aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Somers <brian@FreeBSD.org>2000-09-14 17:19:15 +0000
committerBrian Somers <brian@FreeBSD.org>2000-09-14 17:19:15 +0000
commit9ed55d11927f19588b8aef6f62573088ef326533 (patch)
treec31f792ea5c6e9dc64b4548ce1eac04f000541b2
parentcb144e905c51d496dc25e6c2e9c99ba603d00a02 (diff)
downloadsrc-9ed55d11927f19588b8aef6f62573088ef326533.tar.gz
src-9ed55d11927f19588b8aef6f62573088ef326533.zip
Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted by periodic(8). Output may be masked based on variable values in periodic.conf. It's also now possible to email periodic output to arbitrary addresses, or to send it to a log file, examples of which can be found in newsyslog.conf. The upshot of it all should be no discernable changes to the default behaviour of periodic(8). PR: 21250
Notes
Notes: svn path=/head/; revision=65843
-rw-r--r--etc/crontab6
-rw-r--r--etc/defaults/periodic.conf32
-rw-r--r--etc/newsyslog.conf3
-rwxr-xr-xetc/periodic/daily/100.clean-disks23
-rwxr-xr-xetc/periodic/daily/110.clean-tmps28
-rwxr-xr-xetc/periodic/daily/120.clean-preserve39
-rwxr-xr-xetc/periodic/daily/130.clean-msgs12
-rwxr-xr-xetc/periodic/daily/140.clean-rwho26
-rwxr-xr-xetc/periodic/daily/150.clean-hoststat27
-rwxr-xr-xetc/periodic/daily/200.backup-passwd30
-rwxr-xr-xetc/periodic/daily/210.backup-aliases16
-rwxr-xr-xetc/periodic/daily/220.backup-distfile14
-rwxr-xr-xetc/periodic/daily/300.calendar13
-rwxr-xr-xetc/periodic/daily/310.accounting31
-rwxr-xr-xetc/periodic/daily/320.rdist12
-rwxr-xr-xetc/periodic/daily/330.news12
-rwxr-xr-xetc/periodic/daily/340.uucp17
-rwxr-xr-xetc/periodic/daily/400.status-disks8
-rwxr-xr-xetc/periodic/daily/410.status-uucp17
-rwxr-xr-xetc/periodic/daily/420.status-network23
-rwxr-xr-xetc/periodic/daily/430.status-rwho17
-rwxr-xr-xetc/periodic/daily/440.status-mailq24
-rwxr-xr-xetc/periodic/daily/450.status-security53
-rwxr-xr-xetc/periodic/daily/460.status-mail-rejects26
-rwxr-xr-xetc/periodic/daily/999.local11
-rwxr-xr-xetc/periodic/monthly/200.accounting20
-rwxr-xr-xetc/periodic/monthly/999.local11
-rwxr-xr-xetc/periodic/weekly/120.clean-kvmdb22
-rwxr-xr-xetc/periodic/weekly/300.uucp17
-rwxr-xr-xetc/periodic/weekly/310.locate25
-rwxr-xr-xetc/periodic/weekly/320.whatis51
-rwxr-xr-xetc/periodic/weekly/330.catman24
-rw-r--r--etc/periodic/weekly/340.noid10
-rwxr-xr-xetc/periodic/weekly/400.status-pkg10
-rwxr-xr-xetc/periodic/weekly/999.local11
-rw-r--r--etc/security63
-rw-r--r--share/man/man5/periodic.conf.582
-rw-r--r--usr.sbin/periodic/periodic.8132
-rw-r--r--usr.sbin/periodic/periodic.sh76
39 files changed, 824 insertions, 250 deletions
diff --git a/etc/crontab b/etc/crontab
index d27c48a43234..49076d06eec2 100644
--- a/etc/crontab
+++ b/etc/crontab
@@ -14,9 +14,9 @@ HOME=/var/log
0 * * * * root newsyslog
#
# do daily/weekly/monthly maintenance
-59 1 * * * root periodic daily 2>&1 | sendmail root
-30 3 * * 6 root periodic weekly 2>&1 | sendmail root
-30 5 1 * * root periodic monthly 2>&1 | sendmail root
+59 1 * * * root periodic daily
+30 3 * * 6 root periodic weekly
+30 5 1 * * root periodic monthly
#
# time zone change adjustment for wall cmos clock,
# does nothing, if you have UTC cmos clock.
diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index 2ad0e504cc61..c50d28a86642 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
# Daily options
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $daily_output might be set to /var/log/daily.log if you
+# wish to log the daily output and have the files rotated by newsyslog(8)
+#
+daily_output="root" # user or /file
+daily_show_success="YES" # scripts returning 0
+daily_show_info="YES" # scripts returning 1
+daily_show_badconfig="NO" # scripts returning 2
+
# 100.clean-disks
daily_clean_disks_enable="NO" # Delete files daily
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
@@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group
daily_backup_aliases_enable="YES" # Backup mail aliases
# 220.backup-distfile
-daily_backup_distfile_enable="YES" # Backup distfile
+daily_backup_distfile_enable="YES" # rdist /etc/Distfile
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
@@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts
# Weekly options
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $weekly_output might be set to /var/log/weekly.log if you
+# wish to log the weekly output and have the files rotated by newsyslog(8)
+#
+weekly_output="root" # user or /file
+weekly_show_success="YES" # scripts returning 0
+weekly_show_info="YES" # scripts returning 1
+weekly_show_badconfig="NO" # scripts returning 2
+
# 120.clean-kvmdb
weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly
weekly_clean_kvmdb_days=7 # If not accessed for
@@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts
# Monthly options
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $monthly_output might be set to /var/log/monthly.log if you
+# wish to log the monthly output and have the files rotated by newsyslog(8)
+#
+monthly_output="root" # user or /file
+monthly_show_success="YES" # scripts returning 0
+monthly_show_info="YES" # scripts returning 1
+monthly_show_badconfig="NO" # scripts returning 2
+
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf
index 131d62678ca0..47ff2e1f222f 100644
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@@ -14,3 +14,6 @@
/var/log/ppp.log 600 3 100 * Z
/var/log/security 600 10 100 * Z
/var/log/wtmp 644 3 * @01T05 B
+/var/log/daily.log 640 7 * @T00 Z
+/var/log/weekly.log 640 5 1 $W6D0 Z
+/var/log/monthly.log 640 12 * $M1D0 Z
diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks
index 6f95a698f7b0..e2252372c4ab 100755
--- a/etc/periodic/daily/100.clean-disks
+++ b/etc/periodic/daily/100.clean-disks
@@ -15,8 +15,18 @@ fi
case "$daily_clean_disks_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ]
+ if [ -z "$daily_clean_disks_days" ]
then
+ echo '$daily_clean_disks_enable is set but' \
+ '$daily_clean_disks_days is not'
+ rc=2
+ elif [ -z "$daily_clean_disks_files" ]
+ then
+ echo '$daily_clean_disks_enable is set but' \
+ '$daily_clean_disks_files is not'
+ are misconfigured
+ rc=2
+ else
echo ""
echo "Removing old temporary files:"
set -f noglob
@@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in
print=;;
esac
- find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
- \( $args \) -atime +$daily_clean_disks_days -delete $print
+ rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
+ \( $args \) -atime +$daily_clean_disks_days -delete $print |
+ tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
set -f glob
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps
index 0ae223bf3157..b6a4795a77b0 100755
--- a/etc/periodic/daily/110.clean-tmps
+++ b/etc/periodic/daily/110.clean-tmps
@@ -16,8 +16,12 @@ fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_tmps_days" ]
+ if [ -z "$daily_clean_tmps_days" ]
then
+ echo '$daily_clean_tmps_enable is set but' \
+ '$daily_clean_tmps_days is not'
+ rc=2
+ else
echo ""
echo "Removing old temporary files:"
@@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in
print=;;
esac
- for dir in $daily_clean_tmps_dirs
- do
- [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
- find -d . -type f $args -delete $print
- find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \
- -delete $print
- } | sed "s,^\\., $dir,"
- done
+ rc=$(for dir in $daily_clean_tmps_dirs
+ do
+ [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
+ find -d . -type f $args -delete $print
+ find -d . ! -name . -type d -mtime \
+ +$daily_clean_tmps_days -delete $print
+ } | sed "s,^\\., $dir,"
+ done | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
set -f glob
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve
index 2230a03474a5..d5b34a12c385 100755
--- a/etc/periodic/daily/120.clean-preserve
+++ b/etc/periodic/daily/120.clean-preserve
@@ -15,20 +15,39 @@ fi
case "$daily_clean_preserve_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ]
+ if [ -z "$daily_clean_preserve_days" ]
then
+ echo '$daily_clean_preserve_enable is set but' \
+ '$daily_clean_preserve_days is not'
+ rc=2
+ elif [ ! -d /var/preserve ]
+ then
+ echo '$daily_clean_preserve_enable is set but /var/preserve' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Removing stale files from /var/preserve:"
- case "$daily_clean_preserve_verbose" in
- [Yy][Ee][Ss])
- print=-print;;
- *)
- print=;;
- esac
+ if cd /var/preserve
+ then
+ case "$daily_clean_preserve_verbose" in
+ [Yy][Ee][Ss])
+ print=-print;;
+ *)
+ print=;;
+ esac
- cd /var/preserve &&
- find . ! -name . -mtime +$daily_clean_preserve_days \
- -delete $print
+ rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs
index c12cba901b40..b7890db6d954 100755
--- a/etc/periodic/daily/130.clean-msgs
+++ b/etc/periodic/daily/130.clean-msgs
@@ -15,13 +15,21 @@ fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
- if [ -d /var/msgs ]
+ if [ ! -d /var/msgs ]
then
+ echo '$daily_clean_msgs_enable is set but /var/msgs' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
- msgs -c $arg
+ msgs -c $arg && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho
index 9504f81afb4e..9645d7e60bf7 100755
--- a/etc/periodic/daily/140.clean-rwho
+++ b/etc/periodic/daily/140.clean-rwho
@@ -15,8 +15,17 @@ fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ]
+ if [ -z "$daily_clean_rwho_days" ]
then
+ echo '$daily_clean_rwho_enable is enabled but' \
+ '$daily_clean_rwho_days is not set'
+ rc=2
+ elif [ ! -d /var/rwho ]
+ then
+ echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Removing stale files from /var/rwho:"
@@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in
print=;;
esac
- cd /var/rwho &&
- find . ! -name . -mtime +$daily_clean_rwho_days -delete $print
+ if cd /var/rwho
+ then
+ rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat
index 85c1e6788ab0..952d96af6f57 100755
--- a/etc/periodic/daily/150.clean-hoststat
+++ b/etc/periodic/daily/150.clean-hoststat
@@ -15,8 +15,17 @@ fi
case "$daily_clean_hoststat_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ]
+ if [ -z "$daily_clean_hoststat_days" ]
then
+ echo '$daily_clean_hoststat_enable is enabled but' \
+ '$daily_clean_hoststat_days is not set'
+ rc=2
+ elif [ ! -d /var/spool/.hoststat ]
+ then
+ echo '$daily_clean_hoststat_enable is enabled but' \
+ "/var/spool/.hoststat doesn't exist"
+ rc=2
+ else
echo ""
echo "Removing stale files from /var/spool/.hoststat:"
@@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in
print=;;
esac
- cd /var/hoststat &&
- find . ! -name . -mtime +$daily_clean_hoststat_days \
- -delete $print
+ if cd /var/hoststat
+ then
+ rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd
index b8858e7a7e17..865a19740278 100755
--- a/etc/periodic/daily/200.backup-passwd
+++ b/etc/periodic/daily/200.backup-passwd
@@ -13,47 +13,65 @@ fi
case "$daily_backup_passwd_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/master.passwd -o -f /etc/group ]
+ if [ ! -f /etc/master.passwd ]
then
+ echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /etc/group ]
+ then
+ echo '$daily_backup_passwd_enable" is set but /etc/group' \
+ "doesn't exist"
+ rc=2
+ else
bak=/var/backups
+ rc=0
echo ""
