summaryrefslogtreecommitdiffstats
path: root/etc/periodic
Commit message (Collapse)AuthorAgeFilesLines
* Purge orphan catpages.ru2005-03-301-2/+2
| | | | | PR: conf/35242 Submitted by: Annihilator <annihilator.c@usa.net>
* Replace "ipfw l", which is now deprecated, with "ipfw list".ssouhlal2005-02-232-2/+2
| | | | Approved by: grehan (mentor)
* Don't do setuid checks on file systems mounted with noexec option.glebius2005-01-131-1/+1
| | | | | Reviewed by: brian, ru MFC after: 1 week
* Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(brian2005-01-121-1/+1
| | | | | | | As there are no tabs in maillog, reduce the expression so that only spaces are used. Problem raised by: Leif Neland root at internet dot dk
* Oops, the < in arg1=< is optional - treat it as such!brian2005-01-111-1/+1
|
* Adjust the mail reject output so that it gives an abreviated reason for thebrian2005-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | reject. For example: Checking for rejected mail hosts: 48 getherbalnow.info (451... resolve) 46 absorb.com (451... resolve) 4 tgmart01.codns.com (553... exist) 3 kali.com.cn (451... resolve) 2 genie.com (451... resolve) 1 zv.qy (553... exist) 1 zd.hinet.hr (553... exist) .... The bit in parenthesis is the reject code and the last word on the line - enough to give the admin a better chance of seeing real problems (hopefully!). While I'm here, remove the "<" at the start of rejects coming from "from" addresses without a name@ part. I had to rewrite the patch given by the submitter as this script has been sed'ified (used to be perl) and I think the reject code is useful.... PR: 17377 Idea from: root at ns dot internet dot dk MFC after: 7 days
* Collapse "fgrep | egrep | sed" down to a single sed.brian2005-01-111-3/+1
| | | | | | This also trims extraneous commas from domain names. MFC after: 7 days
* Start the dreaded NOFOO -> NO_FOO conversion.ru2004-12-211-1/+1
| | | | OK'ed by: core
* Teach periodic(8) security output to display information about blockedmlaier2004-11-242-0/+54
| | | | | | | | | | | | | | | | | | packet counts by pf(4). This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions. The output will look like this (line wrapped): pf denied packets: > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0 Bytes: 0 States: 0 ] > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578 States: 0 ] Submitted by: clive (thanks a lot!) MFC after: 2 weeks
* Add a knob 'daily_status_security_diff_flags' controlling thejkoshy2004-09-231-1/+2
| | | | | | | format of the 'diff' output generated during periodic(8) scripts. Submitted by: keramida (script changes) Reviewed by: keramida (man page changes)
* Allow the location of the INDEX file to specified to pkg_version.joe2004-05-191-1/+1
| | | | | | | This is particularly convenient on a cluster of machines to prevent having to rebuild the INDEX file on each. Reviewed by: portmgr
* Add script for checking ipv6 blocked packets from PR.darrenr2004-04-201-0/+53
| | | | | PR: misc/50154 Submitted by: Kimura Fuyuki <fuyuki@hadaly.org>
* Don't remove empty dirs if their names are in $daily_clean_tmps_ignoreache2004-02-281-3/+6
|
* Use hoststat/purgestat instead of sendmail -bh/-bH so the calls cangshapiro2004-01-021-3/+3
| | | | | | | | be properly mailwrapper'ed. PR: conf/60676 Submitted by: Colin Percival <cperciva@daemonology.net>, maxim MFC after: 4 days
* Use %e in the date(1) format string to eliminate the sed(1) command.ru2003-11-072-2/+2
|
* Add status checking of ATA raid to the daily periodic scripts.jesper2003-10-272-0/+34
|
* Have mktemp(1) construct the temporary file name for us insteadmtm2003-06-306-6/+6
| | | | | | of providing a template manually. Submitted by: Lars Eggert <larse@isi.edu>
* Remove 220.backup-distfile since it has been deleted.jhb2003-04-011-1/+0
| | | | | Reported by: mdodd Pointy hat to: jhb
* Complete removal of 320.rdist by removing its entry from periodic.conf andjhb2003-04-011-39/+0
| | | | | | | removing the related 220.backup-distfile script and associatd periodic.conf entry. Discussed with: obrien
* 320.rdist is OBE as we don't have rdist in the base system any more.obrien2003-03-291-1/+0
|
* This is OBE as we don't have rdist in the base system any longer.obrien2003-03-291-31/+0
|
* Do not do manually what sendmail(8) can do better automatically.wollman2003-01-081-25/+4
| | | | | Tell sendmail to clean up its own host status cache. The error condition handling could probably be done better.
* Add support for bzip2ed log files.se2003-01-053-3/+21
|
* Avoid using perl in the periodic & security scripts. This brings thekeramida2002-12-075-32/+37
| | | | | | base system one step closer to being totally perl-free. Approved by: re (jhb)
* Do not emit a message on stderr when one of the compared filesthomas2002-11-161-1/+1
| | | | | | | is shorter than the other. Reviewed by: roberto MFC after: 3 days
* Remove incorrect output redirection.thomas2002-11-161-1/+1
| | | | | | Reviewed by: roberto Committed from: EuroBSDCon Amsterdam MFC after: 3 days
* Add newly-added sripts to FILES.thomas2002-10-251-1/+3
| | | | Reviewed by: roberto
* Add a new /etc/periodic/security script to check for packetsthomas2002-10-251-0/+53
| | | | | | | | rejected by ipfilter (510.ipfdenied), and a corresponding periodic.conf knob (daily_status_security_ipfdenied_enable). Reviewed by: roberto Approved by: re@
* Factor out code across various /etc/periodic/security scripts into athomas2002-10-256-99/+101
| | | | | | | separate file, /etc/periodic/security/security.functions. Reviewed by: roberto (mentor) Approved by: re@
* When considering temporary files for deletion, don't examine the mtimejoerg2002-10-061-0/+1
| | | | | | | | | and atime only, but also the ctime. Otherwise, files extracted from tar or zip archives will immediately be declared stale since they've got their mtime reset to the original mtime. Reviewed by: brian MFC after: 1 week
* Add a pkg_version variable so that it's possible to run portsversion insteadbrian2002-09-251-1/+1
| | | | of pkg_version in periodic/weekly/400.status-pkg.
