--- /dev/null
+
+check:
+ @echo Sanity checking selected files....
+ bash -n bashrc
+ bash -n profile
+ ./uidgidlint ./uidgid
--- /dev/null
+#
+# Aliases in this file will NOT be expanded in the header from
+# Mail, but WILL be visible over networks or from /bin/mail.
+#
+# >>>>>>>>>> The program "newaliases" must be run after
+# >> NOTE >> this file is updated for any changes to
+# >>>>>>>>>> show through to sendmail.
+#
+
+# Basic system aliases -- these MUST be present.
+mailer-daemon: postmaster
+postmaster: root
+
+# General redirections for pseudo accounts.
+bin: root
+daemon: root
+adm: root
+lp: root
+sync: root
+shutdown: root
+halt: root
+mail: root
+news: root
+uucp: root
+operator: root
+games: root
+gopher: root
+ftp: root
+nobody: root
+radiusd: root
+nut: root
+dbus: root
+vcsa: root
+canna: root
+wnn: root
+rpm: root
+nscd: root
+pcap: root
+apache: root
+webalizer: root
+dovecot: root
+fax: root
+quagga: root
+radvd: root
+pvm: root
+amanda: root
+privoxy: root
+ident: root
+named: root
+xfs: root
+gdm: root
+mailnull: root
+postgres: root
+sshd: root
+smmsp: root
+postfix: root
+netdump: root
+ldap: root
+squid: root
+ntp: root
+mysql: root
+desktop: root
+rpcuser: root
+rpc: root
+nfsnobody: root
+
+ingres: root
+system: root
+toor: root
+manager: root
+dumper: root
+abuse: root
+
+newsadm: news
+newsadmin: news
+usenet: news
+ftpadm: ftp
+ftpadmin: ftp
+ftp-adm: ftp
+ftp-admin: ftp
+www: webmaster
+webmaster: root
+noc: root
+security: root
+hostmaster: root
+info: postmaster
+marketing: postmaster
+sales: postmaster
+support: postmaster
+
+
+# trap decode to catch security attacks
+decode: root
+
+# Person who should get root's mail
+#root: marc
--- /dev/null
+# /etc/bashrc
+
+# System wide functions and aliases
+# Environment stuff goes in /etc/profile
+
+# It's NOT a good idea to change this file unless you know what you
+# are doing. It's much better to create a custom.sh shell script in
+# /etc/profile.d/ to make custom changes to your environment, as this
+# will prevent the need for merging in future updates.
+
+# are we an interactive shell?
+if [ "$PS1" ]; then
+ case $TERM in
+ xterm*)
+ if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
+ PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
+ else
+ PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
+ fi
+ ;;
+ screen)
+ if [ -e /etc/sysconfig/bash-prompt-screen ]; then
+ PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
+ else
+ PROMPT_COMMAND='printf "\033]0;%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
+ fi
+ ;;
+ *)
+ [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
+ ;;
+ esac
+ # Turn on checkwinsize
+ shopt -s checkwinsize
+ [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
+ # You might want to have e.g. tty in prompt (e.g. more virtual machines)
+ # and console windows
+ # If you want to do so, just add e.g.
+ # if [ "$PS1" ]; then
+ # PS1="[\u@\h:\l \W]\\$ "
+ # fi
+ # to your custom modification shell script in /etc/profile.d/ directory
+fi
+
+if ! shopt -q login_shell ; then # We're not a login shell
+ # Need to redefine pathmunge, it get's undefined at the end of /etc/profile
+ pathmunge () {
+ case ":${PATH}:" in
+ *:"$1":*)
+ ;;
+ *)
+ if [ "$2" = "after" ] ; then
+ PATH=$PATH:$1
+ else
+ PATH=$1:$PATH
+ fi
+ esac
+ }
+
+ # By default, we want umask to get set. This sets it for non-login shell.
