Process accounting and lastcomm(1) can detect execve(2) violations
of pinsyscall(2) policy. Report such findings in daily mail like
other security violations. User has to turn on accounting=YES in
rc.conf.local to utilize this feature.
OK deraadt@

Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing them
interferes with programs using shm_open(3) which uses them as backing
files.

Problem pointed out by jeremy@ in relation to PostgreSQL.
Suggestion/ok tb@.

Remove calls for df(1), netstat(1), and the verbose dump(1)

With this change, daily(8) only sends email when something looks
dubious.
Consequently VERBOSESTATUS is now a no-op and may be unset.

The code is trivial and riddled with choices that look like personal
preferences. The old behavior can be achieved through
/etc/daily.local.

With schwarze@, tweak kn@, sthen@
OK schwarze@, kn@, jung@

Use find -delete instead of execing rm and rmdir.
OK sthen@ denis@

Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@

Show unveil(2) violators in lastcomm(1) output and daily mail.
input Janne Johansson, schwarze@; OK deraadt@ millert@

Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.

ok rob, schwarze

Test if an acct file exists before trying to rename it. This silences
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka

Report processes that were killed due to pledge or memory access
violations in the daily mail.
OK millert@ jmc@

Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.

Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.

Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree

Tweak rcctl wording.

from ian@

Rename the 'faulty' list action to 'failed'; it clearer.

prodded by matthieu@
ok millert@ jung@ sthen@

Run "rcctl ls faulty", which is silent when all services work as expected.
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea

Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp
to /usr/ports/pobj years ago.

OK millert@, ajacoutot@

VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting

"go ahead" schwarze@

Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.

Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.

done with rpe
ok many

don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena
ok schwarze@

jmc spotted more ruptime tentacles

rm rwhod tentacles

Have df(1) in the daily output show the inodes used/free.

a few developers thought this was a reasonable/good idea.

ugly spaces

backout atactl check; I had warned that this would try a lot of code
paths which are rarely tried. Problem reported by a few on the list.

Add a SMART check using atactl(8) against disks that support and have
SMART enabled.

Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.

inputs from sthen@ halex@ weerd@
ok deraadt@

Fix previous fix for /altroot processing. Should now work for both
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.

ok halex@ deraadt@

Let /altroot work with a duid-based fstab.

Reported by & fix tested by Dave Anderson. Thanks!

ok deraadt@

closing fd 0-2 is indeed bad style and potentially dangerous, as pointed
out by Arne Becker, who also supplied the diff, thanks!

ok schwarze@
agreed by many

Even though SUIDSKIP used to be a mere shell variable, it was propagated
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.

Switch from the old shell script /etc/security
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.

Silence errors in the temp dir cleanup process

ok phessler@ sthen@

Kill msgs. Noone uses it, and it has a longjmp in it.
Lots of agreement.

handle portslock. reminded by antoine@

Three rdist log file name improvements on one single line:
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@

polish comments, no functional change:
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@

Before dd'ing raw partitions around, do stricter sanity checking:
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense

skip the ROOTBACKUP when the destination disk device is not configured;
suggested, tweaked and ok by guenther@

handle PATH in the same way as in monthly(8) and weekly(8),
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@

move kern.version and uptime back to the top of the output
by moving it down to the bottom of the code;
"I definitely like this" ajacoutot@

New variable VERBOSESTATUS (=1 by default).
When set to 0, daily(8) won't send mail unless there is something to report.
Using feedback from kettenis@ henning@ jmc@
OK sthen@ jmc@

avoid unnecessary changes of the output
in order not to annoy parser scripts and their owners (like henning@)

make weekly and monthly silent by default
add the same infrastructure to daily; silencing daily needs another step
discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@
"immediately commit" deraadt@ (without seeing the final diff)

remove dead code and the associated documentation
while here, remove the misleading shbang and an unused variable
and add the missing cross reference to ac(8)
ok sthen@ jmc@

Force umask to 022 so we don't heritate 077 from root's crontab command
(output logs are still umask 077)

"i think this is right" deraadt@

make code look better

Exit when asked to. OK by deraadt, spotted by lumpy.

