aboutsummaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/crontab6
-rw-r--r--etc/defaults/periodic.conf32
-rw-r--r--etc/newsyslog.conf3
-rwxr-xr-xetc/periodic/daily/100.clean-disks23
-rwxr-xr-xetc/periodic/daily/110.clean-tmps28
-rwxr-xr-xetc/periodic/daily/120.clean-preserve39
-rwxr-xr-xetc/periodic/daily/130.clean-msgs12
-rwxr-xr-xetc/periodic/daily/140.clean-rwho26
-rwxr-xr-xetc/periodic/daily/150.clean-hoststat27
-rwxr-xr-xetc/periodic/daily/200.backup-passwd30
-rwxr-xr-xetc/periodic/daily/210.backup-aliases16
-rwxr-xr-xetc/periodic/daily/220.backup-distfile14
-rwxr-xr-xetc/periodic/daily/300.calendar13
-rwxr-xr-xetc/periodic/daily/310.accounting31
-rwxr-xr-xetc/periodic/daily/320.rdist12
-rwxr-xr-xetc/periodic/daily/330.news12
-rwxr-xr-xetc/periodic/daily/340.uucp17
-rwxr-xr-xetc/periodic/daily/400.status-disks8
-rwxr-xr-xetc/periodic/daily/410.status-uucp17
-rwxr-xr-xetc/periodic/daily/420.status-network23
-rwxr-xr-xetc/periodic/daily/430.status-rwho17
-rwxr-xr-xetc/periodic/daily/440.status-mailq24
-rwxr-xr-xetc/periodic/daily/450.status-security53
-rwxr-xr-xetc/periodic/daily/460.status-mail-rejects26
-rwxr-xr-xetc/periodic/daily/999.local11
-rwxr-xr-xetc/periodic/monthly/200.accounting20
-rwxr-xr-xetc/periodic/monthly/999.local11
-rwxr-xr-xetc/periodic/weekly/120.clean-kvmdb22
-rwxr-xr-xetc/periodic/weekly/300.uucp17
-rwxr-xr-xetc/periodic/weekly/310.locate25
-rwxr-xr-xetc/periodic/weekly/320.whatis51
-rwxr-xr-xetc/periodic/weekly/330.catman24
-rw-r--r--etc/periodic/weekly/340.noid10
-rwxr-xr-xetc/periodic/weekly/400.status-pkg10
-rwxr-xr-xetc/periodic/weekly/999.local11
-rw-r--r--etc/security63
36 files changed, 585 insertions, 199 deletions
diff --git a/etc/crontab b/etc/crontab
index d27c48a43234..49076d06eec2 100644
--- a/etc/crontab
+++ b/etc/crontab
@@ -14,9 +14,9 @@ HOME=/var/log
0 * * * * root newsyslog
#
# do daily/weekly/monthly maintenance
-59 1 * * * root periodic daily 2>&1 | sendmail root
-30 3 * * 6 root periodic weekly 2>&1 | sendmail root
-30 5 1 * * root periodic monthly 2>&1 | sendmail root
+59 1 * * * root periodic daily
+30 3 * * 6 root periodic weekly
+30 5 1 * * root periodic monthly
#
# time zone change adjustment for wall cmos clock,
# does nothing, if you have UTC cmos clock.
diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index 2ad0e504cc61..c50d28a86642 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
# Daily options
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $daily_output might be set to /var/log/daily.log if you
+# wish to log the daily output and have the files rotated by newsyslog(8)
+#
+daily_output="root" # user or /file
+daily_show_success="YES" # scripts returning 0
+daily_show_info="YES" # scripts returning 1
+daily_show_badconfig="NO" # scripts returning 2
+
# 100.clean-disks
daily_clean_disks_enable="NO" # Delete files daily
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
@@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group
daily_backup_aliases_enable="YES" # Backup mail aliases
# 220.backup-distfile
-daily_backup_distfile_enable="YES" # Backup distfile
+daily_backup_distfile_enable="YES" # rdist /etc/Distfile
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
@@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts
# Weekly options
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $weekly_output might be set to /var/log/weekly.log if you
+# wish to log the weekly output and have the files rotated by newsyslog(8)
+#
+weekly_output="root" # user or /file
+weekly_show_success="YES" # scripts returning 0
+weekly_show_info="YES" # scripts returning 1
+weekly_show_badconfig="NO" # scripts returning 2
+
# 120.clean-kvmdb
weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly
weekly_clean_kvmdb_days=7 # If not accessed for
@@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts
# Monthly options
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $monthly_output might be set to /var/log/monthly.log if you
+# wish to log the monthly output and have the files rotated by newsyslog(8)
+#
+monthly_output="root" # user or /file
+monthly_show_success="YES" # scripts returning 0
+monthly_show_info="YES" # scripts returning 1
+monthly_show_badconfig="NO" # scripts returning 2
+
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf
index 131d62678ca0..47ff2e1f222f 100644
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@@ -14,3 +14,6 @@
/var/log/ppp.log 600 3 100 * Z
/var/log/security 600 10 100 * Z
/var/log/wtmp 644 3 * @01T05 B
+/var/log/daily.log 640 7 * @T00 Z
+/var/log/weekly.log 640 5 1 $W6D0 Z
+/var/log/monthly.log 640 12 * $M1D0 Z
diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks
index 6f95a698f7b0..e2252372c4ab 100755
--- a/etc/periodic/daily/100.clean-disks
+++ b/etc/periodic/daily/100.clean-disks
@@ -15,8 +15,18 @@ fi
case "$daily_clean_disks_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ]
+ if [ -z "$daily_clean_disks_days" ]
then
+ echo '$daily_clean_disks_enable is set but' \
+ '$daily_clean_disks_days is not'
+ rc=2
+ elif [ -z "$daily_clean_disks_files" ]
+ then
+ echo '$daily_clean_disks_enable is set but' \
+ '$daily_clean_disks_files is not'
+ are misconfigured
+ rc=2
+ else
echo ""
echo "Removing old temporary files:"
set -f noglob
@@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in
print=;;
esac
- find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
- \( $args \) -atime +$daily_clean_disks_days -delete $print
+ rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
+ \( $args \) -atime +$daily_clean_disks_days -delete $print |
+ tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
set -f glob
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps
index 0ae223bf3157..b6a4795a77b0 100755
--- a/etc/periodic/daily/110.clean-tmps
+++ b/etc/periodic/daily/110.clean-tmps
@@ -16,8 +16,12 @@ fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_tmps_days" ]
+ if [ -z "$daily_clean_tmps_days" ]
then
+ echo '$daily_clean_tmps_enable is set but' \
+ '$daily_clean_tmps_days is not'
+ rc=2
+ else
echo ""
echo "Removing old temporary files:"
@@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in
print=;;
esac
- for dir in $daily_clean_tmps_dirs
- do
- [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
- find -d . -type f $args -delete $print
- find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \
- -delete $print
- } | sed "s,^\\., $dir,"
- done
+ rc=$(for dir in $daily_clean_tmps_dirs
+ do
+ [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
+ find -d . -type f $args -delete $print
+ find -d . ! -name . -type d -mtime \
+ +$daily_clean_tmps_days -delete $print
+ } | sed "s,^\\., $dir,"
+ done | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
set -f glob
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve
index 2230a03474a5..d5b34a12c385 100755
--- a/etc/periodic/daily/120.clean-preserve
+++ b/etc/periodic/daily/120.clean-preserve
@@ -15,20 +15,39 @@ fi
case "$daily_clean_preserve_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ]
+ if [ -z "$daily_clean_preserve_days" ]
then
+ echo '$daily_clean_preserve_enable is set but' \
+ '$daily_clean_preserve_days is not'
+ rc=2
+ elif [ ! -d /var/preserve ]
+ then
+ echo '$daily_clean_preserve_enable is set but /var/preserve' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Removing stale files from /var/preserve:"
- case "$daily_clean_preserve_verbose" in
- [Yy][Ee][Ss])
- print=-print;;
- *)
- print=;;
- esac
+ if cd /var/preserve
+ then
+ case "$daily_clean_preserve_verbose" in
+ [Yy][Ee][Ss])
+ print=-print;;
+ *)
+ print=;;
+ esac
- cd /var/preserve &&
- find . ! -name . -mtime +$daily_clean_preserve_days \
- -delete $print
+ rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs
index c12cba901b40..b7890db6d954 100755
--- a/etc/periodic/daily/130.clean-msgs
+++ b/etc/periodic/daily/130.clean-msgs
@@ -15,13 +15,21 @@ fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
- if [ -d /var/msgs ]
+ if [ ! -d /var/msgs ]
then
+ echo '$daily_clean_msgs_enable is set but /var/msgs' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
- msgs -c $arg
+ msgs -c $arg && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho
index 9504f81afb4e..9645d7e60bf7 100755
--- a/etc/periodic/daily/140.clean-rwho
+++ b/etc/periodic/daily/140.clean-rwho
@@ -15,8 +15,17 @@ fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ]
+ if [ -z "$daily_clean_rwho_days" ]
then
+ echo '$daily_clean_rwho_enable is enabled but' \
+ '$daily_clean_rwho_days is not set'
+ rc=2
+ elif [ ! -d /var/rwho ]
+ then
+ echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Removing stale files from /var/rwho:"
@@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in
print=;;
esac
- cd /var/rwho &&
- find . ! -name . -mtime +$daily_clean_rwho_days -delete $print
+ if cd /var/rwho
+ then
+ rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat
index 85c1e6788ab0..952d96af6f57 100755
--- a/etc/periodic/daily/150.clean-hoststat
+++ b/etc/periodic/daily/150.clean-hoststat
@@ -15,8 +15,17 @@ fi
case "$daily_clean_hoststat_enable" in
[Yy][Ee][Ss])
- if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ]
+ if [ -z "$daily_clean_hoststat_days" ]
then
+ echo '$daily_clean_hoststat_enable is enabled but' \
+ '$daily_clean_hoststat_days is not set'
+ rc=2
+ elif [ ! -d /var/spool/.hoststat ]
+ then
+ echo '$daily_clean_hoststat_enable is enabled but' \
+ "/var/spool/.hoststat doesn't exist"
+ rc=2
+ else
echo ""
echo "Removing stale files from /var/spool/.hoststat:"
@@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in
print=;;
esac
- cd /var/hoststat &&
- find . ! -name . -mtime +$daily_clean_hoststat_days \
- -delete $print
+ if cd /var/hoststat
+ then
+ rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd
index b8858e7a7e17..865a19740278 100755
--- a/etc/periodic/daily/200.backup-passwd
+++ b/etc/periodic/daily/200.backup-passwd
@@ -13,47 +13,65 @@ fi
case "$daily_backup_passwd_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/master.passwd -o -f /etc/group ]
+ if [ ! -f /etc/master.passwd ]
then
+ echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /etc/group ]
+ then
+ echo '$daily_backup_passwd_enable" is set but /etc/group' \
+ "doesn't exist"
+ rc=2
+ else
bak=/var/backups
+ rc=0
echo ""
echo "Backup passwd and group files:"
if [ ! -f $bak/master.passwd.bak ]
then
+ rc=1
echo "no $bak/master.passwd.bak"
- cp -p /etc/master.passwd $bak/master.passwd.bak
+ cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
fi
if ! cmp -s $bak/master.passwd.bak /etc/master.passwd
then
+ [ $rc -lt 1 ] && rc=1
echo "$host passwd diffs:"
diff $bak/master.passwd.bak /etc/master.passwd |\
sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
mv $bak/master.passwd.bak $bak/master.passwd.bak2
- cp -p /etc/master.passwd $bak/master.passwd.bak
+ cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
fi
if [ ! -f $bak/group.bak ]
then
+ [ $rc -lt 1 ] && rc=1
echo "no $bak/group.bak"
- cp -p /etc/group $bak/group.bak
+ cp -p /etc/group $bak/group.bak || rc=3
fi
if ! cmp -s $bak/group.bak /etc/group
then
+ [ $rc -lt 1 ] && rc=1
echo "$host group diffs:"
diff $bak/group.bak /etc/group
mv $bak/group.bak $bak/group.bak2
- cp -p /etc/group $bak/group.bak
+ cp -p /etc/group $bak/group.bak || rc=3
fi
if [ -f /etc/group ]
then
echo ""
echo "Verifying group file syntax:"
- chkgrp /etc/group
+ chkgrp /etc/group || rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases
index 0b5206eb9456..fe170389ef03 100755
--- a/etc/periodic/daily/210.backup-aliases
+++ b/etc/periodic/daily/210.backup-aliases
@@ -13,9 +13,14 @@ fi
case "$daily_backup_aliases_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/mail/aliases ]
+ if [ ! -f /etc/mail/aliases ]
then
+ echo '$daily_backup_aliases_enable is enabled but' \
+ "/etc/mail/aliases doesn't exist"
+ rc=2
+ else
bak=/var/backups
+ rc=0
echo ""
echo "Backing up mail aliases:"
@@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in
if [ ! -f $bak/aliases.bak ]
then
echo "no $bak/aliases.bak"
- cp -p /etc/mail/aliases $bak/aliases.bak
+ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
fi
if ! cmp -s $bak/aliases.bak /etc/mail/aliases
then
+ [ $rc -lt 1 ] && rc=1
echo "$host aliases diffs:"
diff -u $bak/aliases.bak /etc/mail/aliases
mv $bak/aliases.bak $bak/aliases.bak2
- cp -p /etc/mail/aliases $bak/aliases.bak
+ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/220.backup-distfile b/etc/periodic/daily/220.backup-distfile
index 37efaea15b21..93d766031456 100755
--- a/etc/periodic/daily/220.backup-distfile
+++ b/etc/periodic/daily/220.backup-distfile
@@ -13,17 +13,27 @@ fi
case "$daily_backup_distfile_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/Distfile ]
+ if [ ! -f /etc/Distfile ]
then
+ echo '$daily_backup_distfile_enable is set but /etc/Distfile' \
+ "doesn't exist"
+ rc=2
+ else
bak=/var/backups
+ rc=0
echo ""
echo "Backing up /etc/Distfile:"
if ! cmp -s $bak/Distfile.bak /etc/Distfile
then
+ rc=1
mv $bak/Distfile.bak $bak/Distfile.bak2
- cp /etc/Distfile $bak/Distfile.bak
+ cp /etc/Distfile $bak/Distfile.bak || rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar
index a921bcf96224..cc12097162e5 100755
--- a/etc/periodic/daily/300.calendar
+++ b/etc/periodic/daily/300.calendar
@@ -18,11 +18,12 @@ fi
case "$daily_calendar_enable" in
[Yy][Ee][Ss])
- if [ -f /usr/bin/calendar ]
- then
- echo ""
- echo "Running calendar:"
+ echo ""
+ echo "Running calendar:"
- calendar -a
- fi;;
+ calendar -a && rc=0 || rc=3;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting
index 2baf232cbb1b..c510a94209a2 100755
--- a/etc/periodic/daily/310.accounting
+++ b/etc/periodic/daily/310.accounting
@@ -13,26 +13,35 @@ fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
- if [ -f /var/account/acct ]
+ if [ ! -f /var/account/acct ]
then
+ echo '$daily_accounting_enable is set but /var/account/acct' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
+ rc=0
- rm -f acct.3.gz acct.3
- [ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz
- [ -f acct.2 ] && mv -f acct.2 acct.3
- [ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz
- [ -f acct.1 ] && mv -f acct.1 acct.2
- [ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz
- [ -f acct.0 ] && mv -f acct.0 acct.1
- cp -pf acct acct.0
- sa -s >/dev/null
+ rm -f acct.3.gz acct.3 || rc=3
+ [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; }
+ [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; }
+ [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; }
+ [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; }
+ [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; }
+ [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; }
+ cp -pf acct acct.0 || rc=3
+ sa -s >/dev/null || rc=3
case "$daily_accounting_compress" in
[Yy][Ee][Ss])
- gzip -f acct.0;;
+ gzip -f acct.0 || rc=3;;
esac
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/320.rdist b/etc/periodic/daily/320.rdist
index 0095ae63ee2a..11ec19083232 100755
--- a/etc/periodic/daily/320.rdist
+++ b/etc/periodic/daily/320.rdist
@@ -13,11 +13,19 @@ fi
case "$daily_distfile_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/Distfile ]
+ if [ ! -f /etc/Distfile ]
then
+ echo '$daily_distfile_enable is set but /etc/Distfile' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Running rdist with /etc/Distfile:"
- rdist -f /etc/Distfile
+ rdist -f /etc/Distfile && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news
index dc3a3bfa677c..ec064376d78f 100755
--- a/etc/periodic/daily/330.news
+++ b/etc/periodic/daily/330.news
@@ -16,11 +16,19 @@ fi
case "$daily_news_expire_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/news.expire ]
+ if [ ! -f /etc/news.expire ]
then
+ echo '$daily_news_expire_enable is set but /etc/news.expire' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Running news.expire:"
- /etc/news.expire
+ /etc/news.expire && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/340.uucp b/etc/periodic/daily/340.uucp
