195 lines
6.1 KiB
Text
195 lines
6.1 KiB
Text
|
at.allow/at.deny: line by line list of user names
|
||
|
=================================================
|
||
|
user1
|
||
|
user2
|
||
|
user3
|
||
|
|
||
|
fstab
|
||
|
=====
|
||
|
# comment
|
||
|
# device mount-point fs-type options dump pass
|
||
|
LABEL=/<tab>/<tab>fxfs<tab>defaults<tab>1<tab>1
|
||
|
UUID=[uuid]<tab>none<tab>swap<tab>defaults<tab>0<tab>0
|
||
|
-----
|
||
|
device is a name, label, or UUID for a block device
|
||
|
mount-point is the folder to mount it in (for swap, it's none)
|
||
|
fs-type is the filesystem type
|
||
|
options is the options for mounting
|
||
|
dump is how often it's backed up by dump (0 is never)
|
||
|
pass is the order for checking by fsck (0 don't, 1 immediately, 2 after boot)
|
||
|
-----
|
||
|
FS options
|
||
|
auto/noauto - automatically mount on boot or only explicitly
|
||
|
dev/nodev - behaviour of interpretation of block special devices
|
||
|
exec/noexec - can binaries be executed
|
||
|
rw/ro - read/write or read-only
|
||
|
sync/async - synchronous/asynchronous IO (are writes done when commands issued?)
|
||
|
suid/nosuid - operation of the suid and sgid bits
|
||
|
user/users/nouser - anyone can mount, group users can mount, root can mount
|
||
|
user implicitly implies noexec, nosuid, nodev
|
||
|
defaults - default set (i.e. rw, suid, dev, exec, auto, nouser, async)
|
||
|
check=[none, normal, strict] - fsck checking level (ext/probably fxfs)
|
||
|
check=[r, n, s] - policy for allowed filenames (vfat)
|
||
|
r - relaxed, n - normal, s - strict
|
||
|
windows_names - only allow windows characters in names? (vfat/ntfs)
|
||
|
uid=n, gid=n - set uid and gid for files on system (vfat/ntfs)
|
||
|
umask/dmask/fmask=nnn - masking of fs nodes (vfat/ntfs)
|
||
|
umask - user file creation, dmask - directory, fmask - files
|
||
|
|
||
|
gettydefs
|
||
|
=========
|
||
|
|
||
|
group
|
||
|
=====
|
||
|
group1::24:user1,user2
|
||
|
-----
|
||
|
Simple format. name:password:gid:members
|
||
|
|
||
|
host.conf
|
||
|
=========
|
||
|
# order can be any or all of bind (name server), hosts (hosts file), or nis
|
||
|
# this determines the order in which these are tried
|
||
|
order bind hosts nis
|
||
|
# multi can be on or off and determines if a host can have multiple IPs in hosts
|
||
|
multi on
|
||
|
# check if an IP is associated with a hostname given. can be on or off
|
||
|
nospoof on
|
||
|
# spoof attempts (above) log message to the syslog facitilty. on or off.
|
||
|
alert off
|
||
|
# domain name to remove from hostnames before lookup
|
||
|
# for example, aegis.example.com would become aegis with this setting.
|
||
|
trim example.com
|
||
|
|
||
|
hosts
|
||
|
=====
|
||
|
# IP_address hostname1 hostname2
|
||
|
127.0.0.1<tab>localhost<space>loopback
|
||
|
::1<tab>localhost
|
||
|
|
||
|
hosts.allow/deny
|
||
|
================
|
||
|
ALL: ALL
|
||
|
ALL: ALL EXCEPT 192.168.0.125
|
||
|
ALL: 192.168.1.0/24
|
||
|
ALL: LOCAL
|
||
|
ALL: .example.com
|
||
|
ALL: .example.com EXCEPT testing.example.com
|
||
|
sshd: LOCAL
|
||
|
sshd, in.ftpd: LOCAL
|
||
|
in.ftpd: KNOWN
|
||
|
----------------
|
||
|
There's more than this, but this is a good start to talk about. It's
|
||
|
service: host. ALL matches everything, either all services or all hosts.
|
||
|
You can use EXCEPT to add an exception. You can use subnet masks like good
|
||
|
old 192.168.0.0/16. You could also use LOCAL for all on the local subnet.
|
||
|
You can also specify domain names, including as exceptions. You can specify
|
||
|
specific daemons, like sshd here. You can also do multiple for one rule. If you
|
||
|
prefix in., it's specifically for incoming traffic. Finally, there's the
|
||
|
wildcards KNOWN, UNKNOWN, and PARANOID, which are for known hostnames, unknown
|
||
|
hostnames, and hostnames that are spoofed. There's also apparently command
|
||
|
expansiona and all that, but we'll cross that bridge when we get to it.
