src/etc/daily - view

Return to daily CVS log

Up to [local] / src / etc

File: [local] / src / etc / daily (download)

Revision 1.56, Thu Oct 26 12:20:55 2006 UTC (17 years, 6 months ago) by ajacoutot
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE, OPENBSD_4_5, OPENBSD_4_4_BASE, OPENBSD_4_4, OPENBSD_4_3_BASE, OPENBSD_4_3, OPENBSD_4_2_BASE, OPENBSD_4_2, OPENBSD_4_1_BASE, OPENBSD_4_1
Changes since 1.55: +3 -1 lines

Force umask to 022 so we don't heritate 077 from root's crontab command
(output logs are still umask 077)

"i think this is right" deraadt@

#!/bin/sh -
#
#	$OpenBSD: daily,v 1.56 2006/10/26 12:20:55 ajacoutot Exp $
#	From: @(#)daily	8.2 (Berkeley) 1/25/94
#
umask 022

PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
bak=/var/backups

sysctl -n kern.version
uptime

if [ -f /etc/daily.local ]; then
	echo ""
	echo "Running daily.local:"
	. /etc/daily.local
fi

TMP=`mktemp /tmp/_daily.XXXXXXXXXX` || exit 1
OUT=`mktemp /tmp/_security.XXXXXXXXXX` || {
	rm -f ${TMP}
	exit 1
}

trap 'rm -f $TMP $OUT; exit 1' 0 1 15

echo ""
echo "Removing scratch and junk files:"
if [ -d /tmp -a ! -L /tmp ]; then
	cd /tmp && {
	find -x . \
	    \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
	    -prune -o -type f -atime +3 -execdir rm -f -- {} \;
	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
	    ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
fi

if [ -d /var/tmp -a ! -L /var/tmp ]; then
	cd /var/tmp && {
	find -x . \
	    \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
	    -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
	    ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
fi

# Additional junk directory cleanup would go like this:
#if [ -d /scratch -a ! -L /scratch ]; then
#	cd /scratch && {
#	find . ! -name . -atime +1 -execdir rm -f -- {} \;
#	find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

if [ -d /var/rwho -a ! -L /var/rwho ] ; then
	cd /var/rwho && {
	find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
fi

#find / \( ! -fstype local -o -fstype rdonly \
#		-o -fstype procfs \) -a -prune -o \
#	-name 'lost+found' -a -prune -o \
#	-name '*.core' -a -print -o \
#	\( -name '[#,]*' -o -name '.#*' -o -name a.out \
#	   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
#		-a -atime +3 -a -execdir rm -f -- {} \; -a -print > $TMP

if egrep -q '\.core$' $TMP; then
	echo ""
	echo "Possible core dumps:"
	egrep '\.core$' $TMP
fi

if egrep -qv '\.core$' $TMP; then
	echo ""
	echo "Deleted files:"
	egrep -v '\.core$' $TMP
fi

if [ -d /var/msgs -a ! -L /var/msgs ]; then
	msgs -c
fi

if [ -f /var/account/acct ]; then
	echo ""
	echo "Purging accounting records:"
	mv -f /var/account/acct.2 /var/account/acct.3
	mv -f /var/account/acct.1 /var/account/acct.2
	mv -f /var/account/acct.0 /var/account/acct.1
	cp -f /var/account/acct /var/account/acct.0
	sa -sq
fi

# If ROOTBACKUP is set to 1 in the environment, and
# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
# use it as a backup root filesystem to be updated daily.
[ "X$ROOTBACKUP" = X1 ] && {
	rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'`
	rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
	    $4 ~ /xx/ \
		{ print substr($1, 6) }' < /etc/fstab`
	[ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && {
		sync
		echo ""
		echo "Backing up root filesystem:"
		echo "copying /dev/r$rootdev to /dev/r$rootbak"
		dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
			conv=noerror
		fsck -y /dev/r$rootbak
	}
}

# Rotation of mail log now handled automatically by cron and 'newsyslog'

echo ""
echo "Checking subsystem status:"
echo ""
echo "disks:"
df -kl
echo ""
dump W
echo ""

mailq > $TMP
if ! grep -q "^/var/spool/mqueue is empty$" $TMP; then
	echo ""
	echo "mail:"
	cat $TMP
fi

echo ""
echo "network:"
netstat -ivn
echo ""

t=/var/rwho/*
if [ "$t" != '/var/rwho/*' ]; then
	echo ""
	ruptime
fi

echo ""
if [ -d /var/yp/binding -a ! -d /var/yp/`domainname` -o "X$CALENDAR" = X0 ]
then
	if [ "X$CALENDAR" = X0 ]; then
		echo "Not running calendar, (disabled)."
	else
		echo "Not running calendar, (yp client)."
	fi
else
	echo "Running calendar in the background."
	calendar -a &
fi

# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
# with the no-write flag.
[ "X$CHECKFILESYSTEMS" = X1 ] && {
	echo ""
	echo "Checking filesystems:"
	fsck -n | grep -v '^\*\* Phase'
}

if [ -f /etc/Distfile ]; then
	echo ""
	echo "Running rdist:"
	if [ -d /var/log/rdist ]; then
		logf=`date +%Y.%b.%e`
		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
	else
		rdist -f /etc/Distfile
	fi
fi

sh /etc/security 2>&1 > $OUT
if [ -s $OUT ]; then
    mail -s "`hostname` daily insecurity output" root < $OUT
fi