diff options
| author | brian <brian@FreeBSD.org> | 2000-09-14 17:19:15 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2000-09-14 17:19:15 +0000 |
| commit | 4484d23ba731b5a116bedf7b28421514aa70f53b (patch) | |
| tree | c37ec10ec51a7430c5a8044972107e92a18f16b0 /etc | |
| parent | d63a19c1e21807290eba99997d2935286893fede (diff) | |
| download | FreeBSD-src-4484d23ba731b5a116bedf7b28421514aa70f53b.zip FreeBSD-src-4484d23ba731b5a116bedf7b28421514aa70f53b.tar.gz | |
Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.
It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.
The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).
PR: 21250
Diffstat (limited to 'etc')
36 files changed, 585 insertions, 199 deletions
diff --git a/etc/crontab b/etc/crontab index d27c48a..49076d0 100644 --- a/etc/crontab +++ b/etc/crontab @@ -14,9 +14,9 @@ HOME=/var/log 0 * * * * root newsyslog # # do daily/weekly/monthly maintenance -59 1 * * * root periodic daily 2>&1 | sendmail root -30 3 * * 6 root periodic weekly 2>&1 | sendmail root -30 5 1 * * root periodic monthly 2>&1 | sendmail root +59 1 * * * root periodic daily +30 3 * * 6 root periodic weekly +30 5 1 * * root periodic monthly # # time zone change adjustment for wall cmos clock, # does nothing, if you have UTC cmos clock. diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 2ad0e50..c50d28a 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # Daily options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + # 100.clean-disks daily_clean_disks_enable="NO" # Delete files daily daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" @@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group daily_backup_aliases_enable="YES" # Backup mail aliases # 220.backup-distfile -daily_backup_distfile_enable="YES" # Backup distfile +daily_backup_distfile_enable="YES" # rdist /etc/Distfile # 300.calendar daily_calendar_enable="NO" # Run calendar -a @@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts # Weekly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + # 120.clean-kvmdb weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly weekly_clean_kvmdb_days=7 # If not accessed for @@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts # Monthly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + # 200.accounting monthly_accounting_enable="YES" # Login accounting diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 131d626..47ff2e1 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -14,3 +14,6 @@ /var/log/ppp.log 600 3 100 * Z /var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B +/var/log/daily.log 640 7 * @T00 Z +/var/log/weekly.log 640 5 1 $W6D0 Z +/var/log/monthly.log 640 12 * $M1D0 Z diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks index 6f95a69..e225237 100755 --- a/etc/periodic/daily/100.clean-disks +++ b/etc/periodic/daily/100.clean-disks @@ -15,8 +15,18 @@ fi case "$daily_clean_disks_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ] + if [ -z "$daily_clean_disks_days" ] then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_days is not' + rc=2 + elif [ -z "$daily_clean_disks_files" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_files is not' + are misconfigured + rc=2 + else echo "" echo "Removing old temporary files:" set -f noglob @@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in print=;; esac - find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ - \( $args \) -atime +$daily_clean_disks_days -delete $print + rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ + \( $args \) -atime +$daily_clean_disks_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps index 0ae223b..b6a4795 100755 --- a/etc/periodic/daily/110.clean-tmps +++ b/etc/periodic/daily/110.clean-tmps @@ -16,8 +16,12 @@ fi case "$daily_clean_tmps_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_tmps_days" ] + if [ -z "$daily_clean_tmps_days" ] then + echo '$daily_clean_tmps_enable is set but' \ + '$daily_clean_tmps_days is not' + rc=2 + else echo "" echo "Removing old temporary files:" @@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in print=;; esac - for dir in $daily_clean_tmps_dirs - do - [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { - find -d . -type f $args -delete $print - find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \ - -delete $print - } | sed "s,^\\., $dir," - done + rc=$(for dir in $daily_clean_tmps_dirs + do + [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { + find -d . -type f $args -delete $print + find -d . ! -name . -type d -mtime \ + +$daily_clean_tmps_days -delete $print + } | sed "s,^\\., $dir," + done | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve index 2230a03..d5b34a1 100755 --- a/etc/periodic/daily/120.clean-preserve +++ b/etc/periodic/daily/120.clean-preserve @@ -15,20 +15,39 @@ fi case "$daily_clean_preserve_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ] + if [ -z "$daily_clean_preserve_days" ] then + echo '$daily_clean_preserve_enable is set but' \ + '$daily_clean_preserve_days is not' + rc=2 + elif [ ! -d /var/preserve ] + then + echo '$daily_clean_preserve_enable is set but /var/preserve' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/preserve:" - case "$daily_clean_preserve_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac + if cd /var/preserve + then + case "$daily_clean_preserve_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac - cd /var/preserve && - find . ! -name . -mtime +$daily_clean_preserve_days \ - -delete $print + rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs index c12cba9..b7890db 100755 --- a/etc/periodic/daily/130.clean-msgs +++ b/etc/periodic/daily/130.clean-msgs @@ -15,13 +15,21 @@ fi case "$daily_clean_msgs_enable" in [Yy][Ee][Ss]) - if [ -d /var/msgs ] + if [ ! -d /var/msgs ] then + echo '$daily_clean_msgs_enable is set but /var/msgs' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning out old system announcements:" [ -n "$daily_clean_msgs_days" ] && arg=-${daily_clean_msgs_days#-} || arg= - msgs -c $arg + msgs -c $arg && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho index 9504f81..9645d7e 100755 --- a/etc/periodic/daily/140.clean-rwho +++ b/etc/periodic/daily/140.clean-rwho @@ -15,8 +15,17 @@ fi case "$daily_clean_rwho_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ] + if [ -z "$daily_clean_rwho_days" ] then + echo '$daily_clean_rwho_enable is enabled but' \ + '$daily_clean_rwho_days is not set' + rc=2 + elif [ ! -d /var/rwho ] + then + echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/rwho:" @@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in print=;; esac - cd /var/rwho && - find . ! -name . -mtime +$daily_clean_rwho_days -delete $print + if cd /var/rwho + then + rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat index 85c1e67..952d96a 100755 --- a/etc/periodic/daily/150.clean-hoststat +++ b/etc/periodic/daily/150.clean-hoststat @@ -15,8 +15,17 @@ fi case "$daily_clean_hoststat_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ] + if [ -z "$daily_clean_hoststat_days" ] then + echo '$daily_clean_hoststat_enable is enabled but' \ + '$daily_clean_hoststat_days is not set' + rc=2 + elif [ ! -d /var/spool/.hoststat ] + then + echo '$daily_clean_hoststat_enable is enabled but' \ + "/var/spool/.hoststat doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/spool/.hoststat:" @@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in print=;; esac - cd /var/hoststat && - find . ! -name . -mtime +$daily_clean_hoststat_days \ - -delete $print + if cd /var/hoststat + then + rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd index b8858e7..865a197 100755 --- a/etc/periodic/daily/200.backup-passwd +++ b/etc/periodic/daily/200.backup-passwd @@ -13,47 +13,65 @@ fi case "$daily_backup_passwd_enable" in [Yy][Ee][Ss]) - if [ -f /etc/master.passwd -o -f /etc/group ] + if [ ! -f /etc/master.passwd ] then + echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/group ] + then + echo '$daily_backup_passwd_enable" is set but /etc/group' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backup passwd and group files:" if [ ! -f $bak/master.passwd.bak ] then + rc=1 echo "no $bak/master.passwd.bak" - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if ! cmp -s $bak/master.passwd.bak /etc/master.passwd then + [ $rc -lt 1 ] && rc=1 echo "$host passwd diffs:" diff $bak/master.passwd.bak /etc/master.passwd |\ sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' mv $bak/master.passwd.bak $bak/master.passwd.bak2 - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if [ ! -f $bak/group.bak ] then + [ $rc -lt 1 ] && rc=1 echo "no $bak/group.bak" - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if ! cmp -s $bak/group.bak /etc/group then + [ $rc -lt 1 ] && rc=1 echo "$host group diffs:" diff $bak/group.bak /etc/group mv $bak/group.bak $bak/group.bak2 - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if [ -f /etc/group ] then echo "" echo "Verifying group file syntax:" - chkgrp /etc/group + chkgrp /etc/group || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases index 0b5206e..fe17038 100755 --- a/etc/periodic/daily/210.backup-aliases +++ b/etc/periodic/daily/210.backup-aliases @@ -13,9 +13,14 @@ fi case "$daily_backup_aliases_enable" in [Yy][Ee][Ss]) - if [ -f /etc/mail/aliases ] + if [ ! -f /etc/mail/aliases ] then + echo '$daily_backup_aliases_enable is enabled but' \ + "/etc/mail/aliases doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up mail aliases:" @@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in if [ ! -f $bak/aliases.bak ] then echo "no $bak/aliases.bak" - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi if ! cmp -s $bak/aliases.bak /etc/mail/aliases then + [ $rc -lt 1 ] && rc=1 echo "$host aliases diffs:" diff -u $bak/aliases.bak /etc/mail/aliases mv $bak/aliases.bak $bak/aliases.bak2 - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/220.backup-distfile b/etc/periodic/daily/220.backup-distfile index 37efaea..93d7660 100755 --- a/etc/periodic/daily/220.backup-distfile +++ b/etc/periodic/daily/220.backup-distfile @@ -13,17 +13,27 @@ fi case "$daily_backup_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_backup_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up /etc/Distfile:" if ! cmp -s $bak/Distfile.bak /etc/Distfile then + rc=1 mv $bak/Distfile.bak $bak/Distfile.bak2 - cp /etc/Distfile $bak/Distfile.bak + cp /etc/Distfile $bak/Distfile.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar index a921bcf..cc12097 100755 --- a/etc/periodic/daily/300.calendar +++ b/etc/periodic/daily/300.calendar @@ -18,11 +18,12 @@ fi case "$daily_calendar_enable" in [Yy][Ee][Ss]) - if [ -f /usr/bin/calendar ] - then - echo "" - echo "Running calendar:" + echo "" + echo "Running calendar:" - calendar -a - fi;; + calendar -a && rc=0 || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting index 2baf232..c510a94 100755 --- a/etc/periodic/daily/310.accounting +++ b/etc/periodic/daily/310.accounting @@ -13,26 +13,35 @@ fi case "$daily_accounting_enable" in [Yy][Ee][Ss]) - if [ -f /var/account/acct ] + if [ ! -f /var/account/acct ] then + echo '$daily_accounting_enable is set but /var/account/acct' \ + "doesn't exist" + rc=2 + else echo "" echo "Rotating accounting logs and gathering statistics:" cd /var/account + rc=0 - rm -f acct.3.gz acct.3 - [ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz - [ -f acct.2 ] && mv -f acct.2 acct.3 - [ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz - [ -f acct.1 ] && mv -f acct.1 acct.2 - [ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz - [ -f acct.0 ] && mv -f acct.0 acct.1 - cp -pf acct acct.0 - sa -s >/dev/null + rm -f acct.3.gz acct.3 || rc=3 + [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; } + [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; } + [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; } + [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; } + [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; } + [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; } + cp -pf acct acct.0 || rc=3 + sa -s >/dev/null || rc=3 case "$daily_accounting_compress" in [Yy][Ee][Ss]) - gzip -f acct.0;; + gzip -f acct.0 || rc=3;; esac fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/320.rdist b/etc/periodic/daily/320.rdist index 0095ae6..11ec190 100755 --- a/etc/periodic/daily/320.rdist +++ b/etc/periodic/daily/320.rdist @@ -13,11 +13,19 @@ fi case "$daily_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else echo "" echo "Running rdist with /etc/Distfile:" - rdist -f /etc/Distfile + rdist -f /etc/Distfile && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news index dc3a3bf..ec06437 100755 --- a/etc/periodic/daily/330.news +++ b/etc/periodic/daily/330.news @@ -16,11 +16,19 @@ fi case "$daily_news_expire_enable" in [Yy][Ee][Ss]) - if [ -f /etc/news.expire ] + if [ ! -f /etc/news.expire ] then + echo '$daily_news_expire_enable is set but /etc/news.expire' \ + "doesn't exist" + rc=2 + else echo "" echo "Running news.expire:" - /etc/news.expire + /etc/news.expire && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/340.uucp b/etc/periodic/daily/340.uucp index 178fa63..120c874 100755 --- a/etc/periodic/daily/340.uucp +++ b/etc/periodic/daily/340.uucp @@ -16,11 +16,24 @@ fi case "$daily_uuclean_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_uuclean_enable is set, but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/uuclean.daily ] + then + echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /etc/uuclean.daily | su -m uucp + echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks index f6147b1..6d6ebac 100755 --- a/etc/periodic/daily/400.status-disks +++ b/etc/periodic/daily/400.status-disks @@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in echo "" echo "Disk status:" - df $daily_status_disks_df_flags + df $daily_status_disks_df_flags && rc=0 || rc=3 # display which filesystems need backing up echo "" - dump W;; + dump W || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/410.status-uucp b/etc/periodic/daily/410.status-uucp index 5336477..96b52ec 100755 --- a/etc/periodic/daily/410.status-uucp +++ b/etc/periodic/daily/410.status-uucp @@ -13,11 +13,24 @@ fi case "$daily_status_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -x /usr/bin/uustat ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_status_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/bin/uustat ] + then + echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \ + "isn't executable" + rc=2 + else echo "" echo "UUCP status:" - uustat -a + uustat -a && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network index 6805361..8399cf7 100755 --- a/etc/periodic/daily/420.status-network +++ b/etc/periodic/daily/420.status-network @@ -13,16 +13,17 @@ fi case "$daily_status_network_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/netstat ] - then - echo "" - echo "Network interface status:" + echo "" + echo "Network interface status:" - case "$daily_status_network_usedns" in - [Yy][Ee][Ss]) - netstat -i;; - *) - netstat -in;; - esac - fi;; + case "$daily_status_network_usedns" in + [Yy][Ee][Ss]) + netstat -i && rc=0 || rc=3;; + *) + netstat -in && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho index 728f4b2..4476136 100755 --- a/etc/periodic/daily/430.status-rwho +++ b/etc/periodic/daily/430.status-rwho @@ -14,14 +14,25 @@ fi case "$daily_status_rwho_enable" in [Yy][Ee][Ss]) rwho=$(echo /var/rwho/*) - if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ] + if [ -f "${rwho%% *}" ] then echo "" echo "Local network system status:" - ruptime + prog=ruptime else echo "" echo "Local system status:" - uptime + prog=uptime + fi + rc=$($prog | tee /dev/stderr | wc -l) + if [ $? -eq 0 ] + then + [ $rc -gt 1 ] && rc=1 + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index fd2a443..17bc710 100755 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -13,21 +13,35 @@ fi case "$daily_status_mailq_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ] + if [ ! -x /usr/bin/mailq ] then + echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + "isn't executable" + rc=2 + elif [ ! -d /var/spool/mqueue ] + then + echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \ + "doesn't exist" + rc=2 + else echo "" echo "Mail in local queue:" - case "$daily_status_mailq_shorten" in + rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) - mailq | + rc=$(mailq | perl -ne 'print if /^\s+\S+@/' | sort | uniq -c | sort -nr | - awk '$1 > 1 {print $1, $2}';; + awk '$1 > 1 {print $1, $2}');; *) mailq;; - esac + esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l) + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security index 8ca962d..61fcf8b 100755 --- a/etc/periodic/daily/450.status-security +++ b/etc/periodic/daily/450.status-security @@ -13,30 +13,33 @@ fi case "$daily_status_security_enable" in [Yy][Ee][Ss]) - if [ -f /etc/security -a -x /usr/sbin/sendmail ] - then - echo "" - echo "Security check:" - - case "$daily_status_security_noamd" in - [Yy][Ee][Ss]) - args=-a;; - *) - args=;; - esac - - case "$daily_status_security_nomfs" in - [Yy][Ee][Ss]) - args="$args -m";; - esac - - case "$daily_status_security_inline" in - [Yy][Ee][Ss]) - sh /etc/security -s $args;; - - *) + echo "" + echo "Security check:" + + case "$daily_status_security_noamd" in + [Yy][Ee][Ss]) + args=-a;; + *) + args=;; + esac + + case "$daily_status_security_nomfs" in + [Yy][Ee][Ss]) + args="$args -m";; + esac + + case "$daily_status_security_inline" in + [Yy][Ee][Ss]) + sh /etc/security -s $args + rc=$?;; + + *) echo " (output mailed separately)" - sh /etc/security $args 2>&1 | sendmail root;; - esac - fi;; + sh /etc/security $args 2>&1 | + sendmail root && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index 7d6ef1a..22eae94 100755 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -13,15 +13,28 @@ fi case "$daily_status_mail_rejects_enable" in [Yy][Ee][Ss]) - if [ -d /etc/mail -a -f /var/log/maillog -a \ - "$daily_status_mail_rejects_logs" -gt 0 ] + if [ ! -d /etc/mail ] then + echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + "doesn't exist" + rc=2 + elif [ ! -f /var/log/maillog ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + "/var/log/maillog doesn't exist" + rc=2 + elif [ "$daily_status_mail_rejects_logs" -le 0 ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + '$daily_status_mail_rejects_logs is not greater than zero' + rc=2 + else echo echo Checking for rejected mail hosts: start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` n=$(($daily_status_mail_rejects_logs - 2)) - { + rc=$({ while [ $n -ge 0 ] do if [ -f /var/log/maillog.$n ] @@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in } | perl -ne "print \"\$2\n\" if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | - sort | uniq -c | sort -nr + sort | uniq -c | sort -nr | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local index 307ff19..099f293 100755 --- a/etc/periodic/daily/999.local +++ b/etc/periodic/daily/999.local @@ -14,6 +14,7 @@ then source_periodic_confs fi +rc=0 for script in $daily_local do case "$script" in @@ -23,7 +24,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting index 5444ea8..f808bbf 100755 --- a/etc/periodic/monthly/200.accounting +++ b/etc/periodic/monthly/200.accounting @@ -14,14 +14,20 @@ fi case "$monthly_accounting_enable" in [Yy][Ee][Ss]) W=/var/log/wtmp - if [ -f $W.0 ] + if [ ! -f $W.0 ] then - if [ -x /usr/sbin/ac ] - then - echo "" - echo "Doing login accounting:" + echo '$monthly_accounting_enable is set but' \ + "$W.0 doesn't exist" + rc=2 + else + echo "" + echo "Doing login accounting:" - ac -p -w $W.0 | sort -nr +1 - fi + rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local index b5d8aed..a70a14f 100755 --- a/etc/periodic/monthly/999.local +++ b/etc/periodic/monthly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $monthly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/weekly/120.clean-kvmdb b/etc/periodic/weekly/120.clean-kvmdb index dbc8f4e..603e70b 100755 --- a/etc/periodic/weekly/120.clean-kvmdb +++ b/etc/periodic/weekly/120.clean-kvmdb @@ -12,8 +12,17 @@ fi case "$weekly_clean_kvmdb_enable" in [Yy][Ee][Ss]) - if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ] + if [ ! -d /var/db ] then + echo '$weekly_clean_kvmdb_enable is set but /var/db' \ + "doesn't exist" + rc=2 + elif [ -z "$weekly_clean_kvmdb_days" ] + then + echo '$weekly_clean_kvmdb_enable is set but' \ + '$weekly_clean_kvmdb_days is not' + rc=2 + else echo "" echo "Cleaning up kernel database files:" @@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in print=;; esac - find /var/db -name "kvm_*.db" ! -name $kernel \ - -atime +$weekly_clean_kvmdb_days -delete $print + rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \ + -atime +$weekly_clean_kvmdb_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/300.uucp b/etc/periodic/weekly/300.uucp index 3370158..1d146bc 100755 --- a/etc/periodic/weekly/300.uucp +++ b/etc/periodic/weekly/300.uucp @@ -15,11 +15,24 @@ fi case "$weekly_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ] + if [ ! -d /var/spool/uucp ] then + echo '$weekly_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/libexec/uucp/clean.weekly ] + then + echo '$weekly_uucp_enable is set but' \ + "/usr/libexec/uucp/clean.weekly isn't executable" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /usr/libexec/uucp/clean.weekly | su daemon + echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate index 53d3d80..e6921ab 100755 --- a/etc/periodic/weekly/310.locate +++ b/etc/periodic/weekly/310.locate @@ -13,19 +13,20 @@ fi case "$weekly_locate_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/locate.updatedb -a -f $locdb ] - then - echo "" - echo "Rebuilding locate database:" + echo "" + echo "Rebuilding locate database:" - locdb=/var/db/locate.database + locdb=/var/db/locate.database - touch $locdb - chown nobody $locdb - chmod 644 $locdb + touch $locdb && rc=0 || rc=3 + chown nobody $locdb || rc=3 + chmod 644 $locdb || rc=3 - cd / - echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody - chmod 444 $locdb - fi;; + cd / + echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3 + chmod 444 $locdb || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis index 123be96..6af7747 100755 --- a/etc/periodic/weekly/320.whatis +++ b/etc/periodic/weekly/320.whatis @@ -13,34 +13,39 @@ fi case "$weekly_whatis_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ] - then - echo "" - echo "Rebuilding whatis database:" + echo "" + echo "Rebuilding whatis database:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ] + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] then - if [ "x${MANPATH}" = "x" ] - then - echo "manpath failed to find any manpage directories" - else - man_locales=`/usr/bin/manpath -qL` + echo "manpath failed to find any manpage directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 - # Build whatis(1) database(s) for original, non-localized - # manpages. - /usr/libexec/makewhatis.local "${MANPATH}" + # Build whatis(1) database(s) for original, non-localized + # manpages. + /usr/libexec/makewhatis.local "${MANPATH}" || rc=3 - # Build whatis(1) database(s) for localized manpages. - if [ X"${man_locales}" != X ] - then - for i in ${man_locales} - do - LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ - -L "${MANPATH}" - done - fi + # Build whatis(1) database(s) for localized manpages. + if [ X"${man_locales}" != X ] + then + for i in ${man_locales} + do + LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ + -L "${MANPATH}" || rc=3 + done fi fi + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman index e446dd2..999913f 100755 --- a/etc/periodic/weekly/330.catman +++ b/etc/periodic/weekly/330.catman @@ -13,34 +13,46 @@ fi case "$weekly_catman_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \ - -x /usr/bin/manpath ] + if [ ! -d /usr/share/man/cat1 ] then + echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + "doesn't exist" + rc=2 + else echo "" echo "Reformatting manual pages:" MANPATH=`/usr/bin/manpath -q` if [ $? = 0 ] then - if [ "x${MANPATH}" = "x" ] + if [ -z "${MANPATH}" ] then echo "manpath failed to find any manpath directories" + rc=3 else man_locales=`/usr/bin/manpath -qL` + rc=0 # Preformat original, non-localized manpages - echo /usr/libexec/catman.local "$MANPATH" | su -fm man + echo /usr/libexec/catman.local "$MANPATH" | + su -fm man || rc=3 # Preformat localized manpages. - if [ X"$man_locales" != X ] + if [ -n "$man_locales" ] then for i in $man_locales do LC_CTYPE=$i echo /usr/libexec/catman.local -L \ - "$MANPATH" | su -fm man + "$MANPATH" | su -fm man || rc=3 done fi fi + else + rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid index 7ad71ea..7b56f01 100644 --- a/etc/periodic/weekly/340.noid +++ b/etc/periodic/weekly/340.noid @@ -16,6 +16,12 @@ case "$weekly_noid_enable" in echo "" echo "Check for files with an unknown user or group:" - find -H ${weekly_noid_dirs:-/} -fstype local \ - \( -nogroup -o -nouser \) -print | sed 's/^/ /';; + rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \ + \( -nogroup -o -nouser \) -print | sed 's/^/ /' | + tee /dev/stderr | wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg index aac228b..050b47b 100755 --- a/etc/periodic/weekly/400.status-pkg +++ b/etc/periodic/weekly/400.status-pkg @@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in echo "" echo "Check for out of date packages:" - pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';; + rc=$(pkg_version -v | + sed -n 's/^\([^ ]*\) *< */ \1 /p' | + tee /dev/stderr | + wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local index efab6f4..f8b74d2 100755 --- a/etc/periodic/weekly/999.local +++ b/etc/periodic/weekly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $weekly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/security b/etc/security index 78a885c..0e32b3f 100644 --- a/etc/security +++ b/etc/security @@ -5,12 +5,21 @@ # PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL +rc=0 +LOG=/var/log +TMP=/var/run/_secure.$$ separator () { echo '' echo '' } +catmsgs() { + [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz + [ -f $LOG/messages.0 ] && cat $LOG/messages.0 + [ -f $LOG/messages ] && cat $LOG/messages +} + sflag=FALSE ignore= while getopts ams c do @@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "` host=`hostname` [ $sflag = FALSE ] && echo "Subject: ${host} security check output" -LOG=/var/log -TMP=/var/run/_secure.$$ - umask 027 echo "checking setuid files and devices:" @@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP} if [ ! -f ${LOG}/setuid.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/setuid.today" - cp ${TMP} ${LOG}/setuid.today + cp ${TMP} ${LOG}/setuid.today || rc=3 fi if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} setuid diffs:" diff -w ${LOG}/setuid.today ${TMP} - mv ${LOG}/setuid.today ${LOG}/setuid.yesterday - mv ${TMP} ${LOG}/setuid.today + mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 + mv ${TMP} ${LOG}/setuid.today || rc=3 fi # Show changes in the way filesystems are mounted @@ -66,42 +74,52 @@ fi [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat if mount -p | $cmd > $TMP; then if [ ! -f $LOG/mount.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no $LOG/mount.today" - cp $TMP $LOG/mount.today + cp $TMP $LOG/mount.today || rc=3 fi if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "$host changes in mounted filesystems:" diff -b $LOG/mount.today $TMP - mv $LOG/mount.today $LOG/mount.yesterday - mv $TMP $LOG/mount.today + mv $LOG/mount.today $LOG/mount.yesterday || rc=3 + mv $TMP $LOG/mount.today || rc=3 fi fi separator echo "checking for uids of 0:" -awk -F: '$3==0 {print $1,$3}' /etc/master.passwd +n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd | + tee /dev/stderr | + sed -e '/^root 0$/d' -e '/^toor 0$/d' | + wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 separator echo "checking for passwordless accounts:" -awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd +n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | + tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show denied packets # if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ipfw.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/ipfw.today" - cp ${TMP} ${LOG}/ipfw.today + cp ${TMP} ${LOG}/ipfw.today || rc=3 fi if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} denied packets:" diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday - mv ${TMP} ${LOG}/ipfw.today + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3 + mv ${TMP} ${LOG}/ipfw.today || rc=3 fi fi @@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s "${TMP}" ]; then + [ $rc -lt 1 ] && rc=1 separator echo "ipfw log limit reached:" cat ${TMP} @@ -122,17 +141,19 @@ fi # if dmesg 2>/dev/null > ${TMP}; then if [ ! -f ${LOG}/dmesg.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/dmesg.today" - cp ${TMP} ${LOG}/dmesg.today + cp ${TMP} ${LOG}/dmesg.today || rc=3 fi if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} kernel log messages:" diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday - mv ${TMP} ${LOG}/dmesg.today + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3 + mv ${TMP} ${LOG}/dmesg.today || rc=3 fi fi @@ -140,12 +161,16 @@ fi # separator echo "${host} login failures:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure" +n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect" +n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} + +exit $rc |
