# # This file is used by all the /etc/init.d/* files managed by SECclean # and by other system/defaults file # # When SECclean takes over the management of a startup file, it will modify # it so that the action done when you call it with 'start' as an argument will # be executed *ONLY* if this file sets a shell variable named as the file name # to YES # Otherwise, the shell script is resumed. # # The postinstall of SECclean initializes this file, you may want to edit it # # THE DEFAULT IS TO TURN OFF EVERYTHING, which is fine on a secure server # # See http://yassp.parc.xerox.com/ for more details # Specially: http://yassp.parc.xerox.com/internal.html # and also yassp(1) and yassp.conf(4) # # ****************************************** # High level options # See the dependencies at the end. # ****************************************** # ****************************************** # Set WORKSTATION to yes if you want to run # most of the *common* services (RPC, CDE, NFS) # *BEWARE* it will be much more vulnerable # DO NOT USE THAT FOR A SECURE SERVER!!! # ****************************************** WORKSTATION=NO # ****************************************** # Set CDE to YES if you want to run # SUN's CDE // dtlogin environment. # ****************************************** CDE=NO # ****************************************** # Set NFS to YES to enable the use of NFS # ****************************************** NFS=NO # ****************************************** # Set NETSCAPE to YES if you are using # netscape (browser or server/proxy) on # this workstation (It needs ndc). # ****************************************** NETSCAPE=NO # ****************************************** # The following lines reflect the /etc/init.d/ # file name that SECclean has taken over # ****************************************** # DO NOT DELETE THIS LINE RPC=NO XNTPD=NO NFSCLIENT=NO AUTOFS=NO NSCD=NO NFSSERVER=NO VOLMGT=NO SENDMAIL=NO DTLOGIN=NO CACHEOS=NO CACHEFSROOT=NO ASPPP=NO UUCP=NO CACHEFSDAEMON=NO SPC=NO AUTOINSTALL=NO LP=NO PRESERVE=NO CACHEOSFINISH=NO SYSIDSYS=NO SYSIDNET=NO POWER=NO INITDMI=NO INITSNMPDX=NO UTMPD=NO DEVFSADM=NO DEVLINKS=NO APACHE=NO DHCP=NO DHCPAGENT=NO LDAPCLIENT=NO LLC=NO NCAKMOD=NO NCALOGD=NO SLPD=NO WEBSTART=NO INITWBEM=NO # DO NOT DELETE THIS LINE # # End of the initfile section # # *************************************** # These are the dependency lines. # Just a start right now. # *************************************** # # Example of what is run on a workstion. # if [ "X${WORKSTATION}" = "XYES" ] ; then NSCD=YES CDE=YES NFS=YES VOLMGT=YES LP=YES fi # If CDE is needed if [ "X${CDE}" = "XYES" ] ; then RPC=YES DTLOGIN=YES fi # If NFS is needed if [ "X${NFS}" = "XYES" ] ; then NFSCLIENT=YES NFSSERVER=YES fi # NFS need RPC! if [ "X${NFSCLIENT}" = "XYES" -o "X${NFSSERVER}" = "XYES" ] ; then RPC=YES fi # And netscape need nscd if [ "X${NETSCAPE}" = "XYES" ] ; then NSCD=YES fi # ************************************************************************ # # The following section deal with some variable more generic # # The example shown in the comment line always reflects the default value # used by the script # # ************************************************************************ # ************************************ # SEC_UMASK value set in /etc/init.d/umask.sh # # Default umask used by most of the daemons. # (And will be the default for DEF_UMASK # if not defined ) # # Default = 077 # ************************************ # SEC_UMASK=077 # ************************************ # DEF_UMASK value set in /etc/default/login # # Default umask for most of the users. # # If not set, will use the SEC_UMASK value if defined. # Default = 077. # ************************************ # DEF_UMASK=077 # ************************************ # USERDENIED used in /opt/local/sbin/clean_passwd # # It represents the list of accounts the clean_passwd script will lock # # Default = 'daemon bin sys adm lp smtp uucp nuucp listen nobody noaccess nobody4' # ************************************ # USERDENIED='daemon bin sys adm lp smtp uucp nuucp listen nobody noaccess nobody4' # ************************************ # ROOTALLOWED used in /opt/local/sbin/clean_passwd # # It represents the list of accounts with a uid=0 that clean_passwd script will accept # without locking them. # Its value must be a nawk regexp, like for example: 'root|bobsu|jacksu' # Default = 'root' # # Note: even if root is not part of this list,root will never be locked by clean_passwd # ************************************ # ROOTALLOWED='root' # ************************************ # USERSDELETED used in /opt/local/sbin/clean_passwd # # It represents the list of accounts to be deleted. # Its value should be a list as 'uucp snmp' # 'root' is always excluded from this list by clean_passwd # Default = '' # # Note: 'root' is always excluded from this list by clean_passwd # ************************************ # USERSDELETED='' # ************************************ # ROOTNAME value set in /opt/local/sbin/clean_passwd # # It represents the Root description in passwd # # Default = "Root at zeta" # ************************************ # ROOTNAME="Root at zeta" # ************************************ # WVRPCBIND used in /etc/init.d/rpc # # Do we want to run Wietse Venema rpcbind # with host access control? # # Note: Will run *ONLY* if RPC was set to yes # and if /usr/sbin/WVrpcbind is executable # (WVrpcbind is part of WVtcpd package) # Default NO # ************************************ # WVRPCBIND=NO # ************************************ # RUNINETD used in /etc/init.d/inetsvc # # Do we want to run inetd? # # Default NO # ************************************ # RUNINETD=NO # ************************************ # SUNSTARTUP used in /etc/init.d/inetsvc # # Do we want to use the standard SUN startup inet[svc|init] # (which includes the use of DHCP, the modification at boot time # of /etc/inet/hosts, /etc/nsswitch.conf and /etc/resolv.conf, and # will eventualy start routed or rdist) # or do we want a simple startup script (NO DHCP, # no files modifications, nor routed/rdist) # # Default NO # ************************************ # SUNSTARTUP=NO # ************************************ # MULTICAST used in /etc/init.d/inetsvc # # Do we want to enable multicast? # # Default NO # ************************************ # MULTICAST=NO # ************************************ # NET_SECURITY used in /etc/init.d/nettune # # If set to NO, no security tuning will be done # BEWARE!!! # # Default YES # ************************************ # NET_SECURITY=YES # ************************************ # NOSHELL is used in clean_passwd # # If set to the path to an executable file # it will be use to replace the shell of the # user account we blocked, otherwise, it will use /dev/null # # Default /usr/sbin/noshell if it exist, /dev/null otherwise # ************************************ # NOSHELL="/usr/sbin/noshell"