diff options
| author | brian <brian@FreeBSD.org> | 2000-09-14 17:19:15 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2000-09-14 17:19:15 +0000 |
| commit | 4484d23ba731b5a116bedf7b28421514aa70f53b (patch) | |
| tree | c37ec10ec51a7430c5a8044972107e92a18f16b0 | |
| parent | d63a19c1e21807290eba99997d2935286893fede (diff) | |
| download | FreeBSD-src-4484d23ba731b5a116bedf7b28421514aa70f53b.zip FreeBSD-src-4484d23ba731b5a116bedf7b28421514aa70f53b.tar.gz | |
Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.
It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.
The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).
PR: 21250
39 files changed, 824 insertions, 250 deletions
diff --git a/etc/crontab b/etc/crontab index d27c48a..49076d0 100644 --- a/etc/crontab +++ b/etc/crontab @@ -14,9 +14,9 @@ HOME=/var/log 0 * * * * root newsyslog # # do daily/weekly/monthly maintenance -59 1 * * * root periodic daily 2>&1 | sendmail root -30 3 * * 6 root periodic weekly 2>&1 | sendmail root -30 5 1 * * root periodic monthly 2>&1 | sendmail root +59 1 * * * root periodic daily +30 3 * * 6 root periodic weekly +30 5 1 * * root periodic monthly # # time zone change adjustment for wall cmos clock, # does nothing, if you have UTC cmos clock. diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 2ad0e50..c50d28a 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # Daily options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + # 100.clean-disks daily_clean_disks_enable="NO" # Delete files daily daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" @@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group daily_backup_aliases_enable="YES" # Backup mail aliases # 220.backup-distfile -daily_backup_distfile_enable="YES" # Backup distfile +daily_backup_distfile_enable="YES" # rdist /etc/Distfile # 300.calendar daily_calendar_enable="NO" # Run calendar -a @@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts # Weekly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + # 120.clean-kvmdb weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly weekly_clean_kvmdb_days=7 # If not accessed for @@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts # Monthly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + # 200.accounting monthly_accounting_enable="YES" # Login accounting diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 131d626..47ff2e1 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -14,3 +14,6 @@ /var/log/ppp.log 600 3 100 * Z /var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B +/var/log/daily.log 640 7 * @T00 Z +/var/log/weekly.log 640 5 1 $W6D0 Z +/var/log/monthly.log 640 12 * $M1D0 Z diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks index 6f95a69..e225237 100755 --- a/etc/periodic/daily/100.clean-disks +++ b/etc/periodic/daily/100.clean-disks @@ -15,8 +15,18 @@ fi case "$daily_clean_disks_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ] + if [ -z "$daily_clean_disks_days" ] then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_days is not' + rc=2 + elif [ -z "$daily_clean_disks_files" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_files is not' + are misconfigured + rc=2 + else echo "" echo "Removing old temporary files:" set -f noglob @@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in print=;; esac - find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ - \( $args \) -atime +$daily_clean_disks_days -delete $print + rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ + \( $args \) -atime +$daily_clean_disks_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps index 0ae223b..b6a4795 100755 --- a/etc/periodic/daily/110.clean-tmps +++ b/etc/periodic/daily/110.clean-tmps @@ -16,8 +16,12 @@ fi case "$daily_clean_tmps_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_tmps_days" ] + if [ -z "$daily_clean_tmps_days" ] then + echo '$daily_clean_tmps_enable is set but' \ + '$daily_clean_tmps_days is not' + rc=2 + else echo "" echo "Removing old temporary files:" @@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in print=;; esac - for dir in $daily_clean_tmps_dirs - do - [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { - find -d . -type f $args -delete $print - find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \ - -delete $print - } | sed "s,^\\., $dir," - done + rc=$(for dir in $daily_clean_tmps_dirs + do + [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { + find -d . -type f $args -delete $print + find -d . ! -name . -type d -mtime \ + +$daily_clean_tmps_days -delete $print + } | sed "s,^\\., $dir," + done | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve index 2230a03..d5b34a1 100755 --- a/etc/periodic/daily/120.clean-preserve +++ b/etc/periodic/daily/120.clean-preserve @@ -15,20 +15,39 @@ fi case "$daily_clean_preserve_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ] + if [ -z "$daily_clean_preserve_days" ] then + echo '$daily_clean_preserve_enable is set but' \ + '$daily_clean_preserve_days is not' + rc=2 + elif [ ! -d /var/preserve ] + then + echo '$daily_clean_preserve_enable is set but /var/preserve' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/preserve:" - case "$daily_clean_preserve_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac + if cd /var/preserve + then + case "$daily_clean_preserve_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac - cd /var/preserve && - find . ! -name . -mtime +$daily_clean_preserve_days \ - -delete $print + rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs index c12cba9..b7890db 100755 --- a/etc/periodic/daily/130.clean-msgs +++ b/etc/periodic/daily/130.clean-msgs @@ -15,13 +15,21 @@ fi case "$daily_clean_msgs_enable" in [Yy][Ee][Ss]) - if [ -d /var/msgs ] + if [ ! -d /var/msgs ] then + echo '$daily_clean_msgs_enable is set but /var/msgs' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning out old system announcements:" [ -n "$daily_clean_msgs_days" ] && arg=-${daily_clean_msgs_days#-} || arg= - msgs -c $arg + msgs -c $arg && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho index 9504f81..9645d7e 100755 --- a/etc/periodic/daily/140.clean-rwho +++ b/etc/periodic/daily/140.clean-rwho @@ -15,8 +15,17 @@ fi case "$daily_clean_rwho_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ] + if [ -z "$daily_clean_rwho_days" ] then + echo '$daily_clean_rwho_enable is enabled but' \ + '$daily_clean_rwho_days is not set' + rc=2 + elif [ ! -d /var/rwho ] + then + echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/rwho:" @@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in print=;; esac - cd /var/rwho && - find . ! -name . -mtime +$daily_clean_rwho_days -delete $print + if cd /var/rwho + then + rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat index 85c1e67..952d96a 100755 --- a/etc/periodic/daily/150.clean-hoststat +++ b/etc/periodic/daily/150.clean-hoststat @@ -15,8 +15,17 @@ fi case "$daily_clean_hoststat_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ] + if [ -z "$daily_clean_hoststat_days" ] then + echo '$daily_clean_hoststat_enable is enabled but' \ + '$daily_clean_hoststat_days is not set' + rc=2 + elif [ ! -d /var/spool/.hoststat ] + then + echo '$daily_clean_hoststat_enable is enabled but' \ + "/var/spool/.hoststat doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/spool/.hoststat:" @@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in print=;; esac - cd /var/hoststat && - find . ! -name . -mtime +$daily_clean_hoststat_days \ - -delete $print + if cd /var/hoststat + then + rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd index b8858e7..865a197 100755 --- a/etc/periodic/daily/200.backup-passwd +++ b/etc/periodic/daily/200.backup-passwd @@ -13,47 +13,65 @@ fi case "$daily_backup_passwd_enable" in [Yy][Ee][Ss]) - if [ -f /etc/master.passwd -o -f /etc/group ] + if [ ! -f /etc/master.passwd ] then + echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/group ] + then + echo '$daily_backup_passwd_enable" is set but /etc/group' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backup passwd and group files:" if [ ! -f $bak/master.passwd.bak ] then + rc=1 echo "no $bak/master.passwd.bak" - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if ! cmp -s $bak/master.passwd.bak /etc/master.passwd then + [ $rc -lt 1 ] && rc=1 echo "$host passwd diffs:" diff $bak/master.passwd.bak /etc/master.passwd |\ sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' mv $bak/master.passwd.bak $bak/master.passwd.bak2 - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if [ ! -f $bak/group.bak ] then + [ $rc -lt 1 ] && rc=1 echo "no $bak/group.bak" - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if ! cmp -s $bak/group.bak /etc/group then + [ $rc -lt 1 ] && rc=1 echo "$host group diffs:" diff $bak/group.bak /etc/group mv $bak/group.bak $bak/group.bak2 - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if [ -f /etc/group ] then echo "" echo "Verifying group file syntax:" - chkgrp /etc/group + chkgrp /etc/group || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases index 0b5206e..fe17038 100755 --- a/etc/periodic/daily/210.backup-aliases +++ b/etc/periodic/daily/210.backup-aliases @@ -13,9 +13,14 @@ fi case "$daily_backup_aliases_enable" in [Yy][Ee][Ss]) - if [ -f /etc/mail/aliases ] + if [ ! -f /etc/mail/aliases ] then + echo '$daily_backup_aliases_enable is enabled but' \ + "/etc/mail/aliases doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up mail aliases:" @@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in if [ ! -f $bak/aliases.bak ] then echo "no $bak/aliases.bak" - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi if ! cmp -s $bak/aliases.bak /etc/mail/aliases then + [ $rc -lt 1 ] && rc=1 echo "$host aliases diffs:" diff -u $bak/aliases.bak /etc/mail/aliases mv $bak/aliases.bak $bak/aliases.bak2 - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/220.backup-distfile b/etc/periodic/daily/220.backup-distfile index 37efaea..93d7660 100755 --- a/etc/periodic/daily/220.backup-distfile +++ b/etc/periodic/daily/220.backup-distfile @@ -13,17 +13,27 @@ fi case "$daily_backup_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_backup_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up /etc/Distfile:" if ! cmp -s $bak/Distfile.bak /etc/Distfile then + rc=1 mv $bak/Distfile.bak $bak/Distfile.bak2 - cp /etc/Distfile $bak/Distfile.bak + cp /etc/Distfile $bak/Distfile.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar index a921bcf..cc12097 100755 --- a/etc/periodic/daily/300.calendar +++ b/etc/periodic/daily/300.calendar @@ -18,11 +18,12 @@ fi case "$daily_calendar_enable" in [Yy][Ee][Ss]) - if [ -f /usr/bin/calendar ] - then - echo "" - echo "Running calendar:" + echo "" + echo "Running calendar:" - calendar -a - fi;; + calendar -a && rc=0 || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting index 2baf232..c510a94 100755 --- a/etc/periodic/daily/310.accounting +++ b/etc/periodic/daily/310.accounting @@ -13,26 +13,35 @@ fi case "$daily_accounting_enable" in [Yy][Ee][Ss]) - if [ -f /var/account/acct ] + if [ ! -f /var/account/acct ] then + echo '$daily_accounting_enable is set but /var/account/acct' \ + "doesn't exist" + rc=2 + else echo "" echo "Rotating accounting logs and gathering statistics:" cd /var/account + rc=0 - rm -f acct.3.gz acct.3 - [ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz - [ -f acct.2 ] && mv -f acct.2 acct.3 - [ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz - [ -f acct.1 ] && mv -f acct.1 acct.2 - [ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz - [ -f acct.0 ] && mv -f acct.0 acct.1 - cp -pf acct acct.0 - sa -s >/dev/null + rm -f acct.3.gz acct.3 || rc=3 + [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; } + [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; } + [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; } + [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; } + [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; } + [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; } + cp -pf acct acct.0 || rc=3 + sa -s >/dev/null || rc=3 case "$daily_accounting_compress" in [Yy][Ee][Ss]) - gzip -f acct.0;; + gzip -f acct.0 || rc=3;; esac fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/320.rdist b/etc/periodic/daily/320.rdist index 0095ae6..11ec190 100755 --- a/etc/periodic/daily/320.rdist +++ b/etc/periodic/daily/320.rdist @@ -13,11 +13,19 @@ fi case "$daily_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else echo "" echo "Running rdist with /etc/Distfile:" - rdist -f /etc/Distfile + rdist -f /etc/Distfile && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news index dc3a3bf..ec06437 100755 --- a/etc/periodic/daily/330.news +++ b/etc/periodic/daily/330.news @@ -16,11 +16,19 @@ fi case "$daily_news_expire_enable" in [Yy][Ee][Ss]) - if [ -f /etc/news.expire ] + if [ ! -f /etc/news.expire ] then + echo '$daily_news_expire_enable is set but /etc/news.expire' \ + "doesn't exist" + rc=2 + else echo "" echo "Running news.expire:" - /etc/news.expire + /etc/news.expire && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/340.uucp b/etc/periodic/daily/340.uucp index 178fa63..120c874 100755 --- a/etc/periodic/daily/340.uucp +++ b/etc/periodic/daily/340.uucp @@ -16,11 +16,24 @@ fi case "$daily_uuclean_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_uuclean_enable is set, but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/uuclean.daily ] + then + echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /etc/uuclean.daily | su -m uucp + echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks index f6147b1..6d6ebac 100755 --- a/etc/periodic/daily/400.status-disks +++ b/etc/periodic/daily/400.status-disks @@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in echo "" echo "Disk status:" - df $daily_status_disks_df_flags + df $daily_status_disks_df_flags && rc=0 || rc=3 # display which filesystems need backing up echo "" - dump W;; + dump W || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/410.status-uucp b/etc/periodic/daily/410.status-uucp index 5336477..96b52ec 100755 --- a/etc/periodic/daily/410.status-uucp +++ b/etc/periodic/daily/410.status-uucp @@ -13,11 +13,24 @@ fi case "$daily_status_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -x /usr/bin/uustat ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_status_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/bin/uustat ] + then + echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \ + "isn't executable" + rc=2 + else echo "" echo "UUCP status:" - uustat -a + uustat -a && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network index 6805361..8399cf7 100755 --- a/etc/periodic/daily/420.status-network +++ b/etc/periodic/daily/420.status-network @@ -13,16 +13,17 @@ fi case "$daily_status_network_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/netstat ] - then - echo "" - echo "Network interface status:" + echo "" + echo "Network interface status:" - case "$daily_status_network_usedns" in - [Yy][Ee][Ss]) - netstat -i;; - *) - netstat -in;; - esac - fi;; + case "$daily_status_network_usedns" in + [Yy][Ee][Ss]) + netstat -i && rc=0 || rc=3;; + *) + netstat -in && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho index 728f4b2..4476136 100755 --- a/etc/periodic/daily/430.status-rwho +++ b/etc/periodic/daily/430.status-rwho @@ -14,14 +14,25 @@ fi case "$daily_status_rwho_enable" in [Yy][Ee][Ss]) rwho=$(echo /var/rwho/*) - if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ] + if [ -f "${rwho%% *}" ] then echo "" echo "Local network system status:" - ruptime + prog=ruptime else echo "" echo "Local system status:" - uptime + prog=uptime + fi + rc=$($prog | tee /dev/stderr | wc -l) + if [ $? -eq 0 ] + then + [ $rc -gt 1 ] && rc=1 + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index fd2a443..17bc710 100755 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -13,21 +13,35 @@ fi case "$daily_status_mailq_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ] + if [ ! -x /usr/bin/mailq ] then + echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + "isn't executable" + rc=2 + elif [ ! -d /var/spool/mqueue ] + then + echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \ + "doesn't exist" + rc=2 + else echo "" echo "Mail in local queue:" - case "$daily_status_mailq_shorten" in + rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) - mailq | + rc=$(mailq | perl -ne 'print if /^\s+\S+@/' | sort | uniq -c | sort -nr | - awk '$1 > 1 {print $1, $2}';; + awk '$1 > 1 {print $1, $2}');; *) mailq;; - esac + esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l) + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security index 8ca962d..61fcf8b 100755 --- a/etc/periodic/daily/450.status-security +++ b/etc/periodic/daily/450.status-security @@ -13,30 +13,33 @@ fi case "$daily_status_security_enable" in [Yy][Ee][Ss]) - if [ -f /etc/security -a -x /usr/sbin/sendmail ] - then - echo "" - echo "Security check:" - - case "$daily_status_security_noamd" in - [Yy][Ee][Ss]) - args=-a;; - *) - args=;; - esac - - case "$daily_status_security_nomfs" in - [Yy][Ee][Ss]) - args="$args -m";; - esac - - case "$daily_status_security_inline" in - [Yy][Ee][Ss]) - sh /etc/security -s $args;; - - *) + echo "" + echo "Security check:" + + case "$daily_status_security_noamd" in + [Yy][Ee][Ss]) + args=-a;; + *) + args=;; + esac + + case "$daily_status_security_nomfs" in + [Yy][Ee][Ss]) + args="$args -m";; + esac + + case "$daily_status_security_inline" in + [Yy][Ee][Ss]) + sh /etc/security -s $args + rc=$?;; + + *) echo " (output mailed separately)" - sh /etc/security $args 2>&1 | sendmail root;; - esac - fi;; + sh /etc/security $args 2>&1 | + sendmail root && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index 7d6ef1a..22eae94 100755 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -13,15 +13,28 @@ fi case "$daily_status_mail_rejects_enable" in [Yy][Ee][Ss]) - if [ -d /etc/mail -a -f /var/log/maillog -a \ - "$daily_status_mail_rejects_logs" -gt 0 ] + if [ ! -d /etc/mail ] then + echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + "doesn't exist" + rc=2 + elif [ ! -f /var/log/maillog ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + "/var/log/maillog doesn't exist" + rc=2 + elif [ "$daily_status_mail_rejects_logs" -le 0 ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + '$daily_status_mail_rejects_logs is not greater than zero' + rc=2 + else echo echo Checking for rejected mail hosts: start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` n=$(($daily_status_mail_rejects_logs - 2)) - { + rc=$({ while [ $n -ge 0 ] do if [ -f /var/log/maillog.$n ] @@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in } | perl -ne "print \"\$2\n\" if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | - sort | uniq -c | sort -nr + sort | uniq -c | sort -nr | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local index 307ff19..099f293 100755 --- a/etc/periodic/daily/999.local +++ b/etc/periodic/daily/999.local @@ -14,6 +14,7 @@ then source_periodic_confs fi +rc=0 for script in $daily_local do case "$script" in @@ -23,7 +24,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting index 5444ea8..f808bbf 100755 --- a/etc/periodic/monthly/200.accounting +++ b/etc/periodic/monthly/200.accounting @@ -14,14 +14,20 @@ fi case "$monthly_accounting_enable" in [Yy][Ee][Ss]) W=/var/log/wtmp - if [ -f $W.0 ] + if [ ! -f $W.0 ] then - if [ -x /usr/sbin/ac ] - then - echo "" - echo "Doing login accounting:" + echo '$monthly_accounting_enable is set but' \ + "$W.0 doesn't exist" + rc=2 + else + echo "" + echo "Doing login accounting:" - ac -p -w $W.0 | sort -nr +1 - fi + rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local index b5d8aed..a70a14f 100755 --- a/etc/periodic/monthly/999.local +++ b/etc/periodic/monthly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $monthly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/weekly/120.clean-kvmdb b/etc/periodic/weekly/120.clean-kvmdb index dbc8f4e..603e70b 100755 --- a/etc/periodic/weekly/120.clean-kvmdb +++ b/etc/periodic/weekly/120.clean-kvmdb @@ -12,8 +12,17 @@ fi case "$weekly_clean_kvmdb_enable" in [Yy][Ee][Ss]) - if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ] + if [ ! -d /var/db ] then + echo '$weekly_clean_kvmdb_enable is set but /var/db' \ + "doesn't exist" + rc=2 + elif [ -z "$weekly_clean_kvmdb_days" ] + then + echo '$weekly_clean_kvmdb_enable is set but' \ + '$weekly_clean_kvmdb_days is not' + rc=2 + else echo "" echo "Cleaning up kernel database files:" @@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in print=;; esac - find /var/db -name "kvm_*.db" ! -name $kernel \ - -atime +$weekly_clean_kvmdb_days -delete $print + rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \ + -atime +$weekly_clean_kvmdb_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/300.uucp b/etc/periodic/weekly/300.uucp index 3370158..1d146bc 100755 --- a/etc/periodic/weekly/300.uucp +++ b/etc/periodic/weekly/300.uucp @@ -15,11 +15,24 @@ fi case "$weekly_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ] + if [ ! -d /var/spool/uucp ] then + echo '$weekly_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/libexec/uucp/clean.weekly ] + then + echo '$weekly_uucp_enable is set but' \ + "/usr/libexec/uucp/clean.weekly isn't executable" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /usr/libexec/uucp/clean.weekly | su daemon + echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate index 53d3d80..e6921ab 100755 --- a/etc/periodic/weekly/310.locate +++ b/etc/periodic/weekly/310.locate @@ -13,19 +13,20 @@ fi case "$weekly_locate_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/locate.updatedb -a -f $locdb ] - then - echo "" - echo "Rebuilding locate database:" + echo "" + echo "Rebuilding locate database:" - locdb=/var/db/locate.database + locdb=/var/db/locate.database - touch $locdb - chown nobody $locdb - chmod 644 $locdb + touch $locdb && rc=0 || rc=3 + chown nobody $locdb || rc=3 + chmod 644 $locdb || rc=3 - cd / - echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody - chmod 444 $locdb - fi;; + cd / + echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3 + chmod 444 $locdb || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis index 123be96..6af7747 100755 --- a/etc/periodic/weekly/320.whatis +++ b/etc/periodic/weekly/320.whatis @@ -13,34 +13,39 @@ fi case "$weekly_whatis_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ] - then - echo "" - echo "Rebuilding whatis database:" + echo "" + echo "Rebuilding whatis database:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ] + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] then - if [ "x${MANPATH}" = "x" ] - then - echo "manpath failed to find any manpage directories" - else - man_locales=`/usr/bin/manpath -qL` + echo "manpath failed to find any manpage directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 - # Build whatis(1) database(s) for original, non-localized - # manpages. - /usr/libexec/makewhatis.local "${MANPATH}" + # Build whatis(1) database(s) for original, non-localized + # manpages. + /usr/libexec/makewhatis.local "${MANPATH}" || rc=3 - # Build whatis(1) database(s) for localized manpages. - if [ X"${man_locales}" != X ] - then - for i in ${man_locales} - do - LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ - -L "${MANPATH}" - done - fi + # Build whatis(1) database(s) for localized manpages. + if [ X"${man_locales}" != X ] + then + for i in ${man_locales} + do + LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ + -L "${MANPATH}" || rc=3 + done fi fi + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman index e446dd2..999913f 100755 --- a/etc/periodic/weekly/330.catman +++ b/etc/periodic/weekly/330.catman @@ -13,34 +13,46 @@ fi case "$weekly_catman_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \ - -x /usr/bin/manpath ] + if [ ! -d /usr/share/man/cat1 ] then + echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + "doesn't exist" + rc=2 + else echo "" echo "Reformatting manual pages:" MANPATH=`/usr/bin/manpath -q` if [ $? = 0 ] then - if [ "x${MANPATH}" = "x" ] + if [ -z "${MANPATH}" ] then echo "manpath failed to find any manpath directories" + rc=3 else man_locales=`/usr/bin/manpath -qL` + rc=0 # Preformat original, non-localized manpages - echo /usr/libexec/catman.local "$MANPATH" | su -fm man + echo /usr/libexec/catman.local "$MANPATH" | + su -fm man || rc=3 # Preformat localized manpages. - if [ X"$man_locales" != X ] + if [ -n "$man_locales" ] then for i in $man_locales do LC_CTYPE=$i echo /usr/libexec/catman.local -L \ - "$MANPATH" | su -fm man + "$MANPATH" | su -fm man || rc=3 done fi fi + else + rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid index 7ad71ea..7b56f01 100644 --- a/etc/periodic/weekly/340.noid +++ b/etc/periodic/weekly/340.noid @@ -16,6 +16,12 @@ case "$weekly_noid_enable" in echo "" echo "Check for files with an unknown user or group:" - find -H ${weekly_noid_dirs:-/} -fstype local \ - \( -nogroup -o -nouser \) -print | sed 's/^/ /';; + rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \ + \( -nogroup -o -nouser \) -print | sed 's/^/ /' | + tee /dev/stderr | wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg index aac228b..050b47b 100755 --- a/etc/periodic/weekly/400.status-pkg +++ b/etc/periodic/weekly/400.status-pkg @@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in echo "" echo "Check for out of date packages:" - pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';; + rc=$(pkg_version -v | + sed -n 's/^\([^ ]*\) *< */ \1 /p' | + tee /dev/stderr | + wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local index efab6f4..f8b74d2 100755 --- a/etc/periodic/weekly/999.local +++ b/etc/periodic/weekly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $weekly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/security b/etc/security index 78a885c..0e32b3f 100644 --- a/etc/security +++ b/etc/security @@ -5,12 +5,21 @@ # PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL +rc=0 +LOG=/var/log +TMP=/var/run/_secure.$$ separator () { echo '' echo '' } +catmsgs() { + [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz + [ -f $LOG/messages.0 ] && cat $LOG/messages.0 + [ -f $LOG/messages ] && cat $LOG/messages +} + sflag=FALSE ignore= while getopts ams c do @@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "` host=`hostname` [ $sflag = FALSE ] && echo "Subject: ${host} security check output" -LOG=/var/log -TMP=/var/run/_secure.$$ - umask 027 echo "checking setuid files and devices:" @@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP} if [ ! -f ${LOG}/setuid.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/setuid.today" - cp ${TMP} ${LOG}/setuid.today + cp ${TMP} ${LOG}/setuid.today || rc=3 fi if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} setuid diffs:" diff -w ${LOG}/setuid.today ${TMP} - mv ${LOG}/setuid.today ${LOG}/setuid.yesterday - mv ${TMP} ${LOG}/setuid.today + mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 + mv ${TMP} ${LOG}/setuid.today || rc=3 fi # Show changes in the way filesystems are mounted @@ -66,42 +74,52 @@ fi [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat if mount -p | $cmd > $TMP; then if [ ! -f $LOG/mount.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no $LOG/mount.today" - cp $TMP $LOG/mount.today + cp $TMP $LOG/mount.today || rc=3 fi if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "$host changes in mounted filesystems:" diff -b $LOG/mount.today $TMP - mv $LOG/mount.today $LOG/mount.yesterday - mv $TMP $LOG/mount.today + mv $LOG/mount.today $LOG/mount.yesterday || rc=3 + mv $TMP $LOG/mount.today || rc=3 fi fi separator echo "checking for uids of 0:" -awk -F: '$3==0 {print $1,$3}' /etc/master.passwd +n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd | + tee /dev/stderr | + sed -e '/^root 0$/d' -e '/^toor 0$/d' | + wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 separator echo "checking for passwordless accounts:" -awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd +n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | + tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show denied packets # if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ipfw.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/ipfw.today" - cp ${TMP} ${LOG}/ipfw.today + cp ${TMP} ${LOG}/ipfw.today || rc=3 fi if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} denied packets:" diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday - mv ${TMP} ${LOG}/ipfw.today + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3 + mv ${TMP} ${LOG}/ipfw.today || rc=3 fi fi @@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s "${TMP}" ]; then + [ $rc -lt 1 ] && rc=1 separator echo "ipfw log limit reached:" cat ${TMP} @@ -122,17 +141,19 @@ fi # if dmesg 2>/dev/null > ${TMP}; then if [ ! -f ${LOG}/dmesg.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/dmesg.today" - cp ${TMP} ${LOG}/dmesg.today + cp ${TMP} ${LOG}/dmesg.today || rc=3 fi if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} kernel log messages:" diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday - mv ${TMP} ${LOG}/dmesg.today + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3 + mv ${TMP} ${LOG}/dmesg.today || rc=3 fi fi @@ -140,12 +161,16 @@ fi # separator echo "${host} login failures:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure" +n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect" +n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} + +exit $rc diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5 index 3b3219d..5e085d7 100644 --- a/share/man/man5/periodic.conf.5 +++ b/share/man/man5/periodic.conf.5 @@ -48,13 +48,84 @@ file. is actually sourced as a shell script from each of the periodic scripts and is intended to simply provide default configuration variables. .Pp -The following list provides a name and short description for each -variable you can set in the -.Nm -file. +The following variables are used by +.Xr periodic 8 +itself: .Bl -tag -offset 4n -width 2n .It Ar local_periodic (str) List of directories to search for periodic scripts. +This list is always prefixed with +.Pa /etc/periodic , +and is only used when an argument to +.Xr periodic 8 +is not an absolute directory name. +.It Ar dir Ns No _output +(path or list) What to do with the output of the scripts envoked from +the directory +.Ar dir . +If this variable is set to an absolute path name, output is logged to +that file, otherwise it is taken as one or more space seperated email +addresses and mailed to those users. +If this variable is not set, it defaults to +.Dq root . +.Pp +For an unattended machine, suitable values for +.Ar $daily_output , +.Ar $weekly_output , +and +.Ar $monthly_output +might be +.Dq /var/log/daily.log , +.Dq /var/log/weekly.log , +and +.Dq /var/log/monthly.log +respectively, as +.Xr newsyslog 8 +will rotate these files (if they exists) at the appropriate times. +.It Ar dir Ns No _show_success +.It Ar dir Ns No _show_info +.It Ar dir Ns No _show_badconfig +(bool) These variables control whether +.Xr periodic 8 +will mask the output of the envoked scripts based on their return code +(where +.Ar dir +is the base directory name in which each script resides). +If the return code of a script is +.Sq 0 +and +.Ar dir Ns No _show_success is set to +.Dq NO , +.Xr periodic 8 +will mask the script's output. +If the return code of a script is +.Sq 1 +and +.Ar dir Ns No _show_info is set to +.Dq NO , +.Xr periodic 8 +will mask the script's output. +If the return code of a script is +.Sq 2 +and +.Ar dir Ns No _show_badconfig is set to +.Dq NO , +.Xr periodic 8 +will mask the script's output. +If these variables are set to neither +.Dq YES +nor +.Dq NO , +the default to +.Dq YES , +.Dq YES +and +.Dq NO +respectively. +.Pp +Refer to the +.Xr periodic 8 +man page for how script return codes are interpreted. .El .B Daily variables .Pp @@ -433,11 +504,12 @@ is shared or distributed. .Xr chkgrp 8 , .Xr dump 8 , .Xr mfs 8 . +.Xr newsyslog 8 . .Xr periodic 8 . .Sh HISTORY The .Nm file appeared in -.Fx 5.0 . +.Fx 4.1 . .Sh AUTHORS .An Brian Somers Aq brian@Awfulhak.org . diff --git a/usr.sbin/periodic/periodic.8 b/usr.sbin/periodic/periodic.8 index 4d3d3ea..4ab3dec 100644 --- a/usr.sbin/periodic/periodic.8 +++ b/usr.sbin/periodic/periodic.8 @@ -33,17 +33,14 @@ run periodic system functions .Sh SYNOPSIS .Nm periodic -.Ao -.Cm daily | weekly | monthly | -.Ar path Op path ... -.Ac +.Ar directory Ns No ... .Sh DESCRIPTION The .Nm program is intended to be called by cron(8) to execute shell scripts located in the specified directory. .Pp -One, and only one, of the following arguments should be specified: +One or more of the following arguments must be specified: .Bl -tag -width Fl .It Cm daily Perform the standard daily periodic executable run. @@ -55,14 +52,89 @@ This usually occurs on Sunday mornings. Perform the standard monthly periodic executable run. This usually occurs on the first day of the month. .It Ar path -An absolute path to a directory containing a set of executables to be run. +An arbitrary directory containing a set of executables to be run. .El .Pp +If an argument is an absolute directory name it is used as is, otherwise +it is searched for under +.Pa /etc/periodic +and any other directories specified by the +.Va local_periodic +setting in +.Xr periodic.conf 5 +(see below). +.Pp The .Nm program will run each executable file in the directory or directories -specified. If a file does not have the executable bit set, it will be -ignored silently. +specified. +If a file does not have the executable bit set, it is silently ignored. +.Pp +Each script is required to exit with one of the following values: +.Bl -tag -width XXXX +.It 0 +The script has produced nothing notable in it's output. +The +.Va <basedir>_show_success +variable controls the masking of this output. +.It 1 +The script has produced some notable information in it's output. +The +.Va <basedir>_show_info +variable controls the masking of this output. +.It 2 +The script has produced some warnings due to invalid configuration settings. +The +.Va <basedir>_show_badconfig +variable controls the masking of this output. +.It >2 +The script has produced output that must not be masked. +.El +.Pp +If the relevant variable (where +.Ar <basedir> +is the base directory in which the script resides) is set to +.Dq NO +in +.Pa periodic.conf , +.Nm +will mask the script output. +If the variable is not set to either +.Dq YES +or +.Dq NO , +it will be given a default value as described in +.Xr periodic.conf 5 . +.Pp +All remaining script output is delivered based on the value of the +.Va <basedir>_output +setting. +.Pp +If this is set to a path name (beginning with a +.Dq / +Character), output is simply logged to that file. +.Xr newsyslog 8 +knows about the files +.Pa /var/log/daily.log , +.Pa /var/log/weekly.log +and +.Pa /var/log/monthly.log , +and if they exist, it will rotate them at the appropriate times. +These are therefore good values if you wish to log +.Nm +output. +.Pp +If the +.Va <basedir>_output +value does not begin with a +.Dq / , +it is assumed to contain a list of email addresses, and the output is +mailed to them. +.Pp +If +.Va <basedir>_output +is not set, it defaults to +.Dq root . .Sh ENVIRONMENT The .Nm @@ -89,13 +161,16 @@ subdirectories which contain standard system periodic executables. .It Pa /etc/defaults/periodic.conf The .Pa periodic.conf -system registry contains a variable -.Va local_periodic -which may be configured to specify additional top level standard -periodic directories, such as -.Pa /usr/local/etc/periodic +system registry contains variables that control the behaviour of +.Nm +and the standard +.Pa daily , +.Pa weekly , and -.Pa /usr/X11R6/etc/periodic . +.Pa monthly +scripts. +.It Pa /etc/periodic.conf +This file contains local overrides for the default periodic configuration. .El .Sh EXAMPLES The system crontab should have entries for @@ -103,22 +178,40 @@ The system crontab should have entries for similar to the following example: .Pp .Dl # do daily/weekly/monthly maintenance -.Dl 0 2 * * * root periodic daily 2>&1 -.Dl 0 3 * * 6 root periodic weekly 2>&1 -.Dl 0 5 1 * * root periodic monthly 2>&1 +.Dl 0 2 * * * root periodic daily +.Dl 0 3 * * 6 root periodic weekly +.Dl 0 5 1 * * root periodic monthly .Pp -Additionally, the +The .Pa /etc/defaults/periodic.conf system registry will typically have a .Va local_periodic variable reading: .Pp .Dl local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" +.Pp +To log +.Nm +output instead of receiving it as email, add the following lines to +.Pa /etc/periodic.conf : +.Pp +.Dl daily_output=/var/log/daily.log +.Dl weekly_output=/var/log/weekly.log +.Dl monthly_output=/var/log/monthly.log +.Pp +To only see important information from daily periodic jobs, add the +following lines to +.Pa /etc/periodic.conf : +.Pp +.Dl daily_show_success=NO +.Dl daily_show_info=NO +.Dl daily_show_badconfig=NO .Sh SEE ALSO .Xr sh 1 , .Xr crontab 5 , .Xr periodic.conf 5 , -.Xr cron 8 +.Xr cron 8 , +.Xr newsyslog 8 .Rs .Sh DIAGNOSTICS Exit status is 0 on success and 1 if the command @@ -138,3 +231,4 @@ program first appeared in .Fx 3.0 . .Sh AUTHORS .An Paul Traina Aq pst@FreeBSD.org +.An Brian Somers Aq brian@Awfulhak.org diff --git a/usr.sbin/periodic/periodic.sh b/usr.sbin/periodic/periodic.sh index 7141710..f3b5d22 100644 --- a/usr.sbin/periodic/periodic.sh +++ b/usr.sbin/periodic/periodic.sh @@ -25,43 +25,65 @@ if [ -r /etc/defaults/periodic.conf ]; then source_periodic_confs fi -dir=$1 -run=`basename $dir` +dirlist= # If a full path was not specified, check the standard cron areas -if [ "$dir" = "$run" ] ; then - dirlist="" - for top in /etc/periodic ${local_periodic} ; do - if [ -d $top/$dir ] ; then - dirlist="${dirlist} $top/$dir" - fi - done - -# User wants us to run stuff in a particular directory -else - for dir in $* ; do - if [ ! -d $dir ] ; then - echo "$0: $dir not found" 1>&2 - exit 1 - fi - done - - dirlist="$*" -fi +for dir +do + case "$dir" in + /*) + if [ -d "$dir" ] + then + dirlist="$dirlist $dir" + else + echo "$0: $dir not found" >&2 + fi;; + *) + for top in /etc/periodic ${local_periodic} + do + [ -d $top/$dir ] && dirlist="$dirlist $top/$dir" + done;; + esac +done host=`hostname` export host -echo "Subject: $host $run run output" +tmp_output=/var/run/periodic.$$ # Execute each executable file in the directory list. If the x bit is not # set, assume the user didn't really want us to muck with it (it's a # README file or has been disabled). -for dir in $dirlist ; do - for file in $dir/* ; do - if [ -x $file -a ! -d $file ] ; then - $file - fi +for dir in $dirlist +do + eval output=\$${dir##*/}_output + case "$output" in + /*) pipe="cat >>$output";; + *) pipe="mail -s '$host ${dir##*/} run output' ${output:-root}";; + esac + + success=YES info=YES badconfig=NO # Defaults when ${run}_* aren't YES/NO + for var in success info badconfig + do + case $(eval echo "\$${dir##*/}_show_$var") in + [Yy][Ee][Ss]) eval $var=YES;; + [Nn][Oo]) eval $var=NO;; + esac done + + for file in $dir/* + do + if [ -x $file -a ! -d $file ] + then + $file </dev/null >$tmp_output 2>&1 + case $? in + 0) [ $success = YES ] && cat $tmp_output;; + 1) [ $info = YES ] && cat $tmp_output;; + 2) [ $badconfig = YES ] && cat $tmp_output;; + *) cat $tmp_output;; + esac + rm -f $tmp_output + fi + done | eval $pipe done |
