Annotation of src/etc/daily, Revision 1.61
1.1 deraadt 1: #
1.61 ! schwarze 2: # $OpenBSD: daily,v 1.60 2009/05/11 22:27:22 schwarze Exp $
1.17 millert 3: # From: @(#)daily 8.2 (Berkeley) 1/25/94
1.1 deraadt 4: #
1.56 ajacouto 5: umask 022
6:
1.17 millert 7: PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
1.47 nick 8:
1.58 schwarze 9: PARTOUT=/var/log/daily.part
10: MAINOUT=/var/log/daily.out
11: install -o 0 -g 0 -m 600 /dev/null $PARTOUT
12: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
13:
14: start_part() {
15: TITLE=$1
16: exec > $PARTOUT 2>&1
17: }
18:
19: end_part() {
20: exec >> $MAINOUT 2>&1
21: test -s $PARTOUT || return
1.2 david 22: echo ""
1.58 schwarze 23: echo "$TITLE"
24: cat $PARTOUT
25: }
26:
27: next_part() {
28: end_part
29: start_part "$1"
30: }
1.2 david 31:
1.58 schwarze 32: run_script() {
33: f=/etc/$1
34: test -e $f || return
35: if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
36: echo "$f has insecure permissions, skipping:"
37: ls -l $f
38: return
39: fi
40: . $f
1.42 pvalchev 41: }
1.16 millert 42:
1.59 schwarze 43: start_part "Running daily.local:"
1.58 schwarze 44: run_script "daily.local"
1.14 millert 45:
1.58 schwarze 46: next_part "Removing scratch and junk files:"
1.32 aaron 47: if [ -d /tmp -a ! -L /tmp ]; then
1.17 millert 48: cd /tmp && {
1.50 millert 49: find -x . \
50: \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
51: -prune -o -type f -atime +3 -execdir rm -f -- {} \;
1.49 millert 52: find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50 millert 53: ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17 millert 54: fi
1.1 deraadt 55:
1.32 aaron 56: if [ -d /var/tmp -a ! -L /var/tmp ]; then
1.17 millert 57: cd /var/tmp && {
1.50 millert 58: find -x . \
59: \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
60: -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
1.49 millert 61: find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50 millert 62: ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17 millert 63: fi
1.1 deraadt 64:
1.3 deraadt 65: # Additional junk directory cleanup would go like this:
1.32 aaron 66: #if [ -d /scratch -a ! -L /scratch ]; then
1.3 deraadt 67: # cd /scratch && {
1.17 millert 68: # find . ! -name . -atime +1 -execdir rm -f -- {} \;
69: # find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
1.3 deraadt 70: # >/dev/null 2>&1; }
71: #fi
1.17 millert 72:
1.32 aaron 73: if [ -d /var/rwho -a ! -L /var/rwho ] ; then
1.17 millert 74: cd /var/rwho && {
75: find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
1.14 millert 76: fi
1.1 deraadt 77:
1.26 downsj 78: if [ -d /var/msgs -a ! -L /var/msgs ]; then
79: msgs -c
1.1 deraadt 80: fi
81:
1.58 schwarze 82: next_part "Purging accounting records:"
1.1 deraadt 83: if [ -f /var/account/acct ]; then
1.44 mickey 84: mv -f /var/account/acct.2 /var/account/acct.3
85: mv -f /var/account/acct.1 /var/account/acct.2
86: mv -f /var/account/acct.0 /var/account/acct.1
87: cp -f /var/account/acct /var/account/acct.0
1.17 millert 88: sa -sq
89: fi
90:
91: # If ROOTBACKUP is set to 1 in the environment, and
92: # if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
93: # use it as a backup root filesystem to be updated daily.
1.58 schwarze 94: next_part "Backing up root filesystem:"
1.17 millert 95: [ "X$ROOTBACKUP" = X1 ] && {
1.48 millert 96: rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'`
1.17 millert 97: rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
1.29 todd 98: $4 ~ /xx/ \
1.17 millert 99: { print substr($1, 6) }' < /etc/fstab`
1.48 millert 100: [ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && {
1.58 schwarze 101: next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
1.17 millert 102: sync
103: dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
1.22 mickey 104: conv=noerror
1.17 millert 105: fsck -y /dev/r$rootbak
106: }
107: }
1.1 deraadt 108:
1.61 ! schwarze 109: next_part "Checking subsystem status:"
1.60 schwarze 110: if [ "X$VERBOSESTATUS" != X0 ]; then
111: echo ""
112: echo "disks:"
113: df -kl
114: echo ""
115: dump W
116: fi
1.1 deraadt 117:
1.58 schwarze 118: # The first two regular expressions handle sendmail, the third postfix.
119: # When the queue is empty, exim -bp keeps silent.
1.59 schwarze 120: next_part "mail:"
1.58 schwarze 121: mailq | grep -v -e "^/var/spool/mqueue is empty$" \
122: -e "^[[:blank:]]*Total requests: 0$" \
123: -e "^Mail queue is empty$"
1.1 deraadt 124:
1.59 schwarze 125: next_part "network:"
1.60 schwarze 126: if [ "X$VERBOSESTATUS" != X0 ]; then
127: netstat -ivn
1.14 millert 128:
1.60 schwarze 129: t=/var/rwho/*
130: if [ "$t" != '/var/rwho/*' ]; then
131: echo ""
132: ruptime
133: fi
1.38 millert 134: fi
135:
1.58 schwarze 136: next_part "Running calendar in the background:"
137: if [ "X$CALENDAR" != X0 -a \
138: \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
1.38 millert 139: calendar -a &
1.14 millert 140: fi
1.1 deraadt 141:
1.17 millert 142: # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
143: # with the no-write flag.
1.58 schwarze 144: next_part "Checking filesystems:"
1.17 millert 145: [ "X$CHECKFILESYSTEMS" = X1 ] && {
146: fsck -n | grep -v '^\*\* Phase'
147: }
1.1 deraadt 148:
1.58 schwarze 149: next_part "Running rdist:"
1.1 deraadt 150: if [ -f /etc/Distfile ]; then
1.17 millert 151: if [ -d /var/log/rdist ]; then
1.19 deraadt 152: logf=`date +%Y.%b.%e`
1.17 millert 153: rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
154: else
1.39 deraadt 155: rdist -f /etc/Distfile
1.17 millert 156: fi
1.1 deraadt 157: fi
158:
1.58 schwarze 159: end_part
1.61 ! schwarze 160: [ -s $MAINOUT ] && {
! 161: sysctl -n kern.version
! 162: uptime
! 163: cat $MAINOUT
! 164: } 2>&1 | mail -s "`hostname` daily output" root
1.58 schwarze 165:
166:
167: MAINOUT=/var/log/security.out
168: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
169:
170: start_part "Running /etc/security:"
171: run_script "security"
172: end_part
173: rm -f $PARTOUT
174:
175: [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT