src/etc/daily - annotate

Return to daily CVS log
Up to [local] / src / etc
Annotation of src/etc/daily, Revision 1.58

1.1       deraadt     1: #
1.58    ! schwarze    2: #      $OpenBSD: daily,v 1.57 2009/05/03 17:16:12 schwarze Exp $
1.17      millert     3: #      From: @(#)daily 8.2 (Berkeley) 1/25/94
1.1       deraadt     4: #
1.56      ajacouto    5: umask 022
                      6:
1.17      millert     7: PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
1.47      nick        8:
1.58    ! schwarze    9: PARTOUT=/var/log/daily.part
        !            10: MAINOUT=/var/log/daily.out
        !            11: install -o 0 -g 0 -m 600    /dev/null $PARTOUT
        !            12: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
        !            13:
        !            14: exec > $MAINOUT 2>&1
1.47      nick       15: sysctl -n kern.version
1.51      deraadt    16: uptime
1.1       deraadt    17:
1.58    ! schwarze   18: start_part() {
        !            19:        TITLE=$1
        !            20:        exec > $PARTOUT 2>&1
        !            21: }
        !            22:
        !            23: end_part() {
        !            24:        exec >> $MAINOUT 2>&1
        !            25:        test -s $PARTOUT || return
1.2       david      26:        echo ""
1.58    ! schwarze   27:        echo "$TITLE"
        !            28:        cat $PARTOUT
        !            29: }
        !            30:
        !            31: next_part() {
        !            32:        end_part
        !            33:        start_part "$1"
        !            34: }
1.2       david      35:
1.58    ! schwarze   36: run_script() {
        !            37:        f=/etc/$1
        !            38:        test -e $f || return
        !            39:        if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
        !            40:                echo "$f has insecure permissions, skipping:"
        !            41:                ls -l $f
        !            42:                return
        !            43:        fi
        !            44:        . $f
1.42      pvalchev   45: }
1.16      millert    46:
1.58    ! schwarze   47: start_part "Running /etc/daily.local:"
        !            48: run_script "daily.local"
1.14      millert    49:
1.58    ! schwarze   50: next_part "Removing scratch and junk files:"
1.32      aaron      51: if [ -d /tmp -a ! -L /tmp ]; then
1.17      millert    52:        cd /tmp && {
1.50      millert    53:        find -x . \
                     54:            \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
                     55:            -prune -o -type f -atime +3 -execdir rm -f -- {} \;
1.49      millert    56:        find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50      millert    57:            ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17      millert    58: fi
1.1       deraadt    59:
1.32      aaron      60: if [ -d /var/tmp -a ! -L /var/tmp ]; then
1.17      millert    61:        cd /var/tmp && {
1.50      millert    62:        find -x . \
                     63:            \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
                     64:            -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
1.49      millert    65:        find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50      millert    66:            ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17      millert    67: fi
1.1       deraadt    68:
1.3       deraadt    69: # Additional junk directory cleanup would go like this:
1.32      aaron      70: #if [ -d /scratch -a ! -L /scratch ]; then
1.3       deraadt    71: #      cd /scratch && {
1.17      millert    72: #      find . ! -name . -atime +1 -execdir rm -f -- {} \;
                     73: #      find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
1.3       deraadt    74: #          >/dev/null 2>&1; }
                     75: #fi
1.17      millert    76:
1.32      aaron      77: if [ -d /var/rwho -a ! -L /var/rwho ] ; then
1.17      millert    78:        cd /var/rwho && {
                     79:        find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
1.14      millert    80: fi
1.1       deraadt    81:
1.26      downsj     82: if [ -d /var/msgs -a ! -L /var/msgs ]; then
                     83:        msgs -c
1.1       deraadt    84: fi
                     85:
1.58    ! schwarze   86: next_part "Purging accounting records:"
1.1       deraadt    87: if [ -f /var/account/acct ]; then
1.44      mickey     88:        mv -f /var/account/acct.2 /var/account/acct.3
                     89:        mv -f /var/account/acct.1 /var/account/acct.2
                     90:        mv -f /var/account/acct.0 /var/account/acct.1
                     91:        cp -f /var/account/acct /var/account/acct.0
1.17      millert    92:        sa -sq
                     93: fi
                     94:
                     95: # If ROOTBACKUP is set to 1 in the environment, and
                     96: # if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
                     97: # use it as a backup root filesystem to be updated daily.
1.58    ! schwarze   98: next_part "Backing up root filesystem:"
1.17      millert    99: [ "X$ROOTBACKUP" = X1 ] && {
1.48      millert   100:        rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'`
1.17      millert   101:        rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
1.29      todd      102:            $4 ~ /xx/ \
1.17      millert   103:                { print substr($1, 6) }' < /etc/fstab`
1.48      millert   104:        [ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && {
1.58    ! schwarze  105:                next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
1.17      millert   106:                sync
                    107:                dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
1.22      mickey    108:                        conv=noerror
1.17      millert   109:                fsck -y /dev/r$rootbak
                    110:        }
                    111: }
1.1       deraadt   112:
1.58    ! schwarze  113: next_part "Disk status:"
1.40      danh      114: df -kl
1.1       deraadt   115: echo ""
                    116: dump W
                    117:
1.58    ! schwarze  118: # The first two regular expressions handle sendmail, the third postfix.
        !           119: # When the queue is empty, exim -bp keeps silent.
        !           120: next_part "Mail queue:"
        !           121: mailq | grep -v -e "^/var/spool/mqueue is empty$" \
        !           122:                -e "^[[:blank:]]*Total requests: 0$" \
        !           123:                -e "^Mail queue is empty$"
1.1       deraadt   124:
1.58    ! schwarze  125: next_part "Network status:"
1.35      niklas    126: netstat -ivn
1.14      millert   127:
1.15      millert   128: t=/var/rwho/*
                    129: if [ "$t" != '/var/rwho/*' ]; then
1.17      millert   130:        echo ""
1.14      millert   131:        ruptime
1.38      millert   132: fi
                    133:
1.58    ! schwarze  134: next_part "Running calendar in the background:"
        !           135: if [ "X$CALENDAR" != X0 -a \
        !           136:      \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
1.38      millert   137:        calendar -a &
1.14      millert   138: fi
1.1       deraadt   139:
1.17      millert   140: # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
                    141: # with the no-write flag.
1.58    ! schwarze  142: next_part "Checking filesystems:"
1.17      millert   143: [ "X$CHECKFILESYSTEMS" = X1 ] && {
                    144:        fsck -n | grep -v '^\*\* Phase'
                    145: }
1.1       deraadt   146:
1.58    ! schwarze  147: next_part "Running rdist:"
1.1       deraadt   148: if [ -f /etc/Distfile ]; then
1.17      millert   149:        if [ -d /var/log/rdist ]; then
1.19      deraadt   150:                logf=`date +%Y.%b.%e`
1.17      millert   151:                rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
                    152:        else
1.39      deraadt   153:                rdist -f /etc/Distfile
1.17      millert   154:        fi
1.1       deraadt   155: fi
                    156:
1.58    ! schwarze  157: end_part
        !           158: [ -s $MAINOUT ] && mail -s "`hostname` daily output" root < $MAINOUT
        !           159:
        !           160:
        !           161: MAINOUT=/var/log/security.out
        !           162: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
        !           163:
        !           164: start_part "Running /etc/security:"
        !           165: run_script "security"
        !           166: end_part
        !           167: rm -f $PARTOUT
        !           168:
        !           169: [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT