Annotation of src/etc/daily, Revision 1.58
1.1 deraadt 1: #
1.58 ! schwarze 2: # $OpenBSD: daily,v 1.57 2009/05/03 17:16:12 schwarze Exp $
1.17 millert 3: # From: @(#)daily 8.2 (Berkeley) 1/25/94
1.1 deraadt 4: #
1.56 ajacouto 5: umask 022
6:
1.17 millert 7: PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
1.47 nick 8:
1.58 ! schwarze 9: PARTOUT=/var/log/daily.part
! 10: MAINOUT=/var/log/daily.out
! 11: install -o 0 -g 0 -m 600 /dev/null $PARTOUT
! 12: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
! 13:
! 14: exec > $MAINOUT 2>&1
1.47 nick 15: sysctl -n kern.version
1.51 deraadt 16: uptime
1.1 deraadt 17:
1.58 ! schwarze 18: start_part() {
! 19: TITLE=$1
! 20: exec > $PARTOUT 2>&1
! 21: }
! 22:
! 23: end_part() {
! 24: exec >> $MAINOUT 2>&1
! 25: test -s $PARTOUT || return
1.2 david 26: echo ""
1.58 ! schwarze 27: echo "$TITLE"
! 28: cat $PARTOUT
! 29: }
! 30:
! 31: next_part() {
! 32: end_part
! 33: start_part "$1"
! 34: }
1.2 david 35:
1.58 ! schwarze 36: run_script() {
! 37: f=/etc/$1
! 38: test -e $f || return
! 39: if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
! 40: echo "$f has insecure permissions, skipping:"
! 41: ls -l $f
! 42: return
! 43: fi
! 44: . $f
1.42 pvalchev 45: }
1.16 millert 46:
1.58 ! schwarze 47: start_part "Running /etc/daily.local:"
! 48: run_script "daily.local"
1.14 millert 49:
1.58 ! schwarze 50: next_part "Removing scratch and junk files:"
1.32 aaron 51: if [ -d /tmp -a ! -L /tmp ]; then
1.17 millert 52: cd /tmp && {
1.50 millert 53: find -x . \
54: \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
55: -prune -o -type f -atime +3 -execdir rm -f -- {} \;
1.49 millert 56: find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50 millert 57: ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17 millert 58: fi
1.1 deraadt 59:
1.32 aaron 60: if [ -d /var/tmp -a ! -L /var/tmp ]; then
1.17 millert 61: cd /var/tmp && {
1.50 millert 62: find -x . \
63: \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
64: -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
1.49 millert 65: find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50 millert 66: ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17 millert 67: fi
1.1 deraadt 68:
1.3 deraadt 69: # Additional junk directory cleanup would go like this:
1.32 aaron 70: #if [ -d /scratch -a ! -L /scratch ]; then
1.3 deraadt 71: # cd /scratch && {
1.17 millert 72: # find . ! -name . -atime +1 -execdir rm -f -- {} \;
73: # find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
1.3 deraadt 74: # >/dev/null 2>&1; }
75: #fi
1.17 millert 76:
1.32 aaron 77: if [ -d /var/rwho -a ! -L /var/rwho ] ; then
1.17 millert 78: cd /var/rwho && {
79: find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
1.14 millert 80: fi
1.1 deraadt 81:
1.26 downsj 82: if [ -d /var/msgs -a ! -L /var/msgs ]; then
83: msgs -c
1.1 deraadt 84: fi
85:
1.58 ! schwarze 86: next_part "Purging accounting records:"
1.1 deraadt 87: if [ -f /var/account/acct ]; then
1.44 mickey 88: mv -f /var/account/acct.2 /var/account/acct.3
89: mv -f /var/account/acct.1 /var/account/acct.2
90: mv -f /var/account/acct.0 /var/account/acct.1
91: cp -f /var/account/acct /var/account/acct.0
1.17 millert 92: sa -sq
93: fi
94:
95: # If ROOTBACKUP is set to 1 in the environment, and
96: # if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
97: # use it as a backup root filesystem to be updated daily.
1.58 ! schwarze 98: next_part "Backing up root filesystem:"
1.17 millert 99: [ "X$ROOTBACKUP" = X1 ] && {
1.48 millert 100: rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'`
1.17 millert 101: rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
1.29 todd 102: $4 ~ /xx/ \
1.17 millert 103: { print substr($1, 6) }' < /etc/fstab`
1.48 millert 104: [ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && {
1.58 ! schwarze 105: next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
1.17 millert 106: sync
107: dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
1.22 mickey 108: conv=noerror
1.17 millert 109: fsck -y /dev/r$rootbak
110: }
111: }
1.1 deraadt 112:
1.58 ! schwarze 113: next_part "Disk status:"
1.40 danh 114: df -kl
1.1 deraadt 115: echo ""
116: dump W
117:
1.58 ! schwarze 118: # The first two regular expressions handle sendmail, the third postfix.
! 119: # When the queue is empty, exim -bp keeps silent.
! 120: next_part "Mail queue:"
! 121: mailq | grep -v -e "^/var/spool/mqueue is empty$" \
! 122: -e "^[[:blank:]]*Total requests: 0$" \
! 123: -e "^Mail queue is empty$"
1.1 deraadt 124:
1.58 ! schwarze 125: next_part "Network status:"
1.35 niklas 126: netstat -ivn
1.14 millert 127:
1.15 millert 128: t=/var/rwho/*
129: if [ "$t" != '/var/rwho/*' ]; then
1.17 millert 130: echo ""
1.14 millert 131: ruptime
1.38 millert 132: fi
133:
1.58 ! schwarze 134: next_part "Running calendar in the background:"
! 135: if [ "X$CALENDAR" != X0 -a \
! 136: \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
1.38 millert 137: calendar -a &
1.14 millert 138: fi
1.1 deraadt 139:
1.17 millert 140: # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
141: # with the no-write flag.
1.58 ! schwarze 142: next_part "Checking filesystems:"
1.17 millert 143: [ "X$CHECKFILESYSTEMS" = X1 ] && {
144: fsck -n | grep -v '^\*\* Phase'
145: }
1.1 deraadt 146:
1.58 ! schwarze 147: next_part "Running rdist:"
1.1 deraadt 148: if [ -f /etc/Distfile ]; then
1.17 millert 149: if [ -d /var/log/rdist ]; then
1.19 deraadt 150: logf=`date +%Y.%b.%e`
1.17 millert 151: rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
152: else
1.39 deraadt 153: rdist -f /etc/Distfile
1.17 millert 154: fi
1.1 deraadt 155: fi
156:
1.58 ! schwarze 157: end_part
! 158: [ -s $MAINOUT ] && mail -s "`hostname` daily output" root < $MAINOUT
! 159:
! 160:
! 161: MAINOUT=/var/log/security.out
! 162: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
! 163:
! 164: start_part "Running /etc/security:"
! 165: run_script "security"
! 166: end_part
! 167: rm -f $PARTOUT
! 168:
! 169: [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT