1*d750a370Sderaadt# $OpenBSD: rc,v 1.440 2014/08/22 19:19:25 deraadt Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 97cffa29c0Sderaadt eval wsconsctl $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1028f0921ecSdjmrandom_seed() 1038f0921ecSdjm{ 104d7e1c4e4Sderaadt # push the old seed into the kernel 10513a462f6Sbluhm dd if=/var/db/host.random of=/dev/random bs=65536 count=1 status=none 106d7e1c4e4Sderaadt chmod 600 /var/db/host.random 107d7e1c4e4Sderaadt # ... and create a future seed 10813a462f6Sbluhm dd if=/dev/random of=/var/db/host.random bs=65536 count=1 status=none 10949be1d20Sderaadt # and create a seed file for the boot-loader 11013a462f6Sbluhm dd if=/dev/random of=/etc/random.seed bs=512 count=1 status=none 11149be1d20Sderaadt chmod 600 /etc/random.seed 1128f0921ecSdjm} 1138f0921ecSdjm 114e27ad5ceSdjmfill_baddynamic() 115e27ad5ceSdjm{ 116484497f6Shalex local _service=$1 117e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 118484497f6Shalex stripcom /etc/services | 119484497f6Shalex { 120484497f6Shalex # Variables are local 121484497f6Shalex while IFS=" /" read _name _port _srv _junk; do 122fa65f058Shalex [ "x${_srv}" = "x${_service}" ] || continue 123484497f6Shalex _ban="${_ban:+${_ban},}+${_port}" 124e27ad5ceSdjm # Flush before argv gets too long 125484497f6Shalex if [ ${#_ban} -gt 1024 ]; then 126484497f6Shalex sysctl -q ${_sysctl}=${_ban} 127e27ad5ceSdjm _ban="" 128e27ad5ceSdjm fi 129484497f6Shalex done 130484497f6Shalex [ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban} 131484497f6Shalex } 132e27ad5ceSdjm} 133e27ad5ceSdjm 134833ea469Srobertstart_daemon() 135833ea469Srobert{ 136598b0ae3Srobert local _n 137833ea469Srobert for _n; do 138833ea469Srobert eval _do=\${${_n}_flags} 139833ea469Srobert if [ X"${_do}" != X"NO" ]; then 140833ea469Srobert /etc/rc.d/${_n} start 141833ea469Srobert fi 142833ea469Srobert done 143833ea469Srobert} 144833ea469Srobert 1453e77ed4cSderaadtmake_keys() 1463e77ed4cSderaadt{ 1473e77ed4cSderaadt if [ ! -f /etc/isakmpd/private/local.key ]; then 1483e77ed4cSderaadt echo -n "openssl: generating isakmpd/iked RSA key... " 1493e77ed4cSderaadt if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ 1503e77ed4cSderaadt >/dev/null 2>&1; then 1513e77ed4cSderaadt chmod 600 /etc/isakmpd/private/local.key 1523e77ed4cSderaadt openssl rsa -out /etc/isakmpd/local.pub -in \ 1533e77ed4cSderaadt /etc/isakmpd/private/local.key -pubout \ 1543e77ed4cSderaadt >/dev/null 2>&1 1553e77ed4cSderaadt echo done. 1563e77ed4cSderaadt else 1573e77ed4cSderaadt echo failed. 1583e77ed4cSderaadt fi 1593e77ed4cSderaadt fi 1603e77ed4cSderaadt 1613e77ed4cSderaadt if [ ! -f /etc/iked/private/local.key ]; then 1623e77ed4cSderaadt # Just copy the generated isakmpd key 1633e77ed4cSderaadt cp /etc/isakmpd/private/local.key /etc/iked/private/local.key 1643e77ed4cSderaadt chmod 600 /etc/iked/private/local.key 1653e77ed4cSderaadt cp /etc/isakmpd/local.pub /etc/iked/local.pub 1663e77ed4cSderaadt fi 1673e77ed4cSderaadt 1683e77ed4cSderaadt ssh-keygen -A 1693e77ed4cSderaadt} 1703e77ed4cSderaadt 1713e77ed4cSderaadt# create Unix sockets directories for X if needed and make sure they have 1723e77ed4cSderaadt# correct permissions 1733e77ed4cSderaadtsetup_X_sockets() 1743e77ed4cSderaadt{ 1753e77ed4cSderaadt if [ -d /usr/X11R6/lib ]; then 1763e77ed4cSderaadt for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 1773e77ed4cSderaadt if [ -d $d ]; then 1783e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f4` \ 1793e77ed4cSderaadt != root ]; then 1803e77ed4cSderaadt chown root $d 1813e77ed4cSderaadt fi 1823e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f1` \ 1833e77ed4cSderaadt != drwxrwxrwt ]; then 1843e77ed4cSderaadt chmod 1777 $d 1853e77ed4cSderaadt fi 1863e77ed4cSderaadt elif [ -e $d ]; then 1873e77ed4cSderaadt echo "Error: $d exists and isn't a directory." 1883e77ed4cSderaadt else 1893e77ed4cSderaadt mkdir -m 1777 $d 1903e77ed4cSderaadt fi 1913e77ed4cSderaadt done 1923e77ed4cSderaadt fi 1933e77ed4cSderaadt} 1943e77ed4cSderaadt 19581896204Sclaudiodo_fsck() 19681896204Sclaudio{ 19781896204Sclaudio local _flags=$1 19881896204Sclaudio 19981896204Sclaudio fsck -p $_flags 20081896204Sclaudio case $? in 20181896204Sclaudio 0) 20281896204Sclaudio ;; 20381896204Sclaudio 2) 20481896204Sclaudio exit 1 20581896204Sclaudio ;; 20681896204Sclaudio 4) 20781896204Sclaudio echo "Rebooting..." 20881896204Sclaudio reboot 20981896204Sclaudio echo "Reboot failed; help!" 21081896204Sclaudio exit 1 21181896204Sclaudio ;; 21281896204Sclaudio 8) 21381896204Sclaudio echo "Automatic file system check failed; help!" 21481896204Sclaudio exit 1 21581896204Sclaudio ;; 21681896204Sclaudio 12) 21781896204Sclaudio echo "Boot interrupted." 21881896204Sclaudio exit 1 21981896204Sclaudio ;; 22081896204Sclaudio 130) 22181896204Sclaudio # interrupt before catcher installed 22281896204Sclaudio exit 1 22381896204Sclaudio ;; 22481896204Sclaudio *) 22581896204Sclaudio echo "Unknown error; help!" 22681896204Sclaudio exit 1 22781896204Sclaudio ;; 22881896204Sclaudio esac 22981896204Sclaudio} 23081896204Sclaudio 2315420764bSmillert# End subroutines 2325420764bSmillert 233df930be7Sderaadtstty status '^T' 234df930be7Sderaadt 235df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 236df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 237df930be7Sderaadttrap : 2 238df930be7Sderaadttrap : 3 # shouldn't be needed 239df930be7Sderaadt 240df930be7SderaadtHOME=/; export HOME 241102e9b47SrobertINRC=1; export INRC 242df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 243df930be7Sderaadtexport PATH 244df930be7Sderaadt 24510cfcf00Sderaadt# must set the domainname before rc.conf, so YP startup choices can be made 24610cfcf00Sderaadtif [ -f /etc/defaultdomain ]; then 24710cfcf00Sderaadt domainname `stripcom /etc/defaultdomain` 24810cfcf00Sderaadtfi 24910cfcf00Sderaadt 2508799e9c8Srobert# need to get local functions from rc.subr 2518799e9c8SrobertFUNCS_ONLY=1 . /etc/rc.d/rc.subr 2528799e9c8Srobert 2538799e9c8Srobert# load rc.conf into scope 2548799e9c8Srobert_rc_parse_conf 255d9f03edaSrobert 2569969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 2577b987043Sbluhm if echo 2>/dev/null >>/var/db/host.random || \ 2587b987043Sbluhm echo 2>/dev/null >>/etc/random.seed; then 259a938e06dSrpe random_seed 2607b987043Sbluhm else 2617b987043Sbluhm echo warning: cannot write random seed to disk 2627b987043Sbluhm fi 263a938e06dSrpe 26419b9ddfaSmillert # If we are in secure level 0, assume single user mode. 26519b9ddfaSmillert if [ `sysctl -n kern.securelevel` -ne 0 ]; then 2669d0326b3Sschwarze pkg_scripts=${pkg_scripts%%*( )} 267ab772a24Sderaadt if [ -n "${pkg_scripts}" ]; then 268bbe1205bSajacoutot echo -n 'stopping package daemons:' 269931d9abfSajacoutot while [ -n "${pkg_scripts}" ]; do 270931d9abfSajacoutot _r=${pkg_scripts##* } 271931d9abfSajacoutot pkg_scripts=${pkg_scripts%%*( )${_r}} 272bbe1205bSajacoutot [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop 273bbe1205bSajacoutot done 274bbe1205bSajacoutot echo '.' 275bbe1205bSajacoutot fi 276ab772a24Sderaadt 277e6e1e079Sderaadt [ -f /etc/rc.shutdown ] && sh /etc/rc.shutdown 278ab772a24Sderaadt else 279ab772a24Sderaadt echo single user: not running shutdown scripts 280ab772a24Sderaadt fi 2819e07bef9Smcbride 2829e07bef9Smcbride # bring carp interfaces down gracefully 2834375b688Ssthen ifconfig | while read a b; do 2844375b688Ssthen case $a in 2854375b688Ssthen carp+([0-9]):) ifconfig ${a%:} down ;; 286b7f7a928Ssthen esac 2879e07bef9Smcbride done 2882ee46d13Smcbride 28975a54d2eSderaadt exit 0 29075a54d2eSderaadtfi 29175a54d2eSderaadt 292638be0f1Smiodswapctl -A -t blk 293920abb1bSderaadt 2948b7444a6Sderaadtif [ -e /fastboot ]; then 295df930be7Sderaadt echo "Fast boot: skipping disk checks." 2969969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 297df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 29881896204Sclaudio do_fsck 299df930be7Sderaadtfi 300df930be7Sderaadt 301df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 302df930be7Sderaadt 303df930be7Sderaadtumount -a >/dev/null 2>&1 3046e571508Sgrunkmount -a -t nonfs,vnd 3054515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 306df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 307df930be7Sderaadt 308df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 309df930be7Sderaadtecho 'setting tty flags' 310df930be7Sderaadtttyflags -a 311df930be7Sderaadt 31248390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 31348390b59Smcbride kbd `cat /etc/kbdtype` 31448390b59Smcbridefi 31548390b59Smcbride 316cc294143Sderaadtwsconsctl_conf 317cc294143Sderaadt 3189969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3197b24ca9eSmcbride RULES="block all" 3204dd40d42Shenning RULES="$RULES\npass on lo0" 3217637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 322ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 3233dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 324841a2ab1Sclaudio RULES="$RULES\npass out inet proto udp from any port bootpc to any port bootps" 325841a2ab1Sclaudio RULES="$RULES\npass in inet proto udp from any port bootps to any port bootpc" 326e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 327ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 328ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 32963c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 33063c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 331841a2ab1Sclaudio RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server" 332841a2ab1Sclaudio RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" 333e24e98b3Sgrange fi 334d7cbed85Shenning RULES="$RULES\npass in proto carp keep state (no-sync)" 335d7cbed85Shenning RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" 3363dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 33718db1430Sderaadt *[1-9]*) 33818db1430Sderaadt # don't kill NFS 339649b49daShenning RULES="set reassemble yes no-df\n$RULES" 340befcbaa2Sderaadt RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" 341d7cbed85Shenning RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 } !received-on any" 34218db1430Sderaadt ;; 34318db1430Sderaadt esac 3444616f5d9Sdhartmei echo $RULES | pfctl -f - 3454616f5d9Sdhartmei pfctl -e 3461097c023Skjellfi 3471097c023Skjell 348e27ad5ceSdjm# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services 349e27ad5ceSdjmfill_baddynamic udp 350e27ad5ceSdjmfill_baddynamic tcp 351e27ad5ceSdjm 3520e47d797Smillertsysctl_conf 353f753b29fSderaadt 354df930be7Sderaadt# set hostname, turn on network 355df930be7Sderaadtecho 'starting network' 356a1f52e7fShenningifconfig -g carp carpdemote 128 357053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 3587d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 359053628caSderaadt touch /etc/resolv.conf 360053628caSderaadtfi 36124492e87Sajacoutotsh /etc/netstart 362d67465e2Sderaadtdmesg > /dev/random # any write triggers an RC4 rekey 363df930be7Sderaadt 3649969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3651097c023Skjell if [ -f ${pf_rules} ]; then 366616367a9Sdhartmei pfctl -f ${pf_rules} 3671097c023Skjell fi 368f5262b16Smpf # bring up pfsync after the working ruleset has been loaded 369df0568a3Sderaadt if [ -f /etc/hostname.pfsync0 ]; then 370b523182eSderaadt sh /etc/netstart pfsync0 371f5262b16Smpf fi 372df0568a3Sderaadtfi 3731097c023Skjell 374cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 375cc3d9aa9Sottomount -s /var >/dev/null 2>&1 376df930be7Sderaadt 3778f0921ecSdjmrandom_seed 37874af54b4Sderaadt 379f0550eb3Sderaadt# clean up left-over files 38047a1f8faSderaadtrm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* 3812402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 38223d49488Sbeck(cd /var/authpf && rm -rf -- *) 38323d49488Sbeck 3846c0a0b4aSalex# save a copy of the boot messages 3856c0a0b4aSalexdmesg >/var/run/dmesg.boot 3866c0a0b4aSalex 3873e77ed4cSderaadtmake_keys 3883e77ed4cSderaadt 389cc027ce3Sderaadtecho -n 'starting early daemons:' 390*d750a370Sderaadtstart_daemon syslogd ldattach pflogd nsd unbound ntpd 39181896204Sclaudiostart_daemon iscsid isakmpd iked sasyncd ldapd npppd 392833ea469Srobertecho '.' 393096ed560Sderaadt 39479ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 39579ec6e47Shshoexer if [ -f ${ipsec_rules} ]; then 39679ec6e47Shshoexer ipsecctl -f ${ipsec_rules} 39779ec6e47Shshoexer fi 39879ec6e47Shshoexerfi 39979ec6e47Shshoexer 400cc027ce3Sderaadtecho -n 'starting RPC daemons:' 4016bf0f2bdSdlgstart_daemon portmap ypldap 40247a1f8faSderaadtif [ X"`domainname`" != X"" ]; then 4031528aeb4Sderaadt start_daemon ypserv ypbind yppasswdd 40447a1f8faSderaadtfi 4056bf0f2bdSdlgstart_daemon mountd nfsd lockd statd amd 406df930be7Sderaadtecho '.' 407df930be7Sderaadt 408cc3d9aa9Sottomount -a 409638be0f1Smiodswapctl -A -t noblk 410638be0f1Smiod 41181896204Sclaudio# check and mount networked filesystems 41281896204Sclaudiodo_fsck -N 41381896204Sclaudiomount -a -N 41481896204Sclaudio 415df930be7Sderaadt# /var/crash should be a directory or a symbolic link 416df930be7Sderaadt# to the crash directory if core dumps are to be saved. 417df930be7Sderaadtif [ -d /var/crash ]; then 4189d112a13Stholo savecore ${savecore_flags} /var/crash 419df930be7Sderaadtfi 420df930be7Sderaadt 4219969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 422df930be7Sderaadt echo -n 'checking quotas:' 423df930be7Sderaadt quotacheck -a 424df930be7Sderaadt echo ' done.' 425df930be7Sderaadt quotaon -a 42636a647e7Sdownsjfi 427df930be7Sderaadt 42847a1f8faSderaadtkvm_mkdb # build kvm(3) databases 429df930be7Sderaadtdev_mkdb 430e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 431a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 432df930be7Sderaadt 433df930be7Sderaadt# check the password temp/lock file 4348b7444a6Sderaadtif [ -f /etc/ptmp ]; then 435df930be7Sderaadt logger -s -p auth.err \ 436df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 437df930be7Sderaadtfi 438df930be7Sderaadt 439e65724e6Smillertecho clearing /tmp 440e65724e6Smillert 441e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 442e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 44368b9454cSsthen(cd /tmp && rm -rf [a-km-pr-zA-Z]*) 44468b9454cSsthen(cd /tmp && 445e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 4468b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 447e65724e6Smillert 4483e77ed4cSderaadtsetup_X_sockets 4493e77ed4cSderaadt 450e6e1e079Sderaadt[ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel 45107f21ec8Sajacoutot# rc.securelevel did not specifically set -1 or 2, so select the default: 1 45207f21ec8Sajacoutotif [ `sysctl -n kern.securelevel` -eq 0 ]; then 453e6e1e079Sderaadt sysctl kern.securelevel=1 4547a8988dbSajacoutotfi 45541406ee4Sderaadt 456dc279d04Sderaadt# patch /etc/motd 457dc279d04Sderaadtif [ ! -f /etc/motd ]; then 458dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 459dc279d04Sderaadtfi 46022baa516Sguentherif T=`mktemp /tmp/_motd.XXXXXXXXXX`; then 461dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 462dc279d04Sderaadt echo "" >> $T 463dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 464dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 465dc279d04Sderaadt rm -f $T 4665b45527eSmillertfi 467dc279d04Sderaadt 468f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 469f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 470f0d9a157Sajacoutot touch /var/account/acct 471f0d9a157Sajacoutot fi 472df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 473df930be7Sderaadtfi 474df930be7Sderaadt 475e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then 4767e42516dSderaadt echo 'creating runtime link editor directory cache.' 4777e42516dSderaadt if [ -d /usr/local/lib ]; then 4785881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 4797e42516dSderaadt fi 4807e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 4815881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 4827e42516dSderaadt fi 4837e42516dSderaadt ldconfig $shlib_dirs 4847e42516dSderaadtfi 4857e42516dSderaadt 486747e271cSjasperecho 'preserving editor files.'; /usr/libexec/vi.recover 487f57929bcSmillert 488833ea469Srobertecho -n 'starting network daemons:' 48971dd685dSkettenisstart_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated 49001c03f3dSderaadtstart_daemon relayd dhcpd dhcrelay mrouted dvmrpd 49195d52386Snorby 49233a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 49333a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 4949969bcb5Smillert if [ X"${fw}" = X"0" ]; then 495833ea469Srobert start_daemon rtsold 49633a0f254Sitojun else 49747a1f8faSderaadt start_daemon route6d rtadvd 49833a0f254Sitojun fi 49933a0f254Sitojunfi 50033a0f254Sitojun 50140c28bf6Snaddystart_daemon hostapd lpd sendmail smtpd slowcgi nginx httpd ftpd 502d7fd7d2cSajacoutotstart_daemon ftpproxy tftpd tftpproxy identd inetd rarpd bootparamd 50333f3f8beSajacoutotstart_daemon rbootd mopd spamd spamlogd sndiod 504ac826d78Srobertecho '.' 505a2f190fbSrobert 506fcbaa02fSderaadt# If rc.firstime exists, run it just once, and make sure it is deleted 507fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then 508fcbaa02fSderaadt mv /etc/rc.firsttime /etc/rc.firsttime.run 5099b5245e0Shalex . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | 5102452231eShalex mail -Es "`hostname` rc.firsttime output" root >/dev/null 511fcbaa02fSderaadtfi 512fcbaa02fSderaadtrm -f /etc/rc.firsttime.run 513fcbaa02fSderaadt 514bbe1205bSajacoutot# Run rc.d(8) scripts from packages 515931d9abfSajacoutotif [ -n "${pkg_scripts}" ]; then 516bbe1205bSajacoutot echo -n 'starting package daemons:' 517931d9abfSajacoutot for _r in $pkg_scripts; do 518739cb2c2Sespie if [ -x /etc/rc.d/${_r} ]; then 519739cb2c2Sespie start_daemon ${_r} 520739cb2c2Sespie else 521739cb2c2Sespie echo -n " ${_r}(absent)" 522739cb2c2Sespie fi 523bbe1205bSajacoutot done 524bbe1205bSajacoutot echo '.' 525bbe1205bSajacoutotfi 526bbe1205bSajacoutot 527e6e1e079Sderaadt[ -f /etc/rc.local ] && sh /etc/rc.local 5288b7444a6Sderaadt 529cc027ce3Sderaadtifconfig -g carp -carpdemote 128 # disable carp interlock 530f026f8beSmarc 531cc027ce3Sderaadtmixerctl_conf 532cc027ce3Sderaadtecho -n 'starting local daemons:' 5331d338f44Sderaadtstart_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm 53474491808Smillertecho '.' 53574491808Smillert 536df930be7Sderaadtdate 537df930be7Sderaadtexit 0 538