boa/0040775002561700256170000000000007550506117007777 5ustar jkmjkmboa/cgi-bin/0040775002561700256170000000000007550506117011307 5ustar jkmjkmboa/cgi-bin/showconf0100775002561700256170000000006007533205001013041 0ustar jkmjkm#!/bin/sh echo ; echo cat /flash/etc/sipo.conf boa/cgi-bin/showstats0100775002561700256170000000031407533207043013264 0ustar jkmjkm#!/bin/sh echo ; echo echo Interfaces ip addr echo ip -s link echo ; echo Routing table ip ro echo ; echo Neighbor info ip nei echo ; echo Memory info cat /proc/meminfo echo ; echo Kernel log dmesg boa/www/0040775002561700256170000000000007550506117010623 5ustar jkmjkmboa/www/index.html0100664002561700256170000000032407533207043012611 0ustar jkmjkm SIPO SIPO

boa/www/readme.txt0100664002561700256170000000005607506154531012617 0ustar jkmjkmHello! This is an example WWW root directory. etc/0040775002561700256170000000000007550506117010011 5ustar jkmjkmetc/bootrc0100755002561700256170000000216007550271537011226 0ustar jkmjkm#!/bin/sh # Entry point to configurable startup - called from /etc/bootrc after file # systems have been mounted and network interfaces renamed # Read in configuration . /flash/etc/sipo.conf # do not allow forwarding before all setup has been completed echo 0 > /proc/sys/net/ipv4/ip_forward # setup network interface ip addr add 127.0.0.1/8 dev lo ip link set dev lo up set_interface() { if [ -z "$2" ]; then return fi echo "Setting up interface '$1' - '$2'" if [ "$2" = "dhcp" ]; then udhcpc -i "$1" -s /flash/etc/udhcp/udhcpc-script -b else ip addr add "$2" dev "$1" ip link set dev "$1" up fi } set_interface public "$PUBLIC" set_interface private "$PRIVATE" set_interface dmz "$DMZ" if [ -n "$DEFAULTGW" ]; then ip ro add default via "$DEFAULTGW" fi if [ -n "$REMOTE_SYSLOG" ]; then syslogd -R "$REMOTE_SYSLOG" if [ "$USE_KLOGD" = "yes" ]; then klogd fi fi # Execute additional startup scripts (if present) for i in /flash/etc/bootrc-extra-*; do if [ -x "$i" ]; then "$i" fi done if [ "$IP_FORWARD" = "yes" ]; then echo 1 > /proc/sys/net/ipv4/ip_forward fi etc/resolv.conf0100664002561700256170000000012607506156655012177 0ustar jkmjkm# FIX: setup DNS servers here or use DHCP to update this file # nameserver 127.0.0.1 etc/sipo.conf0100664002561700256170000000073207533204644011632 0ustar jkmjkm# GPL SIPO configuration # Network interfaces # static address: IP addr/prefix len, e.g., 192.168.1.254/24 # get with DHCP: dhcp # not in use: leave empty PUBLIC=dhcp DMZ=192.168.1.6/24 PRIVATE= # Default GW IP address. Leave empty if not set (e.g., to use the router # information from DHCP server). DEFAULTGW= # IP address for remove syslog server REMOTE_SYSLOG= # Log kernel messages to remote syslog (yes/no) USE_KLOGD=no IP_FORWARD=yes ALLOW_SSH_FROM_PUBLIC=yes etc/bootrc-extra-iptables0100775002561700256170000000105407550061167014147 0ustar jkmjkm#!/bin/sh . /flash/etc/sipo.conf for i in ip_tables ip_conntrack iptable_filter iptable_nat ip_conntrack_ftp \ ip_nat_ftp ipt_state ipt_LOG ipt_MASQUERADE; do insmod $i >> /tmp/boot.log done iptables-restore < /flash/etc/iptables.conf if [ "$ALLOW_SSH_FROM_PUBLIC" = "yes" ]; then iptables -I INPUT -i public -p tcp --dport 22 -j ACCEPT fi for i in public private dmz; do if [ -d /proc/sys/net/ipv4/conf/$i ]; then echo 1 > /proc/sys/net/ipv4/conf/$i/log_martians echo 1 > /proc/sys/net/ipv4/conf/$i/rp_filter fi done etc/iptables.conf0100664002561700256170000000224007550061167012457 0ustar jkmjkm# iptables filter setup # *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o public -j MASQUERADE COMMIT # *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] # # create dynacl chain for fwauth use -N dynacl -A dynacl -j LOG --log-prefix "DROP(in-dynacl): " -A dynacl -j DROP # # allow outgoing connection to public interface -A INPUT -i public -m state --state ESTABLISHED,RELATED -j ACCEPT # use fwauth controlled ACL for SSH access -A INPUT -i public -p tcp --dport 22 -j dynacl # allow incoming ping for diagnostics purposes -A INPUT -i public -p icmp --icmp-type echo-request -j ACCEPT # drop any other connection attempt incoming from public interface -A INPUT -i public -j LOG --log-prefix "DROP(in-public): " -A INPUT -i public -j DROP # # allow only outgoing connection using NAPT for forwarded packets -A FORWARD -o private -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -o private -j LOG --log-prefix "DROP(NAPT,establ): " -A FORWARD -o private -j DROP -A FORWARD -i private -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A FORWARD -j LOG --log-prefix "DROP(unknown): " -A FORWARD -j DROP COMMIT etc/boa.conf0100664002561700256170000001643207533204710011417 0ustar jkmjkm# Boa v0.94 configuration file # File format has not changed from 0.93 # File format has changed little from 0.92 # version changes are noted in the comments # # The Boa configuration file is parsed with a lex/yacc or flex/bison # generated parser. If it reports an error, the line number will be # provided; it should be easy to spot. The syntax of each of these # rules is very simple, and they can occur in any order. Where possible # these directives mimic those of NCSA httpd 1.3; I saw no reason to # introduce gratuitous differences. # $Id: boa.conf,v 1.2 2002/08/28 17:35:04 jkm Exp $ # The "ServerRoot" is not in this configuration file. It can be compiled # into the server (see defines.h) or specified on the command line with # the -c option, for example: # # boa -c /usr/local/boa # Port: The port Boa runs on. The default port for http servers is 80. # If it is less than 1024, the server must be started as root. Port 80 # Listen: the Internet address to bind(2) to. If you leave it out, # it takes the behavior before 0.93.17.2, which is to bind to all # addresses (INADDR_ANY). You only get one "Listen" directive, # if you want service on multiple IP addresses, you have three choices: # 1. Run boa without a "Listen" directive # a. All addresses are treated the same; makes sense if the addresses # are localhost, ppp, and eth0. # b. Use the VirtualHost directive below to point requests to different # files. Should be good for a very large number of addresses (web # hosting clients). # 2. Run one copy of boa per IP address, each has its own configuration # with a "Listen" directive. No big deal up to a few tens of addresses. # Nice separation between clients. # The name you provide gets run through inet_aton(3), so you have to use dotted # quad notation. This configuration is too important to trust some DNS. #Listen 192.68.0.5 # User: The name or UID the server should run as. # Group: The group name or GID the server should run as. User nobody Group nogroup # ServerAdmin: The email address where server problems should be sent. # Note: this is not currently used, except as an environment variable # for CGIs. #ServerAdmin root@localhost # ErrorLog: The location of the error log file. If this does not start # with /, it is considered relative to the server root. # Set to /dev/null if you don't want errors logged. # If unset, defaults to /dev/stderr # ErrorLog /var/log/boa/error_log # Please NOTE: Sending the logs to a pipe ('|'), as shown below, # is somewhat experimental and might fail under heavy load. # "Usual libc implementations of printf will stall the whole # process if the receiving end of a pipe stops reading." #ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/boa/error_log /var/log/boa/error-%Y%m%d.log" # AccessLog: The location of the access log file. If this does not # start with /, it is considered relative to the server root. # Comment out or set to /dev/null (less effective) to disable # Access logging. # AccessLog /var/log/boa/access_log # Please NOTE: Sending the logs to a pipe ('|'), as shown below, # is somewhat experimental and might fail under heavy load. # "Usual libc implementations of printf will stall the whole # process if the receiving end of a pipe stops reading." #AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log" # UseLocaltime: Logical switch. Uncomment to use localtime # instead of UTC time #UseLocaltime # VerboseCGILogs: this is just a logical switch. # It simply notes the start and stop times of cgis in the error log # Comment out to disable. #VerboseCGILogs # ServerName: the name of this server that should be sent back to # clients if different than that returned by gethostname + gethostbyname #ServerName www.your.org.here ServerName localhost # VirtualHost: a logical switch. # Comment out to disable. # Given DocumentRoot /var/www, requests on interface 'A' or IP 'IP-A' # become /var/www/IP-A. # Example: http://localhost/ becomes /var/www/127.0.0.1 # # Not used until version 0.93.17.2. This "feature" also breaks commonlog # output rules, it prepends the interface number to each access_log line. # You are expected to fix that problem with a postprocessing script. #VirtualHost # DocumentRoot: The root directory of the HTML documents. # Comment out to disable server non user files. DocumentRoot /flash/boa/www # UserDir: The name of the directory which is appended onto a user's home # directory if a ~user request is recieved. UserDir public_html # DirectoryIndex: Name of the file to use as a pre-written HTML # directory index. Please MAKE AND USE THESE FILES. On the # fly creation of directory indexes can be _slow_. # Comment out to always use DirectoryMaker DirectoryIndex index.html # DirectoryMaker: Name of program used to create a directory listing. # Comment out to disable directory listings. If both this and # DirectoryIndex are commented out, accessing a directory will give # an error (though accessing files in the directory are still ok). DirectoryMaker /bin/boa_indexer # DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker # has been commented out, the the on-the-fly indexing of Boa can be used # to generate indexes of directories. Be warned that the output is # extremely minimal and can cause delays when slow disks are used. # Note: The DirectoryCache must be writable by the same user/group that # Boa runs as. # DirectoryCache /var/spool/boa/dircache # KeepAliveMax: Number of KeepAlive requests to allow per connection # Comment out, or set to 0 to disable keepalive processing KeepAliveMax 1000 # KeepAliveTimeout: seconds to wait before keepalive connection times out KeepAliveTimeout 10 # MimeTypes: This is the file that is used to generate mime type pairs # and Content-Type fields for boa. # Set to /dev/null if you do not want to load a mime types file. # Do *not* comment out (better use AddType!) # MimeTypes /etc/mime.types MimeTypes /dev/null # DefaultType: MIME type used if the file extension is unknown, or there # is no file extension. DefaultType text/plain # CGIPath: The value of the $PATH environment variable given to CGI progs. CGIPath /bin:/usr/bin:/usr/local/bin # SinglePostLimit: The maximum allowable number of bytes in # a single POST. Default is normally 1MB. # AddType: adds types without editing mime.types # Example: AddType type extension [extension ...] AddType text/html html AddType text/html htm # Uncomment the next line if you want .cgi files to execute from anywhere #AddType application/x-httpd-cgi cgi # Redirect, Alias, and ScriptAlias all have the same semantics -- they # match the beginning of a request and take appropriate action. Use # Redirect for other servers, Alias for the same server, and ScriptAlias # to enable directories for script execution. # Redirect allows you to tell clients about documents which used to exist in # your server's namespace, but do not anymore. This allows you to tell the # clients where to look for the relocated document. # Example: Redirect /bar http://elsewhere/feh/bar # Aliases: Aliases one path to another. # Example: Alias /path1/bar /path2/foo # Alias /doc /usr/doc # ScriptAlias: Maps a virtual path to a directory for serving scripts # Example: ScriptAlias /htbin/ /www/htbin/ ScriptAlias /cgi-bin/ /flash/boa/cgi-bin/ etc/bootrc-extra-boa0100775002561700256170000000007707506154531013110 0ustar jkmjkm#!/bin/sh if [ -x /bin/boa ]; then /bin/boa -c /flash/etc fi etc/bootrc-extra-net-snmp0100775002561700256170000000011607506374713014110 0ustar jkmjkm#!/bin/sh if [ -x /bin/snmpd ]; then /bin/snmpd -c /flash/etc/snmpd.conf fi etc/snmpd.conf0100664002561700256170000000035007506374713012002 0ustar jkmjkmsyslocation "Nowhere" syscontact "nobody@example.com" sysservices 0*1 + 0*2 + 1*4 + 1*8 + 1*64 # SNMPv3 read-only rouser guest noauth # SNMPv1 read-only community rocommunity public trapsink 192.168.1.2 agentuser adm agentgroup adm etc/bootrc-extra-ssh0100775002561700256170000000013207506154531013134 0ustar jkmjkm#!/bin/sh if [ -x /bin/sshd ]; then /bin/sshd -f /flash/etc/ssh2/sshd2_config fi etc/ssh2/0040775002561700256170000000000007550506117010670 5ustar jkmjkmetc/ssh2/README0100664002561700256170000000033007506154531011541 0ustar jkmjkmYou will need to add access key for root user in this directory to file 'access_key_user.pub' (you can edit 'authorization' to add multiple keys, etc.) and host key to 'hostkey' (private) and 'hostkey.pub' (public). etc/ssh2/authorization0100664002561700256170000000003007506154531013501 0ustar jkmjkmKey access_key_user.pub etc/ssh2/ssh2_config0100664002561700256170000000217707506154531013023 0ustar jkmjkm## ssh2_config ## SSH 2.0 Client Configuration File ## ## The "*" is used for all hosts, but you can use other hosts as ## well. .*: ## General VerboseMode no # DontReadStdin no # Compression yes # ForcePTTYAllocation yes AuthenticationSuccessMsg yes ## Network Port 22 NoDelay no KeepAlive yes ## Crypto Ciphers AnyStdCipher MACs AnyStdMAC StrictHostKeyChecking ask RekeyIntervalSeconds 0 ## User public key authentication IdentityFile identification AuthorizationFile authorization RandomSeedFile random_seed ## Tunneling GatewayPorts no ForwardX11 no ForwardAgent no ## SSH1 Compatibility Ssh1Compatibility no Ssh1AgentCompatibility none ## Authentication ## Public key only for security as SIPO has no password protection AllowedAuthentications publickey,password # For ssh-signer2 (only effective if set in the global configuration # file, usually /etc/ssh2/ssh2_config) # DefaultDomain foobar.com # SshSignerPath ssh-signer2 ## Examples of per host configurations #alpha*: # Host alpha.oof.fi # User user # Ciphers idea etc/ssh2/ssh_banner_message0100664002561700256170000000003207506154531014431 0ustar jkmjkmSSH VPN gateway etc/ssh2/sshd2_config0100664002561700256170000000321707506154531013163 0ustar jkmjkm## sshd2_config ## SSH 2.4 Server Configuration File for SIPO ## ## General VerboseMode no # SyslogFacility AUTH # SyslogFacility LOCAL7 ## Network Port 22 ListenAddress 0.0.0.0 RequireReverseMapping no MaxBroadcastsPerSecond 0 AllowedAuthentications publickey # NoDelay yes # KeepAlive yes # MaxConnections 50 # MaxConnections 0 # 0 == number of connections not limited ## Crypto Ciphers AnyStdCipher MACs AnyStdMAC RekeyIntervalSeconds 0 ## User PrintMotd no CheckMail no UserConfigDirectory /flash/etc/ssh2/ # LoginGraceTime 600 ## Hostkey locations HostKeyFile /flash/etc/ssh2/hostkey PublicHostKeyFile /flash/etc/ssh2/hostkey.pub ## User public key authentication AuthorizationFile authorization RandomSeedFile random_seed ## For SIPO, we require only public key authentication. A banner ## message would be too :) BannerMessageFile /flash/etc/ssh2/ssh_banner_message ## Host restrictions. Given that this box has access to the Internet, ## it might be a good idea to define these. # AllowHosts localhost, foobar.com, friendly.org # DenyHosts evil.org, aol.com ## User restrictions. Make sure you allow only certain users to access ## this box. # # AllowUsers "sj*,s[:isdigit:]##,s(jl|amza)" # DenyUsers skuuppa,warezdude,31373 # DenyUsers don@untrusted.org # AllowGroups staff,users # DenyGroups guest ## DO NOT CHANGE ANYTHING BELOW THIS LINE. ## PermitRootLogin nopwd subsystem-sftp /bin/sftp-server AllowX11Forwarding no AllowTcpForwarding no AllowAgentForwarding no PermitEmptyPasswords no StrictModes yes UserKnownHosts no etc/udhcp/0040775002561700256170000000000007550506117011114 5ustar jkmjkmetc/udhcp/udhcpc-cmd-bound0100775002561700256170000000110507533200024014135 0ustar jkmjkm#!/bin/sh # Sample udhcpc renew script RESOLV_CONF="/etc/resolv.conf" [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" [ -n "$subnet" ] && NETMASK="netmask $subnet" /sbin/ifconfig $interface $ip $BROADCAST $NETMASK if [ -n "$router" ] then echo "deleting routers" while /sbin/route del default gw 0.0.0.0 dev $interface do : done for i in $router do /sbin/route add default gw $i dev $interface done fi echo -n > $RESOLV_CONF [ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF for i in $dns do echo adding dns $i echo nameserver $i >> $RESOLV_CONF doneetc/udhcp/udhcpc-cmd-deconfig0100775002561700256170000000011507533200024014604 0ustar jkmjkm#!/bin/sh # Sample udhcpc deconfig script /sbin/ifconfig $interface 0.0.0.0 etc/udhcp/udhcpc-cmd-renew0100775002561700256170000000111407533200024014146 0ustar jkmjkm#!/bin/sh # Sample udhcpc bound script RESOLV_CONF="/etc/udhcpc/resolv.conf" [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" [ -n "$subnet" ] && NETMASK="netmask $subnet" /sbin/ifconfig $interface $ip $BROADCAST $NETMASK if [ -n "$router" ] then echo "deleting routers" while /sbin/route del default gw 0.0.0.0 dev $interface do : done for i in $router do /sbin/route add default gw $i dev $interface done fi echo -n > $RESOLV_CONF [ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF for i in $dns do echo adding dns $i echo nameserver $i >> $RESOLV_CONF doneetc/udhcp/udhcpc-script0100775002561700256170000000042207533200024013572 0ustar jkmjkm#!/bin/sh # Currently, we only dispatch according to command. However, a more # elaborate system might dispatch by command and interface or do some # common initialization first, especially if more dhcp event notifications # are added. exec /flash/etc/udhcp/udhcpc-cmd-$1 etc/udhcp/udhcpd.conf0100664002561700256170000000542707533200024013224 0ustar jkmjkm# Sample udhcpd configuration file (/etc/udhcpd.conf) # The start and end of the IP lease block start 192.168.0.20 #default: 192.168.0.20 end 192.168.0.254 #default: 192.168.0.254 # The interface that udhcpd will use interface private #default: eth0 # The maximim number of leases (includes addressesd reserved # by OFFER's, DECLINE's, and ARP conficts #max_leases 254 #default: 254 # If remaining is true (default), udhcpd will store the time # remaining for each lease in the udhcpd leases file. This is # for embedded systems that cannot keep time between reboots. # If you set remaining to no, the absolute time that the lease # expires at will be stored in the dhcpd.leases file. #remaining yes #default: yes # The time period at which udhcpd will write out a dhcpd.leases # file. If this is 0, udhcpd will never automatically write a # lease file. (specified in seconds) #auto_time 7200 #default: 7200 (2 hours) # The amount of time that an IP will be reserved (leased) for if a # DHCP decline message is received (seconds). #decline_time 3600 #default: 3600 (1 hour) # The amount of time that an IP will be reserved (leased) for if an # ARP conflct occurs. (seconds #conflict_time 3600 #default: 3600 (1 hour) # How long an offered address is reserved (leased) in seconds #offer_time 60 #default: 60 (1 minute) # If a lease to be given is below this value, the full lease time is # instead used (seconds). #min_lease 60 #defult: 60 # The location of the leases file lease_file /var/etc/udhcpd.leases #default: /etc/udhcpd.leases # The location of the pid file pidfile /var/run/udhcpd.pid #default: /var/run/udhcpd.pid # Everytime udhcpd writes a leases file, the below script will be called. # Useful for writing the lease file to flash every few hours. #notify_file #default: (no script) #notify_file dumpleases # <--- usefull for debugging # The following are bootp specific options, setable by udhcpd. #siaddr 192.168.0.22 #default: 0.0.0.0 #sname zorak #default: (none) #boot_file /var/nfs_root #default: (none) # The remainer of options are DHCP options and can be specifed with the # keyword 'opt' or 'option'. If an option can take multiple items, such # as the dns option, they can be listed on the same line, or multiple # lines. The only option with a default is 'lease'. #Examles opt dns 192.168.10.2 192.168.10.10 option subnet 255.255.255.0 opt router 192.168.10.2 opt wins 192.168.10.10 option dns 129.219.13.81 # appened to above DNS servers for a total of 3 option domain local option lease 864000 # 10 days of seconds # Currently supported options, for more info, see options.c #subnet #timezone #router #timesvr #namesvr #dns #logsvr #cookiesvr #lprsvr #bootsize #domain #swapsvr #rootpath #ipttl #mtu #broadcast #wins #lease #ntpsrv #tftp #bootfile etc/bootrc-extra-udhcpd0100775002561700256170000000016207542326232013610 0ustar jkmjkm#!/bin/sh if [ -x /bin/udhcpd ]; then touch /var/etc/udhcpd.leases /bin/udhcpd /flash/etc/udhcp/udhcpd.conf fi override_etc/0040775002561700256170000000000007550506117011710 5ustar jkmjkmoverride_etc/bootrc0100775002561700256170000000204507540565543013133 0ustar jkmjkm#!/bin/sh if [ -d /dev/tts ]; then ln -s /dev/tts/0 /dev/ttyS0 ln -s /dev/tts/2 /dev/ttyS2 ln -s /dev/tts/3 /dev/ttyS3 ln -s /dev/misc/sipoflash /dev/flash ln -s /dev/misc/sipoled /dev/led ln -s /dev/misc/sipowdt /dev/wdt ln -s /dev/misc/siponvram /dev/nvram fi exec >/dev/ttyS2 2>&1 cat /etc/sw.ver echo "=120000" > /dev/led echo disabled > /dev/wdt mount /proc mount /var mkdir /var/tmp mkdir /var/dev mkdir /var/etc mkdir /var/run touch /var/etc/mtab cat /proc/mtd | grep mtd0 >/dev/null if [ $? ]; then mount /flash fi # rename Ethernet interfaces HWVER=`grep "hw ver " /proc/sipo/bd | sed "s/hw ver *= *//"` case "$HWVER" in 5 | 6) ip link set dev eth0 name private ip link set dev eth1 name public ;; *) ip link set dev eth0 name dmz ip link set dev eth1 name public ip link set dev eth2 name private ;; esac echo "=170000" > /dev/led if [ -x /flash/etc/bootrc ]; then /flash/etc/bootrc fi echo "=110000" > /dev/led