Remove fdescfs

Remove kernfs, okay deraadt@.

ok, add uptime after kernel version

Don't rmdir .ICE-unix from /tmp or /var/tmp either. OK deraadt@

Don't rmdir vi.recover or .X11-unix from /tmp or /var/tmp. OK deraadt@

Use df to verify that we are not booted from the altboot before doing
the / -> /altroot copy. OK deraadt@

add kern.version to daily report. ok deraadt@

remove check for /etc/news.expire;
ok millert@

some more extra mktemp randomness; millert@ ok

by means of utilising -f avoid some warnings when rotating accounting files; millert@ ok

- no more /var/ssyslog (unused)
- no more /var/spool/lpd (lpd uses /var/spool/output)
- no more /var/preserve (old vi directory)
- update docs to reflect this

help with systrace provos@
help and ok millert@

When creating > 1 files with mktemp(1), make sure that if the creation
of the n'th (n>1) file fails, the previous ones get removed before exit(1)
Idea by jason; ok millert deraadt

Use `hostname` not `hostname -s` in subject for consistency with
daily, weekly, and monthly. Closes PR 3017.

have df only display statistics about local filesystems (-l flag)

ok millert@

zap trailing spaces and tabs

Change when calendar(1) is such so that it is after mailq runs.
That way we avoid a flurry of transient calendar mail in the mailq.

Be anal about ssh and X11 hooks.

the first part of uucp going away. It will become a package

branches: 1.35.2;
Add -n to the netstat invocation. Faster running, less chance of being spoofed, no unneeded dial-on-demands

Correctly check empty mailq, closes PR 1602 (cjclark@alum.mit.edu)

branches: 1.33.2;

pipe output from /etc/security to a temp file and then check that
output was created before sending off a mail message to root.
This suppresses an empty mail message and a warning appended to the
end of the daily status report. OK millert@

Conform to the test(1) man page: use -L instead of -h when testing for
symbolic links (the -h flag is for compatibility only); millert@ ok

Prune /tmp traversal at .X11-unix
Since /tmp might be a link to /var/tmp, prune at ssh-* or .X11-unix
like the find on /tmp does.

use netstat -iv, not -i, to avoid truncation of ipv6 address. ok by deraadt

fix per pr1192; also == "xx" -> ~ /xx/, same thought

run pruning find with -x, to avoid /tmp based mountpoint pruning

no need for Subject: line, crontab does it

Only run msgs -c if /var/msgs exists and is not a symlink.

Don't prune dirs in /var/tmp on first pass; problem noted by m4@umn.edu

do not delete files like that, geez

Don't remove files in /tmp/ssh-*

fix root backup

indent

run calendar in the background

1 fix from enami@ba2.so-net.or.jp

Add option to turn off calendar via env variables settable via cron.
Ie: ``CALENDAR=0'' will turn it off which is useful for machines with
no local users that do not run YP.

lite2 daily + our changes. We can remove old tmp files now that fts(3)
is safe and we have -execdir.

No point in ls'ing the template, it will never exist.

Less output when not needed.

use mktemp(1) and don't talk about core files unless it finds some.

Improved handling of temporary files.

indicate hostname in security report

indent

only run calendar on yp server; from matthieu@laas.fr

slight clarification.

daily: disable the fscks by default.
rc: add /usr/local/lib to ldconfig.

still print about ugly files; from Todd.Miller@cs.colorado.edu

whoops

disable find | rm entities until we have a safe way of doing them

sync & label

sync with netbsd 960418

check for /etc/{daily,weekly,monthly}.local and run if they exist

branches: 1.1.1;
Initial revision

Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing them
interferes with programs using shm_open(3) which uses them as backing
files.

Problem pointed out by jeremy@ in relation to PostgreSQL.
Suggestion/ok tb@.

Remove calls for df(1), netstat(1), and the verbose dump(1)

With this change, daily(8) only sends email when something looks
dubious.
Consequently VERBOSESTATUS is now a no-op and may be unset.

The code is trivial and riddled with choices that look like personal
preferences. The old behavior can be achieved through
/etc/daily.local.