|
||
|
|
||
|
hosts.lpd
|
||
|
=========
|
||
|
+
|
||
|
hostname
|
||
|
-hostname
|
||
|
+@netgroup
|
||
|
-@netgroup
|
||
|
---------
|
||
|
+ alone means any host on the network. hostname is a remote host allowed to
|
||
|
print on the local system. Add a - to forbid that. @netgroup is an NIS netgroup.
|
||
|
- works the same for these.
|
||
|
|
||
|
inittab
|
||
|
=======
|
||
|
id:2:initdefault:echo "Runlevel 2"
|
||
|
-------
|
||
|
Pretty simple. id is a unique identifier. Two characters, it seems. Next is
|
||
|
the runlevel. Multiple can be specified (i.e. 234). Action is how the process
|
||
|
is to be run. Options include respawn (restart the process if existing, do not
|
||
|
start if not started), wait (start the process, wait for it to stop), once
|
||
|
(start process, do not restart on termination), boot (only start on boot),
|
||
|
bootwait (like wait, but only on boot), powerfail (only on SIGPWR), powerwait
|
||
|
(like wait, but only on SIGPWR), off (if started, send SIGTERM, wait 5 seconds,
|
||
|
then kill the process with SIGKILL), initdefault (used to determine default
|
||
|
runlevel), sysinit (executed before attempts to access console, processes are
|
||
|
executed and waited for termination of).
|
||
|
|
||
|
issue
|
||
|
=====
|
||
|
We'll need something good to go here. I'll work it out later.
|
||
|
|
||
|
ld.so.conf
|
||
|
==========
|
||
|
/usr/include
|
||
|
/home/user1/builds/include
|
||
|
----------
|
||
|
Just a list of directories. Simple enough.
|
||
|
|
||
|
motd
|
||
|
====
|
||
|
We may or may not do this, since we'll have an issue file.
|
||
|
|
||
|
mtab
|
||
|
====
|
||
|
/dev/sda1 / fxfs rw,exec,suid,dev,async,nouser 0 0
|
||
|
/dev/sdb1 /mnt ext4 rw,nosuid,nodev,user=user1 0 0
|
||
|
----
|
||
|
It's fstab but only the currently mounted filesystems. Simple enough.
|
||
|
|
||
|
passwd
|
||
|
======
|
||
|
user1:x:1001:24:GECOS field:/home/user1:/bin/sh
|
||
|
------
|
||
|
username:password:uid:gid:gecos field:home directory:login shell
|
||
|
Password is stored in /etc/shadow. x is a placeholder for that.
|
||
|
gid is the primary group for the user. Files created by this user have this gid.
|
||
|
|
||
|
printcap
|
||
|
========
|
||
|
lw|LaserWriter:lw=/dev/ttya:br#9600:ms=-parity,onlcr,ixon,decctlq:\
|
||
|
sd=/var/spool/lw:lf=/var/spool/lp-log:mx#0
|
||
|
--------
|
||
|
There's a lot to dissect here, and it's probably best to save that dissection
|
||
|
for a proper man page. Long story short, it's a series of options separated by
|
||
|
colons. The first option is name and aliases. Everythings else is options that
|
||
|
we'll need to specify in the man page. It's kinda like the termcap database,
|
||
|
though. So, yeah.
|
||
|
|
||
|
profile
|
||
|
=======
|
||
|
It seems to be a shell script, basically. Fun.
|
||
|
|
||
|
protocols
|
||
|
=========
|
||
|
ip<tab>0<tab>IP # internet protocol
|
||
|
---------
|
||
|
It's basically official-name protocol-number alias. We'll need to find these.
|
||
|
|
||
|
securetty
|
||
|
=========
|
||
|
/dev/tty0
|
||
|
---------
|
||
|
A list of ttys from which root can login.
|
||
|
|
||
|
services
|
||
|
========
|
||
|
ssh 22 SSH
|
||
|
--------
|
||
|
Like protocols, but it's port instead of protocol.
|
||
|
|
||
|
shadow
|
||
|
======
|
||
|
user1:$id$salt$hash:7:7:21:14
|
||
|
------
|
||
|
username:crypt(3) output:days since pw change:til change allowed:\
|
||
|
til change required:til expiration warning
|
||
|
For crypt(3) output, $id is the algorithm used, $salt is the salt used, $hash
|
||
|
is the outputted hash.
|
||
|
|
||
|
shells
|
||
|
======
|
||
|
/bin/sh
|
||
|
------
|
||
|
Pathnames of shells. Simple enough.
|