echo "Backup passwd and group files:"
if [ ! -f $bak/master.passwd.bak ]
then
+ rc=1
echo "no $bak/master.passwd.bak"
- cp -p /etc/master.passwd $bak/master.passwd.bak
+ cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
fi
if ! cmp -s $bak/master.passwd.bak /etc/master.passwd
then
+ [ $rc -lt 1 ] && rc=1
echo "$host passwd diffs:"
diff $bak/master.passwd.bak /etc/master.passwd |\
sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
mv $bak/master.passwd.bak $bak/master.passwd.bak2
- cp -p /etc/master.passwd $bak/master.passwd.bak
+ cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
fi
if [ ! -f $bak/group.bak ]
then
+ [ $rc -lt 1 ] && rc=1
echo "no $bak/group.bak"
- cp -p /etc/group $bak/group.bak
+ cp -p /etc/group $bak/group.bak || rc=3
fi
if ! cmp -s $bak/group.bak /etc/group
then
+ [ $rc -lt 1 ] && rc=1
echo "$host group diffs:"
diff $bak/group.bak /etc/group
mv $bak/group.bak $bak/group.bak2
- cp -p /etc/group $bak/group.bak
+ cp -p /etc/group $bak/group.bak || rc=3
fi
if [ -f /etc/group ]
then
echo ""
echo "Verifying group file syntax:"
- chkgrp /etc/group
+ chkgrp /etc/group || rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases
index 0b5206eb9456..fe170389ef03 100755
--- a/etc/periodic/daily/210.backup-aliases
+++ b/etc/periodic/daily/210.backup-aliases
@@ -13,9 +13,14 @@ fi
case "$daily_backup_aliases_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/mail/aliases ]
+ if [ ! -f /etc/mail/aliases ]
then
+ echo '$daily_backup_aliases_enable is enabled but' \
+ "/etc/mail/aliases doesn't exist"
+ rc=2
+ else
bak=/var/backups
+ rc=0
echo ""
echo "Backing up mail aliases:"
@@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in
if [ ! -f $bak/aliases.bak ]
then
echo "no $bak/aliases.bak"
- cp -p /etc/mail/aliases $bak/aliases.bak
+ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
fi
if ! cmp -s $bak/aliases.bak /etc/mail/aliases
then
+ [ $rc -lt 1 ] && rc=1
echo "$host aliases diffs:"
diff -u $bak/aliases.bak /etc/mail/aliases
mv $bak/aliases.bak $bak/aliases.bak2
- cp -p /etc/mail/aliases $bak/aliases.bak
+ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/220.backup-distfile b/etc/periodic/daily/220.backup-distfile
index 37efaea15b21..93d766031456 100755
--- a/etc/periodic/daily/220.backup-distfile
+++ b/etc/periodic/daily/220.backup-distfile
@@ -13,17 +13,27 @@ fi
case "$daily_backup_distfile_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/Distfile ]
+ if [ ! -f /etc/Distfile ]
then
+ echo '$daily_backup_distfile_enable is set but /etc/Distfile' \
+ "doesn't exist"
+ rc=2
+ else
bak=/var/backups
+ rc=0
echo ""
echo "Backing up /etc/Distfile:"
if ! cmp -s $bak/Distfile.bak /etc/Distfile
then
+ rc=1
mv $bak/Distfile.bak $bak/Distfile.bak2
- cp /etc/Distfile $bak/Distfile.bak
+ cp /etc/Distfile $bak/Distfile.bak || rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar
index a921bcf96224..cc12097162e5 100755
--- a/etc/periodic/daily/300.calendar
+++ b/etc/periodic/daily/300.calendar
@@ -18,11 +18,12 @@ fi
case "$daily_calendar_enable" in
[Yy][Ee][Ss])
- if [ -f /usr/bin/calendar ]
- then
- echo ""
- echo "Running calendar:"
+ echo ""
+ echo "Running calendar:"
- calendar -a
- fi;;
+ calendar -a && rc=0 || rc=3;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting
index 2baf232cbb1b..c510a94209a2 100755
--- a/etc/periodic/daily/310.accounting
+++ b/etc/periodic/daily/310.accounting
@@ -13,26 +13,35 @@ fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
- if [ -f /var/account/acct ]
+ if [ ! -f /var/account/acct ]
then
+ echo '$daily_accounting_enable is set but /var/account/acct' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
+ rc=0
- rm -f acct.3.gz acct.3
- [ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz
- [ -f acct.2 ] && mv -f acct.2 acct.3
- [ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz
- [ -f acct.1 ] && mv -f acct.1 acct.2
- [ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz
- [ -f acct.0 ] && mv -f acct.0 acct.1
- cp -pf acct acct.0
- sa -s >/dev/null
+ rm -f acct.3.gz acct.3 || rc=3
+ [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; }
+ [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; }
+ [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; }
+ [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; }
+ [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; }
+ [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; }
+ cp -pf acct acct.0 || rc=3
+ sa -s >/dev/null || rc=3
case "$daily_accounting_compress" in
[Yy][Ee][Ss])
- gzip -f acct.0;;
+ gzip -f acct.0 || rc=3;;
esac
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/320.rdist b/etc/periodic/daily/320.rdist
index 0095ae63ee2a..11ec19083232 100755
--- a/etc/periodic/daily/320.rdist
+++ b/etc/periodic/daily/320.rdist
@@ -13,11 +13,19 @@ fi
case "$daily_distfile_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/Distfile ]
+ if [ ! -f /etc/Distfile ]
then
+ echo '$daily_distfile_enable is set but /etc/Distfile' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Running rdist with /etc/Distfile:"
- rdist -f /etc/Distfile
+ rdist -f /etc/Distfile && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news
index dc3a3bfa677c..ec064376d78f 100755
--- a/etc/periodic/daily/330.news
+++ b/etc/periodic/daily/330.news
@@ -16,11 +16,19 @@ fi
case "$daily_news_expire_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/news.expire ]
+ if [ ! -f /etc/news.expire ]
then
+ echo '$daily_news_expire_enable is set but /etc/news.expire' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Running news.expire:"
- /etc/news.expire
+ /etc/news.expire && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/340.uucp b/etc/periodic/daily/340.uucp
index 178fa63b1c99..120c8747b90c 100755
--- a/etc/periodic/daily/340.uucp
+++ b/etc/periodic/daily/340.uucp
@@ -16,11 +16,24 @@ fi
case "$daily_uuclean_enable" in
[Yy][Ee][Ss])
- if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ]
+ if [ ! -d /var/spool/uucp ]
then
+ echo '$daily_uuclean_enable is set, but /var/spool/uucp' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /etc/uuclean.daily ]
+ then
+ echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Cleaning up UUCP:"
- echo /etc/uuclean.daily | su -m uucp
+ echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks
index f6147b18fe2f..6d6ebac08497 100755
--- a/etc/periodic/daily/400.status-disks
+++ b/etc/periodic/daily/400.status-disks
@@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in
echo ""
echo "Disk status:"
- df $daily_status_disks_df_flags
+ df $daily_status_disks_df_flags && rc=0 || rc=3
# display which filesystems need backing up
echo ""
- dump W;;
+ dump W || rc=3;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/410.status-uucp b/etc/periodic/daily/410.status-uucp
index 53364774a0b4..96b52ec0e78a 100755
--- a/etc/periodic/daily/410.status-uucp
+++ b/etc/periodic/daily/410.status-uucp
@@ -13,11 +13,24 @@ fi
case "$daily_status_uucp_enable" in
[Yy][Ee][Ss])
- if [ -d /var/spool/uucp -a -x /usr/bin/uustat ]
+ if [ ! -d /var/spool/uucp ]
then
+ echo '$daily_status_uucp_enable is set but /var/spool/uucp' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -x /usr/bin/uustat ]
+ then
+ echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \
+ "isn't executable"
+ rc=2
+ else
echo ""
echo "UUCP status:"
- uustat -a
+ uustat -a && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network
index 68053610631b..8399cf720eff 100755
--- a/etc/periodic/daily/420.status-network
+++ b/etc/periodic/daily/420.status-network
@@ -13,16 +13,17 @@ fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/bin/netstat ]
- then
- echo ""
- echo "Network interface status:"
+ echo ""
+ echo "Network interface status:"
- case "$daily_status_network_usedns" in
- [Yy][Ee][Ss])
- netstat -i;;
- *)
- netstat -in;;
- esac
- fi;;
+ case "$daily_status_network_usedns" in
+ [Yy][Ee][Ss])
+ netstat -i && rc=0 || rc=3;;
+ *)
+ netstat -in && rc=0 || rc=3;;
+ esac;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho
index 728f4b2a2d42..44761368c933 100755
--- a/etc/periodic/daily/430.status-rwho
+++ b/etc/periodic/daily/430.status-rwho
@@ -14,14 +14,25 @@ fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
- if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ]
+ if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
- ruptime
+ prog=ruptime
else
echo ""
echo "Local system status:"
- uptime
+ prog=uptime
+ fi
+ rc=$($prog | tee /dev/stderr | wc -l)
+ if [ $? -eq 0 ]
+ then
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq
index fd2a4430ff83..17bc710f3237 100755
--- a/etc/periodic/daily/440.status-mailq
+++ b/etc/periodic/daily/440.status-mailq
@@ -13,21 +13,35 @@ fi
case "$daily_status_mailq_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ]
+ if [ ! -x /usr/bin/mailq ]
then
+ echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \
+ "isn't executable"
+ rc=2
+ elif [ ! -d /var/spool/mqueue ]
+ then
+ echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Mail in local queue:"
- case "$daily_status_mailq_shorten" in
+ rc=$(case "$daily_status_mailq_shorten" in
[Yy][Ee][Ss])
- mailq |
+ rc=$(mailq |
perl -ne 'print if /^\s+\S+@/' |
sort |
uniq -c |
sort -nr |
- awk '$1 > 1 {print $1, $2}';;
+ awk '$1 > 1 {print $1, $2}');;
*)
mailq;;
- esac
+ esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l)
+ [ $rc -gt 1 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security
index 8ca962dc1af0..61fcf8b44cd2 100755
--- a/etc/periodic/daily/450.status-security
+++ b/etc/periodic/daily/450.status-security
@@ -13,30 +13,33 @@ fi
case "$daily_status_security_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/security -a -x /usr/sbin/sendmail ]
- then
- echo ""
- echo "Security check:"
-
- case "$daily_status_security_noamd" in
- [Yy][Ee][Ss])
- args=-a;;
- *)
- args=;;
- esac
-
- case "$daily_status_security_nomfs" in
- [Yy][Ee][Ss])
- args="$args -m";;
- esac
-
- case "$daily_status_security_inline" in
- [Yy][Ee][Ss])
- sh /etc/security -s $args;;
-
- *)
+ echo ""
+ echo "Security check:"
+
+ case "$daily_status_security_noamd" in
+ [Yy][Ee][Ss])
+ args=-a;;
+ *)
+ args=;;
+ esac
+
+ case "$daily_status_security_nomfs" in
+ [Yy][Ee][Ss])
+ args="$args -m";;
+ esac
+
+ case "$daily_status_security_inline" in
+ [Yy][Ee][Ss])
+ sh /etc/security -s $args
+ rc=$?;;
+
+ *)
echo " (output mailed separately)"
- sh /etc/security $args 2>&1 | sendmail root;;
- esac
- fi;;
+ sh /etc/security $args 2>&1 |
+ sendmail root && rc=0 || rc=3;;
+ esac;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects
index 7d6ef1adce79..22eae94edd37 100755
--- a/etc/periodic/daily/460.status-mail-rejects
+++ b/etc/periodic/daily/460.status-mail-rejects
@@ -13,15 +13,28 @@ fi
case "$daily_status_mail_rejects_enable" in
[Yy][Ee][Ss])
- if [ -d /etc/mail -a -f /var/log/maillog -a \
- "$daily_status_mail_rejects_logs" -gt 0 ]
+ if [ ! -d /etc/mail ]
then
+ echo '$daily_status_mail_rejects_enable is set but /etc/mail' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /var/log/maillog ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but ' \
+ "/var/log/maillog doesn't exist"
+ rc=2
+ elif [ "$daily_status_mail_rejects_logs" -le 0 ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but ' \
