Annotation of src/etc/daily, Revision 1.64
1.1 deraadt 1: #
1.64 ! schwarze 2: # $OpenBSD: daily,v 1.63 2009/05/21 01:27:52 schwarze Exp $
1.17 millert 3: # From: @(#)daily 8.2 (Berkeley) 1/25/94
1.1 deraadt 4: #
1.56 ajacouto 5: umask 022
1.47 nick 6:
1.58 schwarze 7: PARTOUT=/var/log/daily.part
8: MAINOUT=/var/log/daily.out
9: install -o 0 -g 0 -m 600 /dev/null $PARTOUT
10: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
11:
12: start_part() {
13: TITLE=$1
14: exec > $PARTOUT 2>&1
15: }
16:
17: end_part() {
18: exec >> $MAINOUT 2>&1
19: test -s $PARTOUT || return
1.2 david 20: echo ""
1.58 schwarze 21: echo "$TITLE"
22: cat $PARTOUT
23: }
24:
25: next_part() {
26: end_part
27: start_part "$1"
28: }
1.2 david 29:
1.58 schwarze 30: run_script() {
31: f=/etc/$1
32: test -e $f || return
33: if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
34: echo "$f has insecure permissions, skipping:"
35: ls -l $f
36: return
37: fi
38: . $f
1.42 pvalchev 39: }
1.16 millert 40:
1.59 schwarze 41: start_part "Running daily.local:"
1.58 schwarze 42: run_script "daily.local"
1.14 millert 43:
1.58 schwarze 44: next_part "Removing scratch and junk files:"
1.32 aaron 45: if [ -d /tmp -a ! -L /tmp ]; then
1.17 millert 46: cd /tmp && {
1.50 millert 47: find -x . \
48: \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
49: -prune -o -type f -atime +3 -execdir rm -f -- {} \;
1.49 millert 50: find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50 millert 51: ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17 millert 52: fi
1.1 deraadt 53:
1.32 aaron 54: if [ -d /var/tmp -a ! -L /var/tmp ]; then
1.17 millert 55: cd /var/tmp && {
1.50 millert 56: find -x . \
57: \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
58: -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
1.49 millert 59: find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.50 millert 60: ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17 millert 61: fi
1.1 deraadt 62:
1.3 deraadt 63: # Additional junk directory cleanup would go like this:
1.32 aaron 64: #if [ -d /scratch -a ! -L /scratch ]; then
1.3 deraadt 65: # cd /scratch && {
1.17 millert 66: # find . ! -name . -atime +1 -execdir rm -f -- {} \;
67: # find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
1.3 deraadt 68: # >/dev/null 2>&1; }
69: #fi
1.17 millert 70:
1.32 aaron 71: if [ -d /var/rwho -a ! -L /var/rwho ] ; then
1.17 millert 72: cd /var/rwho && {
73: find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
1.14 millert 74: fi
1.1 deraadt 75:
1.26 downsj 76: if [ -d /var/msgs -a ! -L /var/msgs ]; then
77: msgs -c
1.1 deraadt 78: fi
79:
1.58 schwarze 80: next_part "Purging accounting records:"
1.1 deraadt 81: if [ -f /var/account/acct ]; then
1.44 mickey 82: mv -f /var/account/acct.2 /var/account/acct.3
83: mv -f /var/account/acct.1 /var/account/acct.2
84: mv -f /var/account/acct.0 /var/account/acct.1
85: cp -f /var/account/acct /var/account/acct.0
1.17 millert 86: sa -sq
87: fi
88:
89: # If ROOTBACKUP is set to 1 in the environment, and
90: # if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
91: # use it as a backup root filesystem to be updated daily.
1.58 schwarze 92: next_part "Backing up root filesystem:"
1.64 ! schwarze 93: while [ "X$ROOTBACKUP" = X1 ]; do
1.17 millert 94: rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
1.29 todd 95: $4 ~ /xx/ \
1.17 millert 96: { print substr($1, 6) }' < /etc/fstab`
1.64 ! schwarze 97: if [ -z "$rootbak" ]; then
! 98: echo "No xx ffs /altroot device found in the fstab(5)."
! 99: break
! 100: fi
! 101: bakdisk=${rootbak%[a-p]}
! 102: sysctl -n hw.disknames | grep -Fqw $bakdisk || break
! 103: bakpart=${rootbak#$bakdisk}
! 104: baksize=`disklabel $bakdisk 2>/dev/null | \
! 105: awk -v "part=$bakpart:" '$1 == part { print $2 }'`
! 106: rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \
! 107: { print substr($1, 6) }'`
! 108: if [ -z "$rootdev" ]; then
! 109: echo "The root filesystem is not local or not ffs."
! 110: break
! 111: fi
! 112: if [ X$rootdev = X$rootbak ]; then
! 113: echo "The device $rootdev holds both root and /altroot."
! 114: break
! 115: fi
! 116: rootdisk=${rootdev%[a-p]}
! 117: rootpart=${rootdev#$rootdisk}
! 118: rootsize=`disklabel $rootdisk 2>/dev/null | \
! 119: awk -v "part=$rootpart:" '$1 == part { print $2 }'`
! 120: if [ $rootsize -gt $baksize ]; then
! 121: echo "Root ($rootsize) is larger than /altroot ($baksize)."
! 122: break
! 123: fi
! 124: next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
! 125: sync
! 126: dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
! 127: conv=noerror
! 128: fsck -y /dev/r$rootbak
! 129: break
! 130: done
1.1 deraadt 131:
1.61 schwarze 132: next_part "Checking subsystem status:"
1.60 schwarze 133: if [ "X$VERBOSESTATUS" != X0 ]; then
134: echo ""
135: echo "disks:"
136: df -kl
137: echo ""
138: dump W
139: fi
1.1 deraadt 140:
1.58 schwarze 141: # The first two regular expressions handle sendmail, the third postfix.
142: # When the queue is empty, exim -bp keeps silent.
1.59 schwarze 143: next_part "mail:"
1.58 schwarze 144: mailq | grep -v -e "^/var/spool/mqueue is empty$" \
145: -e "^[[:blank:]]*Total requests: 0$" \
146: -e "^Mail queue is empty$"
1.1 deraadt 147:
1.59 schwarze 148: next_part "network:"
1.60 schwarze 149: if [ "X$VERBOSESTATUS" != X0 ]; then
150: netstat -ivn
1.14 millert 151:
1.60 schwarze 152: t=/var/rwho/*
153: if [ "$t" != '/var/rwho/*' ]; then
154: echo ""
155: ruptime
156: fi
1.38 millert 157: fi
158:
1.58 schwarze 159: next_part "Running calendar in the background:"
160: if [ "X$CALENDAR" != X0 -a \
161: \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
1.38 millert 162: calendar -a &
1.14 millert 163: fi
1.1 deraadt 164:
1.17 millert 165: # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
166: # with the no-write flag.
1.58 schwarze 167: next_part "Checking filesystems:"
1.17 millert 168: [ "X$CHECKFILESYSTEMS" = X1 ] && {
169: fsck -n | grep -v '^\*\* Phase'
170: }
1.1 deraadt 171:
1.58 schwarze 172: next_part "Running rdist:"
1.1 deraadt 173: if [ -f /etc/Distfile ]; then
1.17 millert 174: if [ -d /var/log/rdist ]; then
1.19 deraadt 175: logf=`date +%Y.%b.%e`
1.17 millert 176: rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
177: else
1.39 deraadt 178: rdist -f /etc/Distfile
1.17 millert 179: fi
1.1 deraadt 180: fi
181:
1.58 schwarze 182: end_part
1.61 schwarze 183: [ -s $MAINOUT ] && {
184: sysctl -n kern.version
185: uptime
186: cat $MAINOUT
187: } 2>&1 | mail -s "`hostname` daily output" root
1.58 schwarze 188:
189:
190: MAINOUT=/var/log/security.out
191: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
192:
193: start_part "Running /etc/security:"
194: run_script "security"
195: end_part
196: rm -f $PARTOUT
197:
198: [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT