summaryrefslogtreecommitdiffstats
path: root/etc/periodic
Commit message (Collapse)AuthorAgeFilesLines
* Fix typo to install 400.status-pkg, again.ume2009-01-141-1/+1
|
* Sort `mount -p' output by name before checking for any differences.ed2008-10-251-1/+1
| | | | | | | | | | | | I noticed on a system at home that restarting named(8) causes the /var/named/dev mount to be moved to the bottom of the mount list, because it gets remounted. When I received the daily security email this morning, I was quite amazed to see that the security report listed the differences, while it was nothing out of the ordinary. If we just throw the `mount -p' output through sort(1), we'll only receive notifications about changes to mounts if something has really changed.
* add new build knobs and jigger some existing controls to improvesam2008-09-214-23/+80
| | | | | | | | control over the result of buildworld and installworld; this especially helps packaging systems such as nanobsd Reviewed by: various (posted to arch) MFC after: 1 month
* Improve periodic/security/550.ipfwlimit a bit:antoine2008-08-101-6/+3
| | | | | | | | | - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list") PR: conf/126060 [1] MFC after: 1 month
* Rev. 1.8 broke matching on lines where the failure mode is at the headmtm2008-06-301-1/+1
| | | | | | | | of the message, such as: Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1 PR: conf/124569 Submitted by: Taku <taku@tekipaki.jp>
* Add a missing ;.remko2008-03-251-1/+1
| | | | | | | PR: misc/122069 Submitted by: taku@tekipaki.jp MFC after: 3 days Approved by: imp (mentor, implicit trivial change).
* Eliminate xargs in favor of find -exec {} +des2008-02-031-2/+1
|
* Rewrite to consume significantly less memory, by using find -s instead ofdes2008-02-021-16/+11
| | | | | | | | | | | | | find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get. Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might. MFC after: 2 weeks
* A new configuration variable, daily_status_mail_rejects_shorten, allowsdds2008-01-081-1/+8
| | | | | | | | the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form. MFC after: 1 week
* Also check setuid executables on ZFS.ru2007-11-231-1/+1
|
* o Install 480.status-ntpd.maxim2007-05-141-0/+1
| | | | Pointed out by: Henrik Brix Anders
* o Add a script to check ntpd(8) state. Default is off.maxim2007-05-131-0/+28
| | | | | | PR: conf/112604 Submitted by: Oliver Fromme MFC after: 1 month
* Add ZFS periodic scripts that monitors status of ZFS pools.pjd2007-04-062-0/+37
| | | | Submitted by: des
* Only match on log messages containing fail,invalid,remko2007-02-231-1/+1
| | | | | | | | | | bad or illegal. This prevents matching on systems that have a name that matches the query. PR: conf/107560 Submitted by: Christian Laursen <cfsl at pil dot dk> MFC after: 3 days Approved by: imp (mentor)
* Move to the preferred syntax for nice (-n) insteadremko2007-02-231-1/+1
| | | | | | | | of the depricated one. PR: conf/108611 Submitted by: TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp> Approved by: imp (mentor)
* Use egrep instead of grep so that reporting of login failures (brokenjdp2007-02-051-1/+1
| | | | | by revision 1.6) works again. This fix is already in RELENG_6, but was never committed to HEAD.
* The kvm_mkdb(8) is long dead.ru2006-08-292-51/+1
|
* Add login.conf checking to periodic security scripts. If the login.conf filetrhodes2006-08-252-0/+53
| | | | | | is not UID/GID 0, limits will be ignored and a strange error sent to auth.log. Head nod: ru, rwatson
* o Add missed $start variable in the grep statement back.maxim2006-06-111-1/+1
| | | | | | PR: conf/96658 Submitted by: James Snow MFC after: 1 week
* Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.mlaier2006-05-123-118/+0
| | | | | Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw scripts as well.
* Fix output and exit status when daily_mailq_shorten is set to YESmatteo2006-03-081-6/+8
| | | | | PR: conf/93472 MFC after: 3
* Enhance loginfail: it will catch sshd, proftpd and su errors, as well as ↵matteo2006-03-051-1/+1
| | | | | | | | | other programs PR: conf/70973 Submitted by: Ryan Sommers" <ryans@gamersimpact.com> Approved by: philip (mentor) MFC after: 3 days
* Add periodic scripts that check the status of graid3(8), gstripe(8)brueffer2006-03-024-0/+105
| | | | | | and gconcat(8) devices, respectively. Approved by: rwatson (mentor)
* When there are no interesting information in output, exit with 0.matteo2006-02-071-3/+3
| | | | | | | PR: conf/92299 Submitted by: Petr Rehor <prehor@gmail.com> Approved by: philip (mentor) MFC after: 3 days
* o Add 406.status-gmirror, sort.maxim2006-01-211-1/+2
| | | | Submitted by: brueffer
* Add a daily script to show the status of gmirror(8) devices.wollman2006-01-131-0/+34
|
* Update the test for failed zone transfers to reflect BIND 9.3.1 semanticsdougb2005-11-221-10/+8
| | | | | | | | | | Simplify the shell scripting a bit, and remove a useless grep | sed The problem was pointed out by the PR, and I used part of the solution suggested there, but the semantics changed again for 9.2.x -> 9.3.x. PR: conf/74228 Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
* A new version of rev. 1.4: postpone a temporary file creationmaxim2005-09-111-1/+1
| | | | | | | | until we realize if ipfw(4) ever used. PR: bin/85970 Submitted by: Andre Albsmeier MFC after: 3 days
* Fix braino in last commit. Print nothing if ipfw(4) is not present.glebius2005-08-311-2/+2
|
* When looking for new lines in diff output, grep for '^[>+]' instead ofcperciva2005-08-221-1/+1
| | | | | | | '^>', in order to catch both normal and unified diffs. Problem reported by: volker at vwsoft dot com via -stable MFC after: 3 days
* - Correctly parse output, when logging amount is limited in theglebius2005-08-201-7/+15
| | | | | | | | | | rule itself, not in verbose_limit sysctl. [1] - Do check rules, even if verbose_limit is set 0. Rules may have their own log limits. PR: conf/77929 Submitted by: Andriy Gapon [1] Reviewed by: matteo
* Purge orphan catpages.ru2005-03-301-2/+2
| | | | | PR: conf/35242 Submitted by: Annihilator <annihilator.c@usa.net>
* Replace "ipfw l", which is now deprecated, with "ipfw list".ssouhlal2005-02-232-2/+2
| | | | Approved by: grehan (mentor)
* Don't do setuid checks on file systems mounted with noexec option.glebius2005-01-131-1/+1
| | | | | Reviewed by: brian, ru MFC after: 1 week
* Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(brian2005-01-121-1/+1
| | | | | | | As there are no tabs in maillog, reduce the expression so that only spaces are used. Problem raised by: Leif Neland root at internet dot dk
* Oops, the < in arg1=< is optional - treat it as such!brian2005-01-111-1/+1
|
* Adjust the mail reject output so that it gives an abreviated reason for thebrian2005-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | reject. For example: Checking for rejected mail hosts: 48 getherbalnow.info (451... resolve) 46 absorb.com (451... resolve) 4 tgmart01.codns.com (553... exist) 3 kali.com.cn (451... resolve) 2 genie.com (451... resolve) 1 zv.qy (553... exist) 1 zd.hinet.hr (553... exist) .... The bit in parenthesis is the reject code and the last word on the line - enough to give the admin a better chance of seeing real problems (hopefully!). While I'm here, remove the "<" at the start of rejects coming from "from" addresses without a name@ part. I had to rewrite the patch given by the submitter as this script has been sed'ified (used to be perl) and I think the reject code is useful.... PR: 17377 Idea from: root at ns dot internet dot dk MFC after: 7 days
* Collapse "fgrep | egrep | sed" down to a single sed.brian2005-01-111-3/+1
| | | | | | This also trims extraneous commas from domain names. MFC after: 7 days
* Start the dreaded NOFOO -> NO_FOO conversion.ru2004-12-211-1/+1
| | | | OK'ed by: core
* Teach periodic(8) security output to display information about blockedmlaier2004-11-242-0/+54
| | | | | | | | | | | | | | | | | | packet counts by pf(4). This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions. The output will look like this (line wrapped): pf denied packets: > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0 Bytes: 0 States: 0 ] > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578 States: 0 ] Submitted by: clive (thanks a lot!) MFC after: 2 weeks
* Add a knob 'daily_status_security_diff_flags' controlling thejkoshy2004-09-231-1/+2
| | | | | | | format of the 'diff' output generated during periodic(8) scripts. Submitted by: keramida (script changes) Reviewed by: keramida (man page changes)
* Allow the location of the INDEX file to specified to pkg_version.joe2004-05-191-1/+1
| | | | | | | This is particularly convenient on a cluster of machines to prevent having to rebuild the INDEX file on each. Reviewed by: portmgr
* Add script for checking ipv6 blocked packets from PR.darrenr2004-04-201-0/+53
| | | | | PR: misc/50154 Submitted by: Kimura Fuyuki <fuyuki@hadaly.org>
* Don't remove empty dirs if their names are in $daily_clean_tmps_ignoreache2004-02-281-3/+6
|
* Use hoststat/purgestat instead of sendmail -bh/-bH so the calls cangshapiro2004-01-021-3/+3
| | | | | | | | be properly mailwrapper'ed. PR: conf/60676 Submitted by: Colin Percival <cperciva@daemonology.net>, maxim MFC after: 4 days
* Use %e in the date(1) format string to eliminate the sed(1) command.ru2003-11-072-2/+2
|
* Add status checking of ATA raid to the daily periodic scripts.jesper2003-10-272-0/+34
|
* Have mktemp(1) construct the temporary file name for us insteadmtm2003-06-306-6/+6
| | | | | | of providing a template manually. Submitted by: Lars Eggert <larse@isi.edu>
* Remove 220.backup-distfile since it has been deleted.jhb2003-04-011-1/+0
| | | | | Reported by: mdodd Pointy hat to: jhb
* Complete removal of 320.rdist by removing its entry from periodic.conf andjhb2003-04-011-39/+0
| | | | | | | removing the related 220.backup-distfile script and associatd periodic.conf entry. Discussed with: obrien
OpenPOWER on IntegriCloud