Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8543 Commits
49 Branches
42 MiB
Tree: 15dd0e7884
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '15dd0e7884'
${ noResults }
openntpd-openbsd/src/etc/daily

194 lines
4.8 KiB
Raw Normal View History

initial import of NetBSD tree
29 years ago
Show unveil(2) violators in lastcomm(1) output and daily mail. input Janne Johansson, schwarze@; OK deraadt@ millert@
4 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
initial import of NetBSD tree
29 years ago
polish comments, no functional change: 1) advertise *.local and next_part near the top of the three scripts 2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim) 3) weekly: drop a comment trivially rehashing the next two lines of code documenting next_part in the scripts was suggested by jmc@ ok sthen@ okan@ halex@; "i won't object" ajacoutot@
15 years ago
Force umask to 022 so we don't heritate 077 from root's crontab command (output logs are still umask 077) "i think this is right" deraadt@
17 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
check for /etc/{daily,weekly,monthly}.local and run if they exist
28 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
check for /etc/{daily,weekly,monthly}.local and run if they exist
28 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
When creating > 1 files with mktemp(1), make sure that if the creation of the n'th (n>1) file fails, the previous ones get removed before exit(1) Idea by jason; ok millert deraadt
21 years ago
No point in ls'ing the template, it will never exist.
27 years ago
avoid unnecessary changes of the output in order not to annoy parser scripts and their owners (like henning@)
15 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
use mktemp(1) and don't talk about core files unless it finds some.
27 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
Conform to the test(1) man page: use -L instead of -h when testing for symbolic links (the -h flag is for compatibility only); millert@ ok
24 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
Don't rmdir .ICE-unix from /tmp or /var/tmp either. OK deraadt@
19 years ago
handle portslock. reminded by antoine@
14 years ago
Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp to /usr/ports/pobj years ago. OK millert@, ajacoutot@
8 years ago
Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the often space-constrained /var filesystem was a historical mistake. There are big implications for the daemons which assume they won't run out of space, and this is a first step towards trying to improve the situation. Move /tmp to the same 7-day expiration rules that /var/tmp had. vi.recover works just as well as before, except on memory filesystems; indicating that vi should be repaired to write files into homedirs or something. done with rpe ok many
9 years ago
Don't rmdir vi.recover or .X11-unix from /tmp or /var/tmp. OK deraadt@
19 years ago
Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp to /usr/ports/pobj years ago. OK millert@, ajacoutot@
8 years ago
handle portslock. reminded by antoine@
14 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
initial import of NetBSD tree
29 years ago
sync with netbsd 960418
28 years ago
Conform to the test(1) man page: use -L instead of -h when testing for symbolic links (the -h flag is for compatibility only); millert@ ok
24 years ago
sync with netbsd 960418
28 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
sync with netbsd 960418
28 years ago
initial import of NetBSD tree
29 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
initial import of NetBSD tree
29 years ago
Test if an acct file exists before trying to rename it. This silences false warnings in the frist three daily mails after process accounting has been turned on. from Raf Czlonka
7 years ago
by means of utilising -f avoid some warnings when rotating accounting files; millert@ ok
21 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
Show unveil(2) violators in lastcomm(1) output and daily mail. input Janne Johansson, schwarze@; OK deraadt@ millert@
4 years ago
initial import of NetBSD tree
29 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
Let /altroot work with a duid-based fstab. Reported by & fix tested by Dave Anderson. Thanks! ok deraadt@
12 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
Before dd'ing raw partitions around, do stricter sanity checking: Do not attempt to copy a larger partition onto a smaller one. Backup of non-ffs root partitions was never supported, so don't even try. (Both of the above suggested by guenther@). Also add error messages in case ROOTBACKUP is switched on but severely misconfigured - those were silently ignored in the past: /altroot not defined or wrong type or on the same device as root. otto@ agrees that checking the sizes makes sense
15 years ago
Fix previous fix for /altroot processing. Should now work for both duid and device entries in fstab. As a bonus make commented out lines in fstab in-eligable for altroot detection. ok halex@ deraadt@
12 years ago
Before dd'ing raw partitions around, do stricter sanity checking: Do not attempt to copy a larger partition onto a smaller one. Backup of non-ffs root partitions was never supported, so don't even try. (Both of the above suggested by guenther@). Also add error messages in case ROOTBACKUP is switched on but severely misconfigured - those were silently ignored in the past: /altroot not defined or wrong type or on the same device as root. otto@ agrees that checking the sizes makes sense
15 years ago
Let /altroot work with a duid-based fstab. Reported by & fix tested by Dave Anderson. Thanks! ok deraadt@
12 years ago
Print an explicit error if the backup volume is not present in hw.disknames. This can only happen due to a failure or user error. In either case, silent failure makes it hard to discover and debug. Now it will be easy to spot in the daily mail. ok rob, schwarze
6 years ago
Let /altroot work with a duid-based fstab. Reported by & fix tested by Dave Anderson. Thanks! ok deraadt@
12 years ago
Fix previous fix for /altroot processing. Should now work for both duid and device entries in fstab. As a bonus make commented out lines in fstab in-eligable for altroot detection. ok halex@ deraadt@
12 years ago
ugly spaces
10 years ago
Fix previous fix for /altroot processing. Should now work for both duid and device entries in fstab. As a bonus make commented out lines in fstab in-eligable for altroot detection. ok halex@ deraadt@
12 years ago
Before dd'ing raw partitions around, do stricter sanity checking: Do not attempt to copy a larger partition onto a smaller one. Backup of non-ffs root partitions was never supported, so don't even try. (Both of the above suggested by guenther@). Also add error messages in case ROOTBACKUP is switched on but severely misconfigured - those were silently ignored in the past: /altroot not defined or wrong type or on the same device as root. otto@ agrees that checking the sizes makes sense
15 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
Tweak rcctl wording. from ian@
8 years ago
Rename the 'faulty' list action to 'failed'; it clearer. prodded by matthieu@ ok millert@ jung@ sthen@
8 years ago
Run "rcctl ls faulty", which is silent when all services work as expected. Based on an original idea and a different patch from landry@. OK jung@ zhuk@ landry@ krw@ agreed to the general idea
8 years ago
move kern.version and uptime back to the top of the output by moving it down to the bottom of the code; "I definitely like this" ajacoutot@
15 years ago
New variable VERBOSESTATUS (=1 by default). When set to 0, daily(8) won't send mail unless there is something to report. Using feedback from kettenis@ henning@ jmc@ OK sthen@ jmc@
15 years ago
Have df(1) in the daily output show the inodes used/free. a few developers thought this was a reasonable/good idea.
10 years ago
New variable VERBOSESTATUS (=1 by default). When set to 0, daily(8) won't send mail unless there is something to report. Using feedback from kettenis@ henning@ jmc@ OK sthen@ jmc@
15 years ago
VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still worth noting "go ahead" schwarze@
9 years ago
New variable VERBOSESTATUS (=1 by default). When set to 0, daily(8) won't send mail unless there is something to report. Using feedback from kettenis@ henning@ jmc@ OK sthen@ jmc@
15 years ago
initial import of NetBSD tree
29 years ago
avoid unnecessary changes of the output in order not to annoy parser scripts and their owners (like henning@)
15 years ago
New variable VERBOSESTATUS (=1 by default). When set to 0, daily(8) won't send mail unless there is something to report. Using feedback from kettenis@ henning@ jmc@ OK sthen@ jmc@
15 years ago
use mktemp(1) and don't talk about core files unless it finds some.
27 years ago
initial import of NetBSD tree
29 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
Change when calendar(1) is such so that it is after mailq runs. That way we avoid a flurry of transient calendar mail in the mailq.
22 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
initial import of NetBSD tree
29 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
initial import of NetBSD tree
29 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
Three rdist log file name improvements on one single line: 1) replace +%e by +%d, unescaped blanks don't work at all in file names 2) replace +%b by +%m to make log files sort better by month 3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d) from Tim van der Molen <tbvdm at xs4all dot nl>, thanks! ok okan@
15 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
zap trailing spaces and tabs
22 years ago
lite2 daily + our changes. We can remove old tmp files now that fts(3) is safe and we have -execdir.
27 years ago
initial import of NetBSD tree
29 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
move kern.version and uptime back to the top of the output by moving it down to the bottom of the code; "I definitely like this" ajacoutot@
15 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
Switch from the old shell script /etc/security to the new Perl script /usr/libexec/security. The new script was tested by sthen@ and ajacoutot@. Committing now due to repeated prodding from deraadt@. In case problems show up, they will be fixed in tree.
13 years ago
Even though SUIDSKIP used to be a mere shell variable, it was propagated to the old /etc/security script because daily sourced it. Now we fork and exec, so SUIDSKIP must be promoted to the environment. Problem reported, fix tested and ok weerd@.
13 years ago
Switch from the old shell script /etc/security to the new Perl script /usr/libexec/security. The new script was tested by sthen@ and ajacoutot@. Committing now due to repeated prodding from deraadt@. In case problems show up, they will be fixed in tree.
13 years ago
make weekly and monthly silent by default add the same infrastructure to daily; silencing daily needs another step discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@ "immediately commit" deraadt@ (without seeing the final diff)
15 years ago
 