+ # Current threshold for system reserved uid/gids is 200
+ # You could check uidgid reservation validity in
+ # /usr/share/doc/setup-*/uidgid file
+ if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
+ umask 002
+ else
+ umask 022
+ fi
+
+ # Only display echos from profile.d scripts if we are no login shell
+ # and interactive - otherwise just process them to set envvars
+ for i in /etc/profile.d/*.sh; do
+ if [ -r "$i" ]; then
+ if [ "$PS1" ]; then
+ . "$i"
+ else
+ . "$i" >/dev/null 2>&1
+ fi
+ fi
+ done
+
+ unset i
+ unset pathmunge
+fi
+# vim:ts=4:sw=4
--- /dev/null
+ext3
+ext2
+nodev proc
+nodev devpts
+iso9660
+vfat
+hfs
+hfsplus
--- /dev/null
+root::0:root
+bin::1:root,bin,daemon
+daemon::2:root,bin,daemon
+sys::3:root,bin,adm
+adm::4:root,adm,daemon
+tty::5:
+disk::6:root
+lp::7:daemon,lp
+mem::8:
+kmem::9:
+wheel::10:root
+mail::12:mail
+uucp::14:uucp
+man::15:
+games::20:
+gopher::30:
+video::39:
+dip::40:
+ftp::50:
+lock::54:
+audio::63:
+nobody::99:
+users::100:
--- /dev/null
+multi on
+order hosts,bind
--- /dev/null
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
--- /dev/null
+#
+# hosts.allow This file contains access rules which are used to
+# allow or deny connections to network services that
+# either use the tcp_wrappers library or that have been
+# started through a tcp_wrappers-enabled xinetd.
+#
+# See 'man 5 hosts_options' and 'man 5 hosts_access'
+# for information on rule syntax.
+# See 'man tcpd' for information on tcp_wrappers
+#
--- /dev/null
+#
+# hosts.deny This file contains access rules which are used to
+# deny connections to network services that either use
+# the tcp_wrappers library or that have been
+# started through a tcp_wrappers-enabled xinetd.
+#
+# The rules in this file can also be set up in
+# /etc/hosts.allow with a 'deny' option instead.
+#
+# See 'man 5 hosts_options' and 'man 5 hosts_access'
+# for information on rule syntax.
+# See 'man tcpd' for information on tcp_wrappers
+#
--- /dev/null
+# do not bell on tab-completion
+#set bell-style none
+
+set meta-flag on
+set input-meta on
+set convert-meta off
+set output-meta on
+
+# Completed names which are symbolic links to
+# directories have a slash appended.
+set mark-symlinked-directories on
+
+$if mode=emacs
+
+# for linux console and RH/Debian xterm
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+# commented out keymappings for pgup/pgdown to reach begin/end of history
+#"\e[5~": beginning-of-history
+#"\e[6~": end-of-history
+"\e[5~": history-search-backward
+"\e[6~": history-search-forward
+"\e[3~": delete-char
+"\e[2~": quoted-insert
+"\e[5C": forward-word
+"\e[5D": backward-word
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+
+# for rxvt
+"\e[8~": end-of-line
+"\eOc": forward-word
+"\eOd": backward-word
+
+# for non RH/Debian xterm, can't hurt for RH/DEbian xterm
+"\eOH": beginning-of-line
+"\eOF": end-of-line
+
+# for freebsd console
+"\e[H": beginning-of-line
+"\e[F": end-of-line
+$endif
--- /dev/null
+root:*:0:0:root:/root:/bin/bash
+bin:*:1:1:bin:/bin:/sbin/nologin
+daemon:*:2:2:daemon:/sbin:/sbin/nologin
+adm:*:3:4:adm:/var/adm:/sbin/nologin
+lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:*:5:0:sync:/sbin:/bin/sync
+shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
+halt:*:7:0:halt:/sbin:/sbin/halt
+mail:*:8:12:mail:/var/spool/mail:/sbin/nologin
+uucp:*:10:14:uucp:/var/spool/uucp:/sbin/nologin
+operator:*:11:0:operator:/root:/sbin/nologin
+games:*:12:100:games:/usr/games:/sbin/nologin
+gopher:*:13:30:gopher:/var/gopher:/sbin/nologin
+ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:*:99:99:Nobody:/:/sbin/nologin
--- /dev/null
+# /etc/printcap
+#
+# Please don't edit this file directly unless you know what you are doing!
+# This file will be automatically generated by cupsd(8) from the
+# /etc/cups/printers.conf file. All changes to this file
+# will be lost.
+
--- /dev/null
+# /etc/profile
+
+# System wide environment and startup programs, for login setup
+# Functions and aliases go in /etc/bashrc
+
+# It's NOT a good idea to change this file unless you know what you
+# are doing. It's much better to create a custom.sh shell script in
+# /etc/profile.d/ to make custom changes to your environment, as this
+# will prevent the need for merging in future updates.
+
+pathmunge () {
+ case ":${PATH}:" in
+ *:"$1":*)
+ ;;
+ *)
+ if [ "$2" = "after" ] ; then
+ PATH=$PATH:$1
+ else
+ PATH=$1:$PATH
+ fi
+ esac
+}
+
+
+if [ -x /usr/bin/id ]; then
+ if [ -z "$EUID" ]; then
+ # ksh workaround
+ EUID=`id -u`
+ UID=`id -ru`
+ fi
+ USER="`id -un`"
+ LOGNAME=$USER
+ MAIL="/var/spool/mail/$USER"
+fi
+
+# Path manipulation
+if [ "$EUID" = "0" ]; then
+ pathmunge /sbin
+ pathmunge /usr/sbin
+ pathmunge /usr/local/sbin
+else
+ pathmunge /usr/local/sbin after
+ pathmunge /usr/sbin after
+ pathmunge /sbin after
+fi
+
+HOSTNAME=`/bin/hostname 2>/dev/null`
+HISTSIZE=1000
+if [ "$HISTCONTROL" = "ignorespace" ] ; then
+ export HISTCONTROL=ignoreboth
+else
+ export HISTCONTROL=ignoredups
+fi
+
+export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
+
+# By default, we want umask to get set. This sets it for login shell
+# Current threshold for system reserved uid/gids is 200
+# You could check uidgid reservation validity in
+# /usr/share/doc/setup-*/uidgid file
+if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
+ umask 002
+else
+ umask 022
+fi
+
+for i in /etc/profile.d/*.sh ; do
+ if [ -r "$i" ]; then
+ if [ "${-#*i}" != "$-" ]; then
+ . "$i"
+ else
+ . "$i" >/dev/null 2>&1
+ fi
+ fi
+done
+
+unset i
+unset pathmunge
--- /dev/null
+console
+vc/1
+vc/2
+vc/3
+vc/4
+vc/5
+vc/6
+vc/7
+vc/8
+vc/9
+vc/10
+vc/11
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+tty11
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include $(PKGROOT)/Include
+
+PKG_NAME = setup
+PKG_VER = 3.0
+PKG_REL = 1
+
+PKG_MAINTAINER =
+PKG_GROUP = System/Base
+PKG_URL =
+PKG_LICENSE = Public Domain
+PKG_SUMMARY = A set of system configuration and setup files.
+
+PKG_BUILD_DEPS = # Need no compiler.
+PKG_DEPS += iana-etc
+
+define PKG_DESCRIPTION
+ The setup package contains a set of important system configuration and
+ setup files, such as passwd, group, and profile.
+endef
+
+DIR_APP = $(DIR_SOURCE)
+
+define STAGE_BUILD
+ cd $(DIR_APP) && ./shadowconvert.sh
+endef
+
+define STAGE_TEST
+ cd $(DIR_APP) && make check
+endef
+
+define STAGE_INSTALL
+ -mkdir -pv $(BUILDROOT)/etc/profile.d $(BUILDROOT)/var/log
+
+ for i in aliases bashrc exports filesystems group gshadow host.conf \
+ hosts hosts.allow hosts.deny inputrc motd passwd printcap \
+ profile securetty shadow shells; do \
+ cp -vf $(DIR_APP)/$${i} $(BUILDROOT)/etc || exit 1; \
+ done
+
+ touch $(BUILDROOT)/etc/{environment,fstab} $(BUILDROOT)/var/log/lastlog
+ chmod -v 0400 $(BUILDROOT)/etc/{,g}shadow
+endef
--- /dev/null
+#!/bin/bash
+if [ x`pwd` = "x/etc" ]
+then
+ echo Cannot operate directly on \"/etc\". >&2
+ exit 1
+fi
+
+#make prototype for /etc/shadow
+sed -e "s/:.*/:*:`expr $(date +%s) / 86400`:0:99999:7:::/" passwd >shadow
+
+#make prototype for /etc/gshadow
+sed -e 's/:[0-9]\+:/::/g' group >gshadow
+
+#mark passwd and group files entries shadowed
+sed -i -e 's/^\([^:]\+\):[^:]*:/\1:x:/' passwd group
+
+echo Converted successfully.
