1*7d2d953cSderaadt# $OpenBSD: rc,v 1.334 2009/12/04 21:58:41 deraadt Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 97561c7a5eSjmc eval /sbin/wsconsctl $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1028f0921ecSdjmrandom_seed() 1038f0921ecSdjm{ 1048f0921ecSdjm if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then 1058f0921ecSdjm dd if=/var/db/host.random of=/dev/urandom bs=1024 count=64 \ 1068f0921ecSdjm > /dev/null 2>&1 1078f0921ecSdjm dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \ 1088f0921ecSdjm > /dev/null 2>&1 1098f0921ecSdjm 1108f0921ecSdjm # reset seed file, so that if a shutdown-less reboot occurs, 1118f0921ecSdjm # the next seed is not a repeat 1128f0921ecSdjm dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ 1138f0921ecSdjm > /dev/null 2>&1 1148f0921ecSdjm 1158f0921ecSdjm random_seed_done=1 1168f0921ecSdjm fi 1178f0921ecSdjm} 1188f0921ecSdjm 119e27ad5ceSdjmfill_baddynamic() 120e27ad5ceSdjm{ 121e27ad5ceSdjm local _service="$1" 122e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 123e27ad5ceSdjm local _name _port _srv _junk _ban 124e27ad5ceSdjm local _i=0 125e27ad5ceSdjm grep "/${_service}" /etc/services | { 126e27ad5ceSdjm IFS=" /" 127e27ad5ceSdjm while read _name _port _srv _junk; do 128e27ad5ceSdjm [ "x${_srv}" = "x${_service}" ] || continue; 129e27ad5ceSdjm if [ "x${_ban}" = "x" ]; then 130e27ad5ceSdjm _ban="+${_port}" 131e27ad5ceSdjm else 132e27ad5ceSdjm _ban="${_ban},+${_port}" 133e27ad5ceSdjm fi 134e27ad5ceSdjm # Flush before argv gets too long 135e27ad5ceSdjm if [ $((++_i)) -gt 128 ]; then 136e27ad5ceSdjm sysctl ${_sysctl}=${_ban} >/dev/null 137e27ad5ceSdjm _ban="" 138e27ad5ceSdjm _i=0 139e27ad5ceSdjm fi 140e27ad5ceSdjm done; 141e27ad5ceSdjm if [ "x${_ban}" != "x" ]; then 142e27ad5ceSdjm sysctl ${_sysctl}=${_ban} >/dev/null 143e27ad5ceSdjm fi 144e27ad5ceSdjm } 145e27ad5ceSdjm} 146e27ad5ceSdjm 1475420764bSmillert# End subroutines 1485420764bSmillert 149df930be7Sderaadtstty status '^T' 150df930be7Sderaadt 151df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 152df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 153df930be7Sderaadttrap : 2 154df930be7Sderaadttrap : 3 # shouldn't be needed 155df930be7Sderaadt 156df930be7SderaadtHOME=/; export HOME 157df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 158df930be7Sderaadtexport PATH 159df930be7Sderaadt 1609969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 16175a54d2eSderaadt dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 >/dev/null 2>&1 16275a54d2eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 16375a54d2eSderaadt if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then 16475a54d2eSderaadt echo /etc/rc.shutdown in progress... 16575a54d2eSderaadt . /etc/rc.shutdown 16675a54d2eSderaadt echo /etc/rc.shutdown complete. 1679e07bef9Smcbride 1689e07bef9Smcbride # bring carp interfaces down gracefully 1694375b688Ssthen ifconfig | while read a b; do 1704375b688Ssthen case $a in 1714375b688Ssthen carp+([0-9]):) ifconfig ${a%:} down ;; 172b7f7a928Ssthen esac 1739e07bef9Smcbride done 1742ee46d13Smcbride 1759969bcb5Smillert if [ X"${powerdown}" = X"YES" ]; then 1762ee46d13Smcbride exit 2 1772ee46d13Smcbride fi 1782ee46d13Smcbride 17975a54d2eSderaadt else 18075a54d2eSderaadt echo single user: not running /etc/rc.shutdown 18175a54d2eSderaadt fi 18275a54d2eSderaadt exit 0 18375a54d2eSderaadtfi 18475a54d2eSderaadt 185df930be7Sderaadt# Configure ccd devices. 1868b7444a6Sderaadtif [ -f /etc/ccd.conf ]; then 187df930be7Sderaadt ccdconfig -C 188df930be7Sderaadtfi 189df930be7Sderaadt 190c5858a2aSjakob# Configure raid devices. 191c5858a2aSjakobfor dev in 0 1 2 3; do 192c5858a2aSjakob if [ -f /etc/raid$dev.conf ]; then 193c5858a2aSjakob raidctl -c /etc/raid$dev.conf raid$dev 194c5858a2aSjakob fi 195c5858a2aSjakobdone 196c5858a2aSjakob 1975a87f599Stdeval# Check parity on raid devices. 1984d6c2f1bSderaadtraidctl -P all 1995a87f599Stdeval 200638be0f1Smiodswapctl -A -t blk 201920abb1bSderaadt 2028b7444a6Sderaadtif [ -e /fastboot ]; then 203df930be7Sderaadt echo "Fast boot: skipping disk checks." 2049969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 205df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 206b39bbe87Smillert fsck -p 207df930be7Sderaadt case $? in 208df930be7Sderaadt 0) 209df930be7Sderaadt ;; 210df930be7Sderaadt 2) 211df930be7Sderaadt exit 1 212df930be7Sderaadt ;; 213df930be7Sderaadt 4) 214df930be7Sderaadt echo "Rebooting..." 215df930be7Sderaadt reboot 216df930be7Sderaadt echo "Reboot failed; help!" 217df930be7Sderaadt exit 1 218df930be7Sderaadt ;; 219df930be7Sderaadt 8) 220df930be7Sderaadt echo "Automatic file system check failed; help!" 221df930be7Sderaadt exit 1 222df930be7Sderaadt ;; 223df930be7Sderaadt 12) 224df930be7Sderaadt echo "Boot interrupted." 225df930be7Sderaadt exit 1 226df930be7Sderaadt ;; 227df930be7Sderaadt 130) 228df930be7Sderaadt # interrupt before catcher installed 229df930be7Sderaadt exit 1 230df930be7Sderaadt ;; 231df930be7Sderaadt *) 232df930be7Sderaadt echo "Unknown error; help!" 233df930be7Sderaadt exit 1 234df930be7Sderaadt ;; 235df930be7Sderaadt esac 236df930be7Sderaadtfi 237df930be7Sderaadt 238df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 239df930be7Sderaadt 240df930be7Sderaadtumount -a >/dev/null 2>&1 2416e571508Sgrunkmount -a -t nonfs,vnd 2424515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 243df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 244df930be7Sderaadt 2458f0921ecSdjmrandom_seed 2468f0921ecSdjm 247d3ae8907Sderaadt# pick up option configuration 248d3ae8907Sderaadt. /etc/rc.conf 249d3ae8907Sderaadt 250df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 251df930be7Sderaadtecho 'setting tty flags' 252df930be7Sderaadtttyflags -a 253df930be7Sderaadt 25448390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 25548390b59Smcbride kbd `cat /etc/kbdtype` 25648390b59Smcbridefi 25748390b59Smcbride 258cc294143Sderaadtwsconsctl_conf 259cc294143Sderaadt 2609969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 2617b24ca9eSmcbride RULES="block all" 2624dd40d42Shenning RULES="$RULES\npass on lo0" 2637637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 264ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 2653dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 266e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 267ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 268ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 26963c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 27063c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 271e24e98b3Sgrange fi 272c9c12644Smcbride RULES="$RULES\npass proto carp keep state (no-sync)" 2733dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 27418db1430Sderaadt *[1-9]*) 27518db1430Sderaadt # don't kill NFS 276649b49daShenning RULES="set reassemble yes no-df\n$RULES" 277befcbaa2Sderaadt RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" 278befcbaa2Sderaadt RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" 27918db1430Sderaadt ;; 28018db1430Sderaadt esac 2814616f5d9Sdhartmei echo $RULES | pfctl -f - 2824616f5d9Sdhartmei pfctl -e 2831097c023Skjellfi 2841097c023Skjell 285e27ad5ceSdjm# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services 286e27ad5ceSdjmfill_baddynamic udp 287e27ad5ceSdjmfill_baddynamic tcp 288e27ad5ceSdjm 2890e47d797Smillertsysctl_conf 290f753b29fSderaadt 291df930be7Sderaadt# set hostname, turn on network 292df930be7Sderaadtecho 'starting network' 