  1. #
  2. #	$OpenBSD: daily,v 1.92 2019/07/25 13:13:53 bluhm Exp $
  3. #	From: @(#)daily	8.2 (Berkeley) 1/25/94
  4. #
  5. # For local additions, create the file /etc/daily.local.
  6. # To get section headers, use the function next_part in daily.local.
  7. #
  8. umask 022
  9. 

  10. PARTOUT=/var/log/daily.part
  11. MAINOUT=/var/log/daily.out
  12. install -o 0 -g 0 -m 600    /dev/null $PARTOUT
  13. install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
  14. 

  15. start_part() {
  16. 	TITLE=$1
  17. 	exec > $PARTOUT 2>&1
  18. }
  19. 

  20. end_part() {
  21. 	exec >> $MAINOUT 2>&1
  22. 	test -s $PARTOUT || return
  23. 	echo ""
  24. 	echo "$TITLE"
  25. 	cat $PARTOUT
  26. }
  27. 

  28. next_part() {
  29. 	end_part
  30. 	start_part "$1"
  31. }
  32. 

  33. run_script() {
  34. 	f=/etc/$1
  35. 	test -e $f || return
  36. 	if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
  37. 		echo "$f has insecure permissions, skipping:"
  38. 		ls -l $f
  39. 		return
  40. 	fi
  41. 	. $f
  42. }
  43. 

  44. start_part "Running daily.local:"
  45. run_script "daily.local"
  46. 

  47. next_part "Removing scratch and junk files:"
  48. if [ -d /tmp -a ! -L /tmp ]; then
  49. 	cd /tmp && {
  50. 	find -x . \
  51. 	    \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
  52. 		-o -path './tmux-*' \) \
  53. 	    -prune -o -type f -atime +7 -execdir rm -f -- {} \; 2>/dev/null
  54. 	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
  55. 	    ! -path ./.ICE-unix ! -name . \
  56. 	    -execdir rmdir -- {} \; >/dev/null 2>&1; }
  57. fi
  58. 

  59. # Additional junk directory cleanup would go like this:
  60. #if [ -d /scratch -a ! -L /scratch ]; then
  61. #	cd /scratch && {
  62. #	find . ! -name . -atime +1 -execdir rm -f -- {} \;
  63. #	find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
  64. #	    >/dev/null 2>&1; }
  65. #fi
  66. 

  67. next_part "Purging accounting records:"
  68. if [ -f /var/account/acct ]; then
  69. 	test -f /var/account/acct.2 && \
  70. 		mv -f /var/account/acct.2 /var/account/acct.3
  71. 	test -f /var/account/acct.1 && \
  72. 		mv -f /var/account/acct.1 /var/account/acct.2
  73. 	test -f /var/account/acct.0 && \
  74. 		mv -f /var/account/acct.0 /var/account/acct.1
  75. 	cp -f /var/account/acct /var/account/acct.0
  76. 	sa -sq
  77. 	lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[PTU]'
  78. fi
  79. 