if [ -d /flash/override_etc ]; then mount -o bind /flash/override_etc /etc fi exit 0 override_etc/fstab0100664002561700256170000000015407540565543012736 0ustar jkmjkmnone /proc proc defaults 0 0 none /var tmpfs defaults 0 0 /dev/mtdblock/0 /flash jffs2 defaults 0 0 override_etc/group0100664002561700256170000000014507540565543012773 0ustar jkmjkmroot:x:0: bin:x:1: daemon:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: mem:x:8: kmem:x:9: nogroup:x:99: override_etc/host.conf0100664002561700256170000000003207540565543013533 0ustar jkmjkmorder hosts,bind multi on override_etc/hosts0100664002561700256170000000005207540565543012774 0ustar jkmjkm127.0.0.1 localhost.localdomain localhost override_etc/inittab0100644002561700256170000000036307546770101013263 0ustar jkmjkm# Sipo inittab for busybox, no runlevels ::sysinit:/etc/bootrc # Edit the following line to enable shell on debug port ::askfirst:/bin/select-login # Edit the following line to enable shell on console port tts/2::askfirst:/bin/select-login override_etc/localtime0100664002561700256170000000007007540565543013605 0ustar jkmjkmTZifUTCoverride_etc/nsswitch.conf0100664002561700256170000000311307540565543014423 0ustar jkmjkm# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files services: files automount: files aliases: files override_etc/passwd0100664002561700256170000000017607540565543013144 0ustar jkmjkmroot::0:0:root:/flash:/bin/sh bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: nobody:x:99:99:Nobody:/: override_etc/profile0100775002561700256170000000016407540565543013303 0ustar jkmjkmTERM=vt100 export TERM PS1='> ' PATH=$PATH:/flash/bin if [ -r /flash/etc/profile ]; then . /flash/etc/profile fi override_etc/protocols0100664002561700256170000000303307540565543013662 0ustar jkmjkm# /etc/protocols: # $Id: protocols,v 1.1 2002/09/14 07:55:15 jkm Exp $ # # Internet (IP) protocols # # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992). ip 0 IP # internet protocol, pseudo protocol number icmp 1 ICMP # internet control message protocol igmp 2 IGMP # Internet Group Management ggp 3 GGP # gateway-gateway protocol ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') st 5 ST # ST datagram mode tcp 6 TCP # transmission control protocol egp 8 EGP # exterior gateway protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hmp 20 HMP # host monitoring protocol xns-idp 22 XNS-IDP # Xerox NS IDP rdp 27 RDP # "reliable datagram" protocol iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 xtp 36 XTP # Xpress Tranfer Protocol ddp 37 DDP # Datagram Delivery Protocol idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transport ipv6 41 IPv6 # IPv6 ipv6-route 43 IPv6-Route # Routing Header for IPv6 ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 rspf 73 RSPF #Radio Shortest Path First. vmtp 81 VMTP # Versatile Message Transport ospf 89 OSPFIGP # Open Shortest Path First IGP ipip 94 IPIP # Yet Another IP encapsulation encap 98 ENCAP # Yet Another IP encapsulation override_etc/services0100664002561700256170000002612107540565543013464 0ustar jkmjkm# /etc/services: # $Id: services,v 1.1 2002/09/14 07:55:15 jkm Exp $ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports # are included, only the more common ones. tcpmux 1/tcp # TCP port service multiplexer echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp qotd 17/tcp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp fsp 21/udp fspd ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol telnet 23/tcp # 24 - private smtp 25/tcp mail # 26 - unassigned time 37/tcp timserver time 37/udp timserver rlp 39/udp resource # resource location nameserver 42/tcp name # IEN 116 whois 43/tcp nicname re-mail-ck 50/tcp # Remote Mail Checking Protocol re-mail-ck 50/udp # Remote Mail Checking Protocol domain 53/tcp nameserver # name-domain server domain 53/udp nameserver mtp 57/tcp # deprecated bootps 67/tcp # BOOTP server bootps 67/udp bootpc 68/tcp # BOOTP client bootpc 68/udp tftp 69/udp gopher 70/tcp # Internet Gopher gopher 70/udp rje 77/tcp netrjs finger 79/tcp www 80/tcp http # WorldWideWeb HTTP www 80/udp # HyperText Transfer Protocol link 87/tcp ttylink kerberos 88/tcp kerberos5 krb5 # Kerberos v5 kerberos 88/udp kerberos5 krb5 # Kerberos v5 supdup 95/tcp # 100 - reserved hostnames 101/tcp hostname # usually from sri-nic iso-tsap 102/tcp tsap # part of ISODE. csnet-ns 105/tcp cso-ns # also used by CSO name server csnet-ns 105/udp cso-ns # unfortunately the poppassd (Eudora) uses a port which has already # been assigned to a different service. We list the poppassd as an # alias here. This should work for programs asking for this service. # (due to a bug in inetd the 3com-tsmux line is disabled) #3com-tsmux 106/tcp poppassd #3com-tsmux 106/udp poppassd rtelnet 107/tcp # Remote Telnet rtelnet 107/udp pop2 109/tcp pop-2 postoffice # POP version 2 pop2 109/udp pop-2 pop3 110/tcp pop-3 # POP version 3 pop3 110/udp pop-3 sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP auth 113/tcp authentication tap ident sftp 115/tcp uucp-path 117/tcp nntp 119/tcp readnews untp # USENET News Transfer Protocol ntp 123/tcp ntp 123/udp # Network Time Protocol netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp imap2 143/tcp imap # Interim Mail Access Proto v2 imap2 143/udp imap snmp 161/udp # Simple Net Mgmt Proto snmp-trap 162/udp snmptrap # Traps for SNMP cmip-man 163/tcp # ISO mgmt over IP (CMOT) cmip-man 163/udp cmip-agent 164/tcp cmip-agent 164/udp xdmcp 177/tcp # X Display Mgr. Control Proto xdmcp 177/udp nextstep 178/tcp NeXTStep NextStep # NeXTStep window nextstep 178/udp NeXTStep NextStep # server bgp 179/tcp # Border Gateway Proto. bgp 179/udp prospero 191/tcp # Cliff Neuman's Prospero prospero 191/udp irc 194/tcp # Internet Relay Chat irc 194/udp smux 199/tcp # SNMP Unix Multiplexer smux 199/udp at-rtmp 201/tcp # AppleTalk routing at-rtmp 201/udp at-nbp 202/tcp # AppleTalk name binding at-nbp 202/udp at-echo 204/tcp # AppleTalk echo at-echo 204/udp at-zis 206/tcp # AppleTalk zone information at-zis 206/udp qmtp 209/tcp # The Quick Mail Transfer Protocol qmtp 209/udp # The Quick Mail Transfer Protocol z3950 210/tcp wais # NISO Z39.50 database z3950 210/udp wais ipx 213/tcp # IPX ipx 213/udp imap3 220/tcp # Interactive Mail Access imap3 220/udp # Protocol v3 rpc2portmap 369/tcp rpc2portmap 369/udp # Coda portmapper codaauth2 370/tcp codaauth2 370/udp # Coda authentication server ulistserv 372/tcp # UNIX Listserv ulistserv 372/udp ldap 389/tcp # Lightweight Directory Access Protocol ldap 389/udp # Lightweight Directory Access Protocol https 443/tcp # MCom https 443/udp # MCom snpp 444/tcp # Simple Network Paging Protocol snpp 444/udp # Simple Network Paging Protocol saft 487/tcp # Simple Asynchronous File Transfer saft 487/udp # Simple Asynchronous File Transfer npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS npmp-local 610/udp dqs313_qmaster # npmp-local / DQS npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS npmp-gui 611/udp dqs313_execd # npmp-gui / DQS hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS # # UNIX specific services # exec 512/tcp biff 512/udp comsat login 513/tcp who 513/udp whod shell 514/tcp cmd # no passwords used syslog 514/udp printer 515/tcp spooler # line printer spooler talk 517/udp ntalk 518/udp route 520/udp router routed # RIP timed 525/udp timeserver tempo 526/tcp newdate courier 530/tcp rpc conference 531/tcp chat netnews 532/tcp readnews netwall 533/udp # -for emergency broadcasts uucp 540/tcp uucpd # uucp daemon afpovertcp 548/tcp # AFP over TCP afpovertcp 548/udp # AFP over TCP remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem klogin 543/tcp # Kerberized `rlogin' (v5) kshell 544/tcp krcmd # Kerberized `rsh' (v5) kerberos-adm 749/tcp # Kerberos `kadmin' (v5) # webster 765/tcp # Network dictionary webster 765/udp swat 901/tcp # Samba Web Administration Tool # # From ``Assigned Numbers'': # #> The Registered Ports are not controlled by the IANA and on most systems #> can be used by ordinary user processes or programs executed by ordinary #> users. # #> Ports are used in the TCP [45,106] to name the ends of logical #> connections which carry long term conversations. For the purpose of #> providing services to unknown callers, a service contact port is #> defined. This list specifies the port used by the server process as its #> contact port. While the IANA can not control uses of these ports it #> does register or list uses of these ports as a convienence to the #> community. # ingreslock 1524/tcp ingreslock 1524/udp prospero-np 1525/tcp # Prospero non-privileged prospero-np 1525/udp datametrics 1645/tcp old-radius # datametrics / old radius entry datametrics 1645/udp old-radius # datametrics / old radius entry sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry radius 1812/tcp # Radius radius 1812/udp # Radius radacct 1813/tcp # Radius Accounting radacct 1813/udp # Radius Accounting cvspserver 2401/tcp # CVS client/server operations cvspserver 2401/udp # CVS client/server operations venus 2430/tcp # codacon port venus 2430/udp # Venus callback/wbc interface venus-se 2431/tcp # tcp side effects venus-se 2431/udp # udp sftp side effect codasrv 2432/tcp # not used codasrv 2432/udp # server port codasrv-se 2433/tcp # tcp side effects codasrv-se 2433/udp # udp sftp side effect mysql 3306/tcp # MySQL mysql 3306/udp # MySQL rfe 5002/tcp # Radio Free Ethernet rfe 5002/udp # Actually uses UDP only cfengine 5308/tcp # CFengine cfengine 5308/udp # CFengine bbs 7000/tcp # BBS service # # # Kerberos (Project Athena/MIT) services # Note that these are for Kerberos v4, and are unofficial. Sites running # v4 should uncomment these and comment out the v5 entries above. # kerberos4 750/udp kerberos-iv kdc # Kerberos (server) udp kerberos4 750/tcp kerberos-iv kdc # Kerberos (server) tcp kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication passwd_server 752/udp # Kerberos passwd server krb_prop 754/tcp # Kerberos slave propagation krbupdate 760/tcp kreg # Kerberos registration kpasswd 761/tcp kpwd # Kerberos "passwd" kpop 1109/tcp # Pop with Kerberos knetd 2053/tcp # Kerberos de-multiplexor zephyr-srv 2102/udp # Zephyr server zephyr-clt 2103/udp # Zephyr serv-hm connection zephyr-hm 2104/udp # Zephyr hostmanager eklogin 2105/tcp # Kerberos encrypted rlogin # # Unofficial but necessary (for NetBSD) services # supfilesrv 871/tcp # SUP server supfiledbg 1127/tcp # SUP debugging # # Datagram Delivery Protocol services # rtmp 1/ddp # Routing Table Maintenance Protocol nbp 2/ddp # Name Binding Protocol echo 4/ddp # AppleTalk Echo Protocol zip 6/ddp # Zone Information Protocol # # Services added for the Debian GNU/Linux distribution poppassd 106/tcp # Eudora poppassd 106/udp # Eudora mailq 174/tcp # Mailer transport queue for Zmailer mailq 174/udp # Mailer transport queue for Zmailer ssmtp 465/tcp # SMTP over SSL gdomap 538/tcp # GNUstep distributed objects gdomap 538/udp # GNUstep distributed objects snews 563/tcp # NNTP over SSL ssl-ldap 636/tcp # LDAP over SSL omirr 808/tcp omirrd # online mirror omirr 808/udp omirrd # online mirror rsync 873/tcp # rsync rsync 873/udp # rsync simap 993/tcp # IMAP over SSL spop3 995/tcp # POP-3 over SSL socks 1080/tcp # socks proxy server socks 1080/udp # socks proxy server rmtcfg 1236/tcp # Gracilis Packeten remote config server xtel 1313/tcp # french minitel support 1529/tcp # GNATS cfinger 2003/tcp # GNU Finger ninstall 2150/tcp # ninstall service ninstall 2150/udp # ninstall service afbackup 2988/tcp # Afbackup system afbackup 2988/udp # Afbackup system icp 3130/tcp # Internet Cache Protocol (Squid) icp 3130/udp # Internet Cache Protocol (Squid) postgres 5432/tcp # POSTGRES postgres 5432/udp # POSTGRES fax 4557/tcp # FAX transmission service (old) hylafax 4559/tcp # HylaFAX client-server protocol (new) noclog 5354/tcp # noclogd with TCP (nocol) noclog 5354/udp # noclogd with UDP (nocol) hostmon 5355/tcp # hostmon uses TCP (nocol) hostmon 5355/udp # hostmon uses TCP (nocol) ircd 6667/tcp # Internet Relay Chat ircd 6667/udp # Internet Relay Chat webcache 8080/tcp # WWW caching service webcache 8080/udp # WWW caching service tproxy 8081/tcp # Transparent Proxy tproxy 8081/udp # Transparent Proxy mandelspawn 9359/udp mandelbrot # network mandelbrot amanda 10080/udp # amanda backup services kamanda 10081/tcp # amanda backup services (Kerberos) kamanda 10081/udp # amanda backup services (Kerberos) amandaidx 10082/tcp # amanda backup services amidxtape 10083/tcp # amanda backup services isdnlog 20011/tcp # isdn logging system isdnlog 20011/udp # isdn logging system vboxd 20012/tcp # voice box system vboxd 20012/udp # voice box system binkp 24554/tcp # Binkley binkp 24554/udp # Binkley asp 27374/tcp # Address Search Protocol asp 27374/udp # Address Search Protocol tfido 60177/tcp # Ifmail tfido 60177/udp # Ifmail fido 60179/tcp # Ifmail fido 60179/udp # Ifmail # Local services linuxconf 98/tcp override_etc/shadow0100664002561700256170000000000007540565543013112 0ustar jkmjkmoverride_etc/mtab0120775002561700256170000000000007550506117015036 2/var/etc/mtabustar jkmjkmoverride_etc/resolv.conf0120775002561700256170000000000007550506117020171 2/flash/etc/resolv.confustar jkmjkm