293a1f52e7fShenningifconfig -g carp carpdemote 128 294053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 295*7d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 296053628caSderaadt touch /etc/resolv.conf 297053628caSderaadtfi 298df930be7Sderaadt. /etc/netstart 299df930be7Sderaadt 3009969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3011097c023Skjell if [ -f ${pf_rules} ]; then 302616367a9Sdhartmei pfctl -f ${pf_rules} 3031097c023Skjell fi 304f5262b16Smpf # bring up pfsync after the working ruleset has been loaded 305f5262b16Smpf if [ -f /etc/hostname.pfsync0 ]; then 306f5262b16Smpf . /etc/netstart pfsync0 307f5262b16Smpf fi 3081097c023Skjellfi 3091097c023Skjell 310cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 311cc3d9aa9Sottomount -s /var >/dev/null 2>&1 312df930be7Sderaadt 313f26db62bSderaadt# if there's no /var/db/host.random, make one through /dev/urandom 314f26db62bSderaadtif [ ! -f /var/db/host.random ]; then 315f26db62bSderaadt dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ 316f26db62bSderaadt >/dev/null 2>&1 317f26db62bSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 318f26db62bSderaadtelse 3198f0921ecSdjm # Try to read seed if it was not initially present (e.g. /var on NFS) 3208f0921ecSdjm random_seed 321f8a8db05Sderaadtfi 32274af54b4Sderaadt 323f0550eb3Sderaadt# clean up left-over files 324f0550eb3Sderaadtrm -f /etc/nologin 325f0550eb3Sderaadtrm -f /var/spool/lock/LCK.* 326f0550eb3Sderaadtrm -f /var/spool/uucp/STST/* 3272402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 32823d49488Sbeck(cd /var/authpf && rm -rf -- *) 32923d49488Sbeck 3306c0a0b4aSalex# save a copy of the boot messages 3316c0a0b4aSalexdmesg >/var/run/dmesg.boot 3326c0a0b4aSalex 3333ca632e7Sderaadtecho 'starting system logger' 3343ca632e7Sderaadtrm -f /dev/log 33515273228Srobertif [ X"${httpd_flags}" != X"-u" ]; then 33615273228Srobert rm -f /var/www/dev/log 33715273228Srobert syslogd_flags="${syslogd_flags} -a /var/www/dev/log" 33815273228Srobertfi 3399969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 3407078508dSjakob rm -f /var/named/dev/log 3417078508dSjakob syslogd_flags="${syslogd_flags} -a /var/named/dev/log" 342b025dbf1Smillertfi 343f65d7fb6Smillertif [ -d /var/empty ]; then 344f65d7fb6Smillert rm -f /var/empty/dev/log 345f65d7fb6Smillert mkdir -p -m 0555 /var/empty/dev 346f65d7fb6Smillert syslogd_flags="${syslogd_flags} -a /var/empty/dev/log" 347f65d7fb6Smillertfi 3481dabce80Smarcsyslogd ${syslogd_flags} 3493ca632e7Sderaadt 3503d5b0696Ssthenif [ X"${pf}" != X"NO" ]; then 35162b797a9Shenning ifconfig pflog0 create >/dev/null 2>&1 3529a5df41aSmillert if ifconfig pflog0 >/dev/null 2>&1; then 35318db1430Sderaadt ifconfig pflog0 up 3543d5b0696Ssthen if [ X"${pflogd_flags}" != X"NO" ]; then 35518db1430Sderaadt pflogd ${pflogd_flags} 35618db1430Sderaadt fi 3579a5df41aSmillert fi 3583d5b0696Ssthenfi 35918db1430Sderaadt 3609969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 3610abe9ed7Sdanh if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then 3623a98a453Sjakob echo -n "rndc-confgen: generating new shared secret... " 3630abe9ed7Sdanh if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then 3640abe9ed7Sdanh chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1 3653a98a453Sjakob echo done. 3663a98a453Sjakob else 3673a98a453Sjakob echo failed. 3683a98a453Sjakob fi 3693a98a453Sjakob fi 3703a98a453Sjakob 3713ca632e7Sderaadt echo 'starting named'; named $named_flags 372759e03b2Sderaadtfi 373759e03b2Sderaadt 37459fef5bcSderaadtif [ ! -f /etc/isakmpd/private/local.key ]; then 37559fef5bcSderaadt echo -n "openssl: generating new isakmpd RSA key... " 37659fef5bcSderaadt if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ 37759fef5bcSderaadt > /dev/null 2>&1; then 37859fef5bcSderaadt chmod 600 /etc/isakmpd/private/local.key 37959fef5bcSderaadt openssl rsa -out /etc/isakmpd/local.pub \ 38059fef5bcSderaadt -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1 38159fef5bcSderaadt echo done. 38259fef5bcSderaadt else 38359fef5bcSderaadt echo failed. 