Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
5518 Commits
49 Branches
79 MiB
 
 
 
 
 
 
Tree: f953972807
openntpd-openbsd/src/etc/daily

204 lines
5.2 KiB
Raw Blame History

#
# $OpenBSD: daily,v 1.67 2010/07/25 08:49:03 espie Exp $
# From: @(#)daily 8.2 (Berkeley) 1/25/94
#
# For local additions, create the file /etc/daily.local.
# To get section headers, use the function next_part in daily.local.
#
umask 022
PARTOUT=/var/log/daily.part
MAINOUT=/var/log/daily.out
install -o 0 -g 0 -m 600 /dev/null $PARTOUT
install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
start_part() {
TITLE=$1
exec > $PARTOUT 2>&1
}
end_part() {
exec >> $MAINOUT 2>&1
test -s $PARTOUT || return
echo ""
echo "$TITLE"
cat $PARTOUT
}
next_part() {
end_part
start_part "$1"
}
run_script() {
f=/etc/$1
test -e $f || return
if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
echo "$f has insecure permissions, skipping:"
ls -l $f
return
fi
. $f
}
start_part "Running daily.local:"
run_script "daily.local"
next_part "Removing scratch and junk files:"
if [ -d /tmp -a ! -L /tmp ]; then
cd /tmp && {
find -x . \
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
-o -path ./portslocks \) \
-prune -o -type f -atime +3 -execdir rm -f -- {} \;
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
! -path ./.ICE-unix ! -path ./portslocks ! -name . \
-execdir rmdir -- {} \; >/dev/null 2>&1; }
fi
if [ -d /var/tmp -a ! -L /var/tmp ]; then
cd /var/tmp && {
find -x . \
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
-o -path ./portslocks \) \
-prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
! -path ./.ICE-unix ! -path ./portslocks ! -name . \
-execdir rmdir -- {} \; >/dev/null 2>&1; }
fi
# Additional junk directory cleanup would go like this:
#if [ -d /scratch -a ! -L /scratch ]; then
# cd /scratch && {
# find . ! -name . -atime +1 -execdir rm -f -- {} \;
# find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
# >/dev/null 2>&1; }
#fi
if [ -d /var/rwho -a ! -L /var/rwho ] ; then
cd /var/rwho && {
find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
fi
if [ -d /var/msgs -a ! -L /var/msgs ]; then
msgs -c
fi
next_part "Purging accounting records:"
if [ -f /var/account/acct ]; then
mv -f /var/account/acct.2 /var/account/acct.3
mv -f /var/account/acct.1 /var/account/acct.2
mv -f /var/account/acct.0 /var/account/acct.1
cp -f /var/account/acct /var/account/acct.0
sa -sq
fi
# If ROOTBACKUP is set to 1 in the environment, and
# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
# use it as a backup root filesystem to be updated daily.
next_part "Backing up root filesystem:"
while [ "X$ROOTBACKUP" = X1 ]; do
rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
$4 ~ /xx/ \
{ print substr($1, 6) }' < /etc/fstab`
if [ -z "$rootbak" ]; then
echo "No xx ffs /altroot device found in the fstab(5)."
break
fi
bakdisk=${rootbak%[a-p]}
sysctl -n hw.disknames | grep -Fqw $bakdisk || break
bakpart=${rootbak#$bakdisk}
baksize=`disklabel $bakdisk 2>/dev/null | \
awk -v "part=$bakpart:" '$1 == part { print $2 }'`
rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \
{ print substr($1, 6) }'`
if [ -z "$rootdev" ]; then
echo "The root filesystem is not local or not ffs."
break
fi
if [ X$rootdev = X$rootbak ]; then
echo "The device $rootdev holds both root and /altroot."
break
fi
rootdisk=${rootdev%[a-p]}
rootpart=${rootdev#$rootdisk}
rootsize=`disklabel $rootdisk 2>/dev/null | \
awk -v "part=$rootpart:" '$1 == part { print $2 }'`
if [ $rootsize -gt $baksize ]; then
echo "Root ($rootsize) is larger than /altroot ($baksize)."
break
fi
next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
sync
dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
conv=noerror
fsck -y /dev/r$rootbak
break
done
next_part "Checking subsystem status:"
if [ "X$VERBOSESTATUS" != X0 ]; then
echo ""
echo "disks:"
df -kl
echo ""
dump W
fi
# The first two regular expressions handle sendmail, the third postfix.
# When the queue is empty, smtpd(8) and exim -bp keep silent.
next_part "mail:"
mailq | grep -v -e "^/var/spool/mqueue is empty$" \
-e "^[[:blank:]]*Total requests: 0$" \
-e "^Mail queue is empty$"
next_part "network:"
if [ "X$VERBOSESTATUS" != X0 ]; then
netstat -ivn
t=/var/rwho/*
if [ "$t" != '/var/rwho/*' ]; then
echo ""
ruptime
fi
fi
next_part "Running calendar in the background:"
if [ "X$CALENDAR" != X0 -a \
\( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
calendar -a &
fi
# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
# with the no-write flag.
next_part "Checking filesystems:"
[ "X$CHECKFILESYSTEMS" = X1 ] && {
fsck -n | grep -v '^\*\* Phase'
}
next_part "Running rdist:"
if [ -f /etc/Distfile ]; then
if [ -d /var/log/rdist ]; then
rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F`
else
rdist -f /etc/Distfile
fi
fi
end_part
[ -s $MAINOUT ] && {
sysctl -n kern.version
uptime
cat $MAINOUT
} 2>&1 | mail -s "`hostname` daily output" root
MAINOUT=/var/log/security.out
install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
start_part "Running /etc/security:"
run_script "security"
end_part
rm -f $PARTOUT
[ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT