summaryrefslogtreecommitdiff
path: root/sysconf
AgeCommit message (Collapse)Author
2011-01-20Bugfix 6668: Check to see if log files need rotation hourly.Bob Gilligan
Previously, log file rotation was checked by cron daily. Some log file -- such as those generated by PPP -- can grow rapidly. Such infrequent checking can lead to running out of disk space on systems with small disk drives or flash storage. This change checks for rotation hourly. (cherry picked from commit 71a31ff516ef63f5ce52ca1bca17e10497a6a15d) (cherry picked from commit 507d28da53a8a40ef70a23031d06a2ec823fef64)
2010-11-24Revert "Don't need to rename vlan devices"Stephen Hemminger
This reverts commit c2c15ef2d6a85d40e778a0d84f243d2ae99c56ba.
2010-11-24Add cpufrequtils default config fileStephen Hemminger
If cpufrequtils is installed, then want the default to be full performance.
2010-11-23Don't need to rename vlan devicesStephen Hemminger
Avoid calling vyatta_net_name on vlan's
2010-10-28Fix goto in vyatta-net.rulesStephen Hemminger
2010-10-27Don't rename vif and other non-driver interfacesStephen Hemminger
Bug 6379 Just leave vlan and other pseudo-interface names alone.
2010-10-26Change vyatta_net_name into a perl scriptStephen Hemminger
Use existing config parser and perl to handle udev device naming. Do renaming early in udev boot, and fixup config file later. This avoids rescanning udev devices on boot and adds preliminary support for hotplug.
2010-10-11Add default vyatta rsyslog config rulesStephen Hemminger
This fixes case where rsyslog finds no targets on boot
2010-10-10Add ubuntu changes to rsyslogStephen Hemminger
Kernel messages and repeated message option
2010-10-08Convert from syslog to rsyslogStephen Hemminger
Configuration file is /etc/rsyslog.conf and it is supports directory of include parameters so do not need to edit rsyslog.conf directly
2010-10-07Put udev rules in /lib/udevStephen Hemminger
Udev rules have moved from /etc/udev to /lib/udev on Debian Squeeze
2010-10-07Change udev network naming to be more cooperativeStephen Hemminger
Other udev scripts may have configured the device name before the Vyatta script runs. Use the convention followed by the standard persistent network name script; only applly name rules if interface does not already have name assigned.
2010-09-13more fixes for bug 6152An-Cheng Huang
* second udev invocation now has ACTION "change" in squeeze. * DRIVERS no longer available from squeeze udev.
2010-09-13partial fix for bug 6152An-Cheng Huang
* as discussed, remove the wireless rule that causes warning
2010-09-03fix squeeze pathsAn-Cheng Huang
2010-07-14Enable putting core files /var/coreStephen Hemminger
For serviceablity put core files in /var/core. But core file will still not be created unless process is running with permission to write there, and has ulimit permission.
2010-07-01Touch file before setting capabilityStephen Hemminger
Unionfs should copyup the xattr automatically, but it doesn't so use touch to force a copyup before setting attributes.
2010-06-20Fix path to ipsetStephen Hemminger
2010-06-17Don't need audit write on vbashStephen Hemminger
Not using auditing for command logging.
2010-06-16Remove capability from pingStephen Hemminger
Ping is already setuid root.
2010-06-04Add pam_cap capability configurationStephen Hemminger
2010-06-04Set file capability attributesStephen Hemminger
This sets file capability attributes during package installation (and build) to allow better security models.
2010-01-26Get rid of protected-users fileStephen Hemminger
Instead of white-listing special system users, just go with the Debian policy that all users with uid < 1000 are system accounts
2010-01-20Set IPV6 parameters in rl-system.initStephen Hemminger
The problem is that IPV6 module is not loaded when sysctl's are interpreted during boot, and we want to allow marking IPV6 disabled.
2010-01-19Change how IPV4/IPV6 configuration values are doneStephen Hemminger
1. Move vyatta-sysctl.conf from rl-system.init to procps This makes configuration happen early (before networking) 2. Do IPV6 configuration for address_flush in rl-system.init (after IPV6 is loaded) 3. Cleanup shell code for ipv6_params: * no sudo needed in startup scripts * use cleaner iteration
2010-01-14Add sysctl to control IPV6 address flushStephen Hemminger
Bug 3696 This adds parameter to keep Vyatta IPV6 behavior
2009-12-23Set default to only ARP if IP address matches received interfaceStephen Hemminger
This is a resolution of Bug 5031 Set default to 1 - reply only if the target IP address is local address configured on the incoming interface. This makes Vyatta behaves like interface base address model.
2009-12-08Keep udev from borking wireless device namesStephen Hemminger
If second wlan device is created (for multiple ssid), then udev rules don't know how to handle it. For now, just accept what kernel gives us.
2009-11-11Remove blank lineStephen Hemminger
2009-11-05radius: only try first password if first moduleStephen Hemminger
2009-11-05Move user configuration information to filesStephen Hemminger
1. Complete migration of protected-users from hardcoded in User.pm to /opt/vyatta/etc/protected-user 2. Put mapping from level to group in file.
2009-11-03Fix pam-auth-update errors from radiusStephen Hemminger
2009-11-03Remove blank lineStephen Hemminger
Causes pam-auth-update to barf Use of uninitialized value $3 in split at /usr/sbin/pam-auth-update line 620, <CURRENT> line 19. Use of uninitialized value $curmod in quotemeta at /usr/sbin/pam-auth-update line 628, <CURRENT> line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, <CURRENT> line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, <CURRENT> line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, <CURRENT> line 19. Use of uninitialized value $curmod in hash element at /usr/sbin/pam-auth-update line 650, <CURRENT> line 19.
2009-11-02rename pam-radius to pam_radius.cfgStephen Hemminger
Use a reasonable suffix for file type
2009-10-29radius client: try first password only if not firstStephen Hemminger
2009-10-27Use pam-auth-update to configure radiusStephen Hemminger
This keeps radius from fighting with tacacs+
2009-09-22Bugfix 4951: Don't fail if IPv6 kernel module is not loaded.Bob Gilligan
Handle cases where IPv6 kernel module is not loaded more gracefully.
2009-08-12Don't change name of non-ethernet devicesStephen Hemminger
Don't rename wireless devices to be ethX.
2009-07-30Fix 4748: Pre-login message files (/etc/issue,/etc/issue.net) areStig Thormodsrud
replaced with Debian branding during full-upgrade to Jenner (cherry picked from commit cbdcd18b2e5328d24a9dfe04dfa015f8375b50ac)
2009-07-17Make telnet management smarterStephen Hemminger
Bug 4591 Consolidate check for telnet login Don't remove /etc/securetty edit it (cherry picked from commit c6c477f2ffb0f2fd4cf12882f22c2c44ab57cc46)
2009-06-17Merged from Jenner.Bob Gilligan
2009-05-24Simplify ntp.confStephen Hemminger
Only put comments in about features that are used.
2009-05-22add iburstStephen Hemminger
2009-05-22Put server at end of fileStephen Hemminger
So when CLI updates ntp.conf, the file stays same format
2009-05-22Add NTP configuration fileStephen Hemminger
There are options (like restrict) that should be ntp.conf This would reduce security exposure of the router (see recent CVE). Also, this avoid restarting ntp server on boot when using the default vyatta ntp server.
2009-04-09Resolve problems with syslog.confStephen Hemminger
Default fallback code was broken Change to blocked out region for Vyatta config.
2009-04-08Rewrite existing syslog configuration updateStephen Hemminger
Do most of the work in the rewritten vyatta_update_syslog code. Handle multiple facilities for same target without causing duplicate log messages. Never restart syslog daemon, just reload it and only if the configuration has changed.
2009-04-01Don't double log quagga messagesStephen Hemminger
Bug 4205 Duplicate messages in syslog for quagga notice and above messages.
2009-02-27Fix Bug 2463 Allow the neighbor table threshold values to beMohit Mehta
modified via the CLI - (modify ARP table size) * added cli to configure [arp (ipv4)] and [neighbor (ipv6)] table-size * set default value for arp_announce so as to avoid local addresses that are not in the target's subnet for the interface
2009-02-24set default values for ipv6 accept_redirects and accept_source_routeMohit Mehta