  80. # If ROOTBACKUP is set to 1 in the environment, and
  81. # if filesystem named /altroot is type ffs and mounted "xx",
  82. # use it as a backup root filesystem to be updated daily.
  83. next_part "Backing up root filesystem:"
  84. while [ "X$ROOTBACKUP" = X1 ]; do
  85. 	rootbak=`awk '$1 !~ /^#/ && $2 == "/altroot" && $3 == "ffs" && \
  86. 		$4 ~ /xx/ { print $1 }' < /etc/fstab`
  87. 	if [ -z "$rootbak" ]; then
  88. 		echo "No xx ffs /altroot device found in the fstab(5)."
  89. 		break
  90. 	fi
  91. 	rootbak=${rootbak#/dev/}
  92. 	bakdisk=${rootbak%%?(.)[a-p]}
  93. 	if ! sysctl -n hw.disknames | grep -Fqw $bakdisk; then
  94. 		echo "Backup disk '$bakdisk' not present in hw.disknames."
  95. 		break
  96. 	fi
  97. 	bakpart=${rootbak##$bakdisk?(.)}
  98. 	OLDIFS=$IFS
  99. 	IFS=,
  100. 	for d in `sysctl -n hw.disknames`; do
  101. 		# If the provided disk name is a duid, substitute the device.
  102. 		if [ X$bakdisk = X${d#*:} ]; then
  103. 			bakdisk=${d%:*}
  104. 			rootbak=$bakdisk$bakpart
  105. 		fi
  106. 	done
  107. 	IFS=$OLDIFS
  108. 	baksize=`disklabel $bakdisk 2>/dev/null | \
  109. 		awk -v "part=$bakpart:" '$1 == part { print $2 }'`
  110. 	rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \
  111. 		{ print substr($1, 6) }'`
  112. 	if [ -z "$rootdev" ]; then
  113. 		echo "The root filesystem is not local or not ffs."
  114. 		break
  115. 	fi
  116. 	if [ X$rootdev = X$rootbak ]; then
  117. 		echo "The device $rootdev holds both root and /altroot."
  118. 		break
  119. 	fi
  120. 	rootdisk=${rootdev%[a-p]}
  121. 	rootpart=${rootdev#$rootdisk}
  122. 	rootsize=`disklabel $rootdisk 2>/dev/null | \
  123. 		awk -v "part=$rootpart:" '$1 == part { print $2 }'`
  124. 	if [ $rootsize -gt $baksize ]; then
  125. 		echo "Root ($rootsize) is larger than /altroot ($baksize)."
  126. 		break
  127. 	fi
  128. 	next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
  129. 	sync
  130. 	dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
  131. 		conv=noerror
  132. 	fsck -y /dev/r$rootbak
  133. 	break
  134. done
  135. 

  136. next_part "Services that should be running but aren't:"
  137. rcctl ls failed
  138. 

  139. next_part "Checking subsystem status:"
  140. if [ "X$VERBOSESTATUS" != X0 ]; then
  141. 	echo ""
  142. 	echo "disks:"
  143. 	df -ikl
  144. 	echo ""
  145. 	dump W
  146. else
  147. 	dump w | grep -vB1 ^Dump
  148. fi
  149. 

  150. next_part "network:"
  151. if [ "X$VERBOSESTATUS" != X0 ]; then
  152. 	netstat -ivn
  153. fi
  154. 

  155. next_part "Running calendar in the background:"
  156. if [ "X$CALENDAR" != X0 -a \
  157.      \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
  158. 	calendar -a &
  159. fi
  160. 

  161. # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
  162. # with the no-write flag.
  163. next_part "Checking filesystems:"
  164. [ "X$CHECKFILESYSTEMS" = X1 ] && {
  165. 	fsck -n | grep -v '^\*\* Phase'
  166. }
  167. 

  168. next_part "Running rdist:"
  169. if [ -f /etc/Distfile ]; then
  170. 	if [ -d /var/log/rdist ]; then
  171. 		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F`
  172. 	else
  173. 		rdist -f /etc/Distfile
  174. 	fi
  175. fi
  176. 

  177. end_part
  178. [ -s $MAINOUT ] && {
  179. 	sysctl -n kern.version
  180. 	uptime
  181. 	cat $MAINOUT
  182. } 2>&1 | mail -s "`hostname` daily output" root
  183. 

  184. 

  185. MAINOUT=/var/log/security.out
  186. install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
  187. 

  188. start_part "Running security(8):"
  189. export SUIDSKIP
  190. /usr/libexec/security
  191. end_part
  192. rm -f $PARTOUT
  193. 

  194. [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT