Return to daily CVS log

Up to [local] / src / etc

Annotation of src/etc/daily, Revision 1.76

1.1       deraadt     1: #
1.75      ajacouto    2: #      $OpenBSD: daily,v 1.74 2012/02/11 00:37:04 krw Exp $
1.17      millert     3: #      From: @(#)daily 8.2 (Berkeley) 1/25/94
1.1       deraadt     4: #
1.65      schwarze    5: # For local additions, create the file /etc/daily.local.
                      6: # To get section headers, use the function next_part in daily.local.
                      7: #
1.56      ajacouto    8: umask 022
1.47      nick        9:
1.58      schwarze   10: PARTOUT=/var/log/daily.part
                     11: MAINOUT=/var/log/daily.out
                     12: install -o 0 -g 0 -m 600    /dev/null $PARTOUT
                     13: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
                     14:
                     15: start_part() {
                     16:        TITLE=$1
                     17:        exec > $PARTOUT 2>&1
                     18: }
                     19:
                     20: end_part() {
                     21:        exec >> $MAINOUT 2>&1
                     22:        test -s $PARTOUT || return
1.2       david      23:        echo ""
1.58      schwarze   24:        echo "$TITLE"
                     25:        cat $PARTOUT
                     26: }
                     27:
                     28: next_part() {
                     29:        end_part
                     30:        start_part "$1"
                     31: }
1.2       david      32:
1.58      schwarze   33: run_script() {
                     34:        f=/etc/$1
                     35:        test -e $f || return
                     36:        if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
                     37:                echo "$f has insecure permissions, skipping:"
                     38:                ls -l $f
                     39:                return
                     40:        fi
                     41:        . $f
1.42      pvalchev   42: }
1.16      millert    43:
1.59      schwarze   44: start_part "Running daily.local:"
1.58      schwarze   45: run_script "daily.local"
1.14      millert    46:
1.58      schwarze   47: next_part "Removing scratch and junk files:"
1.32      aaron      48: if [ -d /tmp -a ! -L /tmp ]; then
1.17      millert    49:        cd /tmp && {
1.50      millert    50:        find -x . \
1.67      espie      51:            \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
                     52:                -o -path ./portslocks \) \
1.72      halex      53:            -prune -o -type f -atime +3 -execdir rm -f -- {} \; 2>/dev/null
1.49      millert    54:        find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.67      espie      55:            ! -path ./.ICE-unix ! -path ./portslocks ! -name . \
                     56:            -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17      millert    57: fi
1.1       deraadt    58:
1.32      aaron      59: if [ -d /var/tmp -a ! -L /var/tmp ]; then
1.17      millert    60:        cd /var/tmp && {
1.50      millert    61:        find -x . \
1.67      espie      62:            \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
                     63:                -o -path ./portslocks \) \
1.72      halex      64:            -prune -o ! -type d -atime +7 -execdir rm -f -- {} \; 2>/dev/null
1.49      millert    65:        find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
1.67      espie      66:            ! -path ./.ICE-unix ! -path ./portslocks ! -name . \
                     67:            -execdir rmdir -- {} \; >/dev/null 2>&1; }
1.17      millert    68: fi
1.1       deraadt    69:
1.3       deraadt    70: # Additional junk directory cleanup would go like this:
1.32      aaron      71: #if [ -d /scratch -a ! -L /scratch ]; then
1.3       deraadt    72: #      cd /scratch && {
1.17      millert    73: #      find . ! -name . -atime +1 -execdir rm -f -- {} \;
                     74: #      find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
1.3       deraadt    75: #          >/dev/null 2>&1; }
                     76: #fi
1.17      millert    77:
1.32      aaron      78: if [ -d /var/rwho -a ! -L /var/rwho ] ; then
1.17      millert    79:        cd /var/rwho && {
                     80:        find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
1.1       deraadt    81: fi
                     82:
1.58      schwarze   83: next_part "Purging accounting records:"
1.1       deraadt    84: if [ -f /var/account/acct ]; then
1.44      mickey     85:        mv -f /var/account/acct.2 /var/account/acct.3
                     86:        mv -f /var/account/acct.1 /var/account/acct.2
                     87:        mv -f /var/account/acct.0 /var/account/acct.1
                     88:        cp -f /var/account/acct /var/account/acct.0
1.17      millert    89:        sa -sq
                     90: fi
                     91:
                     92: # If ROOTBACKUP is set to 1 in the environment, and
1.73      krw        93: # if filesystem named /altroot is type ffs and mounted "xx",
1.17      millert    94: # use it as a backup root filesystem to be updated daily.
1.58      schwarze   95: next_part "Backing up root filesystem:"
1.64      schwarze   96: while [ "X$ROOTBACKUP" = X1 ]; do
1.74      krw        97:        rootbak=`awk '$1 !~ /^#/ && $2 == "/altroot" && $3 == "ffs" && \
                     98:                $4 ~ /xx/ { print $1 }' < /etc/fstab`
1.64      schwarze   99:        if [ -z "$rootbak" ]; then
                    100:                echo "No xx ffs /altroot device found in the fstab(5)."
                    101:                break
                    102:        fi
1.73      krw       103:        rootbak=${rootbak#/dev/}
                    104:        bakdisk=${rootbak%%?(.)[a-p]}
1.64      schwarze  105:        sysctl -n hw.disknames | grep -Fqw $bakdisk || break
1.73      krw       106:        bakpart=${rootbak##$bakdisk?(.)}
1.74      krw       107:        OLDIFS=$IFS
                    108:        IFS=,
                    109:        for d in `sysctl -n hw.disknames`; do
                    110:                # If the provided disk name is a duid, substitute the device.
                    111:                if [ X$bakdisk = X${d#*:} ]; then
                    112:                        bakdisk=${d%:*}
                    113:                        rootbak=$bakdisk$bakpart
                    114:                fi
                    115:        done
                    116:        IFS=$OLDIFS
1.64      schwarze  117:        baksize=`disklabel $bakdisk 2>/dev/null | \
                    118:                awk -v "part=$bakpart:" '$1 == part { print $2 }'`
                    119:        rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \
                    120:                { print substr($1, 6) }'`
                    121:        if [ -z "$rootdev" ]; then
                    122:                echo "The root filesystem is not local or not ffs."
                    123:                break
                    124:        fi
                    125:        if [ X$rootdev = X$rootbak ]; then
                    126:                echo "The device $rootdev holds both root and /altroot."
                    127:                break
                    128:        fi
                    129:        rootdisk=${rootdev%[a-p]}
                    130:        rootpart=${rootdev#$rootdisk}
                    131:        rootsize=`disklabel $rootdisk 2>/dev/null | \
                    132:                awk -v "part=$rootpart:" '$1 == part { print $2 }'`
                    133:        if [ $rootsize -gt $baksize ]; then
                    134:                echo "Root ($rootsize) is larger than /altroot ($baksize)."
                    135:                break
                    136:        fi
                    137:        next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
                    138:        sync
                    139:        dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
                    140:                conv=noerror
                    141:        fsck -y /dev/r$rootbak
                    142:        break
                    143: done
1.1       deraadt   144:
1.61      schwarze  145: next_part "Checking subsystem status:"
1.60      schwarze  146: if [ "X$VERBOSESTATUS" != X0 ]; then
                    147:        echo ""
                    148:        echo "disks:"
                    149:        df -kl
                    150:        echo ""
                    151:        dump W
                    152: fi
1.1       deraadt   153:
1.58      schwarze  154: # The first two regular expressions handle sendmail, the third postfix.
1.65      schwarze  155: # When the queue is empty, smtpd(8) and exim -bp keep silent.
1.59      schwarze  156: next_part "mail:"
1.58      schwarze  157: mailq | grep -v -e "^/var/spool/mqueue is empty$" \
                    158:                -e "^[[:blank:]]*Total requests: 0$" \
                    159:                -e "^Mail queue is empty$"
1.1       deraadt   160:
1.59      schwarze  161: next_part "network:"
1.60      schwarze  162: if [ "X$VERBOSESTATUS" != X0 ]; then
                    163:        netstat -ivn
1.14      millert   164:
1.60      schwarze  165:        t=/var/rwho/*
                    166:        if [ "$t" != '/var/rwho/*' ]; then
                    167:                echo ""
                    168:                ruptime
                    169:        fi
1.38      millert   170: fi
                    171:
1.58      schwarze  172: next_part "Running calendar in the background:"
                    173: if [ "X$CALENDAR" != X0 -a \
                    174:      \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
1.38      millert   175:        calendar -a &
1.14      millert   176: fi
1.1       deraadt   177:
1.17      millert   178: # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
                    179: # with the no-write flag.
1.58      schwarze  180: next_part "Checking filesystems:"
1.17      millert   181: [ "X$CHECKFILESYSTEMS" = X1 ] && {
                    182:        fsck -n | grep -v '^\*\* Phase'
                    183: }
1.1       deraadt   184:
1.58      schwarze  185: next_part "Running rdist:"
1.1       deraadt   186: if [ -f /etc/Distfile ]; then
1.17      millert   187:        if [ -d /var/log/rdist ]; then
1.66      schwarze  188:                rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F`
1.17      millert   189:        else
1.39      deraadt   190:                rdist -f /etc/Distfile
1.17      millert   191:        fi
1.1       deraadt   192: fi
                    193:
1.58      schwarze  194: end_part
1.61      schwarze  195: [ -s $MAINOUT ] && {
                    196:        sysctl -n kern.version
                    197:        uptime
                    198:        cat $MAINOUT
                    199: } 2>&1 | mail -s "`hostname` daily output" root
1.58      schwarze  200:
                    201:
                    202: MAINOUT=/var/log/security.out
                    203: install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
                    204:
1.70      schwarze  205: start_part "Running security(8):"
1.71      schwarze  206: export SUIDSKIP
1.70      schwarze  207: /usr/libexec/security
1.58      schwarze  208: end_part
                    209: rm -f $PARTOUT
                    210:
                    211: [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT