diff options
39 files changed, 824 insertions, 250 deletions
diff --git a/etc/crontab b/etc/crontab index d27c48a..49076d0 100644 --- a/etc/crontab +++ b/etc/crontab @@ -14,9 +14,9 @@ HOME=/var/log 0 * * * * root newsyslog # # do daily/weekly/monthly maintenance -59 1 * * * root periodic daily 2>&1 | sendmail root -30 3 * * 6 root periodic weekly 2>&1 | sendmail root -30 5 1 * * root periodic monthly 2>&1 | sendmail root +59 1 * * * root periodic daily +30 3 * * 6 root periodic weekly +30 5 1 * * root periodic monthly # # time zone change adjustment for wall cmos clock, # does nothing, if you have UTC cmos clock. diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 2ad0e50..c50d28a 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # Daily options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + # 100.clean-disks daily_clean_disks_enable="NO" # Delete files daily daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" @@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group daily_backup_aliases_enable="YES" # Backup mail aliases # 220.backup-distfile -daily_backup_distfile_enable="YES" # Backup distfile +daily_backup_distfile_enable="YES" # rdist /etc/Distfile # 300.calendar daily_calendar_enable="NO" # Run calendar -a @@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts # Weekly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + # 120.clean-kvmdb weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly weekly_clean_kvmdb_days=7 # If not accessed for @@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts # Monthly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + # 200.accounting monthly_accounting_enable="YES" # Login accounting diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 131d626..47ff2e1 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -14,3 +14,6 @@ /var/log/ppp.log 600 3 100 * Z /var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B +/var/log/daily.log 640 7 * @T00 Z +/var/log/weekly.log 640 5 1 $W6D0 Z +/var/log/monthly.log 640 12 * $M1D0 Z diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks index 6f95a69..e225237 100755 --- a/etc/periodic/daily/100.clean-disks +++ b/etc/periodic/daily/100.clean-disks @@ -15,8 +15,18 @@ fi case "$daily_clean_disks_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ] + if [ -z "$daily_clean_disks_days" ] then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_days is not' + rc=2 + elif [ -z "$daily_clean_disks_files" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_files is not' + are misconfigured + rc=2 + else echo "" echo "Removing old temporary files:" set -f noglob @@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in print=;; esac - find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ - \( $args \) -atime +$daily_clean_disks_days -delete $print + rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ + \( $args \) -atime +$daily_clean_disks_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps index 0ae223b..b6a4795 100755 --- a/etc/periodic/daily/110.clean-tmps +++ b/etc/periodic/daily/110.clean-tmps @@ -16,8 +16,12 @@ fi case "$daily_clean_tmps_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_tmps_days" ] + if [ -z "$daily_clean_tmps_days" ] then + echo '$daily_clean_tmps_enable is set but' \ + '$daily_clean_tmps_days is not' + rc=2 + else echo "" echo "Removing old temporary files:" @@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in print=;; esac - for dir in $daily_clean_tmps_dirs - do - [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { - find -d . -type f $args -delete $print - find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \ - -delete $print - } | sed "s,^\\., $dir," - done + rc=$(for dir in $daily_clean_tmps_dirs + do + [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { + find -d . -type f $args -delete $print + find -d . ! -name . -type d -mtime \ + +$daily_clean_tmps_days -delete $print + } | sed "s,^\\., $dir," + done | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve index 2230a03..d5b34a1 100755 --- a/etc/periodic/daily/120.clean-preserve +++ b/etc/periodic/daily/120.clean-preserve @@ -15,20 +15,39 @@ fi case "$daily_clean_preserve_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ] + if [ -z "$daily_clean_preserve_days" ] then + echo '$daily_clean_preserve_enable is set but' \ + '$daily_clean_preserve_days is not' + rc=2 + elif [ ! -d /var/preserve ] + then + echo '$daily_clean_preserve_enable is set but /var/preserve' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/preserve:" - case "$daily_clean_preserve_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac + if cd /var/preserve + then + case "$daily_clean_preserve_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac - cd /var/preserve && - find . ! -name . -mtime +$daily_clean_preserve_days \ - -delete $print + rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs index c12cba9..b7890db 100755 --- a/etc/periodic/daily/130.clean-msgs +++ b/etc/periodic/daily/130.clean-msgs @@ -15,13 +15,21 @@ fi case "$daily_clean_msgs_enable" in [Yy][Ee][Ss]) - if [ -d /var/msgs ] + if [ ! -d /var/msgs ] then + echo '$daily_clean_msgs_enable is set but /var/msgs' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning out old system announcements:" [ -n "$daily_clean_msgs_days" ] && arg=-${daily_clean_msgs_days#-} || arg= - msgs -c $arg + msgs -c $arg && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho index 9504f81..9645d7e 100755 --- a/etc/periodic/daily/140.clean-rwho +++ b/etc/periodic/daily/140.clean-rwho @@ -15,8 +15,17 @@ fi case "$daily_clean_rwho_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ] + if [ -z "$daily_clean_rwho_days" ] then + echo '$daily_clean_rwho_enable is enabled but' \ + '$daily_clean_rwho_days is not set' + rc=2 + elif [ ! -d /var/rwho ] + then + echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/rwho:" @@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in print=;; esac - cd /var/rwho && - find . ! -name . -mtime +$daily_clean_rwho_days -delete $print + if cd /var/rwho + then + rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat index 85c1e67..952d96a 100755 --- a/etc/periodic/daily/150.clean-hoststat +++ b/etc/periodic/daily/150.clean-hoststat @@ -15,8 +15,17 @@ fi case "$daily_clean_hoststat_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ] + if [ -z "$daily_clean_hoststat_days" ] then + echo '$daily_clean_hoststat_enable is enabled but' \ + '$daily_clean_hoststat_days is not set' + rc=2 + elif [ ! -d /var/spool/.hoststat ] + then + echo '$daily_clean_hoststat_enable is enabled but' \ + "/var/spool/.hoststat doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/spool/.hoststat:" @@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in print=;; esac - cd /var/hoststat && - find . ! -name . -mtime +$daily_clean_hoststat_days \ - -delete $print + if cd /var/hoststat + then + rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd index b8858e7..865a197 100755 --- a/etc/periodic/daily/200.backup-passwd +++ b/etc/periodic/daily/200.backup-passwd @@ -13,47 +13,65 @@ fi case "$daily_backup_passwd_enable" in [Yy][Ee][Ss]) - if [ -f /etc/master.passwd -o -f /etc/group ] + if [ ! -f /etc/master.passwd ] then + echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/group ] + then + echo '$daily_backup_passwd_enable" is set but /etc/group' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backup passwd and group files:" if [ ! -f $bak/master.passwd.bak ] then + rc=1 echo "no $bak/master.passwd.bak" - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if ! cmp -s $bak/master.passwd.bak /etc/master.passwd then + [ $rc -lt 1 ] && rc=1 echo "$host passwd diffs:" diff $bak/master.passwd.bak /etc/master.passwd |\ sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' mv $bak/master.passwd.bak $bak/master.passwd.bak2 - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if [ ! -f $bak/group.bak ] then + [ $rc -lt 1 ] && rc=1 echo "no $bak/group.bak" - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if ! cmp -s $bak/group.bak /etc/group then + [ $rc -lt 1 ] && rc=1 echo "$host group diffs:" diff $bak/group.bak /etc/group mv $bak/group.bak $bak/group.bak2 - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if [ -f /etc/group ] then echo "" echo "Verifying group file syntax:" - chkgrp /etc/group + chkgrp /etc/group || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases index 0b5206e..fe17038 100755 --- a/etc/periodic/daily/210.backup-aliases +++ b/etc/periodic/daily/210.backup-aliases @@ -13,9 +13,14 @@ fi case "$daily_backup_aliases_enable" in [Yy][Ee][Ss]) - if [ -f /etc/mail/aliases ] + if [ ! -f /etc/mail/aliases ] then + echo '$daily_backup_aliases_enable is enabled but' \ + "/etc/mail/aliases doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up mail aliases:" @@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in if [ ! -f $bak/aliases.bak ] then echo "no $bak/aliases.bak" - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi if ! cmp -s $bak/aliases.bak /etc/mail/aliases then + [ $rc -lt 1 ] && rc=1 echo "$host aliases diffs:" diff -u $bak/aliases.bak /etc/mail/aliases mv $bak/aliases.bak $bak/aliases.bak2 - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/220.backup-distfile b/etc/periodic/daily/220.backup-distfile index 37efaea..93d7660 100755 --- a/etc/periodic/daily/220.backup-distfile +++ b/etc/periodic/daily/220.backup-distfile @@ -13,17 +13,27 @@ fi case "$daily_backup_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_backup_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up /etc/Distfile:" if ! cmp -s $bak/Distfile.bak /etc/Distfile then + rc=1 mv $bak/Distfile.bak $bak/Distfile.bak2 - cp /etc/Distfile $bak/Distfile.bak + cp /etc/Distfile $bak/Distfile.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar index a921bcf..cc12097 100755 --- a/etc/periodic/daily/300.calendar +++ b/etc/periodic/daily/300.calendar @@ -18,11 +18,12 @@ fi case "$daily_calendar_enable" in [Yy][Ee][Ss]) - if [ -f /usr/bin/calendar ] - then - echo "" - echo "Running calendar:" + echo "" + echo "Running calendar:" - calendar -a - fi;; + calendar -a && rc=0 || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting index 2baf232..c510a94 100755 --- a/etc/periodic/daily/310.accounting +++ b/etc/periodic/daily/310.accounting @@ -13,26 +13,35 @@ fi case "$daily_accounting_enable" in [Yy][Ee][Ss]) - if [ -f /var/account/acct ] + if [ ! -f /var/account/acct ] then + echo '$daily_accounting_enable is set but /var/account/acct' \ + "doesn't exist" + rc=2 + else echo "" echo "Rotating accounting logs and gathering statistics:" cd /var/account + rc=0 - rm -f acct.3.gz acct.3 - [ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz - [ -f acct.2 ] && mv -f acct.2 acct.3 - [ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz - [ -f acct.1 ] && mv -f acct.1 acct.2 - [ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz - [ -f acct.0 ] && mv -f acct.0 acct.1 - cp -pf acct acct.0 - sa -s >/dev/null + rm -f acct.3.gz acct.3 || rc=3 + [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; } + [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; } + [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; } + [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; } + [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; } + [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; } + cp -pf acct acct.0 || rc=3 + sa -s >/dev/null || rc=3 case "$daily_accounting_compress" in [Yy][Ee][Ss]) - gzip -f acct.0;; + gzip -f acct.0 || rc=3;; esac fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/320.rdist b/etc/periodic/daily/320.rdist index 0095ae6..11ec190 100755 --- a/etc/periodic/daily/320.rdist +++ b/etc/periodic/daily/320.rdist @@ -13,11 +13,19 @@ fi case "$daily_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else echo "" echo "Running rdist with /etc/Distfile:" - rdist -f /etc/Distfile + rdist -f /etc/Distfile && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news index dc3a3bf..ec06437 100755 --- a/etc/periodic/daily/330.news +++ b/etc/periodic/daily/330.news @@ -16,11 +16,19 @@ fi case "$daily_news_expire_enable" in [Yy][Ee][Ss]) - if [ -f /etc/news.expire ] + if [ ! -f /etc/news.expire ] then + echo '$daily_news_expire_enable is set but /etc/news.expire' \ + "doesn't exist" + rc=2 + else echo "" echo "Running news.expire:" - /etc/news.expire + /etc/news.expire && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/340.uucp b/etc/periodic/daily/340.uucp index 178fa63..120c874 100755 --- a/etc/periodic/daily/340.uucp +++ b/etc/periodic/daily/340.uucp @@ -16,11 +16,24 @@ fi case "$daily_uuclean_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_uuclean_enable is set, but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/uuclean.daily ] + then + echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /etc/uuclean.daily | su -m uucp + echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks index f6147b1..6d6ebac 100755 --- a/etc/periodic/daily/400.status-disks +++ b/etc/periodic/daily/400.status-disks @@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in echo "" echo "Disk status:" - df $daily_status_disks_df_flags + df $daily_status_disks_df_flags && rc=0 || rc=3 # display which filesystems need backing up echo "" - dump W;; + dump W || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/410.status-uucp b/etc/periodic/daily/410.status-uucp index 5336477..96b52ec 100755 --- a/etc/periodic/daily/410.status-uucp +++ b/etc/periodic/daily/410.status-uucp @@ -13,11 +13,24 @@ fi case "$daily_status_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -x /usr/bin/uustat ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_status_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/bin/uustat ] + then + echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \ + "isn't executable" + rc=2 + else echo "" echo "UUCP status:" - uustat -a + uustat -a && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network index 6805361..8399cf7 100755 --- a/etc/periodic/daily/420.status-network +++ b/etc/periodic/daily/420.status-network @@ -13,16 +13,17 @@ fi case "$daily_status_network_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/netstat ] - then - echo "" - echo "Network interface status:" + echo "" + echo "Network interface status:" - case "$daily_status_network_usedns" in - [Yy][Ee][Ss]) - netstat -i;; - *) - netstat -in;; - esac - fi;; + case "$daily_status_network_usedns" in + [Yy][Ee][Ss]) + netstat -i && rc=0 || rc=3;; + *) + netstat -in && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho index 728f4b2..4476136 100755 --- a/etc/periodic/daily/430.status-rwho +++ b/etc/periodic/daily/430.status-rwho @@ -14,14 +14,25 @@ fi case "$daily_status_rwho_enable" in [Yy][Ee][Ss]) rwho=$(echo /var/rwho/*) - if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ] + if [ -f "${rwho%% *}" ] then echo "" echo "Local network system status:" - ruptime + prog=ruptime else echo "" echo "Local system status:" - uptime + prog=uptime + fi + rc=$($prog | tee /dev/stderr | wc -l) + if [ $? -eq 0 ] + then + [ $rc -gt 1 ] && rc=1 + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index fd2a443..17bc710 100755 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -13,21 +13,35 @@ fi case "$daily_status_mailq_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ] + if [ ! -x /usr/bin/mailq ] then + echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + "isn't executable" + rc=2 + elif [ ! -d /var/spool/mqueue ] + then + echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \ + "doesn't exist" + rc=2 + else echo "" echo "Mail in local queue:" - case "$daily_status_mailq_shorten" in + rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) - mailq | + rc=$(mailq | perl -ne 'print if /^\s+\S+@/' | sort | uniq -c | sort -nr | - awk '$1 > 1 {print $1, $2}';; + awk '$1 > 1 {print $1, $2}');; *) mailq;; - esac + esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l) + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security index 8ca962d..61fcf8b 100755 --- a/etc/periodic/daily/450.status-security +++ b/etc/periodic/daily/450.status-security @@ -13,30 +13,33 @@ fi case "$daily_status_security_enable" in [Yy][Ee][Ss]) - if [ -f /etc/security -a -x /usr/sbin/sendmail ] - then - echo "" - echo "Security check:" - - case "$daily_status_security_noamd" in - [Yy][Ee][Ss]) - args=-a;; - *) - args=;; - esac - - case "$daily_status_security_nomfs" in - [Yy][Ee][Ss]) - args="$args -m";; - esac - - case "$daily_status_security_inline" in - [Yy][Ee][Ss]) - sh /etc/security -s $args;; - - *) + echo "" + echo "Security check:" + + case "$daily_status_security_noamd" in + [Yy][Ee][Ss]) + args=-a;; + *) + args=;; + esac + + case "$daily_status_security_nomfs" in + [Yy][Ee][Ss]) + args="$args -m";; + esac + + case "$daily_status_security_inline" in + [Yy][Ee][Ss]) + sh /etc/security -s $args + rc=$?;; + + *) echo " (output mailed separately)" - sh /etc/security $args 2>&1 | sendmail root;; - esac - fi;; + sh /etc/security $args 2>&1 | + sendmail root && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index 7d6ef1a..22eae94 100755 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -13,15 +13,28 @@ fi case "$daily_status_mail_rejects_enable" in [Yy][Ee][Ss]) - if [ -d /etc/mail -a -f /var/log/maillog -a \ - "$daily_status_mail_rejects_logs" -gt 0 ] + if [ ! -d /etc/mail ] then + echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + "doesn't exist" + rc=2 + elif [ ! -f /var/log/maillog ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + "/var/log/maillog doesn't exist" + rc=2 + elif [ "$daily_status_mail_rejects_logs" -le 0 ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + '$daily_status_mail_rejects_logs is not greater than zero' + rc=2 + else echo echo Checking for rejected mail hosts: start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` n=$(($daily_status_mail_rejects_logs - 2)) - { + rc=$({ while [ $n -ge 0 ] do if [ -f /var/log/maillog.$n ] @@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in } | perl -ne "print \"\$2\n\" if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | - sort | uniq -c | sort -nr + sort | uniq -c | sort -nr | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local index 307ff19..099f293 100755 --- a/etc/periodic/daily/999.local +++ b/etc/periodic/daily/999.local @@ -14,6 +14,7 @@ then source_periodic_confs fi +rc=0 for script in $daily_local do case "$script" in @@ -23,7 +24,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting index 5444ea8..f808bbf 100755 --- a/etc/periodic/monthly/200.accounting +++ b/etc/periodic/monthly/200.accounting @@ -14,14 +14,20 @@ fi case "$monthly_accounting_enable" in [Yy][Ee][Ss]) W=/var/log/wtmp - if [ -f $W.0 ] + if [ ! -f $W.0 ] then - if [ -x /usr/sbin/ac ] - then - echo "" - echo "Doing login accounting:" + echo '$monthly_accounting_enable is set but' \ + "$W.0 doesn't exist" + rc=2 + else + echo "" + echo "Doing login accounting:" - ac -p -w $W.0 | sort -nr +1 - fi + rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local index b5d8aed..a70a14f 100755 --- a/etc/periodic/monthly/999.local +++ b/etc/periodic/monthly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $monthly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/weekly/120.clean-kvmdb b/etc/periodic/weekly/120.clean-kvmdb index dbc8f4e..603e70b 100755 --- a/etc/periodic/weekly/120.clean-kvmdb +++ b/etc/periodic/weekly/120.clean-kvmdb @@ -12,8 +12,17 @@ fi case "$weekly_clean_kvmdb_enable" in [Yy][Ee][Ss]) - if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ] + if [ ! -d /var/db ] then + echo '$weekly_clean_kvmdb_enable is set but /var/db' \ + "doesn't exist" + rc=2 + elif [ -z "$weekly_clean_kvmdb_days" ] + then + echo '$weekly_clean_kvmdb_enable is set but' \ + '$weekly_clean_kvmdb_days is not' + rc=2 + else echo "" echo "Cleaning up kernel database files:" @@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in print=;; esac - find /var/db -name "kvm_*.db" ! -name $kernel \ - -atime +$weekly_clean_kvmdb_days -delete $print + rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \ + -atime +$weekly_clean_kvmdb_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/300.uucp b/etc/periodic/weekly/300.uucp index 3370158..1d146bc 100755 --- a/etc/periodic/weekly/300.uucp +++ b/etc/periodic/weekly/300.uucp @@ -15,11 +15,24 @@ fi case "$weekly_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ] + if [ ! -d /var/spool/uucp ] then + echo '$weekly_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/libexec/uucp/clean.weekly ] + then + echo '$weekly_uucp_enable is set but' \ + "/usr/libexec/uucp/clean.weekly isn't executable" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /usr/libexec/uucp/clean.weekly | su daemon + echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate index 53d3d80..e6921ab 100755 --- a/etc/periodic/weekly/310.locate +++ b/etc/periodic/weekly/310.locate @@ -13,19 +13,20 @@ fi case "$weekly_locate_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/locate.updatedb -a -f $locdb ] - then - echo "" - echo "Rebuilding locate database:" + echo "" + echo "Rebuilding locate database:" - locdb=/var/db/locate.database + locdb=/var/db/locate.database - touch $locdb - chown nobody $locdb - chmod 644 $locdb + touch $locdb && rc=0 || rc=3 + chown nobody $locdb || rc=3 + chmod 644 $locdb || rc=3 - cd / - echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody - chmod 444 $locdb - fi;; + cd / + echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3 + chmod 444 $locdb || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis index 123be96..6af7747 100755 --- a/etc/periodic/weekly/320.whatis +++ b/etc/periodic/weekly/320.whatis @@ -13,34 +13,39 @@ fi case "$weekly_whatis_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ] - then - echo "" - echo "Rebuilding whatis database:" + echo "" + echo "Rebuilding whatis database:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ] + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] then - if [ "x${MANPATH}" = "x" ] - then - echo "manpath failed to find any manpage directories" - else - man_locales=`/usr/bin/manpath -qL` + echo "manpath failed to find any manpage directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 - # Build whatis(1) database(s) for original, non-localized - # manpages. - /usr/libexec/makewhatis.local "${MANPATH}" + # Build whatis(1) database(s) for original, non-localized + # manpages. + /usr/libexec/makewhatis.local "${MANPATH}" || rc=3 - # Build whatis(1) database(s) for localized manpages. - if [ X"${man_locales}" != X ] - then - for i in ${man_locales} - do - LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ - -L "${MANPATH}" - done - fi + # Build whatis(1) database(s) for localized manpages. + if [ X"${man_locales}" != X ] + then + for i in ${man_locales} + do + LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ + -L "${MANPATH}" || rc=3 + done fi fi + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman index e446dd2..999913f 100755 --- a/etc/periodic/weekly/330.catman +++ b/etc/periodic/weekly/330.catman @@ -13,34 +13,46 @@ fi case "$weekly_catman_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \ - -x /usr/bin/manpath ] + if [ ! -d /usr/share/man/cat1 ] then + echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + "doesn't exist" + rc=2 + else echo "" echo "Reformatting manual pages:" MANPATH=`/usr/bin/manpath -q` if [ $? = 0 ] then - if [ "x${MANPATH}" = "x" ] + if [ -z "${MANPATH}" ] then echo "manpath failed to find any manpath directories" + rc=3 else man_locales=`/usr/bin/manpath -qL` + rc=0 # Preformat original, non-localized manpages - echo /usr/libexec/catman.local "$MANPATH" | su -fm man + echo /usr/libexec/catman.local "$MANPATH" | + su -fm man || rc=3 # Preformat localized manpages. - if [ X"$man_locales" != X ] + if [ -n "$man_locales" ] then for i in $man_locales do LC_CTYPE=$i echo /usr/libexec/catman.local -L \ - "$MANPATH" | su -fm man + "$MANPATH" | su -fm man || rc=3 done fi fi + else + rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid index 7ad71ea..7b56f01 100644 --- a/etc/periodic/weekly/340.noid +++ b/etc/periodic/weekly/340.noid @@ -16,6 +16,12 @@ case "$weekly_noid_enable" in echo "" echo "Check for files with an unknown user or group:" - find -H ${weekly_noid_dirs:-/} -fstype local \ - \( -nogroup -o -nouser \) -print | sed 's/^/ /';; + rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \ + \( -nogroup -o -nouser \) -print | sed 's/^/ /' | + tee /dev/stderr | wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg index aac228b..050b47b 100755 --- a/etc/periodic/weekly/400.status-pkg +++ b/etc/periodic/weekly/400.status-pkg @@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in echo "" echo "Check for out of date packages:" - pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';; + rc=$(pkg_version -v | + sed -n 's/^\([^ ]*\) *< */ \1 /p' | + tee /dev/stderr | + wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local index efab6f4..f8b74d2 100755 --- a/etc/periodic/weekly/999.local +++ b/etc/periodic/weekly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $weekly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/security b/etc/security index 78a885c..0e32b3f 100644 --- a/etc/security +++ b/etc/security @@ -5,12 +5,21 @@ # PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL +rc=0 +LOG=/var/log +TMP=/var/run/_secure.$$ separator () { echo '' echo '' } +catmsgs() { + [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz + [ -f $LOG/messages.0 ] && cat $LOG/messages.0 + [ -f $LOG/messages ] && cat $LOG/messages +} + sflag=FALSE ignore= while getopts ams c do @@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "` host=`hostname` [ $sflag = FALSE ] && echo "Subject: ${host} security check output" -LOG=/var/log -TMP=/var/run/_secure.$$ - umask 027 echo "checking setuid files and devices:" @@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP} if [ ! -f ${LOG}/setuid.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/setuid.today" - cp ${TMP} ${LOG}/setuid.today + cp ${TMP} ${LOG}/setuid.today || rc=3 fi if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} setuid diffs:" diff -w ${LOG}/setuid.today ${TMP} - mv ${LOG}/setuid.today ${LOG}/setuid.yesterday - mv ${TMP} ${LOG}/setuid.today + mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 + mv ${TMP} ${LOG}/setuid.today || rc=3 fi # Show changes in the way filesystems are mounted @@ -66,42 +74,52 @@ fi [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat if mount -p | $cmd > $TMP; then if [ ! -f $LOG/mount.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no $LOG/mount.today" - cp $TMP $LOG/mount.today + cp $TMP $LOG/mount.today || rc=3 fi if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "$host changes in mounted filesystems:" diff -b $LOG/mount.today $TMP - mv $LOG/mount.today $LOG/mount.yesterday - mv $TMP $LOG/mount.today + mv $LOG/mount.today $LOG/mount.yesterday || rc=3 + mv $TMP $LOG/mount.today || rc=3 fi fi separator echo "checking for uids of 0:" -awk -F: '$3==0 {print $1,$3}' /etc/master.passwd +n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd | + tee /dev/stderr | + sed -e '/^root 0$/d' -e '/^toor 0$/d' | + wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 separator echo "checking for passwordless accounts:" -awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd +n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | + tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show denied packets # if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ipfw.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/ipfw.today" - cp ${TMP} ${LOG}/ipfw.today + cp ${TMP} ${LOG}/ipfw.today || rc=3 fi if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} denied packets:" diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday - mv ${TMP} ${LOG}/ipfw.today + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3 + mv ${TMP} ${LOG}/ipfw.today || rc=3 fi fi @@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s "${TMP}" ]; then + [ $rc -lt 1 ] && rc=1 separator echo "ipfw log limit reached:" cat ${TMP} @@ -122,17 +141,19 @@ fi # if dmesg 2>/dev/null > ${TMP}; then if [ ! -f ${LOG}/dmesg.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/dmesg.today" - cp ${TMP} ${LOG}/dmesg.today + cp ${TMP} ${LOG}/dmesg.today || rc=3 fi if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} kernel log messages:" diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday - mv ${TMP} ${LOG}/dmesg.today + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3 + mv ${TMP} ${LOG}/dmesg.today || rc=3 fi fi @@ -140,12 +161,16 @@ fi # separator echo "${host} login failures:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure" +n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect" +n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} + +exit $rc diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5 index 3b3219d..5e085d7 100644 --- a/share/man/man5/periodic.conf.5 +++ b/share/man/man5/periodic.conf.5 @@ -48,13 +48,84 @@ file. is actually sourced as a shell script from each of the periodic scripts and is intended to simply provide default configuration variables. .Pp -The following list provides a name and short description for each -variable you can set in the -.Nm -file. +The following variables are used by +.Xr periodic 8 +itself: .Bl -tag -offset 4n -width 2n .It Ar local_periodic (str) List of directories to search for periodic scripts. +This list is always prefixed with +.Pa /etc/periodic , +and is only used when an argument to +.Xr periodic 8 +is not an absolute directory name. +.It Ar dir Ns No _output +(path or list) What to do with the output of the scripts envoked from +the directory +.Ar dir . +If this variable is set to an absolute path name, output is logged to +that file, otherwise it is taken as one or more space seperated email +addresses and mailed to those users. +If this variable is not set, it defaults to +.Dq root . +.Pp +For an unattended machine, suitable values for +.Ar $daily_output , +.Ar $weekly_output , +and +.Ar $monthly_output +might be +.Dq /var/log/daily.log , +.Dq /var/log/weekly.log , +and +.Dq /var/log/monthly.log +respectively, as +.Xr newsyslog 8 +will rotate these files (if they exists) at the appropriate times. +.It Ar dir Ns No _show_success +.It Ar dir Ns No _show_info +.It Ar dir Ns No _show_badconfig +(bool) These variables control whether +.Xr periodic 8 +will mask the output of the envoked scripts based on their return code +(where +.Ar dir +is the base directory name in which each script resides). +If the return code of a script is +.Sq 0 +and +.Ar dir Ns No _show_success is set to +.Dq NO , +.Xr periodic 8 +will mask the script's output. +If the return code of a script is +.Sq 1 +and +.Ar dir Ns No _show_info is set to +.Dq NO , +.Xr periodic 8 +will mask the script's output. +If the return code of a script is +.Sq 2 +and +.Ar dir Ns No _show_badconfig is set to +.Dq NO , +.Xr periodic 8 +will mask the script's output. +If these variables are set to neither +.Dq YES +nor +.Dq NO , +the default to +.Dq YES , +.Dq YES +and +.Dq NO +respectively. +.Pp +Refer to the +.Xr periodic 8 +man page for how script return codes are interpreted. .El .B Daily variables .Pp @@ -433,11 +504,12 @@ is shared or distributed. .Xr chkgrp 8 , .Xr dump 8 , .Xr mfs 8 . +.Xr newsyslog 8 . .Xr periodic 8 . .Sh HISTORY The .Nm file appeared in -.Fx 5.0 . +.Fx 4.1 . .Sh AUTHORS .An Brian Somers Aq brian@Awfulhak.org . diff --git a/usr.sbin/periodic/periodic.8 b/usr.sbin/periodic/periodic.8 index 4d3d3ea..4ab3dec 100644 --- a/usr.sbin/periodic/periodic.8 +++ b/usr.sbin/periodic/periodic.8 @@ -33,17 +33,14 @@ run periodic system functions .Sh SYNOPSIS .Nm periodic -.Ao -.Cm daily | weekly | monthly | -.Ar path Op path ... -.Ac +.Ar directory Ns No ... .Sh DESCRIPTION The .Nm program is intended to be called by cron(8) to execute shell scripts located in the specified directory. .Pp -One, and only one, of the following arguments should be specified: +One or more of the following arguments must be specified: .Bl -tag -width Fl .It Cm daily Perform the standard daily periodic executable run. @@ -55,14 +52,89 @@ This usually occurs on Sunday mornings. Perform the standard monthly periodic executable run. This usually occurs on the first day of the month. .It Ar path -An absolute path to a directory containing a set of executables to be run. +An arbitrary directory containing a set of executables to be run. .El .Pp +If an argument is an absolute directory name it is used as is, otherwise +it is searched for under +.Pa /etc/periodic +and any other directories specified by the +.Va local_periodic +setting in +.Xr periodic.conf 5 +(see below). +.Pp The .Nm program will run each executable file in the directory or directories -specified. If a file does not have the executable bit set, it will be -ignored silently. +specified. +If a file does not have the executable bit set, it is silently ignored. +.Pp +Each script is required to exit with one of the following values: +.Bl -tag -width XXXX +.It 0 +The script has produced nothing notable in it's output. +The +.Va <basedir>_show_success +variable controls the masking of this output. +.It 1 +The script has produced some notable information in it's output. +The +.Va <basedir>_show_info +variable controls the masking of this output. +.It 2 +The script has produced some warnings due to invalid configuration settings. +The +.Va <basedir>_show_badconfig +variable controls the masking of this output. +.It >2 +The script has produced output that must not be masked. +.El +.Pp +If the relevant variable (where +.Ar <basedir> +is the base directory in which the script resides) is set to +.Dq NO +in +.Pa periodic.conf , +.Nm +will mask the script output. +If the variable is not set to either +.Dq YES +or +.Dq NO , +it will be given a default value as described in +.Xr periodic.conf 5 . +.Pp +All remaining script output is delivered based on the value of the +.Va <basedir>_output +setting. +.Pp +If this is set to a path name (beginning with a +.Dq / +Character), output is simply logged to that file. +.Xr newsyslog 8 +knows about the files +.Pa /var/log/daily.log , +.Pa /var/log/weekly.log +and +.Pa /var/log/monthly.log , +and if they exist, it will rotate them at the appropriate times. +These are therefore good values if you wish to log +.Nm +output. +.Pp +If the +.Va <basedir>_output +value does not begin with a +.Dq / , +it is assumed to contain a list of email addresses, and the output is +mailed to them. +.Pp +If +.Va <basedir>_output +is not set, it defaults to +.Dq root . .Sh ENVIRONMENT The .Nm @@ -89,13 +161,16 @@ subdirectories which contain standard system periodic executables. .It Pa /etc/defaults/periodic.conf The .Pa periodic.conf -system registry contains a variable -.Va local_periodic -which may be configured to specify additional top level standard -periodic directories, such as -.Pa /usr/local/etc/periodic +system registry contains variables that control the behaviour of +.Nm +and the standard +.Pa daily , +.Pa weekly , and -.Pa /usr/X11R6/etc/periodic . +.Pa monthly +scripts. +.It Pa /etc/periodic.conf +This file contains local overrides for the default periodic configuration. .El .Sh EXAMPLES The system crontab should have entries for @@ -103,22 +178,40 @@ The system crontab should have entries for similar to the following example: .Pp .Dl # do daily/weekly/monthly maintenance -.Dl 0 2 * * * root periodic daily 2>&1 -.Dl 0 3 * * 6 root periodic weekly 2>&1 -.Dl 0 5 1 * * root periodic monthly 2>&1 +.Dl 0 2 * * * root periodic daily +.Dl 0 3 * * 6 root periodic weekly +.Dl 0 5 1 * * root periodic monthly .Pp -Additionally, the +The .Pa /etc/defaults/periodic.conf system registry will typically have a .Va local_periodic variable reading: .Pp .Dl local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" +.Pp +To log +.Nm +output instead of receiving it as email, add the following lines to +.Pa /etc/periodic.conf : +.Pp +.Dl daily_output=/var/log/daily.log +.Dl weekly_output=/var/log/weekly.log +.Dl monthly_output=/var/log/monthly.log +.Pp +To only see important information from daily periodic jobs, add the +following lines to +.Pa /etc/periodic.conf : +.Pp +.Dl daily_show_success=NO +.Dl daily_show_info=NO +.Dl daily_show_badconfig=NO .Sh SEE ALSO .Xr sh 1 , .Xr crontab 5 , .Xr periodic.conf 5 , -.Xr cron 8 +.Xr cron 8 , +.Xr newsyslog 8 .Rs .Sh DIAGNOSTICS Exit status is 0 on success and 1 if the command @@ -138,3 +231,4 @@ program first appeared in .Fx 3.0 . .Sh AUTHORS .An Paul Traina Aq pst@FreeBSD.org +.An Brian Somers Aq brian@Awfulhak.org diff --git a/usr.sbin/periodic/periodic.sh b/usr.sbin/periodic/periodic.sh index 7141710..f3b5d22 100644 --- a/usr.sbin/periodic/periodic.sh +++ b/usr.sbin/periodic/periodic.sh @@ -25,43 +25,65 @@ if [ -r /etc/defaults/periodic.conf ]; then source_periodic_confs fi -dir=$1 -run=`basename $dir` +dirlist= # If a full path was not specified, check the standard cron areas -if [ "$dir" = "$run" ] ; then - dirlist="" - for top in /etc/periodic ${local_periodic} ; do - if [ -d $top/$dir ] ; then - dirlist="${dirlist} $top/$dir" - fi - done - -# User wants us to run stuff in a particular directory -else - for dir in $* ; do - if [ ! -d $dir ] ; then - echo "$0: $dir not found" 1>&2 - exit 1 - fi - done - - dirlist="$*" -fi +for dir +do + case "$dir" in + /*) + if [ -d "$dir" ] + then + dirlist="$dirlist $dir" + else + echo "$0: $dir not found" >&2 + fi;; + *) + for top in /etc/periodic ${local_periodic} + do + [ -d $top/$dir ] && dirlist="$dirlist $top/$dir" + done;; + esac +done host=`hostname` export host -echo "Subject: $host $run run output" +tmp_output=/var/run/periodic.$$ # Execute each executable file in the directory list. If the x bit is not # set, assume the user didn't really want us to muck with it (it's a # README file or has been disabled). -for dir in $dirlist ; do - for file in $dir/* ; do - if [ -x $file -a ! -d $file ] ; then - $file - fi +for dir in $dirlist +do + eval output=\$${dir##*/}_output + case "$output" in + /*) pipe="cat >>$output";; + *) pipe="mail -s '$host ${dir##*/} run output' ${output:-root}";; + esac + + success=YES info=YES badconfig=NO # Defaults when ${run}_* aren't YES/NO + for var in success info badconfig + do + case $(eval echo "\$${dir##*/}_show_$var") in + [Yy][Ee][Ss]) eval $var=YES;; + [Nn][Oo]) eval $var=NO;; + esac done + + for file in $dir/* + do + if [ -x $file -a ! -d $file ] + then + $file </dev/null >$tmp_output 2>&1 + case $? in + 0) [ $success = YES ] && cat $tmp_output;; + 1) [ $info = YES ] && cat $tmp_output;; + 2) [ $badconfig = YES ] && cat $tmp_output;; + *) cat $tmp_output;; + esac + rm -f $tmp_output + fi + done | eval $pipe done |