiles=*) 680e47d797Smillert update_limit -n openfiles 690e47d797Smillert ;; 700e47d797Smillert esac 710e47d797Smillert shift 720e47d797Smillert done 730e47d797Smillert} 740e47d797Smillert 75*300d0407Srpe# Apply mixerctl(1) settings. 760e47d797Smillertmixerctl_conf() 770e47d797Smillert{ 786be3177eSmillert test -s /etc/mixerctl.conf || return 796be3177eSmillert 800e47d797Smillert # delete comments and blank lines 810e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 820e47d797Smillert while [ $# -ge 1 ] ; do 830e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 840e47d797Smillert shift 850e47d797Smillert done 860e47d797Smillert} 870e47d797Smillert 88*300d0407Srpe# Apply wscons system driver settings using wsconsctl(8). 896be3177eSmillertwsconsctl_conf() 906be3177eSmillert{ 916be3177eSmillert local save_IFS="$IFS" 926be3177eSmillert 936be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 946be3177eSmillert # delete comments and blank lines 956be3177eSmillert IFS=" 966be3177eSmillert" 976be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 986be3177eSmillert IFS="$save_IFS" 996be3177eSmillert while [ $# -ge 1 ] ; do 100cffa29c0Sderaadt eval wsconsctl $1 1016be3177eSmillert shift 1026be3177eSmillert done 1036be3177eSmillert} 1046be3177eSmillert 1058f0921ecSdjmrandom_seed() 1068f0921ecSdjm{ 107d7e1c4e4Sderaadt # push the old seed into the kernel 10813a462f6Sbluhm dd if=/var/db/host.random of=/dev/random bs=65536 count=1 status=none 109d7e1c4e4Sderaadt chmod 600 /var/db/host.random 110d7e1c4e4Sderaadt # ... and create a future seed 11113a462f6Sbluhm dd if=/dev/random of=/var/db/host.random bs=65536 count=1 status=none 11249be1d20Sderaadt # and create a seed file for the boot-loader 11313a462f6Sbluhm dd if=/dev/random of=/etc/random.seed bs=512 count=1 status=none 11449be1d20Sderaadt chmod 600 /etc/random.seed 1158f0921ecSdjm} 1168f0921ecSdjm 117*300d0407Srpe# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so 118*300d0407Srpe# as to avoid randomly allocating source ports that correspond to well-known 119*300d0407Srpe# services. 120e27ad5ceSdjmfill_baddynamic() 121e27ad5ceSdjm{ 122484497f6Shalex local _service=$1 123e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 124484497f6Shalex stripcom /etc/services | 125484497f6Shalex { 126484497f6Shalex # Variables are local 127484497f6Shalex while IFS=" /" read _name _port _srv _junk; do 128fa65f058Shalex [ "x${_srv}" = "x${_service}" ] || continue 129484497f6Shalex _ban="${_ban:+${_ban},}+${_port}" 130e27ad5ceSdjm # Flush before argv gets too long 131484497f6Shalex if [ ${#_ban} -gt 1024 ]; then 132484497f6Shalex sysctl -q ${_sysctl}=${_ban} 133e27ad5ceSdjm _ban="" 134e27ad5ceSdjm fi 135484497f6Shalex done 136484497f6Shalex [ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban} 137484497f6Shalex } 138e27ad5ceSdjm} 139e27ad5ceSdjm 140*300d0407Srpe# Start daemon using the rc.d daemon control scripts. 141*300d0407Srpe# Usage: start_daemon daemon1 daemon2 daemon3 142833ea469Srobertstart_daemon() 143833ea469Srobert{ 144598b0ae3Srobert local _n 145833ea469Srobert for _n; do 146833ea469Srobert eval _do=\${${_n}_flags} 147833ea469Srobert if [ X"${_do}" != X"NO" ]; then 148833ea469Srobert /etc/rc.d/${_n} start 149833ea469Srobert fi 150833ea469Srobert done 151833ea469Srobert} 152833ea469Srobert 153*300d0407Srpe# Generate keys for isakmpd, iked and sshd if the don't exist yet. 1543e77ed4cSderaadtmake_keys() 1553e77ed4cSderaadt{ 1563e77ed4cSderaadt if [ ! -f /etc/isakmpd/private/local.key ]; then 1573e77ed4cSderaadt echo -n "openssl: generating isakmpd/iked RSA key... " 1583e77ed4cSderaadt if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ 1593e77ed4cSderaadt >/dev/null 2>&1; then 1603e77ed4cSderaadt chmod 600 /etc/isakmpd/private/local.key 1613e77ed4cSderaadt openssl rsa -out /etc/isakmpd/local.pub -in \ 1623e77ed4cSderaadt /etc/isakmpd/private/local.key -pubout \ 1633e77ed4cSderaadt >/dev/null 2>&1 1643e77ed4cSderaadt echo done. 1653e77ed4cSderaadt else 1663e77ed4cSderaadt echo failed. 1673e77ed4cSderaadt fi 1683e77ed4cSderaadt fi 1693e77ed4cSderaadt 1703e77ed4cSderaadt if [ ! -f /etc/iked/private/local.key ]; then 1713e77ed4cSderaadt # Just copy the generated isakmpd key 1723e77ed4cSderaadt cp /etc/isakmpd/private/local.key /etc/iked/private/local.key 1733e77ed4cSderaadt chmod 600 /etc/iked/private/local.key 1743e77ed4cSderaadt cp /etc/isakmpd/local.pub /etc/iked/local.pub 1753e77ed4cSderaadt fi 1763e77ed4cSderaadt 1773e77ed4cSderaadt ssh-keygen -A 1783e77ed4cSderaadt} 1793e77ed4cSderaadt 180*300d0407Srpe# Create Unix sockets directories for X if needed and make sure they have 181*300d0407Srpe# correct permissions. 1823e77ed4cSderaadtsetup_X_sockets() 1833e77ed4cSderaadt{ 1843e77ed4cSderaadt if [ -d /usr/X11R6/lib ]; then 1853e77ed4cSderaadt for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 1863e77ed4cSderaadt if [ -d $d ]; then 1873e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f4` \ 1883e77ed4cSderaadt != root ]; then 1893e77ed4cSderaadt chown root $d 1903e77ed4cSderaadt fi 1913e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f1` \ 1923e77ed4cSderaadt != drwxrwxrwt ]; then 1933e77ed4cSderaadt chmod 1777 $d 1943e77ed4cSderaadt fi 1953e77ed4cSderaadt elif [ -e $d ]; then 1963e77ed4cSderaadt echo "Error: $d exists and isn't a directory." 1973e77ed4cSderaadt else 1983e77ed4cSderaadt mkdir -m 1777 $d 1993e77ed4cSderaadt fi 2003e77ed4cSderaadt done 2013e77ed4cSderaadt fi 2023e77ed4cSderaadt} 2033e77ed4cSderaadt 204*300d0407Srpe# Check filesystems, optionally by using a flag for fsck(8) passed as $1. 20581896204Sclaudiodo_fsck() 20681896204Sclaudio{ 20781896204Sclaudio local _flags=$1 20881896204Sclaudio 20981896204Sclaudio fsck -p $_flags 21081896204Sclaudio case $? in 21181896204Sclaudio 0) 21281896204Sclaudio ;; 21381896204Sclaudio 2) 21481896204Sclaudio exit 1 21581896204Sclaudio ;; 21681896204Sclaudio 4) 21781896204Sclaudio echo "Rebooting..." 21881896204Sclaudio reboot 21981896204Sclaudio echo "Reboot failed; help!" 22081896204Sclaudio exit 1 22181896204Sclaudio ;; 22281896204Sclaudio 8) 22381896204Sclaudio echo "Automatic file system check failed; help!" 22481896204Sclaudio exit 1 22581896204Sclaudio ;; 22681896204Sclaudio 12) 22781896204Sclaudio echo "Boot interrupted." 22881896204Sclaudio exit 1 22981896204Sclaudio ;; 23081896204Sclaudio 130) 231*300d0407Srpe # Interrupt before catcher installed. 23281896204Sclaudio exit 1 23381896204Sclaudio ;; 23481896204Sclaudio *) 23581896204Sclaudio echo "Unknown error; help!" 23681896204Sclaudio exit 1 23781896204Sclaudio ;; 23881896204Sclaudio esac 23981896204Sclaudio} 24081896204Sclaudio 241*300d0407Srpe# End subroutines. 2425420764bSmillert 243df930be7Sderaadtstty status '^T' 244df930be7Sderaadt 245*300d0407Srpe# Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3) 246*300d0407Srpe# and returns to single user after fsck. 247df930be7Sderaadttrap : 2 248*300d0407Srpetrap : 3 # Shouldn't be needed. 249df930be7Sderaadt 250df930be7SderaadtHOME=/; export HOME 251102e9b47SrobertINRC=1; export INRC 252df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 253df930be7Sderaadtexport PATH 254df930be7Sderaadt 255*300d0407Srpe# Must set the domainname before rc.conf, so YP startup choices can be made. 25610cfcf00Sderaadtif [ -f /etc/defaultdomain ]; then 25710cfcf00Sderaadt domainname `stripcom /etc/defaultdomain` 25810cfcf00Sderaadtfi 25910cfcf00Sderaadt 260*300d0407Srpe# Need to get local functions from rc.subr. 2618799e9c8SrobertFUNCS_ONLY=1 . /etc/rc.d/rc.subr 2628799e9c8Srobert 263*300d0407Srpe# Load rc.conf into scope. 2648799e9c8Srobert_rc_parse_conf 265d9f03edaSrobert 2669969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 2677b987043Sbluhm if echo 2>/dev/null >>/var/db/host.random || \ 2687b987043Sbluhm echo 2>/dev/null >>/etc/random.seed; then 269a938e06dSrpe random_seed 2707b987043Sbluhm else 2717b987043Sbluhm echo warning: cannot write random seed to disk 2727b987043Sbluhm fi 273a938e06dSrpe 27419b9ddfaSmillert # If we are in secure level 0, assume single user mode. 27519b9ddfaSmillert if [ `sysctl -n kern.securelevel` -ne 0 ]; then 2769d0326b3Sschwarze pkg_scripts=${pkg_scripts%%*( )} 277ab772a24Sderaadt if [ -n "${pkg_scripts}" ]; then 278bbe1205bSajacoutot echo -n 'stopping package daemons:' 279931d9abfSajacoutot while [ -n "${pkg_scripts}" ]; do 280931d9abfSajacoutot _r=${pkg_scripts##* } 281931d9abfSajacoutot pkg_scripts=${pkg_scripts%%*( )${_r}} 282bbe1205bSajacoutot [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop 283bbe1205bSajacoutot done 284bbe1205bSajacoutot echo '.' 285bbe1205bSajacoutot fi 286ab772a24Sderaadt 287e6e1e079Sderaadt [ -f /etc/rc.shutdown ] && sh /etc/rc.shutdown 288ab772a24Sderaadt else 289ab772a24Sderaadt echo single user: not running shutdown scripts 290ab772a24Sderaadt fi 2919e07bef9Smcbride 292*300d0407Srpe # Bring carp interfaces down gracefully. 2934375b688Ssthen ifconfig | while read a b; do 2944375b688Ssthen case $a in 2954375b688Ssthen carp+([0-9]):) ifconfig ${a%:} down ;; 296b7f7a928Ssthen esac 2979e07bef9Smcbride done 2982ee46d13Smcbride 29975a54d2eSderaadt exit 0 30075a54d2eSderaadtfi 30175a54d2eSderaadt 302638be0f1Smiodswapctl -A -t blk 303920abb1bSderaadt 3048b7444a6Sderaadtif [ -e /fastboot ]; then 305df930be7Sderaadt echo "Fast boot: skipping disk checks." 3069969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 307df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 30881896204Sclaudio do_fsck 309df930be7Sderaadtfi 310df930be7Sderaadt 311df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 312df930be7Sderaadt 313df930be7Sderaadtumount -a >/dev/null 2>&1 3146e571508Sgrunkmount -a -t nonfs,vnd 315*300d0407Srpemount -uw / # root on nfs requires this, others aren't hurt. 316df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 317df930be7Sderaadt 318*300d0407Srpe# Set flags on ttys. (Do early, in case they use tty for SLIP in netstart.) 319df930be7Sderaadtecho 'setting tty flags' 320df930be7Sderaadtttyflags -a 321df930be7Sderaadt 32248390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 32348390b59Smcbride kbd `cat /etc/kbdtype` 32448390b59Smcbridefi 32548390b59Smcbride 326cc294143Sderaadtwsconsctl_conf 327cc294143Sderaadt 3289969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3297b24ca9eSmcbride RULES="block all" 3304dd40d42Shenning RULES="$RULES\npass on lo0" 331997283b1Skrw RULES="$RULES\npass in proto tcp from any to any port ssh keep state" 332997283b1Skrw RULES="$RULES\npass out proto { tcp, udp } from any to any port domain keep state" 3333dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 334841a2ab1Sclaudio RULES="$RULES\npass out inet proto udp from any port bootpc to any port bootps" 335841a2ab1Sclaudio RULES="$RULES\npass in inet proto udp from any port bootps to any port bootpc" 336e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 337ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 338ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 33963c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 34063c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 341841a2ab1Sclaudio RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server" 342841a2ab1Sclaudio RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" 343e24e98b3Sgrange fi 344d7cbed85Shenning RULES="$RULES\npass in proto carp keep state (no-sync)" 345d7cbed85Shenning RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" 3463dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 34718db1430Sderaadt *[1-9]*) 348*300d0407Srpe # Don't kill NFS. 349649b49daShenning RULES="set reassemble yes no-df\n$RULES" 350997283b1Skrw RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" 351997283b1Skrw RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" 35218db1430Sderaadt ;; 35318db1430Sderaadt esac 3544616f5d9Sdhartmei echo $RULES | pfctl -f - 3554616f5d9Sdhartmei pfctl -e 3561097c023Skjellfi 3571097c023Skjell 358*300d0407Srpe# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services. 359e27ad5ceSdjmfill_baddynamic udp 360e27ad5ceSdjmfill_baddynamic tcp 361e27ad5ceSdjm 3620e47d797Smillertsysctl_conf 363f753b29fSderaadt 364*300d0407Srpe# Set hostname, turn on network. 365df930be7Sderaadtecho 'starting network' 366a1f52e7fShenningifconfig -g carp carpdemote 128 367053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 3687d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 369053628caSderaadt touch /etc/resolv.conf 370053628caSderaadtfi 37124492e87Sajacoutotsh /etc/netstart 372*300d0407Srpedmesg > /dev/random # Any write triggers a rekey. 373df930be7Sderaadt 374*300d0407Srpe# Load pf rules and bring up pfsync interface. 3759969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3763544dba0Sajacoutot if [ -f /etc/pf.conf ]; then 3773544dba0Sajacoutot pfctl -f /etc/pf.conf 3781097c023Skjell fi 379*300d0407Srpe # Bring up pfsync after the working ruleset has been loaded. 380df0568a3Sderaadt if [ -f /etc/hostname.pfsync0 ]; then 381b523182eSderaadt sh /etc/netstart pfsync0 382f5262b16Smpf fi 383df0568a3Sderaadtfi 3841097c023Skjell 385cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 386cc3d9aa9Sottomount -s /var >/dev/null 2>&1 387df930be7Sderaadt 3888f0921ecSdjmrandom_seed 38974af54b4Sderaadt 390*300d0407Srpe# Clean up left-over files. 39147a1f8faSderaadtrm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* 3922402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 39323d49488Sbeck(cd /var/authpf && rm -rf -- *) 39423d49488Sbeck 395*300d0407Srpe# Save a copy of the boot messages. 3966c0a0b4aSalexdmesg >/var/run/dmesg.boot 3976c0a0b4aSalex 3983e77ed4cSderaadtmake_keys 3993e77ed4cSderaadt 400cc027ce3Sderaadtecho -n 'starting early daemons:' 401d750a370Sderaadtstart_daemon syslogd ldattach pflogd nsd unbound ntpd 40281896204Sclaudiostart_daemon iscsid isakmpd iked sasyncd ldapd npppd 403833ea469Srobertecho '.' 404096ed560Sderaadt 405*300d0407Srpe# Load IPsec rules. 40679ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 4073544dba0Sajacoutot if [ -f /etc/ipsec.conf ]; then 4083544dba0Sajacoutot ipsecctl -f /etc/ipsec.conf 40979ec6e47Shshoexer fi 41079ec6e47Shshoexerfi 41179ec6e47Shshoexer 412cc027ce3Sderaadtecho -n 'starting RPC daemons:' 4136bf0f2bdSdlgstart_daemon portmap ypldap 41447a1f8faSderaadtif [ X"`domainname`" != X"" ]; then 4151528aeb4Sderaadt start_daemon ypserv ypbind yppasswdd 41647a1f8faSderaadtfi 4176bf0f2bdSdlgstart_daemon mountd nfsd lockd statd amd 418df930be7Sderaadtecho '.' 419df930be7Sderaadt 420cc3d9aa9Sottomount -a 421638be0f1Smiodswapctl -A -t noblk 422638be0f1Smiod 423*300d0407Srpe# Check and mount networked filesystems. 42481896204Sclaudiodo_fsck -N 42581896204Sclaudiomount -a -N 42681896204Sclaudio 427*300d0407Srpe# /var/crash should be a directory or a symbolic link to the crash directory 428*300d0407Srpe# if core dumps are to be saved. 429df930be7Sderaadtif [ -d /var/crash ]; then 4309d112a13Stholo savecore ${savecore_flags} /var/crash 431df930be7Sderaadtfi 432df930be7Sderaadt 4339969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 434df930be7Sderaadt echo -n 'checking quotas:' 435df930be7Sderaadt quotacheck -a 436df930be7Sderaadt echo ' done.' 437df930be7Sderaadt quotaon -a 43836a647e7Sdownsjfi 439df930be7Sderaadt 44047a1f8faSderaadtkvm_mkdb # build kvm(3) databases 441df930be7Sderaadtdev_mkdb 442e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 443a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 444df930be7Sderaadt 445*300d0407Srpe# Check the password temp/lock file. 4468b7444a6Sderaadtif [ -f /etc/ptmp ]; then 447df930be7Sderaadt logger -s -p auth.err \ 448df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 449df930be7Sderaadtfi 450df930be7Sderaadt 451e65724e6Smillertecho clearing /tmp 452e65724e6Smillert 453*300d0407Srpe# Prune quickly with one rm, then use find to clean up /tmp/[lqv]* 454*300d0407Srpe# (not needed with mfs /tmp, but doesn't hurt there...). 455c67deee9Sderaadt(cd /tmp && rm -rf [a-km-pr-uw-zA-Z]*) 45668b9454cSsthen(cd /tmp && 457ca51295aSmillert find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \ 458c67deee9Sderaadt ! -name quota.group ! -name vi.recover -execdir rm -rf -- {} \;) 459e65724e6Smillert 4603e77ed4cSderaadtsetup_X_sockets 4613e77ed4cSderaadt 462e6e1e079Sderaadt[ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel 463*300d0407Srpe# rc.securelevel did not specifically set -1 or 2, so select the default: 1. 46407f21ec8Sajacoutotif [ `sysctl -n kern.securelevel` -eq 0 ]; then 465e6e1e079Sderaadt sysctl kern.securelevel=1 4667a8988dbSajacoutotfi 46741406ee4Sderaadt 468*300d0407Srpe# Patch /etc/motd. 469dc279d04Sderaadtif [ ! -f /etc/motd ]; then 470dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 471dc279d04Sderaadtfi 47222baa516Sguentherif T=`mktemp /tmp/_motd.XXXXXXXXXX`; then 473dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 474dc279d04Sderaadt echo "" >> $T 475dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 476dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 477dc279d04Sderaadt rm -f $T 4785b45527eSmillertfi 479dc279d04Sderaadt 480f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 481f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 482f0d9a157Sajacoutot touch /var/account/acct 483f0d9a157Sajacoutot fi 484df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 485df930be7Sderaadtfi 486df930be7Sderaadt 487e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then 4887e42516dSderaadt echo 'creating runtime link editor directory cache.' 4897e42516dSderaadt if [ -d /usr/local/lib ]; then 4905881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 4917e42516dSderaadt fi 4927e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 4935881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 4947e42516dSderaadt fi 4957e42516dSderaadt ldconfig $shlib_dirs 4967e42516dSderaadtfi 4977e42516dSderaadt 498747e271cSjasperecho 'preserving editor files.'; /usr/libexec/vi.recover 499f57929bcSmillert 500833ea469Srobertecho -n 'starting network daemons:' 50171dd685dSkettenisstart_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated 50201c03f3dSderaadtstart_daemon relayd dhcpd dhcrelay mrouted dvmrpd 50395d52386Snorby 50433a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 50533a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 5060150d928Sflorian if [ X"${fw}" = X"1" ]; then 50747a1f8faSderaadt start_daemon route6d rtadvd 50833a0f254Sitojun fi 50933a0f254Sitojunfi 51033a0f254Sitojun 5110139179fSmatthieustart_daemon hostapd lpd smtpd slowcgi httpd ftpd 512d7fd7d2cSajacoutotstart_daemon ftpproxy tftpd tftpproxy identd inetd rarpd bootparamd 51333f3f8beSajacoutotstart_daemon rbootd mopd spamd spamlogd sndiod 514ac826d78Srobertecho '.' 515a2f190fbSrobert 516*300d0407Srpe# If rc.firsttime exists, run it just once, and make sure it is deleted. 517fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then 518fcbaa02fSderaadt mv /etc/rc.firsttime /etc/rc.firsttime.run 5199b5245e0Shalex . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | 5202452231eShalex mail -Es "`hostname` rc.firsttime output" root >/dev/null 521fcbaa02fSderaadtfi 522fcbaa02fSderaadtrm -f /etc/rc.firsttime.run 523fcbaa02fSderaadt 524*300d0407Srpe# Run rc.d(8) scripts from packages. 525931d9abfSajacoutotif [ -n "${pkg_scripts}" ]; then 526bbe1205bSajacoutot echo -n 'starting package daemons:' 527931d9abfSajacoutot for _r in $pkg_scripts; do 528739cb2c2Sespie if [ -x /etc/rc.d/${_r} ]; then 529739cb2c2Sespie start_daemon ${_r} 530739cb2c2Sespie else 531739cb2c2Sespie echo -n " ${_r}(absent)" 532739cb2c2Sespie fi 533bbe1205bSajacoutot done 534bbe1205bSajacoutot echo '.' 535bbe1205bSajacoutotfi 536bbe1205bSajacoutot 537e6e1e079Sderaadt[ -f /etc/rc.local ] && sh /etc/rc.local 5388b7444a6Sderaadt 539cc027ce3Sderaadtifconfig -g carp -carpdemote 128 # disable carp interlock 540f026f8beSmarc 541cc027ce3Sderaadtmixerctl_conf 542cc027ce3Sderaadtecho -n 'starting local daemons:' 5431d338f44Sderaadtstart_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm 54474491808Smillertecho '.' 54574491808Smillert 546df930be7Sderaadtdate 547df930be7Sderaadtexit 0 548