YASSP
MANUAL PAGE
SECclean YASSP.CONF(1)
NAME
yassp.conf - YASSP(1) configuration file
SYNOPSIS
/etc/yassp.conf
DESCRIPTION
The file /etc/yassp.conf is YASSP's configuration file. It
is created during the SECclean installation. It's a shell
script (sh) and is either being sourced by other shell
scripts or is being grep-ed to see the value of specific
variables.
It is composed of two distinct parts: the first part handles
the startup files. When SECclean takes over the startup of
an rc file, it will include a conditional exit in the start
block if a shell variable named based upon the startup file
name is not set to "YES". All these variables are include in
the first part of the /etc/yassp.conf file, and set to "NO"
by default so none of these startup file will be executed at
the boot time.
The end of the first part had some predefined meta-variable,
which enable you to turn on more than one startup file by
changing only one variable. Examples for these variable are
NFS or WORKSTATION.
The second part of the /etc/yassp.conf file deals with vari-
ables used by various scripts included in SECclean, and is
explained below:
SEC_UMASK used in /etc/init.d/umask.sh. Default UMASK
used to run the startup scripts at the boot
time.
Default = 077
DEF_UMASK used in /etc/default/login. Default UMASK for
the users.
Default = 077
USERDENIED used in /opt/local/sbin/clean_passwd. It
represents a list of account name separated
by a ' ' the clean_passwd script will lock
when run.
Default = 'daemon bin sys adm lp smtp uucp
nuucp listen nobody noaccess nobody4'
ROOTALLOWED used in /opt/local/sbin/clean_passwd. Its a
nawk regexp that match all account name with
a UID of 0 the clean_passwd script accept
without locking them.
Default = 'root'
YASSP Last change: Nov 18 2000 1
SECclean YASSP.CONF(1)
USERSDELETED used in /opt/local/sbin/clean_passwd. It
represents a list of account name separated
by a ' ' the clean_passwd script will delete
when run. Note that the account 'root' is
alway excluded from this list.
Default = ''
ROOTNAME used in /opt/local/sbin/clean_passwd. It is a
string (or a shell evaluated expression) use
to replace the root real-name in the gcos-
field of the passwd file.
Default = Root at `uname -n`
WVRPCBIND used in /etc/init.d/rpc. If set to "YES",
/etc/init.d/rpc will start
/usr/sbin/WVrpcbind instead of the standard
SUN rpcbind.
Default = NO
RUNINETD used in /etc/init.d/inetsvc. If set to "YES",
/etc/init.d/inetsvc will start inetd.
Default = NO
SUNSTARTUP used in /etc/init.d/inetsvc and
/etc/init.d/inetinit. If set to "YES", most
of the extra SUN code part of these startup
files (including the use of DHCP, the modif-
ication at boot time of /etc/inet/hosts,
/etc/nsswitch.conf and /etc/resolv.conf, and
eventually the start of routed or rdist) will
be executed at the boot time.
Default = NO
MULTICAST used in /etc/init.d/inetsvc. If set to "YES",
the part dealing with multicast in
/etc/init.d/inetsvc will be executed at the
boot time.
Default = NO
NET_SECURITY used in /etc/init.d/nettune. If set to "YES",
will apply more tuning related to security.
Default = YES
NOSHELL used in /opt/local/sbin/clean_passwd. I
represent the full path used to replace the
shell of locked account.
Default = /usr/sbin/noshell
BUGS
Please send bugs report, suggestions, feedbacks or just com-
ments to <chouanard@parc.xerox.com>. Be sure, when reporting
a bug, to indicate your OS (Output of 'uname -a' ) and the
YASSP Last change: Nov 18 2000 2
SECclean YASSP.CONF(1)
version of YASSP you are using (Output of
'pkginfo -l SECclean' ).
FILES
/etc/yassp.conf
SEE ALSO
yassp.conf(1), clean_passwd(1), parcdaily(1) (if PARCdaily
was installed).
AUTHORS
Jean Chouanard <chouanard@parc.xerox.com>, the YASSP's team
and the SANS institute (http://www.sans.org)
Information about new releases, mailing lists, and other
related issues can be found from the YASSP WWW home page at
http://www.yassp.org/
YASSP Last change: Nov 18 2000 3
Home
Jean
Chouanard, Xerox PARC