summaryrefslogtreecommitdiffstats
path: root/etc/periodic
Commit message (Collapse)AuthorAgeFilesLines
* Further refine the auth fail regex to catch more auth failures andbrueffer2014-03-231-1/+1
| | | | | | | | | | | | reduce false positives. The committed patch was provided by Christian Marg. PR: 91732 Submitted by: Daniel O'Connor <doconnor at gsoft.com.au> Skye Poier <spoier at gmail.com> Alan Amesbury <amesbury at umn.edu> Christian Marg <marg at rz.tu-clausthal.de>
* Merge r257694 from head:glebius2013-11-141-62/+0
| | | | | | | | | Remove remnants of BIND from /etc, since there is no BIND in base now. Sorry, that would break users running head and BIND from ports, since ports rely on these scripts. The ports will be fixed soon. Approved by: re (kib)
* Odds and ends left over from BIND and unnoticed because they didn'tdes2013-10-011-4/+0
| | | | | | affect 'make universe'. Approved by: re (gjb)
* Fix a typo introduced in r254975.jkim2013-08-271-1/+1
|
* Install 450.status-security.jlh2013-08-271-1/+2
|
* Make the period of each periodic security script configurable.jlh2013-08-2719-84/+198
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@
* If daily_status_security_inline is set, the rc value needs to bejhb2013-06-251-12/+12
| | | | | | | | | | | | | forced to 3 so that the output of this script is always displayed. In fact, setting this flag is identical to setting daily_status_security_output to an empty string. To make the logic less confusing, change the behavior of daily_status_security_inline such that it just forces daily_status_security_output to an empty string and then applies the normal logic. PR: conf/178611 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> MFC after: 3 days
* Unconditionally install 210.backup-aliases as many MTAs other thaneadler2013-05-111-1/+1
| | | | | | | | sendmail support the use of /etc/aliases. PR: conf/176098 Submitted by: ak MFC after: 2 weeks
* Remove periodic script for ataraid(4) and add instead script for graid(8).mav2013-04-043-34/+35
|
* make installation of the 220.backup-pkgdb periodic script depend on PKGTOOLSbapt2012-12-201-2/+2
| | | | knob
* Make a command for pkg_info changeable like pkg_version inume2012-10-131-1/+1
| | | | | | /etc/periodic/weekly/400.status-pkg to be friendly with pkgng. MFC after: 1 week
* Only output a list of file systems that need to be dumped if the systemjhb2012-06-201-5/+8
| | | | | | | has a non-empty dumpdates file. Reviewed by: brooks MFC after: 1 week
* Display dropped transmit packets in the daily network interface output.jhb2012-05-071-2/+2
| | | | | | PR: conf/165956 Submitted by: Jeremy Chadwick MFC after: 1 week
* Add an option to 404.status-zfs (enabled by default) to list allgjb2012-02-081-4/+13
| | | | | | | | | | | | | zfs pools on the system. While here, document daily_status_zfs_enable in periodic.conf(5). Discussed on: -fs [1] Reviewed by: netchild [1] Approved by: jhb MFC after: 1 week [1] - http://lists.freebsd.org/pipermail/freebsd-fs/2011-June/011869.html
* The default setting, daily_accounting_compress="NO", was causingdougb2011-11-131-6/+12
| | | | | | | | | | | | | | | only 1 old file to be saved, so fix this. Problem raised in the PR, but actually required a different solution. While I'm here, fix a very old off-by-one error causing 1 more file than specified in daily_accounting_save to be saved because acct.0 was not taken into account (pun intended). Change that, and use a more thorough method of finding old files to delete. Partly just because this is the right thing to do, but also to silently fix the extra log that would have been left behind forever with the previous method. PR: conf/160848 Submitted by: Andrey Zonov <andrey@zonov.org>
* Increase default scrub threshold from 30 days to 5 weeks. Usingdelphij2011-10-271-1/+1
| | | | | | | whole weeks makes it easier to predicate when the scrub would happen. MFC after: 1 week
* Fix error message in case the backup storage directory does not exist andse2011-10-171-1/+1
| | | | | cannot be created ($daily_backup_pkgdb_dbdir -> $daily_backup_pkgdb_dir). MFC after: 1 week
* Add WITHOUT_UTMPX switch to the build system.ed2011-06-171-2/+7
| | | | | | | | | This knob removes the tools that are exclusively used to view and maintain the databases maintained by utmpx, namely last, users, who, wtmpcvt, ac, lastlogin and utxrm. The tool w is not in this list, because it has some other functionality which is unrelated to utmpx; it is hardlinked to the uptime tool.
