diff options
Diffstat (limited to 'etc')
36 files changed, 585 insertions, 199 deletions
diff --git a/etc/crontab b/etc/crontab index d27c48a43234..49076d06eec2 100644 --- a/etc/crontab +++ b/etc/crontab @@ -14,9 +14,9 @@ HOME=/var/log 0 * * * * root newsyslog # # do daily/weekly/monthly maintenance -59 1 * * * root periodic daily 2>&1 | sendmail root -30 3 * * 6 root periodic weekly 2>&1 | sendmail root -30 5 1 * * root periodic monthly 2>&1 | sendmail root +59 1 * * * root periodic daily +30 3 * * 6 root periodic weekly +30 5 1 * * root periodic monthly # # time zone change adjustment for wall cmos clock, # does nothing, if you have UTC cmos clock. diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 2ad0e504cc61..c50d28a86642 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # Daily options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + # 100.clean-disks daily_clean_disks_enable="NO" # Delete files daily daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" @@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group daily_backup_aliases_enable="YES" # Backup mail aliases # 220.backup-distfile -daily_backup_distfile_enable="YES" # Backup distfile +daily_backup_distfile_enable="YES" # rdist /etc/Distfile # 300.calendar daily_calendar_enable="NO" # Run calendar -a @@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts # Weekly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + # 120.clean-kvmdb weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly weekly_clean_kvmdb_days=7 # If not accessed for @@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts # Monthly options +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + # 200.accounting monthly_accounting_enable="YES" # Login accounting diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 131d62678ca0..47ff2e1f222f 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -14,3 +14,6 @@ /var/log/ppp.log 600 3 100 * Z /var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B +/var/log/daily.log 640 7 * @T00 Z +/var/log/weekly.log 640 5 1 $W6D0 Z +/var/log/monthly.log 640 12 * $M1D0 Z diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks index 6f95a698f7b0..e2252372c4ab 100755 --- a/etc/periodic/daily/100.clean-disks +++ b/etc/periodic/daily/100.clean-disks @@ -15,8 +15,18 @@ fi case "$daily_clean_disks_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ] + if [ -z "$daily_clean_disks_days" ] then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_days is not' + rc=2 + elif [ -z "$daily_clean_disks_files" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_files is not' + are misconfigured + rc=2 + else echo "" echo "Removing old temporary files:" set -f noglob @@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in print=;; esac - find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ - \( $args \) -atime +$daily_clean_disks_days -delete $print + rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ + \( $args \) -atime +$daily_clean_disks_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps index 0ae223bf3157..b6a4795a77b0 100755 --- a/etc/periodic/daily/110.clean-tmps +++ b/etc/periodic/daily/110.clean-tmps @@ -16,8 +16,12 @@ fi case "$daily_clean_tmps_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_tmps_days" ] + if [ -z "$daily_clean_tmps_days" ] then + echo '$daily_clean_tmps_enable is set but' \ + '$daily_clean_tmps_days is not' + rc=2 + else echo "" echo "Removing old temporary files:" @@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in print=;; esac - for dir in $daily_clean_tmps_dirs - do - [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { - find -d . -type f $args -delete $print - find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \ - -delete $print - } | sed "s,^\\., $dir," - done + rc=$(for dir in $daily_clean_tmps_dirs + do + [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { + find -d . -type f $args -delete $print + find -d . ! -name . -type d -mtime \ + +$daily_clean_tmps_days -delete $print + } | sed "s,^\\., $dir," + done | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 set -f glob fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve index 2230a03474a5..d5b34a12c385 100755 --- a/etc/periodic/daily/120.clean-preserve +++ b/etc/periodic/daily/120.clean-preserve @@ -15,20 +15,39 @@ fi case "$daily_clean_preserve_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ] + if [ -z "$daily_clean_preserve_days" ] then + echo '$daily_clean_preserve_enable is set but' \ + '$daily_clean_preserve_days is not' + rc=2 + elif [ ! -d /var/preserve ] + then + echo '$daily_clean_preserve_enable is set but /var/preserve' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/preserve:" - case "$daily_clean_preserve_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac + if cd /var/preserve + then + case "$daily_clean_preserve_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac - cd /var/preserve && - find . ! -name . -mtime +$daily_clean_preserve_days \ - -delete $print + rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs index c12cba901b40..b7890db6d954 100755 --- a/etc/periodic/daily/130.clean-msgs +++ b/etc/periodic/daily/130.clean-msgs @@ -15,13 +15,21 @@ fi case "$daily_clean_msgs_enable" in [Yy][Ee][Ss]) - if [ -d /var/msgs ] + if [ ! -d /var/msgs ] then + echo '$daily_clean_msgs_enable is set but /var/msgs' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning out old system announcements:" [ -n "$daily_clean_msgs_days" ] && arg=-${daily_clean_msgs_days#-} || arg= - msgs -c $arg + msgs -c $arg && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho index 9504f81afb4e..9645d7e60bf7 100755 --- a/etc/periodic/daily/140.clean-rwho +++ b/etc/periodic/daily/140.clean-rwho @@ -15,8 +15,17 @@ fi case "$daily_clean_rwho_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ] + if [ -z "$daily_clean_rwho_days" ] then + echo '$daily_clean_rwho_enable is enabled but' \ + '$daily_clean_rwho_days is not set' + rc=2 + elif [ ! -d /var/rwho ] + then + echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + "doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/rwho:" @@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in print=;; esac - cd /var/rwho && - find . ! -name . -mtime +$daily_clean_rwho_days -delete $print + if cd /var/rwho + then + rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat index 85c1e6788ab0..952d96af6f57 100755 --- a/etc/periodic/daily/150.clean-hoststat +++ b/etc/periodic/daily/150.clean-hoststat @@ -15,8 +15,17 @@ fi case "$daily_clean_hoststat_enable" in [Yy][Ee][Ss]) - if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ] + if [ -z "$daily_clean_hoststat_days" ] then + echo '$daily_clean_hoststat_enable is enabled but' \ + '$daily_clean_hoststat_days is not set' + rc=2 + elif [ ! -d /var/spool/.hoststat ] + then + echo '$daily_clean_hoststat_enable is enabled but' \ + "/var/spool/.hoststat doesn't exist" + rc=2 + else echo "" echo "Removing stale files from /var/spool/.hoststat:" @@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in print=;; esac - cd /var/hoststat && - find . ! -name . -mtime +$daily_clean_hoststat_days \ - -delete $print + if cd /var/hoststat + then + rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd index b8858e7a7e17..865a19740278 100755 --- a/etc/periodic/daily/200.backup-passwd +++ b/etc/periodic/daily/200.backup-passwd @@ -13,47 +13,65 @@ fi case "$daily_backup_passwd_enable" in [Yy][Ee][Ss]) - if [ -f /etc/master.passwd -o -f /etc/group ] + if [ ! -f /etc/master.passwd ] then + echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/group ] + then + echo '$daily_backup_passwd_enable" is set but /etc/group' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backup passwd and group files:" if [ ! -f $bak/master.passwd.bak ] then + rc=1 echo "no $bak/master.passwd.bak" - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if ! cmp -s $bak/master.passwd.bak /etc/master.passwd then + [ $rc -lt 1 ] && rc=1 echo "$host passwd diffs:" diff $bak/master.passwd.bak /etc/master.passwd |\ sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' mv $bak/master.passwd.bak $bak/master.passwd.bak2 - cp -p /etc/master.passwd $bak/master.passwd.bak + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi if [ ! -f $bak/group.bak ] then + [ $rc -lt 1 ] && rc=1 echo "no $bak/group.bak" - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if ! cmp -s $bak/group.bak /etc/group then + [ $rc -lt 1 ] && rc=1 echo "$host group diffs:" diff $bak/group.bak /etc/group mv $bak/group.bak $bak/group.bak2 - cp -p /etc/group $bak/group.bak + cp -p /etc/group $bak/group.bak || rc=3 fi if [ -f /etc/group ] then echo "" echo "Verifying group file syntax:" - chkgrp /etc/group + chkgrp /etc/group || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases index 0b5206eb9456..fe170389ef03 100755 --- a/etc/periodic/daily/210.backup-aliases +++ b/etc/periodic/daily/210.backup-aliases @@ -13,9 +13,14 @@ fi case "$daily_backup_aliases_enable" in [Yy][Ee][Ss]) - if [ -f /etc/mail/aliases ] + if [ ! -f /etc/mail/aliases ] then + echo '$daily_backup_aliases_enable is enabled but' \ + "/etc/mail/aliases doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up mail aliases:" @@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in if [ ! -f $bak/aliases.bak ] then echo "no $bak/aliases.bak" - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi if ! cmp -s $bak/aliases.bak /etc/mail/aliases then + [ $rc -lt 1 ] && rc=1 echo "$host aliases diffs:" diff -u $bak/aliases.bak /etc/mail/aliases mv $bak/aliases.bak $bak/aliases.bak2 - cp -p /etc/mail/aliases $bak/aliases.bak + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/220.backup-distfile b/etc/periodic/daily/220.backup-distfile index 37efaea15b21..93d766031456 100755 --- a/etc/periodic/daily/220.backup-distfile +++ b/etc/periodic/daily/220.backup-distfile @@ -13,17 +13,27 @@ fi case "$daily_backup_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_backup_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else bak=/var/backups + rc=0 echo "" echo "Backing up /etc/Distfile:" if ! cmp -s $bak/Distfile.bak /etc/Distfile then + rc=1 mv $bak/Distfile.bak $bak/Distfile.bak2 - cp /etc/Distfile $bak/Distfile.bak + cp /etc/Distfile $bak/Distfile.bak || rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar index a921bcf96224..cc12097162e5 100755 --- a/etc/periodic/daily/300.calendar +++ b/etc/periodic/daily/300.calendar @@ -18,11 +18,12 @@ fi case "$daily_calendar_enable" in [Yy][Ee][Ss]) - if [ -f /usr/bin/calendar ] - then - echo "" - echo "Running calendar:" + echo "" + echo "Running calendar:" - calendar -a - fi;; + calendar -a && rc=0 || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting index 2baf232cbb1b..c510a94209a2 100755 --- a/etc/periodic/daily/310.accounting +++ b/etc/periodic/daily/310.accounting @@ -13,26 +13,35 @@ fi case "$daily_accounting_enable" in [Yy][Ee][Ss]) - if [ -f /var/account/acct ] + if [ ! -f /var/account/acct ] then + echo '$daily_accounting_enable is set but /var/account/acct' \ + "doesn't exist" + rc=2 + else echo "" echo "Rotating accounting logs and gathering statistics:" cd /var/account + rc=0 - rm -f acct.3.gz acct.3 - [ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz - [ -f acct.2 ] && mv -f acct.2 acct.3 - [ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz - [ -f acct.1 ] && mv -f acct.1 acct.2 - [ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz - [ -f acct.0 ] && mv -f acct.0 acct.1 - cp -pf acct acct.0 - sa -s >/dev/null + rm -f acct.3.gz acct.3 || rc=3 + [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; } + [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; } + [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; } + [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; } + [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; } + [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; } + cp -pf acct acct.0 || rc=3 + sa -s >/dev/null || rc=3 case "$daily_accounting_compress" in [Yy][Ee][Ss]) - gzip -f acct.0;; + gzip -f acct.0 || rc=3;; esac fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/320.rdist b/etc/periodic/daily/320.rdist index 0095ae63ee2a..11ec19083232 100755 --- a/etc/periodic/daily/320.rdist +++ b/etc/periodic/daily/320.rdist @@ -13,11 +13,19 @@ fi case "$daily_distfile_enable" in [Yy][Ee][Ss]) - if [ -f /etc/Distfile ] + if [ ! -f /etc/Distfile ] then + echo '$daily_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else echo "" echo "Running rdist with /etc/Distfile:" - rdist -f /etc/Distfile + rdist -f /etc/Distfile && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news index dc3a3bfa677c..ec064376d78f 100755 --- a/etc/periodic/daily/330.news +++ b/etc/periodic/daily/330.news @@ -16,11 +16,19 @@ fi case "$daily_news_expire_enable" in [Yy][Ee][Ss]) - if [ -f /etc/news.expire ] + if [ ! -f /etc/news.expire ] then + echo '$daily_news_expire_enable is set but /etc/news.expire' \ + "doesn't exist" + rc=2 + else echo "" echo "Running news.expire:" - /etc/news.expire + /etc/news.expire && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/340.uucp b/etc/periodic/daily/340.uucp index 178fa63b1c99..120c8747b90c 100755 --- a/etc/periodic/daily/340.uucp +++ b/etc/periodic/daily/340.uucp @@ -16,11 +16,24 @@ fi case "$daily_uuclean_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_uuclean_enable is set, but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/uuclean.daily ] + then + echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \ + "doesn't exist" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /etc/uuclean.daily | su -m uucp + echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks index f6147b18fe2f..6d6ebac08497 100755 --- a/etc/periodic/daily/400.status-disks +++ b/etc/periodic/daily/400.status-disks @@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in echo "" echo "Disk status:" - df $daily_status_disks_df_flags + df $daily_status_disks_df_flags && rc=0 || rc=3 # display which filesystems need backing up echo "" - dump W;; + dump W || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/410.status-uucp b/etc/periodic/daily/410.status-uucp index 53364774a0b4..96b52ec0e78a 100755 --- a/etc/periodic/daily/410.status-uucp +++ b/etc/periodic/daily/410.status-uucp @@ -13,11 +13,24 @@ fi case "$daily_status_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -x /usr/bin/uustat ] + if [ ! -d /var/spool/uucp ] then + echo '$daily_status_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/bin/uustat ] + then + echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \ + "isn't executable" + rc=2 + else echo "" echo "UUCP status:" - uustat -a + uustat -a && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network index 68053610631b..8399cf720eff 100755 --- a/etc/periodic/daily/420.status-network +++ b/etc/periodic/daily/420.status-network @@ -13,16 +13,17 @@ fi case "$daily_status_network_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/netstat ] - then - echo "" - echo "Network interface status:" + echo "" + echo "Network interface status:" - case "$daily_status_network_usedns" in - [Yy][Ee][Ss]) - netstat -i;; - *) - netstat -in;; - esac - fi;; + case "$daily_status_network_usedns" in + [Yy][Ee][Ss]) + netstat -i && rc=0 || rc=3;; + *) + netstat -in && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho index 728f4b2a2d42..44761368c933 100755 --- a/etc/periodic/daily/430.status-rwho +++ b/etc/periodic/daily/430.status-rwho @@ -14,14 +14,25 @@ fi case "$daily_status_rwho_enable" in [Yy][Ee][Ss]) rwho=$(echo /var/rwho/*) - if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ] + if [ -f "${rwho%% *}" ] then echo "" echo "Local network system status:" - ruptime + prog=ruptime else echo "" echo "Local system status:" - uptime + prog=uptime + fi + rc=$($prog | tee /dev/stderr | wc -l) + if [ $? -eq 0 ] + then + [ $rc -gt 1 ] && rc=1 + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index fd2a4430ff83..17bc710f3237 100755 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -13,21 +13,35 @@ fi case "$daily_status_mailq_enable" in [Yy][Ee][Ss]) - if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ] + if [ ! -x /usr/bin/mailq ] then + echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + "isn't executable" + rc=2 + elif [ ! -d /var/spool/mqueue ] + then + echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \ + "doesn't exist" + rc=2 + else echo "" echo "Mail in local queue:" - case "$daily_status_mailq_shorten" in + rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) - mailq | + rc=$(mailq | perl -ne 'print if /^\s+\S+@/' | sort | uniq -c | sort -nr | - awk '$1 > 1 {print $1, $2}';; + awk '$1 > 1 {print $1, $2}');; *) mailq;; - esac + esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l) + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security index 8ca962dc1af0..61fcf8b44cd2 100755 --- a/etc/periodic/daily/450.status-security +++ b/etc/periodic/daily/450.status-security @@ -13,30 +13,33 @@ fi case "$daily_status_security_enable" in [Yy][Ee][Ss]) - if [ -f /etc/security -a -x /usr/sbin/sendmail ] - then - echo "" - echo "Security check:" - - case "$daily_status_security_noamd" in - [Yy][Ee][Ss]) - args=-a;; - *) - args=;; - esac - - case "$daily_status_security_nomfs" in - [Yy][Ee][Ss]) - args="$args -m";; - esac - - case "$daily_status_security_inline" in - [Yy][Ee][Ss]) - sh /etc/security -s $args;; - - *) + echo "" + echo "Security check:" + + case "$daily_status_security_noamd" in + [Yy][Ee][Ss]) + args=-a;; + *) + args=;; + esac + + case "$daily_status_security_nomfs" in + [Yy][Ee][Ss]) + args="$args -m";; + esac + + case "$daily_status_security_inline" in + [Yy][Ee][Ss]) + sh /etc/security -s $args + rc=$?;; + + *) echo " (output mailed separately)" - sh /etc/security $args 2>&1 | sendmail root;; - esac - fi;; + sh /etc/security $args 2>&1 | + sendmail root && rc=0 || rc=3;; + esac;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index 7d6ef1adce79..22eae94edd37 100755 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -13,15 +13,28 @@ fi case "$daily_status_mail_rejects_enable" in [Yy][Ee][Ss]) - if [ -d /etc/mail -a -f /var/log/maillog -a \ - "$daily_status_mail_rejects_logs" -gt 0 ] + if [ ! -d /etc/mail ] then + echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + "doesn't exist" + rc=2 + elif [ ! -f /var/log/maillog ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + "/var/log/maillog doesn't exist" + rc=2 + elif [ "$daily_status_mail_rejects_logs" -le 0 ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + '$daily_status_mail_rejects_logs is not greater than zero' + rc=2 + else echo echo Checking for rejected mail hosts: start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` n=$(($daily_status_mail_rejects_logs - 2)) - { + rc=$({ while [ $n -ge 0 ] do if [ -f /var/log/maillog.$n ] @@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in } | perl -ne "print \"\$2\n\" if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | - sort | uniq -c | sort -nr + sort | uniq -c | sort -nr | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local index 307ff194df9f..099f29395036 100755 --- a/etc/periodic/daily/999.local +++ b/etc/periodic/daily/999.local @@ -14,6 +14,7 @@ then source_periodic_confs fi +rc=0 for script in $daily_local do case "$script" in @@ -23,7 +24,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting index 5444ea860bba..f808bbf8a853 100755 --- a/etc/periodic/monthly/200.accounting +++ b/etc/periodic/monthly/200.accounting @@ -14,14 +14,20 @@ fi case "$monthly_accounting_enable" in [Yy][Ee][Ss]) W=/var/log/wtmp - if [ -f $W.0 ] + if [ ! -f $W.0 ] then - if [ -x /usr/sbin/ac ] - then - echo "" - echo "Doing login accounting:" + echo '$monthly_accounting_enable is set but' \ + "$W.0 doesn't exist" + rc=2 + else + echo "" + echo "Doing login accounting:" - ac -p -w $W.0 | sort -nr +1 - fi + rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local index b5d8aeda1c25..a70a14f8258e 100755 --- a/etc/periodic/monthly/999.local +++ b/etc/periodic/monthly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $monthly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/periodic/weekly/120.clean-kvmdb b/etc/periodic/weekly/120.clean-kvmdb index dbc8f4e444bb..603e70b0d017 100755 --- a/etc/periodic/weekly/120.clean-kvmdb +++ b/etc/periodic/weekly/120.clean-kvmdb @@ -12,8 +12,17 @@ fi case "$weekly_clean_kvmdb_enable" in [Yy][Ee][Ss]) - if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ] + if [ ! -d /var/db ] then + echo '$weekly_clean_kvmdb_enable is set but /var/db' \ + "doesn't exist" + rc=2 + elif [ -z "$weekly_clean_kvmdb_days" ] + then + echo '$weekly_clean_kvmdb_enable is set but' \ + '$weekly_clean_kvmdb_days is not' + rc=2 + else echo "" echo "Cleaning up kernel database files:" @@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in print=;; esac - find /var/db -name "kvm_*.db" ! -name $kernel \ - -atime +$weekly_clean_kvmdb_days -delete $print + rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \ + -atime +$weekly_clean_kvmdb_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/300.uucp b/etc/periodic/weekly/300.uucp index 3370158805ad..1d146bc05cba 100755 --- a/etc/periodic/weekly/300.uucp +++ b/etc/periodic/weekly/300.uucp @@ -15,11 +15,24 @@ fi case "$weekly_uucp_enable" in [Yy][Ee][Ss]) - if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ] + if [ ! -d /var/spool/uucp ] then + echo '$weekly_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/libexec/uucp/clean.weekly ] + then + echo '$weekly_uucp_enable is set but' \ + "/usr/libexec/uucp/clean.weekly isn't executable" + rc=2 + else echo "" echo "Cleaning up UUCP:" - echo /usr/libexec/uucp/clean.weekly | su daemon + echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate index 53d3d8001641..e6921ab56e82 100755 --- a/etc/periodic/weekly/310.locate +++ b/etc/periodic/weekly/310.locate @@ -13,19 +13,20 @@ fi case "$weekly_locate_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/locate.updatedb -a -f $locdb ] - then - echo "" - echo "Rebuilding locate database:" + echo "" + echo "Rebuilding locate database:" - locdb=/var/db/locate.database + locdb=/var/db/locate.database - touch $locdb - chown nobody $locdb - chmod 644 $locdb + touch $locdb && rc=0 || rc=3 + chown nobody $locdb || rc=3 + chmod 644 $locdb || rc=3 - cd / - echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody - chmod 444 $locdb - fi;; + cd / + echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3 + chmod 444 $locdb || rc=3;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis index 123be9670d7b..6af77477a22c 100755 --- a/etc/periodic/weekly/320.whatis +++ b/etc/periodic/weekly/320.whatis @@ -13,34 +13,39 @@ fi case "$weekly_whatis_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ] - then - echo "" - echo "Rebuilding whatis database:" + echo "" + echo "Rebuilding whatis database:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ] + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] then - if [ "x${MANPATH}" = "x" ] - then - echo "manpath failed to find any manpage directories" - else - man_locales=`/usr/bin/manpath -qL` + echo "manpath failed to find any manpage directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 - # Build whatis(1) database(s) for original, non-localized - # manpages. - /usr/libexec/makewhatis.local "${MANPATH}" + # Build whatis(1) database(s) for original, non-localized + # manpages. + /usr/libexec/makewhatis.local "${MANPATH}" || rc=3 - # Build whatis(1) database(s) for localized manpages. - if [ X"${man_locales}" != X ] - then - for i in ${man_locales} - do - LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ - -L "${MANPATH}" - done - fi + # Build whatis(1) database(s) for localized manpages. + if [ X"${man_locales}" != X ] + then + for i in ${man_locales} + do + LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ + -L "${MANPATH}" || rc=3 + done fi fi + else + rc=3 fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman index e446dd22662c..999913fb7025 100755 --- a/etc/periodic/weekly/330.catman +++ b/etc/periodic/weekly/330.catman @@ -13,34 +13,46 @@ fi case "$weekly_catman_enable" in [Yy][Ee][Ss]) - if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \ - -x /usr/bin/manpath ] + if [ ! -d /usr/share/man/cat1 ] then + echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + "doesn't exist" + rc=2 + else echo "" echo "Reformatting manual pages:" MANPATH=`/usr/bin/manpath -q` if [ $? = 0 ] then - if [ "x${MANPATH}" = "x" ] + if [ -z "${MANPATH}" ] then echo "manpath failed to find any manpath directories" + rc=3 else man_locales=`/usr/bin/manpath -qL` + rc=0 # Preformat original, non-localized manpages - echo /usr/libexec/catman.local "$MANPATH" | su -fm man + echo /usr/libexec/catman.local "$MANPATH" | + su -fm man || rc=3 # Preformat localized manpages. - if [ X"$man_locales" != X ] + if [ -n "$man_locales" ] then for i in $man_locales do LC_CTYPE=$i echo /usr/libexec/catman.local -L \ - "$MANPATH" | su -fm man + "$MANPATH" | su -fm man || rc=3 done fi fi + else + rc=3 fi fi;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid index 7ad71ea07f57..7b56f019a40e 100644 --- a/etc/periodic/weekly/340.noid +++ b/etc/periodic/weekly/340.noid @@ -16,6 +16,12 @@ case "$weekly_noid_enable" in echo "" echo "Check for files with an unknown user or group:" - find -H ${weekly_noid_dirs:-/} -fstype local \ - \( -nogroup -o -nouser \) -print | sed 's/^/ /';; + rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \ + \( -nogroup -o -nouser \) -print | sed 's/^/ /' | + tee /dev/stderr | wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg index aac228bc9484..050b47b8ae5b 100755 --- a/etc/periodic/weekly/400.status-pkg +++ b/etc/periodic/weekly/400.status-pkg @@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in echo "" echo "Check for out of date packages:" - pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';; + rc=$(pkg_version -v | + sed -n 's/^\([^ ]*\) *< */ \1 /p' | + tee /dev/stderr | + wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; esac + +exit $rc diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local index efab6f4b25d8..f8b74d2df724 100755 --- a/etc/periodic/weekly/999.local +++ b/etc/periodic/weekly/999.local @@ -11,6 +11,7 @@ then source_periodic_confs fi +rc=0 for script in $weekly_local do case "$script" in @@ -20,7 +21,15 @@ do echo "" echo "Running $script:" - sh $script + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; esac done + +exit $rc diff --git a/etc/security b/etc/security index 78a885c3b9e0..0e32b3f89e5d 100644 --- a/etc/security +++ b/etc/security @@ -5,12 +5,21 @@ # PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL +rc=0 +LOG=/var/log +TMP=/var/run/_secure.$$ separator () { echo '' echo '' } +catmsgs() { + [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz + [ -f $LOG/messages.0 ] && cat $LOG/messages.0 + [ -f $LOG/messages ] && cat $LOG/messages +} + sflag=FALSE ignore= while getopts ams c do @@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "` host=`hostname` [ $sflag = FALSE ] && echo "Subject: ${host} security check output" -LOG=/var/log -TMP=/var/run/_secure.$$ - umask 027 echo "checking setuid files and devices:" @@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP} if [ ! -f ${LOG}/setuid.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/setuid.today" - cp ${TMP} ${LOG}/setuid.today + cp ${TMP} ${LOG}/setuid.today || rc=3 fi if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} setuid diffs:" diff -w ${LOG}/setuid.today ${TMP} - mv ${LOG}/setuid.today ${LOG}/setuid.yesterday - mv ${TMP} ${LOG}/setuid.today + mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 + mv ${TMP} ${LOG}/setuid.today || rc=3 fi # Show changes in the way filesystems are mounted @@ -66,42 +74,52 @@ fi [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat if mount -p | $cmd > $TMP; then if [ ! -f $LOG/mount.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no $LOG/mount.today" - cp $TMP $LOG/mount.today + cp $TMP $LOG/mount.today || rc=3 fi if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "$host changes in mounted filesystems:" diff -b $LOG/mount.today $TMP - mv $LOG/mount.today $LOG/mount.yesterday - mv $TMP $LOG/mount.today + mv $LOG/mount.today $LOG/mount.yesterday || rc=3 + mv $TMP $LOG/mount.today || rc=3 fi fi separator echo "checking for uids of 0:" -awk -F: '$3==0 {print $1,$3}' /etc/master.passwd +n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd | + tee /dev/stderr | + sed -e '/^root 0$/d' -e '/^toor 0$/d' | + wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 separator echo "checking for passwordless accounts:" -awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd +n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | + tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show denied packets # if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ipfw.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/ipfw.today" - cp ${TMP} ${LOG}/ipfw.today + cp ${TMP} ${LOG}/ipfw.today || rc=3 fi if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} denied packets:" diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday - mv ${TMP} ${LOG}/ipfw.today + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3 + mv ${TMP} ${LOG}/ipfw.today || rc=3 fi fi @@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s "${TMP}" ]; then + [ $rc -lt 1 ] && rc=1 separator echo "ipfw log limit reached:" cat ${TMP} @@ -122,17 +141,19 @@ fi # if dmesg 2>/dev/null > ${TMP}; then if [ ! -f ${LOG}/dmesg.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/dmesg.today" - cp ${TMP} ${LOG}/dmesg.today + cp ${TMP} ${LOG}/dmesg.today || rc=3 fi if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} kernel log messages:" diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday - mv ${TMP} ${LOG}/dmesg.today + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3 + mv ${TMP} ${LOG}/dmesg.today || rc=3 fi fi @@ -140,12 +161,16 @@ fi # separator echo "${host} login failures:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure" +n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect" +n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} + +exit $rc |