Absolute OpenBSD: Unix for the Practical Paranoid

Common /etc/rc.conf Assignments

The following are the /etc/rc.conf entries found in an OpenBSD 3.2 system. They may differ slightly from the flags found in your particular release of OpenBSD. If you come across an unfamiliar variable, check /etc/rc to see what it does.

This section deliberately does not list all possible options to each variable. Check the manual page for the program the variable starts for specific details. This section merely gives a few basic pointers on what is available and hints about things you might want to look at.

Routing Options

The following options configure OpenBSD's routing management, for both IPv4 and IPv6.

routed_flags

This enables the routing daemon, routed(8). Routed(8) handles RIP (version 1 and 2) and IRDP routing. If you need anything more complicated than routed(8), you probably want to install gated(8).

mrouted_flags

This controls the multicast routing daemon, turning your OpenBSD system into a multicast router. Under normal (non-multicast) environments, you do not want to enable this! For multicast routing to work properly, be sure to enable multicast_router later in this file.

multicast_host

This tells the system that it will support multicasting. Multicasting is a very tricky process, and if you're really interested in it read /etc/netstart for details on how this variable is used.

multicast_router

If you set this to YES, OpenBSD will look for a multicast router running on the local system. If this entry is set to an interface name, OpenBSD will look for a multicast router outside that interface.

gated

This manages the gated(8) routing program. Note that gated is not installed by default; you must install it before using it.

gated_flags

This gives any flags to gated(8), if you install and run it.

Packet Filtering

These variables control the behavior of the integrated packet filter, pf(4). We go into great detail about pf(4) in Chapters 17–19.

pf

If you are using packet filtering or NAT, set this to YES.

pf_rules

This points to the file containing all the packet filter rules, /etc/pf.conf by default.

pflogd_flags

This gives additional flags to be given to pflog(8). The pflog program starts automatically if pf(4) is enabled.

Diskless Clients

The following variables control OpenBSD's support for servers for various sorts of diskless clients.

bootparamd_flags

This enables and manages rpc.bootparamd(8). If you provide boot information to diskless clients from this machine, you want this.

rbootd_flags

This enables the remote booting protocol used by diskless HP workstations. Take a look at rbootd(8) for details.

mopd_flags

mopd services bootfile requests from MOP diskless clients (generally, older DEC workstations).

Time Management

OpenBSD supports two different styles of time server, timed(8) and ntpd(8). Timed is older, but is integrated with OpenBSD. Ntpd is newer and used more widely, but is an add-on; we install ntpd in our example in Chapter 13. Both must run very early in the startup process, so they have hooks in /etc/rc.

The two protocols are not interchangeable!

rdate_flags

You can run rdate(8) at boot, to set the system time from a central time server. If you want to use this, put the name or IP address of your rdate server in quotes here. Do not confuse this with ntpdate(8), however; it is a different program, and does not interoperate with Network Time Protocol!

timed_flags

The timed(8) program is used to synchronize time on a network. This is different than ntpd. However, do not confuse the two; they do not interoperate!

ntpdate_flags

This enables setting the system clock from a central time server via Network Time Protocol. If you want to use ntpdate, give this variable the value of the NTP server you want to update from.

ntpd

This starts and the ntpd continuous time synchronization client.

Daemons

The following variables control the assorted network daemons integrated with OpenBSD.

sshd_flags=""

This manages the ssh daemon, sshd(8). You will find the global configuration files in /etc/ssh (see Chapter 19).

named_flags

This enables and configures the nameserver, good old-fashioned ISC BIND. Setting this to two empty quotes starts the nameserver in the default configuration. Note that OpenBSD includes BIND version 8. This version of BIND supports the most commonly used functionality and has been independently audited by the OpenBSD team. You're welcome to install a newer version of BIND, if you need it.

named_user

named(8) should run as a regular user, not as root. The default user, called "named," is good for almost all circumstances.

named_chroot

This is the directory where named(8) should chroot after starting. The default, /var/named, is fine for just about any installation.

sendmail_flags

This enables and gives command-line options to sendmail(8). By default, OpenBSD's sendmail listens only on the localhost address.

httpd_flags

OpenBSD includes the Apache web server. Note that in normal use on OpenBSD, Apache is run in a chroot environment. To have Apache not chroot, use the "-u" flag. This is not recommended.

dhcpd_flags

This enables and starts the DHCP server daemon, dhcpd(8). It is configured via /etc/dhcpd.conf.

lpd_flags

This starts and configures the Line Printer Daemon.

ftpd_flags

If you only have a few FTP connections, you can choose to run ftpd(8) out of inetd. Set this variable to "-D" if you want ftpd(8) to run in standalone mode. This is suitable if your server is primarily a FTP server.

inetd

This starts and manages the inetd server. See Chapter 19 for some hints on running inetd.

identd_flags

This starts and configures the identification daemon identd(8). While it's most commonly used out of inetd(8), you can run it in standalone mode by giving this variable the proper flags.

rwhod

If you set this to YES, OpenBSD will start rwhod(8) upon boot.

syslogd_flags

This starts and configures the system logger, syslogd(8).

wsmoused_flags

When set to empty quotes, this turns on PS/2 or USB mice in console mode. You can highlight, cut, and paste in a text-mode console with console mice. See moused(8) for other possible options.

IPv6 features

/etc/rc.conf includes several variables for IPv6 and related features. Although we aren't covering IPv6 in this book, we'll mention these here just so you have some sort of clue what they mean when you stumble across them.

isakmpd_flags

This manages the other IPSec key management daemon, isakmpd(8).

rtadvd_flags

This enables and configures router advertisements for IPv6 routing.

route6d_flags

Route6d supports RIP over IPv6. If you need to route RIP over IPv6, you want this. Be sure to enable IPv6 packet forwarding if you want this!

rtsold_flags=NO

rtsold(8) helps a system find an IPv6 router. Set this to the name of your network interface if you want to use it. Be sure to set the sysctl net.inet6.ip6.aceept_rtadv to 1 if you enable this (see Chapter 11).

NFS

While you need to configure NFS in /etc/exports, /etc/rc.conf tells the system how to start a variety of programs and services that support NFS.

nfs_server

If you set this to YES, OpenBSD will start the NFS server.

lockd

If you set this to YES, OpenBSD will start rpc.lockd(8). You need to have the NFS server enabled to run this properly.

amd

This starts and configures the automounter daemon, amd(8).

amd_dir

This variable gives the location where amd(8)-mounted directories are mounted.

amd_master

This variable points to the file containing amd(8)'s master map.

portmap

Set this to YES to enable portmap(8). If you are using NFS in almost any way, you want this.

nfsd_flags

This gives any flags to the server-side NFS request services, nfsd(8). Nfsd starts automatically if the machine is configured as a NFS server.

AFS configuration

OpenBSD has considerable support for AFS. If you're not using AFS, you can leave all of these settings unchanged.

afs

This enables mounting and running AFS file systems. For this to work, you must also set afs_mount_point and afs_device.

afs_mount_point

This is the directory where AFS files are mounted.

afs_device

This is the device name used by afsd(8).

afsd_flags

These are extra flags handed to afsd(8). Afsd runs automatically if you set afs=YES.

Kerberos Setup

OpenBSD includes Kerberos version V.

krb5_master_kdc

This enables the Kerberos V ("Heidmal") domain controller server.

krb5_slave_kdc

This enables the Kerberos V slave domain controller server.

Miscellaneous Variables

The following is a catch-all of other variables that appear in /etc/rc.conf.

rarpd_flags

This enables and manages the rarpd(8) daemon, which provides a TCP wrappers-style service for MAC addresses.

apmd_flags

This starts and configures the Advanced Power Management daemon, apmd(8).

xdm_flags

This manages the xdm(1) X display manager.

check_quotas

When set to YES, OpenBSD will regularly limit users' disk usage as described in quota(1).

savecore_flags

This gives options to savecore(8), should the system find a kernel dump upon rebooting after a panic.

ypserv_flags

This gives any flags to the ypserv(8) information services daemon. Ypserv starts automatically if YP services are configured.

yppasswdd_flags

This allows you to hand any flags to the yppasswd daemon. Yppasswd starts automatically if YP services are configured.

shlib_dirs

Put extra directories to be included by ldconfig(8) during boot here.

Категории