index 178fa63b1c99..120c8747b90c 100755
--- a/etc/periodic/daily/340.uucp
+++ b/etc/periodic/daily/340.uucp
@@ -16,11 +16,24 @@ fi
case "$daily_uuclean_enable" in
[Yy][Ee][Ss])
- if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ]
+ if [ ! -d /var/spool/uucp ]
then
+ echo '$daily_uuclean_enable is set, but /var/spool/uucp' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /etc/uuclean.daily ]
+ then
+ echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Cleaning up UUCP:"
- echo /etc/uuclean.daily | su -m uucp
+ echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks
index f6147b18fe2f..6d6ebac08497 100755
--- a/etc/periodic/daily/400.status-disks
+++ b/etc/periodic/daily/400.status-disks
@@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in
echo ""
echo "Disk status:"
- df $daily_status_disks_df_flags
+ df $daily_status_disks_df_flags && rc=0 || rc=3
# display which filesystems need backing up
echo ""
- dump W;;
+ dump W || rc=3;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/410.status-uucp b/etc/periodic/daily/410.status-uucp
index 53364774a0b4..96b52ec0e78a 100755
--- a/etc/periodic/daily/410.status-uucp
+++ b/etc/periodic/daily/410.status-uucp
@@ -13,11 +13,24 @@ fi
case "$daily_status_uucp_enable" in
[Yy][Ee][Ss])
- if [ -d /var/spool/uucp -a -x /usr/bin/uustat ]
+ if [ ! -d /var/spool/uucp ]
then
+ echo '$daily_status_uucp_enable is set but /var/spool/uucp' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -x /usr/bin/uustat ]
+ then
+ echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \
+ "isn't executable"
+ rc=2
+ else
echo ""
echo "UUCP status:"
- uustat -a
+ uustat -a && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network
index 68053610631b..8399cf720eff 100755
--- a/etc/periodic/daily/420.status-network
+++ b/etc/periodic/daily/420.status-network
@@ -13,16 +13,17 @@ fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/bin/netstat ]
- then
- echo ""
- echo "Network interface status:"
+ echo ""
+ echo "Network interface status:"
- case "$daily_status_network_usedns" in
- [Yy][Ee][Ss])
- netstat -i;;
- *)
- netstat -in;;
- esac
- fi;;
+ case "$daily_status_network_usedns" in
+ [Yy][Ee][Ss])
+ netstat -i && rc=0 || rc=3;;
+ *)
+ netstat -in && rc=0 || rc=3;;
+ esac;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho
index 728f4b2a2d42..44761368c933 100755
--- a/etc/periodic/daily/430.status-rwho
+++ b/etc/periodic/daily/430.status-rwho
@@ -14,14 +14,25 @@ fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
- if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ]
+ if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
- ruptime
+ prog=ruptime
else
echo ""
echo "Local system status:"
- uptime
+ prog=uptime
+ fi
+ rc=$($prog | tee /dev/stderr | wc -l)
+ if [ $? -eq 0 ]
+ then
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq
index fd2a4430ff83..17bc710f3237 100755
--- a/etc/periodic/daily/440.status-mailq
+++ b/etc/periodic/daily/440.status-mailq
@@ -13,21 +13,35 @@ fi
case "$daily_status_mailq_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ]
+ if [ ! -x /usr/bin/mailq ]
then
+ echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \
+ "isn't executable"
+ rc=2
+ elif [ ! -d /var/spool/mqueue ]
+ then
+ echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Mail in local queue:"
- case "$daily_status_mailq_shorten" in
+ rc=$(case "$daily_status_mailq_shorten" in
[Yy][Ee][Ss])
- mailq |
+ rc=$(mailq |
perl -ne 'print if /^\s+\S+@/' |
sort |
uniq -c |
sort -nr |
- awk '$1 > 1 {print $1, $2}';;
+ awk '$1 > 1 {print $1, $2}');;
*)
mailq;;
- esac
+ esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l)
+ [ $rc -gt 1 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security
index 8ca962dc1af0..61fcf8b44cd2 100755
--- a/etc/periodic/daily/450.status-security
+++ b/etc/periodic/daily/450.status-security
@@ -13,30 +13,33 @@ fi
case "$daily_status_security_enable" in
[Yy][Ee][Ss])
- if [ -f /etc/security -a -x /usr/sbin/sendmail ]
- then
- echo ""
- echo "Security check:"
-
- case "$daily_status_security_noamd" in
- [Yy][Ee][Ss])
- args=-a;;
- *)
- args=;;
- esac
-
- case "$daily_status_security_nomfs" in
- [Yy][Ee][Ss])
- args="$args -m";;
- esac
-
- case "$daily_status_security_inline" in
- [Yy][Ee][Ss])
- sh /etc/security -s $args;;
-
- *)
+ echo ""
+ echo "Security check:"
+
+ case "$daily_status_security_noamd" in
+ [Yy][Ee][Ss])
+ args=-a;;
+ *)
+ args=;;
+ esac
+
+ case "$daily_status_security_nomfs" in
+ [Yy][Ee][Ss])
+ args="$args -m";;
+ esac
+
+ case "$daily_status_security_inline" in
+ [Yy][Ee][Ss])
+ sh /etc/security -s $args
+ rc=$?;;
+
+ *)
echo " (output mailed separately)"
- sh /etc/security $args 2>&1 | sendmail root;;
- esac
- fi;;
+ sh /etc/security $args 2>&1 |
+ sendmail root && rc=0 || rc=3;;
+ esac;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects
index 7d6ef1adce79..22eae94edd37 100755
--- a/etc/periodic/daily/460.status-mail-rejects
+++ b/etc/periodic/daily/460.status-mail-rejects
@@ -13,15 +13,28 @@ fi
case "$daily_status_mail_rejects_enable" in
[Yy][Ee][Ss])
- if [ -d /etc/mail -a -f /var/log/maillog -a \
- "$daily_status_mail_rejects_logs" -gt 0 ]
+ if [ ! -d /etc/mail ]
then
+ echo '$daily_status_mail_rejects_enable is set but /etc/mail' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /var/log/maillog ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but ' \
+ "/var/log/maillog doesn't exist"
+ rc=2
+ elif [ "$daily_status_mail_rejects_logs" -le 0 ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but ' \
+ '$daily_status_mail_rejects_logs is not greater than zero'
+ rc=2
+ else
echo
echo Checking for rejected mail hosts:
start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'`
n=$(($daily_status_mail_rejects_logs - 2))
- {
+ rc=$({
while [ $n -ge 0 ]
do
if [ -f /var/log/maillog.$n ]
@@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in
} |
perl -ne "print \"\$2\n\"
if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" |
- sort | uniq -c | sort -nr
+ sort | uniq -c | sort -nr | tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local
index 307ff194df9f..099f29395036 100755
--- a/etc/periodic/daily/999.local
+++ b/etc/periodic/daily/999.local
@@ -14,6 +14,7 @@ then
source_periodic_confs
fi
+rc=0
for script in $daily_local
do
case "$script" in
@@ -23,7 +24,15 @@ do
echo ""
echo "Running $script:"
- sh $script
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
esac
done
+
+exit $rc
diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting
index 5444ea860bba..f808bbf8a853 100755
--- a/etc/periodic/monthly/200.accounting
+++ b/etc/periodic/monthly/200.accounting
@@ -14,14 +14,20 @@ fi
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
- if [ -f $W.0 ]
+ if [ ! -f $W.0 ]
then
- if [ -x /usr/sbin/ac ]
- then
- echo ""
- echo "Doing login accounting:"
+ echo '$monthly_accounting_enable is set but' \
+ "$W.0 doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Doing login accounting:"
- ac -p -w $W.0 | sort -nr +1
- fi
+ rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local
index b5d8aeda1c25..a70a14f8258e 100755
--- a/etc/periodic/monthly/999.local
+++ b/etc/periodic/monthly/999.local
@@ -11,6 +11,7 @@ then
source_periodic_confs
fi
+rc=0
for script in $monthly_local
do
case "$script" in
@@ -20,7 +21,15 @@ do
echo ""
echo "Running $script:"
- sh $script
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
esac
done
+
+exit $rc
diff --git a/etc/periodic/weekly/120.clean-kvmdb b/etc/periodic/weekly/120.clean-kvmdb
index dbc8f4e444bb..603e70b0d017 100755
--- a/etc/periodic/weekly/120.clean-kvmdb
+++ b/etc/periodic/weekly/120.clean-kvmdb
@@ -12,8 +12,17 @@ fi
case "$weekly_clean_kvmdb_enable" in
[Yy][Ee][Ss])
- if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ]
+ if [ ! -d /var/db ]
then
+ echo '$weekly_clean_kvmdb_enable is set but /var/db' \
+ "doesn't exist"
+ rc=2
+ elif [ -z "$weekly_clean_kvmdb_days" ]
+ then
+ echo '$weekly_clean_kvmdb_enable is set but' \
+ '$weekly_clean_kvmdb_days is not'
+ rc=2
+ else
echo ""
echo "Cleaning up kernel database files:"
@@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in
print=;;
esac
- find /var/db -name "kvm_*.db" ! -name $kernel \
- -atime +$weekly_clean_kvmdb_days -delete $print
+ rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \
+ -atime +$weekly_clean_kvmdb_days -delete $print |
+ tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/300.uucp b/etc/periodic/weekly/300.uucp
index 3370158805ad..1d146bc05cba 100755
--- a/etc/periodic/weekly/300.uucp
+++ b/etc/periodic/weekly/300.uucp
@@ -15,11 +15,24 @@ fi
case "$weekly_uucp_enable" in
[Yy][Ee][Ss])
- if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ]
+ if [ ! -d /var/spool/uucp ]
then
+ echo '$weekly_uucp_enable is set but /var/spool/uucp' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -x /usr/libexec/uucp/clean.weekly ]
+ then
+ echo '$weekly_uucp_enable is set but' \
+ "/usr/libexec/uucp/clean.weekly isn't executable"
+ rc=2
+ else
echo ""
echo "Cleaning up UUCP:"
- echo /usr/libexec/uucp/clean.weekly | su daemon
+ echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate
index 53d3d8001641..e6921ab56e82 100755
--- a/etc/periodic/weekly/310.locate
+++ b/etc/periodic/weekly/310.locate
@@ -13,19 +13,20 @@ fi
case "$weekly_locate_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/libexec/locate.updatedb -a -f $locdb ]
- then
- echo ""
- echo "Rebuilding locate database:"
+ echo ""
+ echo "Rebuilding locate database:"
- locdb=/var/db/locate.database
+ locdb=/var/db/locate.database
- touch $locdb
- chown nobody $locdb
- chmod 644 $locdb
+ touch $locdb && rc=0 || rc=3
+ chown nobody $locdb || rc=3
+ chmod 644 $locdb || rc=3
- cd /
- echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody
- chmod 444 $locdb
- fi;;
+ cd /
+ echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
+ chmod 444 $locdb || rc=3;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis
index 123be9670d7b..6af77477a22c 100755
--- a/etc/periodic/weekly/320.whatis
+++ b/etc/periodic/weekly/320.whatis
@@ -13,34 +13,39 @@ fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ]
- then
- echo ""
- echo "Rebuilding whatis database:"
+ echo ""
+ echo "Rebuilding whatis database:"
- MANPATH=`/usr/bin/manpath -q`
- if [ $? = 0 ]
+ MANPATH=`/usr/bin/manpath -q`
+ if [ $? = 0 ]
+ then
+ if [ -z "${MANPATH}" ]
then
- if [ "x${MANPATH}" = "x" ]
- then
- echo "manpath failed to find any manpage directories"
- else
- man_locales=`/usr/bin/manpath -qL`
+ echo "manpath failed to find any manpage directories"
+ rc=3
+ else
+ man_locales=`/usr/bin/manpath -qL`
+ rc=0
- # Build whatis(1) database(s) for original, non-localized
- # manpages.
- /usr/libexec/makewhatis.local "${MANPATH}"
+ # Build whatis(1) database(s) for original, non-localized
+ # manpages.
+ /usr/libexec/makewhatis.local "${MANPATH}" || rc=3
- # Build whatis(1) database(s) for localized manpages.
- if [ X"${man_locales}" != X ]
- then
- for i in ${man_locales}
- do
- LC_CTYPE=$i /usr/libexec/makewhatis.local -a \
- -L "${MANPATH}"
- done
- fi
+ # Build whatis(1) database(s) for localized manpages.
+ if [ X"${man_locales}" != X ]
+ then
+ for i in ${man_locales}
+ do
+ LC_CTYPE=$i /usr/libexec/makewhatis.local -a \
+ -L "${MANPATH}" || rc=3
+ done
fi
fi
+ else
+ rc=3
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman
index e446dd22662c..999913fb7025 100755
--- a/etc/periodic/weekly/330.catman
+++ b/etc/periodic/weekly/330.catman
@@ -13,34 +13,46 @@ fi
case "$weekly_catman_enable" in
[Yy][Ee][Ss])
- if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \
- -x /usr/bin/manpath ]
+ if [ ! -d /usr/share/man/cat1 ]
then
+ echo '$weekly_catman_enable is set but /usr/share/man/cat1' \
+ "doesn't exist"
+ rc=2
+ else
echo ""
echo "Reformatting manual pages:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
- if [ "x${MANPATH}" = "x" ]
+ if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpath directories"
+ rc=3
else
man_locales=`/usr/bin/manpath -qL`
+ rc=0
# Preformat original, non-localized manpages
- echo /usr/libexec/catman.local "$MANPATH" | su -fm man
+ echo /usr/libexec/catman.local "$MANPATH" |
+ su -fm man || rc=3
# Preformat localized manpages.
- if [ X"$man_locales" != X ]
+ if [ -n "$man_locales" ]
then
for i in $man_locales
do
LC_CTYPE=$i echo /usr/libexec/catman.local -L \
- "$MANPATH" | su -fm man
+ "$MANPATH" | su -fm man || rc=3
done
fi
fi
+ else
+ rc=3
fi
fi;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid
index 7ad71ea07f57..7b56f019a40e 100644
--- a/etc/periodic/weekly/340.noid
+++ b/etc/periodic/weekly/340.noid
@@ -16,6 +16,12 @@ case "$weekly_noid_enable" in
echo ""
echo "Check for files with an unknown user or group:"
- find -H ${weekly_noid_dirs:-/} -fstype local \
- \( -nogroup -o -nouser \) -print | sed 's/^/ /';;
+ rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \
+ \( -nogroup -o -nouser \) -print | sed 's/^/ /' |
+ tee /dev/stderr | wc -l)
+ [ $rc -gt 1 ] && rc=1;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg
index aac228bc9484..050b47b8ae5b 100755
--- a/etc/periodic/weekly/400.status-pkg
+++ b/etc/periodic/weekly/400.status-pkg
@@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in
echo ""
echo "Check for out of date packages:"
- pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';;
+ rc=$(pkg_version -v |
+ sed -n 's/^\([^ ]*\) *< */ \1 /p' |
+ tee /dev/stderr |
+ wc -l)
+ [ $rc -gt 1 ] && rc=1;;
+
+ *) rc=0;;
esac
+
+exit $rc
diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local
index efab6f4b25d8..f8b74d2df724 100755
--- a/etc/periodic/weekly/999.local
+++ b/etc/periodic/weekly/999.local
@@ -11,6 +11,7 @@ then
source_periodic_confs
fi
+rc=0
for script in $weekly_local
do
case "$script" in
@@ -20,7 +21,15 @@ do
echo ""
echo "Running $script:"
- sh $script
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
esac
done
+
+exit $rc
diff --git a/etc/security b/etc/security
index 78a885c3b9e0..0e32b3f89e5d 100644
--- a/etc/security
+++ b/etc/security
@@ -5,12 +5,21 @@
#
PATH=/sbin:/bin:/usr/bin
LC_ALL=C; export LC_ALL
+rc=0
+LOG=/var/log
+TMP=/var/run/_secure.$$
separator () {
echo ''
echo ''
}
+catmsgs() {
+ [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz
+ [ -f $LOG/messages.0 ] && cat $LOG/messages.0
+ [ -f $LOG/messages ] && cat $LOG/messages
+}
+
sflag=FALSE ignore=
while getopts ams c
do
@@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "`
host=`hostname`
[ $sflag = FALSE ] && echo "Subject: ${host} security check output"
-LOG=/var/log
-TMP=/var/run/_secure.$$
-
umask 027
echo "checking setuid files and devices:"
@@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do
done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP}
if [ ! -f ${LOG}/setuid.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no ${LOG}/setuid.today"
- cp ${TMP} ${LOG}/setuid.today
+ cp ${TMP} ${LOG}/setuid.today || rc=3
fi
if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "${host} setuid diffs:"
diff -w ${LOG}/setuid.today ${TMP}
- mv ${LOG}/setuid.today ${LOG}/setuid.yesterday
- mv ${TMP} ${LOG}/setuid.today
+ mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3
+ mv ${TMP} ${LOG}/setuid.today || rc=3
fi
# Show changes in the way filesystems are mounted
@@ -66,42 +74,52 @@ fi
[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
if mount -p | $cmd > $TMP; then
if [ ! -f $LOG/mount.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no $LOG/mount.today"
- cp $TMP $LOG/mount.today
+ cp $TMP $LOG/mount.today || rc=3
fi
if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "$host changes in mounted filesystems:"
diff -b $LOG/mount.today $TMP
- mv $LOG/mount.today $LOG/mount.yesterday
- mv $TMP $LOG/mount.today
+ mv $LOG/mount.today $LOG/mount.yesterday || rc=3
+ mv $TMP $LOG/mount.today || rc=3
fi
fi
separator
echo "checking for uids of 0:"
-awk -F: '$3==0 {print $1,$3}' /etc/master.passwd
+n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd |
+ tee /dev/stderr |
+ sed -e '/^root 0$/d' -e '/^toor 0$/d' |
+ wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
separator
echo "checking for passwordless accounts:"
-awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd
+n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
+ tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
# Show denied packets
#
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
if [ ! -f ${LOG}/ipfw.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no ${LOG}/ipfw.today"
- cp ${TMP} ${LOG}/ipfw.today
+ cp ${TMP} ${LOG}/ipfw.today || rc=3
fi
if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "${host} denied packets:"
diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>"
- mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday
- mv ${TMP} ${LOG}/ipfw.today
+ mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3
+ mv ${TMP} ${LOG}/ipfw.today || rc=3
fi
fi
@@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then
ipfw -a l | grep " log " | perl -n -e \
'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
if [ -s "${TMP}" ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "ipfw log limit reached:"
cat ${TMP}
@@ -122,17 +141,19 @@ fi
#
if dmesg 2>/dev/null > ${TMP}; then
if [ ! -f ${LOG}/dmesg.today ]; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "no ${LOG}/dmesg.today"
- cp ${TMP} ${LOG}/dmesg.today
+ cp ${TMP} ${LOG}/dmesg.today || rc=3
fi
if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then
+ [ $rc -lt 1 ] && rc=1
separator
echo "${host} kernel log messages:"
diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>"
- mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday
- mv ${TMP} ${LOG}/dmesg.today
+ mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3
+ mv ${TMP} ${LOG}/dmesg.today || rc=3
fi
fi
@@ -140,12 +161,16 @@ fi
#
separator
echo "${host} login failures:"
-zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure"
+n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
# Show tcp_wrapper warning messages
#
separator
echo "${host} refused connections:"
-zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect"
+n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
rm -f ${TMP}
+
+exit $rc