* Don't omit ac(8) as part of WITHOUT_ACCT.ed2011-06-171-7/+2
| | | | | | | The WITHOUT_ACCT switch is supposed to omit tools related to process accounting, namely accton and sa. ac(8) is just a simple tool that prints statistics based on data in the utx.log database. It has nothing to do with the former.
* Eliminate extraneous pipelines and tr calls.jpaetzel2011-06-151-1/+1
| | | | | Approved by: kib (mentor) MFC after: 3 days
* Convert the allowed characters '-', '.', and ':' in a ZFS pool name to _jpaetzel2011-06-131-1/+1
| | | | | | | | | to avoid causing errors in the shell script. Submitted by: William Grzybowski <william88@gmail.com> Approved by: kib (mentor) MFC after: 7 days Sponsored by: iXsystems
* 1. If PKG_DBDIR cannot be determined from make, set the defaultdougb2011-05-051-2/+3
| | | | | | | | 2. Add the -H flag to tar in case /var/db/pkg itself is a symlink 3. Direct stderr to /dev/null to suppress the leading slash warning [1] PR: ports/156810 [1] Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com> [1]
* The security run requests unmaskable output, even if the only output is tonetchild2011-05-041-5/+6
| | | | | | | | | | | | | | | | tell that there is a separate email or that the output is logged to a file. This commit changes the return code for the non-inline case to tell that this message is not important enough and can be masked if necessary. The messages from the security checks themself are not affected by this and show up as before in the periodic security email/file. The inline case still requests to not mask the output, as with the current way of handling this there is no easy way to handle this. PR: 138692 Analysis/patch atch by: Chris Cowart <ccowart@timesinks.net> X-MFC after: on request
* Use proper return codes (valuable output, invalid config, problems).netchild2011-05-041-3/+5
| | | | MFC after: 1 week
* Hook the 220.backup-pkgdb script I added to the build unconditionallydougb2011-03-272-0/+2
| | | | | | Hook up 610.ipf6denied based on MK_IPFILTER as 510.ipfdenied is now Poked by: Andrzej Tobola <ato@iem.pw.edu.pl>
* Add svn:executable property on remaining period scripts without itdougb2011-03-276-0/+0
|
* Add a daily period script to back up /var/db/pkgdougb2011-03-261-0/+50
| | | | | | | | | | The final product contains work from the originator, and Florent Thoumie <florent.thoumie@gmail.com>. The final product contains considerable re-working by me, so all responsibility for bugs rests under my pointy hat. PR: ports/145957 Submitted by: Eitan Adler <EitanAdlerList@gmail.com>
* Add the svn:executable property to the scripts that are missing itdougb2011-03-267-0/+0
|
* Update how accounting log files are rotated.dougb2011-02-221-3/+6
| | | | | | | | | | | | | | | | The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
* Fix logic error introduced in previous commit.jpaetzel2011-01-251-4/+10
| | | | | | | | Along the way make some efficiency improvements. Submitted by: jilles Approved by: kib (mentor) MFC after: 3 days
* This script parses output of userland tools. In the case of a faultedjpaetzel2011-01-231-1/+5
| | | | | | | | | | | | zpool the output causes the script to bail out with syntax errors. Since a scrub of a faulted zpool is pointless, just skip over any pools marked as such. PR: conf/150228 Submitted by: jpaetzel Approved by: kib (mentor) MFC after: 3 days MFC note: only for RELENG_8
* Add an (off by default) check for negative permissions (where thebrooks2010-11-132-0/+55
| | | | | | | | group on a object has less permissions that everyone). These permissions will not work reliably over NFS if you have more than 14 supplemental groups and are usually not what you mean. MFC after: 1 week
* Hide 460.chkportsum in MK_PKGTOOLS != no case.delphij2010-11-091-1/+4
| | | | | Submitted by: Alex Kozlov <spam rm-rf kiev ua> MFC after: 2 weeks
* - Change the threshold from 'running next scrub the <value+1>th day after thenetchild2010-08-251-3/+3
| | | | | | | | last one' to 'running next scrub the <value>th day after the last one'. - Improve wording. Requested by: jhell <jhell@DataIX.net> MFC after: 1 week
* Connect the new script 490.status-pkg-changes (see r210863)olli2010-08-101-0/+4
| | | | | | | to the build, so it gets actually installed. Approved by: des (mentor) MFC after: 17 days
* - Fixes to the chkportsum script to handle better some special cases,gabor2010-08-101-9/+9
| | | | | | | like spaces in filename Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> Approved by: delphij (mentor)
* Add a daily script to the periodic framework that reportsolli2010-08-051-0/+43
| | | | | | | | | | | | | | | | | | changes to the package database, i.e. any packages that have been added, updated or deleted in the past 24 hours. The format is intentionally simple and concise. That information is particularly useful on servers that are maintained by multiple administrators. When someone adds, updates or deletes a package, the others will see it in the daily periodic output. This script is disabled by default. PR: conf/113913 Submitted by: olli Approved by: des (mentor) MFC after: 3 weeks
* - Add a periodic script, which can be used to find installed ports' files withgabor2010-07-192-0/+69
| | | | | | | | mismatched checksum PR: conf/124641 Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> Approved by: delphij (mentor)
* - add the zfs scrub scriptnetchild2010-06-171-1/+5
| | | | | | | - move the zfs status script into the MK_ZFS conditional to respect WITHOUT_ZFS Noticed by: Andrzej Tobola <ato@iem.pw.edu.pl>
* Add a periodic zfs scrub script.netchild2010-06-151-0/+86
| | | | | | | | | | | | | | | | | Features: - configurable amount of days between scrubs (default value or per pool) - do not scrub directly after pool creation (respects the configured number of days between scrubs) - do not scrub if a scrub is in progress - tells how to see the status of the scrub - tells how many days since the last scrub if it skips the scrubbing - warns if a non-existent pool is specified explicitely (default: no pools specified -> all currently imported pools are handled) - runs late in the periodic run to not slow down the other periodic daily scripts Discussed on: fs@
* Add a new build option, MAN_UTILS. This option lets you control buildingjkim2010-05-191-1/+1
| | | | | | | | | utilities and related support files for manual pages, which were previously controlled by MAN. For POLA, the default depends on MAN, i.e., WITHOUT_MAN implies WITHOUT_MAN_UTILS and WITH_MAN implies WITH_MAN_UTILS. This patch is slightly improved by me from: PR: misc/145212
* Remove trailing white space. No functional changes.dougb2010-05-143-5/+5
|
* Let rc and periodic infrastructure and newsyslog use the utmpx files.ed2010-01-131-1/+1
|
* Silence warning printed by getfsspec(3) when /etc/fstab does not existcperciva2009-09-282-0/+6
| | | | | | | | | | | fstab: /etc/fstab:0: No such file or directory and from dump(8) when setfsent(3) fails due to /etc/fstab not existing: DUMP: Can't open /etc/fstab for dump table information: No such... This makes daily and security periodic runs somewhat cleaner in jails which lack /etc/fstab files. MFC after: 1 month
* Rather than using both -prune (which requires directory-first tree traversal)brian2009-06-021-4/+4
| | | | | | | | | | | | and -delete (which implies depth-first traversal), avoid using -delete in favour of -execdir. This has a side-effect of not removing directories that contain files, even if we delete all of those files, but IMHO that's a better option than specifying all possible local filesystem types in this script. PR: 122811 MFC after: 3 weeks
* Update this script so that it handles different ruleset failuresbrian2009-05-281-8/+12
| | | | | | | | | | differently. The output now shows the ruleset and shortens to slightly different text (using $daily_status_mail_rejects_shorten), but it should be more descriptive. PR: 35018 Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com MFC after: 3 weeks
* Fix typo to install 400.status-pkg, again.ume2009-01-141-1/+1
|
* Sort `mount -p' output by name before checking for any differences.ed2008-10-251-1/+1
| | | | | | | | | | | | I noticed on a system at home that restarting named(8) causes the /var/named/dev mount to be moved to the bottom of the mount list, because it gets remounted. When I received the daily security email this morning, I was quite amazed to see that the security report listed the differences, while it was nothing out of the ordinary. If we just throw the `mount -p' output through sort(1), we'll only receive notifications about changes to mounts if something has really changed.
* add new build knobs and jigger some existing controls to improvesam2008-09-214-23/+80
| | | | | | | | control over the result of buildworld and installworld; this especially helps packaging systems such as nanobsd Reviewed by: various (posted to arch) MFC after: 1 month
* Improve periodic/security/550.ipfwlimit a bit:antoine2008-08-101-6/+3
| | | | | | | | | - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list") PR: conf/126060 [1] MFC after: 1 month
OpenPOWER on IntegriCloud