+exit 0
--- /dev/null
+/bin/sh
+/bin/bash
+/sbin/nologin
--- /dev/null
+NAME UID GID HOME SHELL PACKAGES
+root 0 0 /root /bin/bash setup
+bin 1 1 /bin /sbin/nologin setup
+daemon 2 2 /sbin /sbin/nologin setup
+sys - 3 - - setup
+adm 3 4 /var/adm /bin/bash setup
+tty - 5 - - setup
+disk - 6 - - setup
+lp 4 7 /var/spool/lpd /sbin/nologin setup
+mem - 8 - - setup
+kmem - 9 - - setup
+wheel - 10 - - setup
+cdrom - 11 - - udev,MAKEDEV
+sync 5 (0) /sbin /bin/sync setup
+shutdown 6 (0) /sbin /sbin/shutdown setup
+halt 7 (0) /sbin /sbin/halt setup
+mail 8 12 /var/spool/mail /sbin/nologin setup
+news 9 13 /var/spool/news /sbin/nologin setup
+uucp 10 14 /var/spool/uucp /sbin/nologin setup
+operator 11 (0) /root /sbin/nologin setup
+games 12 (100) /usr/games /sbin/nologin setup
+gopher 13 30 /usr/lib/gopher-data /sbin/nologin setup
+ftp 14 50 /var/ftp /sbin/nologin setup
+man - 15 - - setup
+oprofile 16 16 /home/oprofile /sbin/nologin oprofile
+pkiuser 17 17 /usr/share/pki /sbin/nologin pki-ca,rhpki-ca
+dialout - 18 - - udev,MAKEDEV
+floppy - 19 - - dev,MAKEDEV
+games - 20 - - setup
+slocate - 21 - - slocate
+utmp - 22 - - initscripts,libutempter
+squid 23 23 /var/spool/squid /dev/null squid
+pvm 24 24 /usr/share/pvm3 /bin/bash pvm
+named 25 25 /var/named /bin/false bind
+postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server
+mysql 27 27 /var/lib/mysql /bin/bash mysql
+nscd 28 28 / /bin/false nscd
+rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils
+console - 31 - - dev
+rpc 32 32 / /bin/false portmap
+amanda 33 (6) /var/lib/amanda /bin/false amanda
+tape - 33 - - udev,MAKEDEV
+netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server
+utempter - 35 - - libutempter
+vdsm 36 - / /bin/bash kvm, vdsm
+kvm - 36 - - kvm, vdsm, libvirt
+rpm 37 37 /var/lib/rpm /bin/bash rpm
+ntp 38 38 /etc/ntp /sbin/nologin ntp
+video - 39 - - setup
+dip - 40 - - setup
+mailman 41 41 /var/mailman /bin/false mailman
+gdm 42 42 /var/gdm /bin/bash gdm
+xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs
+pppusers - 44 - - linuxconf
+popusers - 45 - - linuxconf
+slipusers - 46 - - linuxconf
+mailnull 47 47 /var/spool/mqueue /dev/null sendmail
+apache 48 48 /var/www /bin/false apache
+wnn 49 49 /home/wnn /bin/bash FreeWnn
+smmsp 51 51 /var/spool/mqueue /dev/null sendmail
+puppet 52 52 /var/lib/puppet /sbin/nologin puppet
+tomcat 53 53 /var/lib/tomcat /sbin/nologin tomcat
+lock - 54 - - lockdev
+ldap 55 55 /var/lib/ldap /bin/false openldap-servers
+frontpage 56 56 /var/www /bin/false mod_frontpage
+nut 57 57 /var/lib/ups /bin/false nut
+beagleindex 58 58 /var/cache/beagle /bin/false beagle
+tss 59 59 - /sbin/nologin trousers
+piranha 60 60 /etc/sysconfig/ha /dev/null piranha
+prelude-manager 61 61 - /sbin/nologin prelude-manager
+snortd 62 62 - /sbin/nologin snortd
+audio - 63 - - setup
+condor 64 64 /var/lib/condor /sbin/nologin condord
+nslcd 65 (55) / /sbin/nologin nslcd
+wine - 66 - - wine
+pegasus 66 65 /var/lib/Pegasus /sbin/nologin tog-pegasus
+webalizer 67 67 /var/www/html/usage /sbin/nologin webalizer
+haldaemon 68 68 / /sbin/nologin hal
+vcsa 69 69 - /sbin/nologin dev,MAKEDEV
+avahi 70 70 /var/run/avahi-daemon /sbin/nologin avahi
+realtime - 71 - - -
+tcpdump 72 72 / /sbin/nologin tcpdump
+privoxy 73 73 /etc/privoxy /bin/bash privoxy
+sshd 74 74 /var/empty/sshd /sbin/nologin openssh-server
+radvd 75 75 / /bin/false radvd
+cyrus 76 (12) /var/imap /bin/bash cyrus-imapd
+saslauth - 76 - - cyrus-imapd
+arpwatch 77 77 /var/lib/arpwatch /sbin/nologin arpwatch
+fax 78 78 /var/spool/fax /sbin/nologin mgetty
+nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse
+desktop 80 80 - /sbin/nologin desktop-file-utils
+dbus 81 81 / /sbin/nologin dbus
+jonas 82 82 /var/lib/jonas /sbin/nologin jonas
+clamav 83 83 /tmp /sbin/nologin clamav
+screen - 84 - - screen
+quaggavt - 85 - - quagga
+sabayon 86 86 - /sbin/nologin sabayon
+polkituser 87 87 / /sbin/nologin PolicyKit
+wbpriv - 88 - - samba-common
+postfix 89 89 /var/spool/postfix /bin/true postfix
+postdrop - 90 - - postfix
+majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo
+quagga 92 92 / /sbin/nologin quagga
+exim 93 93 /var/spool/exim /sbin/nologin exim
+distcache 94 94 / /sbin/nologin distcache
+radiusd 95 95 / /bin/false freeradius
+hsqldb 96 96 /var/lib/hsqldb /sbin/nologin hsqldb
+dovecot 97 97 /usr/libexec/dovecot /sbin/nologin dovecot
+ident 98 98 / /sbin/nologin ident
+nobody 99 99 / /sbin/nologin setup
+users - 100 - - setup
+qemu 107 107 / /sbin/nologin libvirt
+ovirt 108 108 / /sbin/nologin libvirt
+rhevm 109 109 /home/rhevm /sbin/nologin vdsm-reg
+saned 111 111 / /sbin/nologin sane-backends
+vhostmd 112 112 /usr/share/vhostmd /sbin/nologin vhostmd
+usbmuxd 113 113 / /sbin/nologin usbmuxd
+bacula 133 133 /var/spool/bacula /sbin/nologin bacula
+ricci 140 140 /var/lib/ricci /sbin/nologin ricci
+luci 141 141 /var/lib/luci /sbin/nologin luci
+stap-server 155 155 /var/lib/stap-server /sbin/nologin systemtap
+avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi
+pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio
+rtkit 172 172 /proc /sbin/nologin rtkit
+abrt 173 173 /etc/abrt /sbin/nologin abrt
+gnats ? ? ? ? gnats, gnats-db
+listar ? ? ? ? listar
+nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils
+
+# Note: nfsnobdy is 4294967294 on 64-bit platforms (-2)
--- /dev/null
+#!/bin/sh
+# We need a file to look at.
+if [ -z "$*" ] ; then
+ echo Usage: `basename $0` uidgid
+ exit 1
+fi
+# The format of the file is (currently)
+for infile in "$@" ; do
+ uidlist=`tail -n +2 "$infile" | awk '{print $2}' | grep -v '?' | grep -v -e - | sort -nu`
+ gidlist=`tail -n +2 "$infile" | awk '{print $3}' | grep -v '?' | grep -v -e - | sort -nu`
+ for uid in $uidlist ; do
+ if test `tail -n +2 "$infile" | awk '{print $2}' | grep '^'"$uid"'$' | wc -l` -ne 1 ; then
+ echo Duplicate UID: $uid
+ exit 1
+ fi
+ done
+ for gid in $gidlist ; do
+ if test `tail -n +2 "$infile" | awk '{print $3}' | grep '^'"$gid"'$' | wc -l` -ne 1 ; then
+ echo Duplicate GID: $gid
+ exit 1
+ fi
+ done
+done
+exit 0