+ '$daily_status_mail_rejects_logs is not greater than zero'
+ rc=2
+ else
echo
echo Checking for rejected mail hosts:
start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'`
n=$(($daily_status_mail_rejects_logs - 2))
- {
+ rc=$({
while [ $n -ge 0 ]
do
if [ -f /var/log/maillog.$n ]
@@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in
} |
perl -ne "print \"\$2\n\"
if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" |
- sort | uniq -c | sort -nr
+ sort | uniq -c | sort -nr | tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local
index 307ff194df9f..099f29395036 100755
--- a/etc/periodic/daily/999.local
+++ b/etc/periodic/daily/999.local
@@ -14,6 +14,7 @@ then
source_periodic_confs
fi
+rc=0
for script in $daily_local
do
case "$script" in
@@ -23,7 +24,15 @@ do
echo ""
echo "Running $script:"
- sh $script
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
esac
done
+
+exit $rc
diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting
index 5444ea860bba..f808bbf8a853 100755
--- a/etc/periodic/monthly/200.accounting
+++ b/etc/periodic/monthly/200.accounting
@@ -14,14 +14,20 @@ fi
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
- if [ -f $W.0 ]
+ if [ ! -f $W.0 ]
then
- if [ -x /usr/sbin/ac ]
- then
- echo ""
- echo "Doing login accounting:"
+ echo '$monthly_accounting_enable is set but' \
+ "$W.0 doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Doing login accounting:"
- ac -p -w $W.0 | sort -nr +1
- fi
+ rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local
index b5d8aeda1c25..a70a14f8258e 100755
--- a/etc/periodic/monthly/999.local
+++ b/etc/periodic/monthly/999.local
@@ -11,6 +11,7 @@ then
source_periodic_confs
fi
+rc=0
for script in $monthly_local
do
case "$script" in
@@ -20,7 +21,15 @@ do
echo ""
echo "Running $script:"
- sh $script
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
esac
done
+
+exit $rc
diff --git a/etc/periodic/weekly/120.clean-kvmdb b/etc/periodic/weekly/120.clean-kvmdb
index dbc8f4e444bb..603e70b0d017 100755
--- a/etc/periodic/weekly/120.clean-kvmdb
+++ b/etc/periodic/weekly/120.clean-kvmdb
@@ -12,8 +12,17 @@ fi
case "$weekly_clean_kvmdb_enable" in
[Yy][Ee][Ss])
- if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ]
+ if [ ! -d /var/db ]
then
+ echo '$weekly_clean_kvmdb_enable is set but /var/db' \
+ "doesn't exist"
+ rc=2
+ elif [ -z "$weekly_clean_kvmdb_days" ]
+ then
+ echo '$weekly_clean_kvmdb_enable is set but' \
+ '$weekly_clean_kvmdb_days is not'
+ rc=2
+ else
echo ""
echo "Cleaning up kernel database files:"
@@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in
print=;;
esac
- find /var/db -name "kvm_*.db" ! -name $kernel \
- -atime +$weekly_clean_kvmdb_days -delete $print
+ rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \
+ -atime +$weekly_clean_kvmdb_days -delete $print |
+ tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/300.uucp b/etc/periodic/weekly/300.uucp
index 3370158805ad..1d146bc05cba 100755
--- a/etc/periodic/weekly/300.uucp
+++ b/etc/periodic/weekly/300.uucp
@@ -15,11 +15,24 @@ fi
case "$weekly_uucp_enable" in
[Yy][Ee][Ss])
- if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ]
+ if [ ! -d /var/spool/uucp ]
then
+ echo '$weekly_uucp_enable is set but /var/spool/uucp' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -x /usr/libexec/uucp/clean.weekly ]
+ then
+ echo '$weekly_uucp_enable is set but' \
+ "/usr/libexec/uucp/clean.weekly isn't executable"
+ rc=2
+ else
echo ""
echo "Cleaning up UUCP:"
- echo /usr/libexec/uucp/clean.weekly | su daemon
+ echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate
index 53d3d8001641..e6921ab56e82 100755
--- a/etc/periodic/weekly/310.locate
+++ b/etc/periodic/weekly/310.locate
@@ -13,19 +13,20 @@ fi
case "$weekly_locate_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/libexec/locate.updatedb -a -f $locdb ]
- then
- echo ""
- echo "Rebuilding locate database:"
+ echo ""
+ echo "Rebuilding locate database:"
- locdb=/var/db/locate.database
+ locdb=/var/db/locate.database
- touch $locdb
- chown nobody $locdb
- chmod 644 $locdb
+ touch $locdb && rc=0 || rc=3
+ chown nobody $locdb || rc=3
+ chmod 644 $locdb || rc=3
- cd /
- echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody
- chmod 444 $locdb
- fi;;
+ cd /
+ echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
+ chmod 444 $locdb || rc=3;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis
index 123be9670d7b..6af77477a22c 100755
--- a/etc/periodic/weekly/320.whatis
+++ b/etc/periodic/weekly/320.whatis
@@ -13,34 +13,39 @@ fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ]
- then
- echo ""
- echo "Rebuilding whatis database:"
+ echo ""
+ echo "Rebuilding whatis database:"
- MANPATH=`/usr/bin/manpath -q`
- if [ $? = 0 ]
+ MANPATH=`/usr/bin/manpath -q`
+ if [ $? = 0 ]
+ then
+ if [ -z "${MANPATH}" ]
then
- if [ "x${MANPATH}" = "x" ]
- then
- echo "manpath failed to find any manpage directories"
- else
- man_locales=`/usr/bin/manpath -qL`
+ echo "manpath failed to find any manpage directories"
+ rc=3
+ else
+ man_locales=`/usr/bin/manpath -qL`
+ rc=0
- # Build whatis(1) database(s) for original, non-localized
- # manpages.
- /usr/libexec/makewhatis.local "${MANPATH}"
+ # Build whatis(1) database(s) for original, non-localized
+ # manpages.
+ /usr/libexec/makewhatis.local "${MANPATH}" || rc=3
- # Build whatis(1) database(s) for localized manpages.
- if [ X"${man_locales}" != X ]
- then
- for i in ${man_locales}
- do
- LC_CTYPE=$i /usr/libexec/makewhatis.local -a \
- -L "${MANPATH}"
- done
- fi
+ # Build whatis(1) database(s) for localized manpages.
+ if [ X"${man_locales}" != X ]
+ then
+ for i in ${man_locales}
+ do
+ LC_CTYPE=$i /usr/libexec/makewhatis.local -a \
+ -L "${MANPATH}" || rc=3
+ done
fi
fi
+ else
+ rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman
index e446dd22662c..999913fb7025 100755
--- a/etc/periodic/weekly/330.catman
+++ b/etc/periodic/weekly/330.catman
@@ -13,34 +13,46 @@ fi
case "$weekly_catman_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \
- -x /usr/bin/manpath ]
+ if [ ! -d /usr/share/man/cat1 ]
then
+ echo '$weekly_catman_enable is set but /usr/share/man/cat1' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Reformatting manual pages:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
- if [ "x${MANPATH}" = "x" ]
+ if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpath directories"
+ rc=3
else
man_locales=`/usr/bin/manpath -qL`
+ rc=0
# Preformat original, non-localized manpages
- echo /usr/libexec/catman.local "$MANPATH" | su -fm man
+ echo /usr/libexec/catman.local "$MANPATH" |
+ su -fm man || rc=3
# Preformat localized manpages.
- if [ X"$man_locales" != X ]
+ if [ -n "$man_locales" ]
then
for i in $man_locales
do
LC_CTYPE=$i echo /usr/libexec/catman.local -L \
- "$MANPATH" | su -fm man
+ "$MANPATH" | su -fm man || rc=3
done
fi
fi
+ else
+ rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid
index 7ad71ea07f57..7b56f019a40e 100644
--- a/etc/periodic/weekly/340.noid
+++ b/etc/periodic/weekly/340.noid
@@ -16,6 +16,12 @@ case "$weekly_noid_enable" in
echo ""
echo "Check for files with an unknown user or group:"
- find -H ${weekly_noid_dirs:-/} -fstype local \
- \( -nogroup -o -nouser \) -print | sed 's/^/ /';;
+ rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \
+ \( -nogroup -o -nouser \) -print | sed 's/^/ /' |
+ tee /dev/stderr | wc -l)
+ [ $rc -gt 1 ] && rc=1;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg
index aac228bc9484..050b47b8ae5b 100755
--- a/etc/periodic/weekly/400.status-pkg
+++ b/etc/periodic/weekly/400.status-pkg
@@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in
echo ""
echo "Check for out of date packages:"
- pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';;
+ rc=$(pkg_version -v |
+ sed -n 's/^\([^ ]*\) *< */ \1 /p' |
+ tee /dev/stderr |
+ wc -l)
+ [ $rc -gt 1 ] && rc=1;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local
index efab6f4b25d8..f8b74d2df724 100755
--- a/etc/periodic/weekly/999.local
+++ b/etc/periodic/weekly/999.local
@@ -11,6 +11,7 @@ then
source_periodic_confs
fi
+rc=0
for script in $weekly_local
do
case "$script" in
@@ -20,7 +21,15 @@ do
echo ""
echo "Running $script:"
- sh $script
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
esac
done
+
+exit $rc
diff --git a/etc/security b/etc/security
index 78a885c3b9e0..0e32b3f89e5d 100644
--- a/etc/security
+++ b/etc/security
@@ -5,12 +5,21 @@
#
PATH=/sbin:/bin:/usr/bin
LC_ALL=C; export LC_ALL
+rc=0
+LOG=/var/log
+TMP=/var/run/_secure.$$
separator () {
echo ''
echo ''
}
+catmsgs() {
+ [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz
+ [ -f $LOG/messages.0 ] && cat $LOG/messages.0
+ [ -f $LOG/messages ] && cat $LOG/messages
+}
+
sflag=FALSE ignore=
while getopts ams c
do
@@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "`
host=`hostname`
[ $sflag = FALSE ] && echo "Subject: ${host} security check output"
-LOG=/var/log
-TMP=/var/run/_secure.$$
-
umask 027
echo "checking setuid files and devices:"
@@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do
done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP}
if [ ! -f ${LOG}/setuid.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no ${LOG}/setuid.today"
- cp ${TMP} ${LOG}/setuid.today
+ cp ${TMP} ${LOG}/setuid.today || rc=3
fi
if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "${host} setuid diffs:"
diff -w ${LOG}/setuid.today ${TMP}
- mv ${LOG}/setuid.today ${LOG}/setuid.yesterday
- mv ${TMP} ${LOG}/setuid.today
+ mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3
+ mv ${TMP} ${LOG}/setuid.today || rc=3
fi
# Show changes in the way filesystems are mounted
@@ -66,42 +74,52 @@ fi
[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
if mount -p | $cmd > $TMP; then
if [ ! -f $LOG/mount.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no $LOG/mount.today"
- cp $TMP $LOG/mount.today
+ cp $TMP $LOG/mount.today || rc=3
fi
if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "$host changes in mounted filesystems:"
diff -b $LOG/mount.today $TMP
- mv $LOG/mount.today $LOG/mount.yesterday
- mv $TMP $LOG/mount.today
+ mv $LOG/mount.today $LOG/mount.yesterday || rc=3
+ mv $TMP $LOG/mount.today || rc=3
fi
fi
separator
echo "checking for uids of 0:"
-awk -F: '$3==0 {print $1,$3}' /etc/master.passwd
+n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd |
+ tee /dev/stderr |
+ sed -e '/^root 0$/d' -e '/^toor 0$/d' |
+ wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
separator
echo "checking for passwordless accounts:"
-awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd
+n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
+ tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
# Show denied packets
#
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
if [ ! -f ${LOG}/ipfw.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no ${LOG}/ipfw.today"
- cp ${TMP} ${LOG}/ipfw.today
+ cp ${TMP} ${LOG}/ipfw.today || rc=3
fi
if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "${host} denied packets:"
diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>"
- mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday
- mv ${TMP} ${LOG}/ipfw.today
+ mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3
+ mv ${TMP} ${LOG}/ipfw.today || rc=3
fi
fi
@@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then
ipfw -a l | grep " log " | perl -n -e \
'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
if [ -s "${TMP}" ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "ipfw log limit reached:"
cat ${TMP}
@@ -122,17 +141,19 @@ fi
#
if dmesg 2>/dev/null > ${TMP}; then
if [ ! -f ${LOG}/dmesg.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no ${LOG}/dmesg.today"
- cp ${TMP} ${LOG}/dmesg.today
+ cp ${TMP} ${LOG}/dmesg.today || rc=3
fi
if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "${host} kernel log messages:"
diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>"
- mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday
- mv ${TMP} ${LOG}/dmesg.today
+ mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3
+ mv ${TMP} ${LOG}/dmesg.today || rc=3
fi
fi
@@ -140,12 +161,16 @@ fi
#
separator
echo "${host} login failures:"
-zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure"
+n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
# Show tcp_wrapper warning messages
#
separator
echo "${host} refused connections:"
-zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect"
+n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
rm -f ${TMP}
+
+exit $rc
diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5
index 3b3219d9d293..5e085d78e497 100644
--- a/share/man/man5/periodic.conf.5
+++ b/share/man/man5/periodic.conf.5
@@ -48,13 +48,84 @@ file.
is actually sourced as a shell script from each of the periodic scripts
and is intended to simply provide default configuration variables.
.Pp
-The following list provides a name and short description for each
-variable you can set in the
-.Nm
-file.
+The following variables are used by
+.Xr periodic 8
+itself:
.Bl -tag -offset 4n -width 2n
.It Ar local_periodic
(str) List of directories to search for periodic scripts.
+This list is always prefixed with
+.Pa /etc/periodic ,
+and is only used when an argument to
+.Xr periodic 8
+is not an absolute directory name.
+.It Ar dir Ns No _output
+(path or list) What to do with the output of the scripts envoked from
+the directory
+.Ar dir .
+If this variable is set to an absolute path name, output is logged to
+that file, otherwise it is taken as one or more space seperated email
+addresses and mailed to those users.
+If this variable is not set, it defaults to
+.Dq root .
+.Pp
+For an unattended machine, suitable values for
+.Ar $daily_output ,
+.Ar $weekly_output ,
+and
+.Ar $monthly_output
+might be
+.Dq /var/log/daily.log ,
+.Dq /var/log/weekly.log ,
+and
+.Dq /var/log/monthly.log
+respectively, as
+.Xr newsyslog 8
+will rotate these files (if they exists) at the appropriate times.
+.It Ar dir Ns No _show_success
+.It Ar dir Ns No _show_info
+.It Ar dir Ns No _show_badconfig
+(bool) These variables control whether
+.Xr periodic 8
+will mask the output of the envoked scripts based on their return code
+(where
+.Ar dir
+is the base directory name in which each script resides).
+If the return code of a script is
+.Sq 0
+and
+.Ar dir Ns No _show_success is set to
+.Dq NO ,
+.Xr periodic 8
+will mask the script's output.
+If the return code of a script is
+.Sq 1
+and
+.Ar dir Ns No _show_info is set to
+.Dq NO ,
+.Xr periodic 8
+will mask the script's output.
+If the return code of a script is
+.Sq 2
+and
+.Ar dir Ns No _show_badconfig is set to
+.Dq NO ,
+.Xr periodic 8
+will mask the script's output.
+If these variables are set to neither
+.Dq YES
+nor
+.Dq NO ,
+the default to
+.Dq YES ,
+.Dq YES
+and
+.Dq NO
+respectively.
+.Pp
+Refer to the
+.Xr periodic 8
+man page for how script return codes are interpreted.
.El
.B Daily variables
.Pp
@@ -433,11 +504,12 @@ is shared or distributed.
.Xr chkgrp 8 ,
.Xr dump 8 ,
.Xr mfs 8 .
+.Xr newsyslog 8 .
.Xr periodic 8 .
.Sh HISTORY
The
.Nm
file appeared in
-.Fx 5.0 .
+.Fx 4.1 .
.Sh AUTHORS
.An Brian Somers Aq brian@Awfulhak.org .
diff --git a/usr.sbin/periodic/periodic.8 b/usr.sbin/periodic/periodic.8
index 4d3d3ea71c54..4ab3dec48855 100644
--- a/usr.sbin/periodic/periodic.8
+++ b/usr.sbin/periodic/periodic.8
@@ -33,17 +33,14 @@
run periodic system functions
.Sh SYNOPSIS
.Nm periodic
-.Ao
-.Cm daily | weekly | monthly |
-.Ar path Op path ...
-.Ac
+.Ar directory Ns No ...
.Sh DESCRIPTION
The
.Nm
program is intended to be called by cron(8) to execute shell scripts
located in the specified directory.
.Pp
-One, and only one, of the following arguments should be specified:
+One or more of the following arguments must be specified:
.Bl -tag -width Fl
.It Cm daily
Perform the standard daily periodic executable run.
@@ -55,14 +52,89 @@ This usually occurs on Sunday mornings.
Perform the standard monthly periodic executable run.
This usually occurs on the first day of the month.
.It Ar path
-An absolute path to a directory containing a set of executables to be run.
+An arbitrary directory containing a set of executables to be run.
.El
.Pp
+If an argument is an absolute directory name it is used as is, otherwise
+it is searched for under
+.Pa /etc/periodic
+and any other directories specified by the
+.Va local_periodic
+setting in
+.Xr periodic.conf 5
+(see below).
+.Pp
The
.Nm
program will run each executable file in the directory or directories
-specified. If a file does not have the executable bit set, it will be
-ignored silently.
+specified.
+If a file does not have the executable bit set, it is silently ignored.
+.Pp
+Each script is required to exit with one of the following values:
+.Bl -tag -width XXXX
+.It 0
+The script has produced nothing notable in it's output.
+The
+.Va <basedir>_show_success
+variable controls the masking of this output.
+.It 1
+The script has produced some notable information in it's output.
+The
+.Va <basedir>_show_info
+variable controls the masking of this output.
+.It 2
+The script has produced some warnings due to invalid configuration settings.
+The
+.Va <basedir>_show_badconfig
+variable controls the masking of this output.
+.It >2
+The script has produced output that must not be masked.
+.El
+.Pp
+If the relevant variable (where
+.Ar <basedir>
+is the base directory in which the script resides) is set to
+.Dq NO
+in
+.Pa periodic.conf ,
+.Nm
+will mask the script output.
+If the variable is not set to either
+.Dq YES
+or
+.Dq NO ,
+it will be given a default value as described in
+.Xr periodic.conf 5 .
+.Pp
+All remaining script output is delivered based on the value of the
+.Va <basedir>_output
+setting.
+.Pp
+If this is set to a path name (beginning with a
+.Dq /
+Character), output is simply logged to that file.
+.Xr newsyslog 8
+knows about the files
+.Pa /var/log/daily.log ,
+.Pa /var/log/weekly.log
+and
+.Pa /var/log/monthly.log ,
+and if they exist, it will rotate them at the appropriate times.
+These are therefore good values if you wish to log
+.Nm
+output.
+.Pp
+If the
+.Va <basedir>_output
+value does not begin with a
+.Dq / ,
+it is assumed to contain a list of email addresses, and the output is
+mailed to them.
+.Pp
+If
+.Va <basedir>_output
+is not set, it defaults to
+.Dq root .
.Sh ENVIRONMENT
The
.Nm
@@ -89,13 +161,16 @@ subdirectories which contain standard system periodic executables.
.It Pa /etc/defaults/periodic.conf
The
.Pa periodic.conf
-system registry contains a variable
-.Va local_periodic
-which may be configured to specify additional top level standard
-periodic directories, such as
-.Pa /usr/local/etc/periodic
+system registry contains variables that control the behaviour of
+.Nm
+and the standard
+.Pa daily ,
+.Pa weekly ,
and
-.Pa /usr/X11R6/etc/periodic .
+.Pa monthly
+scripts.
+.It Pa /etc/periodic.conf
+This file contains local overrides for the default periodic configuration.
.El
.Sh EXAMPLES
The system crontab should have entries for
@@ -103,22 +178,40 @@ The system crontab should have entries for
similar to the following example:
.Pp
.Dl # do daily/weekly/monthly maintenance
-.Dl 0 2 * * * root periodic daily 2>&1
-.Dl 0 3 * * 6 root periodic weekly 2>&1
-.Dl 0 5 1 * * root periodic monthly 2>&1
+.Dl 0 2 * * * root periodic daily
+.Dl 0 3 * * 6 root periodic weekly
+.Dl 0 5 1 * * root periodic monthly
.Pp
-Additionally, the
+The
.Pa /etc/defaults/periodic.conf
system registry will typically have a
.Va local_periodic
variable reading:
.Pp
.Dl local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
+.Pp
+To log
+.Nm
+output instead of receiving it as email, add the following lines to
+.Pa /etc/periodic.conf :
+.Pp
+.Dl daily_output=/var/log/daily.log
+.Dl weekly_output=/var/log/weekly.log
+.Dl monthly_output=/var/log/monthly.log
+.Pp
+To only see important information from daily periodic jobs, add the
+following lines to
+.Pa /etc/periodic.conf :
+.Pp
+.Dl daily_show_success=NO
+.Dl daily_show_info=NO
+.Dl daily_show_badconfig=NO
.Sh SEE ALSO
.Xr sh 1 ,
.Xr crontab 5 ,
.Xr periodic.conf 5 ,
-.Xr cron 8
+.Xr cron 8 ,
+.Xr newsyslog 8
.Rs
.Sh DIAGNOSTICS
Exit status is 0 on success and 1 if the command
@@ -138,3 +231,4 @@ program first appeared in
.Fx 3.0 .
.Sh AUTHORS
.An Paul Traina Aq pst@FreeBSD.org
+.An Brian Somers Aq brian@Awfulhak.org
diff --git a/usr.sbin/periodic/periodic.sh b/usr.sbin/periodic/periodic.sh
index 7141710e5181..f3b5d2294360 100644
--- a/usr.sbin/periodic/periodic.sh
+++ b/usr.sbin/periodic/periodic.sh
@@ -25,43 +25,65 @@ if [ -r /etc/defaults/periodic.conf ]; then
source_periodic_confs
fi
-dir=$1
-run=`basename $dir`
+dirlist=
# If a full path was not specified, check the standard cron areas
-if [ "$dir" = "$run" ] ; then
- dirlist=""
- for top in /etc/periodic ${local_periodic} ; do
- if [ -d $top/$dir ] ; then
- dirlist="${dirlist} $top/$dir"
- fi
- done
-
-# User wants us to run stuff in a particular directory
-else
- for dir in $* ; do
- if [ ! -d $dir ] ; then
- echo "$0: $dir not found" 1>&2
- exit 1
- fi
- done
-
- dirlist="$*"
-fi
+for dir
+do
+ case "$dir" in
+ /*)
+ if [ -d "$dir" ]
+ then
+ dirlist="$dirlist $dir"
+ else
+ echo "$0: $dir not found" >&2
+ fi;;
+ *)
+ for top in /etc/periodic ${local_periodic}
+ do
+ [ -d $top/$dir ] && dirlist="$dirlist $top/$dir"
+ done;;
+ esac
+done
host=`hostname`
export host
-echo "Subject: $host $run run output"
+tmp_output=/var/run/periodic.$$
# Execute each executable file in the directory list. If the x bit is not
# set, assume the user didn't really want us to muck with it (it's a
# README file or has been disabled).
-for dir in $dirlist ; do
- for file in $dir/* ; do
- if [ -x $file -a ! -d $file ] ; then
- $file
- fi
+for dir in $dirlist
+do
+ eval output=\$${dir##*/}_output
+ case "$output" in
+ /*) pipe="cat >>$output";;
+ *) pipe="mail -s '$host ${dir##*/} run output' ${output:-root}";;
+ esac
+
+ success=YES info=YES badconfig=NO # Defaults when ${run}_* aren't YES/NO
+ for var in success info badconfig
+ do
+ case $(eval echo "\$${dir##*/}_show_$var") in
+ [Yy][Ee][Ss]) eval $var=YES;;
+ [Nn][Oo]) eval $var=NO;;
+ esac
done
+
+ for file in $dir/*
+ do
+ if [ -x $file -a ! -d $file ]
+ then
+ $file </dev/null >$tmp_output 2>&1
+ case $? in
+ 0) [ $success = YES ] && cat $tmp_output;;
+ 1) [ $info = YES ] && cat $tmp_output;;
+ 2) [ $badconfig = YES ] && cat $tmp_output;;
+ *) cat $tmp_output;;
+ esac
+ rm -f $tmp_output
+ fi
+ done | eval $pipe
done