* Make it work with POSIX sort (POS arg).ache2002-09-245-5/+5
| | | | All old sorts understand -k too.
* Only create a temporary file if we are actually going to do somethingcjc2002-08-257-7/+7
| | | | | | | | | in the script. Eliminates a bug where we create a temp file, but don't delete it since the rm(1) is only done if the check is enabled. PR: bin/40960 Submitted by: frf <frf@xocolatl.com> MFC after: 3 days
* o Test and change to the correct directory, /var/spool/.hoststatschweikh2002-08-121-8/+5
| | | | | | | | o Bring if/then style in sync with /etc/rc scripts PR: conf/41570 Submitted by: Konstantin M Volevatch <cox@rosnet.ru> MFC after: 1 week
* If all file systems are marked nosuid, the line:gshapiro2002-08-031-8/+11
| | | | | | | | | | | | | | | MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` sets ${MP} to an empty string so the next line: set ${MP} actually just dumps all of the shells variables to stdout (and therefore the security report). Fixed by surrounding the code which goes through the mounts with a test for an empty string before using ${MP}. Reviewed by: brian MFC after: 3 days
* Install scripts via FILES (purposedly not via SCRIPTS that wouldru2002-07-185-8/+5
| | | | strip the suffixes).
* s/${INSTALL} -c/${INSTALL} ${COPY}/ru2002-07-181-1/+1
|
* Mention that we're checking kernel log messages, even if there'sbrian2002-06-281-2/+2
| | | | | | | no output. PR: 39618 MFC after: 1 week
* Temporarily change our umask to 066 so that the potential creationbrian2002-05-171-0/+3
| | | | | | | | | | of wtmp.0 is done as mode 600. This ensures that tight permissions set in /etc/newsyslog.conf for wtmp logging aren't ``betrayed''. Suggested by: lumpy <lumpy@the.whole.net> MFC after: 3 days
* Change ``dmesg -a'' to ``dmesg''.brian2002-05-171-1/+1
| | | | | | | | | | | The change was introduced in src/etc/security 1.53 almost a year ago in an attempt to see ipfw deny message logs. However, ipfw deny/reject logs have been displayed since version 1.13 of the same file as a separate ``job'' and have since moved to src/etc/periodic/security/500.ipfwdenied. MFC after: 3 days
* Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp}brian2002-05-177-7/+7
| | | | | Problem reported by: lumpy <lumpy@the.whole.net> MFC after: 3 days
* Return 3 unless $daily_status_security_enable != YES.brian2002-05-171-1/+1
| | | | | | Returning $? masks security output when ``periodic security'' is successful ! MFC after: 3 days
* Fix the output when daily_status_mailq_shorten is set to YESbrian2002-05-071-4/+4
| | | | | | PR: 23766 Mostly submitted by: lambert@ssabsd.csw.net MFC after: 3 days
* Remove leading whitespace from the setuid file lists.cjc2002-05-051-2/+2
| | | | | | | | | | | | | | Due to the way we run ls(1), through xargs(1), the leading whitespace can change even when the setuid files haven't. To avoid displaying these lines, we currently run diff(1) with the '-w' option. However, this is probably not the ideal way to go; there is a very, very small possibility for diff(1) to miss things is shouldn't. So, with the leading space cleaned, we can revert to the '-b' option which is "safer." PR: conf/37618 Reviewed by: brian MFC after: 3 days
* Handle .bz2 files created by newsyslogbrian2002-04-302-0/+7
| | | | | | PR: 37529 Partially submitted by: Peter Hollaubek <fifteen@inext.hu> MFC after: 1 week
* Update mail queue related periodic scripts to account for sendmail 8.12'sgshapiro2002-04-102-11/+30
| | | | | | | | | | | | | | | | | | | | clientmqueue (submit mail queue). The new mailq display is only active if both the old daily_status_mailq_enable is set to "YES" and the new daily_status_include_submit_mailq is set to "YES" so people who disabled 440.status-mailq won't have any surprises. Likewise, the new queue run is only active if both the old daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun is set to "YES" so people who disabled 500.queuerun won't have any surprises. While I am here, remove the [ ! -d /var/spool/mqueue ] checks from both scripts as the queue directory isn't always /var/spool/mqueue for the main daemon -- it can be set to anything in the sendmail.cf file. MFC after: 1 week
* No need to explicitly check for both cases when using grep -i.rwatson2002-03-121-1/+1
|
* Update login failure checking to check auth.log instead of messages,rwatson2002-03-111-3/+3
| | | | | | and teach it to look for more general classes of failures, including SSH login failures. This is similar but not identical to a patch submitted by aeonflux@synapse.subneural.net.
* Environmental variable was not being passed to a subshell as intended.cjc2002-03-051-2/+2
| | | | | PR: bin/35558 Submitted by: Nicolas Rachinsky <list@rachinsky.de>
* Set rc=1 rather than 0 so that setting daily_show_success=YES masksbrian2002-02-131-1/+1
| | | | | | | | the output of all goes well. PR: 34825 Submitted by: Valentin Nechayev <netch@netch.kiev.ua> MFC after: 3 weeks
OpenPOWER on IntegriCloud