38459fef5bcSderaadt fi 38559fef5bcSderaadtfi 38659fef5bcSderaadt 387739ac0d6Smpfif [ X"${isakmpd_flags}" != X"NO" ]; then 3885cf39231Smcbride if [ X"${sasyncd_flags}" != X"NO" ]; then 389739ac0d6Smpf isakmpd_flags="-S ${isakmpd_flags}" 390739ac0d6Smpf fi 391739ac0d6Smpf echo 'starting isakmpd'; isakmpd ${isakmpd_flags} 3925cf39231Smcbridefi 3935cf39231Smcbride 394739ac0d6Smpfif [ X"${sasyncd_flags}" != X"NO" ]; then 395739ac0d6Smpf echo 'starting sasyncd'; sasyncd ${sasyncd_flags} 396096ed560Sderaadtfi 397096ed560Sderaadt 39879ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 39979ec6e47Shshoexer if [ -f ${ipsec_rules} ]; then 40079ec6e47Shshoexer ipsecctl -f ${ipsec_rules} 40179ec6e47Shshoexer fi 40279ec6e47Shshoexerfi 40379ec6e47Shshoexer 4042f413fd2Stomecho -n 'starting initial daemons:' 4058e74b1f0Smillert 4068e74b1f0Smillertif [ X"${portmap}" = X"YES" ]; then 407df930be7Sderaadt echo -n ' portmap'; portmap 408423a3640Sderaadtfi 409df930be7Sderaadt 410052fe65bSderaadtif [ X`domainname` != X ]; then 4112d5ee5bcSderaadt if [ -d /var/yp/`domainname` ]; then 412052fe65bSderaadt # YP server capabilities needed... 413d6518a3fSniklas echo -n ' ypserv'; ypserv ${ypserv_flags} 414d52cd61fSderaadt #echo -n ' ypxfrd'; ypxfrd 4157f2d1b00Sderaadt fi 416b25099beSderaadt 417052fe65bSderaadt if [ -d /var/yp/binding ]; then 418052fe65bSderaadt # YP client capabilities needed... 4197f2d1b00Sderaadt echo -n ' ypbind'; ypbind 420052fe65bSderaadt fi 4217f2d1b00Sderaadt 422621a5fbaSderaadt if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then 423b25099beSderaadt # if we are the master server, run rpc.yppasswdd 424b25099beSderaadt _host1=`ypwhich -m passwd 2> /dev/null` 425b25099beSderaadt _host2=`hostname` 426fd917f6eSderaadt if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then 427b25099beSderaadt _host1=`ypmatch $_host1 hosts | cut -d' ' -f2` 428b25099beSderaadt _host2=`ypmatch $_host2 hosts | cut -d' ' -f2 | head -1` 429b25099beSderaadt else 430214f531bSderaadt _host1=`echo $_host1 | nslookup | grep '^Name: ' | \ 431b25099beSderaadt sed -e 's/^Name: //'` 432214f531bSderaadt _host2=`echo $_host2 | nslookup | grep '^Name: ' | \ 433b25099beSderaadt sed -e 's/^Name: //'` 434b25099beSderaadt fi 435234efc0eSderaadt if [ "$_host2" = "$_host1" ]; then 43613f82310Sniklas echo -n ' rpc.yppasswdd' 43713f82310Sniklas rpc.yppasswdd ${yppasswdd_flags} 4382d5ee5bcSderaadt fi 4392d5ee5bcSderaadt fi 440df930be7Sderaadtfi 441df930be7Sderaadt 4429969bcb5Smillertif [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \ 443d54d80fbSderaadt `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then 444df930be7Sderaadt rm -f /var/db/mountdtab 445df930be7Sderaadt echo -n > /var/db/mountdtab 446fbb065beSavsm echo -n ' mountd'; mountd 447e6d41a0aSniklas echo -n ' nfsd'; nfsd ${nfsd_flags} 4489969bcb5Smillert if [ X"${lockd}" = X"YES" ]; then 449e6d41a0aSniklas echo -n ' rpc.lockd'; rpc.lockd 450d45eaf81Ssturm echo -n ' rpc.statd'; rpc.statd 451e6d41a0aSniklas fi 452df930be7Sderaadtfi 453df930be7Sderaadt 4549969bcb5Smillertif [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then 455df930be7Sderaadt echo -n ' amd' 456495c03deSderaadt (cd /etc/amd; amd `cat ${amd_master}`) 457df930be7Sderaadtfi 458df930be7Sderaadt 459cb033641Shenning# run rdate before timed/ntpd 460cb033641Shenningif [ X"${rdate_flags}" != X"NO" ]; then 461cb033641Shenning echo -n ' rdate'; rdate -s ${rdate_flags} 462cb033641Shenningfi 463cb033641Shenning 4649969bcb5Smillertif [ X"${timed_flags}" != X"NO" ]; then 465cb033641Shenning echo -n ' timed'; timed $timed_flags 466cb033641Shenningfi 467cb033641Shenning 468b676f7a4Smbalmerif [ X"${ldattach_flags}" != X"NO" -a -n "${ldattach_flags}" ]; then 469b676f7a4Smbalmer echo -n ' ldattach'; ldattach ${ldattach_flags} 470a47f0da1Sckuethefi 471a47f0da1Sckuethe 4729969bcb5Smillertif [ X"${ntpd_flags}" != X"NO" ]; then 473117259d9Sderaadt echo -n ' ntpd'; ntpd $ntpd_flags 474cb033641Shenningfi 475df930be7Sderaadtecho '.' 476df930be7Sderaadt 477cc3d9aa9Sottomount -a 4783ca632e7Sderaadt 479638be0f1Smiodswapctl -A -t noblk 480638be0f1Smiod 481df930be7Sderaadt# /var/crash should be a directory or a symbolic link 482df930be7Sderaadt# to the crash directory if core dumps are to be saved. 483df930be7Sderaadtif [ -d /var/crash ]; then 4849d112a13Stholo savecore ${savecore_flags} /var/crash 485df930be7Sderaadtfi 486df930be7Sderaadt 487f64d9cd6Sjjif [ X"${afs}" = X"YES" -a -c /dev/nnpfs0 ]; then 4888b757a89Sart echo -n 'mounting afs:' 489dd435269Sbeck mkdir -p -m 0755 /afs 490f64d9cd6Sjj mount -t nnpfs /dev/nnpfs0 /afs 491dd435269Sbeck /usr/libexec/afsd ${afsd_flags} 4928b757a89Sart echo ' done.' 4938b757a89Sartfi 4948b757a89Sart 4959969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 496df930be7Sderaadt echo -n 'checking quotas:' 497df930be7Sderaadt quotacheck -a 498df930be7Sderaadt echo ' done.' 499df930be7Sderaadt quotaon -a 50036a647e7Sdownsjfi 501df930be7Sderaadt 502df930be7Sderaadt# build ps databases 503fb69824dSderaadtecho -n 'building ps databases:' 504fb69824dSderaadtecho -n " kvm" 505004fa836Smillertkvm_mkdb 506fb69824dSderaadtecho -n " dev" 507df930be7Sderaadtdev_mkdb 508fb69824dSderaadtecho "." 509df930be7Sderaadt 510e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 511a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 512df930be7Sderaadt 513df930be7Sderaadt# check the password temp/lock file 5148b7444a6Sderaadtif [ -f /etc/ptmp ]; then 515df930be7Sderaadt logger -s -p auth.err \ 516df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 517df930be7Sderaadtfi 518df930be7Sderaadt 519e65724e6Smillertecho clearing /tmp 520e65724e6Smillert 521e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 522e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 523e65724e6Smillert(cd /tmp && rm -rf [a-km-pr-zA-Z]* && 524e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 5258b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 526e65724e6Smillert 527f8310bdcShugh# create Unix sockets directories for X if needed and make sure they have 528f8310bdcShugh# correct permissions 529f8310bdcShughif [ -d /usr/X11R6/lib ]; then 530f8310bdcShugh for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 531f8310bdcShugh if [ -d $d ]; then 532f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f4` != root ]; then 533f8310bdcShugh chown root $d 534f8310bdcShugh fi 535f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then 536f8310bdcShugh chmod 1777 $d 537f8310bdcShugh fi 538f8310bdcShugh elif [ -e $d ]; then 539f8310bdcShugh echo "Error: $d exists and isn't a directory." 540f8310bdcShugh else 541f8310bdcShugh mkdir -m 1777 $d 542f8310bdcShugh fi 543f8310bdcShugh done 544f8310bdcShughfi 545f8310bdcShugh 5462f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel 5479969bcb5Smillertif [ X"${securelevel}" != X"" ]; then 548e31a5b5aSmillert echo -n 'setting kernel security level: ' 5496a337e36Sjmc sysctl kern.securelevel=${securelevel} 55041406ee4Sderaadtfi 55141406ee4Sderaadt 552dc279d04Sderaadt# patch /etc/motd 553dc279d04Sderaadtif [ ! -f /etc/motd ]; then 554dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 555dc279d04Sderaadtfi 556d243dabcSmillertT=`mktemp /tmp/_motd.XXXXXXXXXX` 557499eb670Smillertif [ $? -eq 0 ]; then 558dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 559dc279d04Sderaadt echo "" >> $T 560dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 561dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 562dc279d04Sderaadt rm -f $T 5635b45527eSmillertfi 564dc279d04Sderaadt 565f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 566f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 567f0d9a157Sajacoutot touch /var/account/acct 568f0d9a157Sajacoutot fi 569df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 570df930be7Sderaadtfi 571df930be7Sderaadt 5727e42516dSderaadtif [ -f /sbin/ldconfig ]; then 5737e42516dSderaadt echo 'creating runtime link editor directory cache.' 5747e42516dSderaadt if [ -d /usr/local/lib ]; then 5755881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 5767e42516dSderaadt fi 5777e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 5785881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 5797e42516dSderaadt fi 5807e42516dSderaadt ldconfig $shlib_dirs 5817e42516dSderaadtfi 5827e42516dSderaadt 583f57929bcSmillertif [ -x /usr/libexec/vi.recover ]; then 584747e271cSjasper echo 'preserving editor files.'; /usr/libexec/vi.recover 585f57929bcSmillertfi 586f57929bcSmillert 5870662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 58834c0b73eSderaadt echo -n "ssh-keygen: generating new DSA host key... " 5890662dc2cSderaadt if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then 590b05748d5Sderaadt echo done. 591b05748d5Sderaadt else 592b05748d5Sderaadt echo failed. 593b05748d5Sderaadt fi 594b05748d5Sderaadtfi 5950662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_rsa_key ]; then 596b05748d5Sderaadt echo -n "ssh-keygen: generating new RSA host key... " 5970662dc2cSderaadt if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then 59834c0b73eSderaadt echo done. 59934c0b73eSderaadt else 60034c0b73eSderaadt echo failed. 60134c0b73eSderaadt fi 60234c0b73eSderaadtfi 6030662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_key ]; then 604d5166b8fSmarkus echo -n "ssh-keygen: generating new RSA1 host key... " 6050662dc2cSderaadt if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then 6066d6e0cf6Sderaadt echo done. 6076d6e0cf6Sderaadt else 6086d6e0cf6Sderaadt echo failed. 6096d6e0cf6Sderaadt fi 6106d6e0cf6Sderaadtfi 6116d6e0cf6Sderaadt 612df930be7Sderaadtecho -n starting network daemons: 613df930be7Sderaadt 61459fef5bcSderaadtif [ X"${sshd_flags}" != X"NO" ]; then 61559fef5bcSderaadt echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags}; 61659fef5bcSderaadtfi 61759fef5bcSderaadt 61800cfffdcSreykif [ X"${snmpd_flags}" != X"NO" ]; then 61900cfffdcSreyk echo -n ' snmpd'; /usr/sbin/snmpd $snmpd_flags 62000cfffdcSreykfi 62100cfffdcSreyk 6222cce10d4Snorbyif [ X"${ripd_flags}" != X"NO" ]; then 6232cce10d4Snorby echo -n ' ripd'; /usr/sbin/ripd $ripd_flags 6242cce10d4Snorbyfi 6252cce10d4Snorby 6269969bcb5Smillertif [ X"${mrouted_flags}" != X"NO" ]; then 62769b30726Sderaadt echo -n ' mrouted'; mrouted $mrouted_flags 62869b30726Sderaadtfi 62969b30726Sderaadt 63080302420Snorbyif [ X"${dvmrpd_flags}" != X"NO" ]; then 63180302420Snorby echo -n ' dvmrpd'; /usr/sbin/dvmrpd $dvmrpd_flags 63280302420Snorbyfi 63380302420Snorby 6349969bcb5Smillertif [ X"${ospfd_flags}" != X"NO" ]; then 635c7f4bdaaShenning echo -n ' ospfd'; /usr/sbin/ospfd $ospfd_flags 636c7f4bdaaShenningfi 637c7f4bdaaShenning 638f224b7cfSnorbyif [ X"${ospf6d_flags}" != X"NO" ]; then 639f224b7cfSnorby echo -n ' ospf6d'; /usr/sbin/ospf6d $ospf6d_flags 640f224b7cfSnorbyfi 641f224b7cfSnorby 6429969bcb5Smillertif [ X"${bgpd_flags}" != X"NO" ]; then 643220f3b8dShenning echo -n ' bgpd'; /usr/sbin/bgpd $bgpd_flags 644220f3b8dShenningfi 645220f3b8dShenning 6460a38bd6cSmpfif [ X"${ifstated_flags}" != X"NO" ]; then 6470a38bd6cSmpf echo -n ' ifstated'; ifstated $ifstated_flags 6480a38bd6cSmpffi 6490a38bd6cSmpf 65091caa7d6Sderaadtif [ X"${relayd_flags}" != X"NO" ]; then 65191caa7d6Sderaadt echo -n ' relayd'; /usr/sbin/relayd $relayd_flags 65233fc7537Spyrfi 65333fc7537Spyr 6549969bcb5Smillertif [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then 65530a2245dSform touch /var/db/dhcpd.leases 656f8263c61Sjdixon echo -n ' dhcpd'; /usr/sbin/dhcpd ${dhcpd_flags} 65730a2245dSformfi 65830a2245dSform 65995d52386Snorbyif [ X"${dhcrelay_flags}" != X"NO" ]; then 66095d52386Snorby echo -n ' dhcrelay'; /usr/sbin/dhcrelay $dhcrelay_flags 66195d52386Snorbyfi 66295d52386Snorby 66333a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 66433a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 6659969bcb5Smillert if [ X"${fw}" = X"0" ]; then 6669969bcb5Smillert if [ X"${rtsold_flags}" != X"NO" ]; then 66733a0f254Sitojun echo -n ' rtsold' 66833a0f254Sitojun /usr/sbin/rtsold ${rtsold_flags} 66933a0f254Sitojun fi 67033a0f254Sitojun else 6719969bcb5Smillert if [ X"${route6d_flags}" != X"NO" ]; then 67233a0f254Sitojun echo -n ' route6d' 67333a0f254Sitojun /usr/sbin/route6d ${route6d_flags} 67433a0f254Sitojun fi 6759969bcb5Smillert if [ X"${rtadvd_flags}" != X"NO" ]; then 67633a0f254Sitojun echo -n ' rtadvd' 67733a0f254Sitojun /usr/sbin/rtadvd ${rtadvd_flags} 67833a0f254Sitojun fi 67933a0f254Sitojun fi 68033a0f254Sitojunfi 68133a0f254Sitojun 682797ee821Sreykif [ X"${hostapd_flags}" != X"NO" ]; then 683797ee821Sreyk echo -n ' hostapd'; /usr/sbin/hostapd ${hostapd_flags}; 684797ee821Sreykfi 685797ee821Sreyk 686580c64f7Suweif [ X"${bt}" != X"NO" ]; then 687580c64f7Suwe echo -n ' btd'; /usr/sbin/btd 688580c64f7Suwe if [ -f ${bt_rules} ]; then 689580c64f7Suwe btctl -f ${bt_rules} 690580c64f7Suwe fi 691580c64f7Suwefi 692580c64f7Suwe 6939969bcb5Smillertif [ X"${rwhod}" = X"YES" ]; then 694df930be7Sderaadt echo -n ' rwhod'; rwhod 695df930be7Sderaadtfi 696df930be7Sderaadt 697423a3640Sderaadt 6989969bcb5Smillertif [ X"${lpd_flags}" != X"NO" ]; then 6997c143c5dSfgsch echo -n ' lpd'; lpd ${lpd_flags} 700423a3640Sderaadtfi 701df930be7Sderaadt 702748324b4Smarkus# We call sendmail with a full path so that SIGHUP works. 703748324b4Smarkus# Note that /usr/sbin/sendmail may actually call a 7040e208981Smillert# mailer other than sendmail, depending on /etc/mailer.conf. 7059969bcb5Smillertif [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then 706e18bddb2Smillert echo -n ' sendmail'; ( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & ) 707df930be7Sderaadtfi 708df930be7Sderaadt 70910b36da7Sjacekmif [ X"${smtpd_flags}" != X"NO" ]; then 71010b36da7Sjacekm echo -n ' smtpd'; smtpd $smtpd_flags 71110b36da7Sjacekmfi 71210b36da7Sjacekm 7139969bcb5Smillertif [ X"${httpd_flags}" != X"NO" ]; then 714205e112eSespie # Clean up left-over httpd locks 715205e112eSespie rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.* 716f3079313Sangelos echo -n ' httpd'; /usr/sbin/httpd ${httpd_flags} 71752e6779cSderaadtfi 71852e6779cSderaadt 7199969bcb5Smillertif [ X"${ftpd_flags}" != X"NO" ]; then 720b6330bccSdownsj echo -n ' ftpd'; /usr/libexec/ftpd ${ftpd_flags} 721b6330bccSdownsjfi 722b6330bccSdownsj 72389b602d7Scamieldif [ X"${ftpproxy_flags}" != X"NO" ]; then 72489b602d7Scamield echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags} 72589b602d7Scamieldfi 72689b602d7Scamield 7279969bcb5Smillertif [ X"${identd_flags}" != X"NO" ]; then 7284265ef72Sfgsch echo -n ' identd'; /usr/libexec/identd ${identd_flags} 7294265ef72Sfgschfi 7304265ef72Sfgsch 7319969bcb5Smillertif [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then 732df930be7Sderaadt echo -n ' inetd'; inetd 733423a3640Sderaadtfi 734df930be7Sderaadt 7359969bcb5Smillertif [ X"${spamd_flags}" != X"NO" ]; then 736bf3c08c2Sbeck if [ X"${spamd_black}" != X"NO" ]; then 73732cdaddfSbeck spamd_flags="${spamd_flags} -b" 738116d9528Sderaadt fi 7396856ca63Sotto echo -n ' spamd'; eval /usr/libexec/spamd ${spamd_flags} 7400fad963aSderaadt /usr/libexec/spamd-setup -D 7418e25c0d1Sbeck if [ X"${spamd_black}" = X"NO" ]; then 742116d9528Sderaadt echo -n ' spamlogd' 7431b86c533Shenning /usr/libexec/spamlogd ${spamlogd_flags} 744116d9528Sderaadt fi 745116d9528Sderaadtfi 746116d9528Sderaadt 7479969bcb5Smillertif [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then 748df930be7Sderaadt echo -n ' rarpd'; rarpd ${rarpd_flags} 749df930be7Sderaadtfi 750df930be7Sderaadt 7519969bcb5Smillertif [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then 752df930be7Sderaadt echo -n ' rpc.bootparamd'; rpc.bootparamd ${bootparamd_flags} 753df930be7Sderaadtfi 754df930be7Sderaadt 7559969bcb5Smillertif [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then 756df930be7Sderaadt echo -n ' rbootd'; rbootd ${rbootd_flags} 757df930be7Sderaadtfi 758df930be7Sderaadt 7599969bcb5Smillertif [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then 760df4692e3Smaja echo -n ' mopd'; mopd ${mopd_flags} 761df4692e3Smajafi 762df4692e3Smaja 763df930be7Sderaadtecho '.' 764df930be7Sderaadt 765c86c53eeSderaadtmixerctl_conf 766c86c53eeSderaadt 767fde3f312Shin# KerberosV master KDC 7689969bcb5Smillertif [ X"${krb5_master_kdc}" = X"YES" ]; then 769fde3f312Shin echo 'KerberosV master KDC' 770fde3f312Shin /usr/libexec/kdc & 771fde3f312Shin /usr/libexec/kadmind & 772fde3f312Shin /usr/libexec/kpasswdd & 773fde3f312Shinfi 774fde3f312Shin 775fde3f312Shin# KerberosV slave KDC 7769969bcb5Smillertif [ X"${krb5_slave_kdc}" = X"YES" ]; then 777fde3f312Shin echo 'KerberosV slave KDC' 778fde3f312Shin /usr/libexec/kdc & 779fde3f312Shin # Remember to enable hpropd in inetd.conf 780fde3f312Shinfi 781fde3f312Shin 7822f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local 7838b7444a6Sderaadt 78474491808Smillertecho -n standard daemons: 785f026f8beSmarc 7869969bcb5Smillertif [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then 787f026f8beSmarc echo -n ' apmd'; /usr/sbin/apmd ${apmd_flags} 788f026f8beSmarcfi 789f026f8beSmarc 790793d0ae6Shenningif [ X"${sensorsd_flags}" != X"NO" ]; then 791793d0ae6Shenning echo -n ' sensorsd'; /usr/sbin/sensorsd ${sensorsd_flags} 792793d0ae6Shenningfi 793793d0ae6Shenning 794f255c293Sgrangeif [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then 795f255c293Sgrange echo -n ' hotplugd'; /usr/sbin/hotplugd ${hotplugd_flags} 796f255c293Sgrangefi 797f255c293Sgrange 7982e3327d2Shenningif [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then 7992e3327d2Shenning echo -n ' watchdogd'; /usr/sbin/watchdogd ${watchdogd_flags} 8002e3327d2Shenningfi 8012e3327d2Shenning 80274491808Smillertecho -n ' cron'; cron 803f026f8beSmarc 804ce6634dfSmcbride# disable carp interlock 805a1f52e7fShenningifconfig -g carp -carpdemote 128 806ce6634dfSmcbride 80774491808Smillertecho '.' 80874491808Smillert 809df930be7Sderaadtdate 8108569782fSderaadt 8119969bcb5Smillertif [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then 8124a4c21d8Sderaadt echo 'starting wsmoused...'; /usr/sbin/wsmoused ${wsmoused_flags} 81396ac2838Saaronfi 814f8810935Saaron 815f8810935Saaron# Alternatively, on some architectures, xdm may be started in /etc/ttys. 816b10cee8bShalexif [ X"${xdm_flags}" != X"NO" -a -x /usr/X11R6/bin/xdm ]; then 817f8810935Saaron echo 'starting xdm...'; /usr/X11R6/bin/xdm ${xdm_flags} 8188569782fSderaadtfi 8198569782fSderaadt 820df930be7Sderaadtexit 0 821