With schwarze@, tweak kn@, sthen@
OK schwarze@, kn@, jung@

Use find -delete instead of execing rm and rmdir.
OK sthen@ denis@

Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@

Show unveil(2) violators in lastcomm(1) output and daily mail.
input Janne Johansson, schwarze@; OK deraadt@ millert@

Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.

ok rob, schwarze

Test if an acct file exists before trying to rename it. This silences
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka

Report processes that were killed due to pledge or memory access
violations in the daily mail.
OK millert@ jmc@

Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.

Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.

Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree

Tweak rcctl wording.

from ian@

Rename the 'faulty' list action to 'failed'; it clearer.

prodded by matthieu@
ok millert@ jung@ sthen@

Run "rcctl ls faulty", which is silent when all services work as expected.
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea

Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp
to /usr/ports/pobj years ago.

OK millert@, ajacoutot@

VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting

"go ahead" schwarze@

Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.

Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.

done with rpe
ok many

don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena
ok schwarze@

jmc spotted more ruptime tentacles

rm rwhod tentacles

Have df(1) in the daily output show the inodes used/free.

a few developers thought this was a reasonable/good idea.

ugly spaces

backout atactl check; I had warned that this would try a lot of code
paths which are rarely tried. Problem reported by a few on the list.

Add a SMART check using atactl(8) against disks that support and have
SMART enabled.

Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.

inputs from sthen@ halex@ weerd@
ok deraadt@

Fix previous fix for /altroot processing. Should now work for both
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.

ok halex@ deraadt@

Let /altroot work with a duid-based fstab.

Reported by & fix tested by Dave Anderson. Thanks!

ok deraadt@

closing fd 0-2 is indeed bad style and potentially dangerous, as pointed
out by Arne Becker, who also supplied the diff, thanks!

ok schwarze@
agreed by many

Even though SUIDSKIP used to be a mere shell variable, it was propagated
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.

Switch from the old shell script /etc/security
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.

Silence errors in the temp dir cleanup process

ok phessler@ sthen@

Kill msgs. Noone uses it, and it has a longjmp in it.
Lots of agreement.

handle portslock. reminded by antoine@

Three rdist log file name improvements on one single line:
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@

polish comments, no functional change:
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@

Before dd'ing raw partitions around, do stricter sanity checking:
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense

skip the ROOTBACKUP when the destination disk device is not configured;
suggested, tweaked and ok by guenther@

handle PATH in the same way as in monthly(8) and weekly(8),
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@

move kern.version and uptime back to the top of the output
by moving it down to the bottom of the code;
"I definitely like this" ajacoutot@

New variable VERBOSESTATUS (=1 by default).
When set to 0, daily(8) won't send mail unless there is something to report.
Using feedback from kettenis@ henning@ jmc@
OK sthen@ jmc@

avoid unnecessary changes of the output
in order not to annoy parser scripts and their owners (like henning@)

make weekly and monthly silent by default
add the same infrastructure to daily; silencing daily needs another step
discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@
"immediately commit" deraadt@ (without seeing the final diff)

remove dead code and the associated documentation
while here, remove the misleading shbang and an unused variable
and add the missing cross reference to ac(8)
ok sthen@ jmc@

Force umask to 022 so we don't heritate 077 from root's crontab command
(output logs are still umask 077)

"i think this is right" deraadt@

make code look better

Exit when asked to. OK by deraadt, spotted by lumpy.

Remove fdescfs

Remove kernfs, okay deraadt@.

ok, add uptime after kernel version

Don't rmdir .ICE-unix from /tmp or /var/tmp either. OK deraadt@

Don't rmdir vi.recover or .X11-unix from /tmp or /var/tmp. OK deraadt@

Use df to verify that we are not booted from the altboot before doing
the / -> /altroot copy. OK deraadt@

add kern.version to daily report. ok deraadt@

remove check for /etc/news.expire;
ok millert@

some more extra mktemp randomness; millert@ ok

by means of utilising -f avoid some warnings when rotating accounting files; millert@ ok

- no more /var/ssyslog (unused)
- no more /var/spool/lpd (lpd uses /var/spool/output)
- no more /var/preserve (old vi directory)
- update docs to reflect this

help with systrace provos@
help and ok millert@

When creating > 1 files with mktemp(1), make sure that if the creation
of the n'th (n>1) file fails, the previous ones get removed before exit(1)
Idea by jason; ok millert deraadt

Use `hostname` not `hostname -s` in subject for consistency with
daily, weekly, and monthly. Closes PR 3017.

have df only display statistics about local filesystems (-l flag)

ok millert@

zap trailing spaces and tabs

Change when calendar(1) is such so that it is after mailq runs.
That way we avoid a flurry of transient calendar mail in the mailq.

Be anal about ssh and X11 hooks.

the first part of uucp going away. It will become a package

branches: 1.35.2;
Add -n to the netstat invocation. Faster running, less chance of being spoofed, no unneeded dial-on-demands

Correctly check empty mailq, closes PR 1602 (cjclark@alum.mit.edu)

branches: 1.33.2;

pipe output from /etc/security to a temp file and then check that
output was created before sending off a mail message to root.
This suppresses an empty mail message and a warning appended to the
end of the daily status report. OK millert@

Conform to the test(1) man page: use -L instead of -h when testing for
symbolic links (the -h flag is for compatibility only); millert@ ok

Prune /tmp traversal at .X11-unix
Since /tmp might be a link to /var/tmp, prune at ssh-* or .X11-unix
like the find on /tmp does.

use netstat -iv, not -i, to avoid truncation of ipv6 address. ok by deraadt

fix per pr1192; also == "xx" -> ~ /xx/, same thought

run pruning find with -x, to avoid /tmp based mountpoint pruning

no need for Subject: line, crontab does it

Only run msgs -c if /var/msgs exists and is not a symlink.

Don't prune dirs in /var/tmp on first pass; problem noted by m4@umn.edu

do not delete files like that, geez

Don't remove files in /tmp/ssh-*

fix root backup

indent

run calendar in the background

1 fix from enami@ba2.so-net.or.jp

Add option to turn off calendar via env variables settable via cron.
Ie: ``CALENDAR=0'' will turn it off which is useful for machines with
no local users that do not run YP.

lite2 daily + our changes. We can remove old tmp files now that fts(3)
is safe and we have -execdir.

No point in ls'ing the template, it will never exist.

Less output when not needed.

use mktemp(1) and don't talk about core files unless it finds some.

Improved handling of temporary files.

indicate hostname in security report

indent

only run calendar on yp server; from matthieu@laas.fr

slight clarification.

daily: disable the fscks by default.
rc: add /usr/local/lib to ldconfig.

still print about ugly files; from Todd.Miller@cs.colorado.edu

whoops

disable find | rm entities until we have a safe way of doing them

sync & label

sync with netbsd 960418

check for /etc/{daily,weekly,monthly}.local and run if they exist

branches: 1.1.1;
Initial revision

Remove calls for df(1), netstat(1), and the verbose dump(1)

With this change, daily(8) only sends email when something looks
dubious.
Consequently VERBOSESTATUS is now a no-op and may be unset.

The code is trivial and riddled with choices that look like personal
preferences. The old behavior can be achieved through
/etc/daily.local.

With schwarze@, tweak kn@, sthen@
OK schwarze@, kn@, jung@

Use find -delete instead of execing rm and rmdir.
OK sthen@ denis@

Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@

Show unveil(2) violators in lastcomm(1) output and daily mail.
input Janne Johansson, schwarze@; OK deraadt@ millert@

Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.

ok rob, schwarze

Test if an acct file exists before trying to rename it. This silences
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka

Report processes that were killed due to pledge or memory access
violations in the daily mail.
OK millert@ jmc@

Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.

Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.

Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree

Tweak rcctl wording.

from ian@

Rename the 'faulty' list action to 'failed'; it clearer.

prodded by matthieu@
ok millert@ jung@ sthen@

Run "rcctl ls faulty", which is silent when all services work as expected.
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea

Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp
to /usr/ports/pobj years ago.

OK millert@, ajacoutot@

VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting

"go ahead" schwarze@

Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.

Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.

done with rpe
ok many

don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena
ok schwarze@

jmc spotted more ruptime tentacles

rm rwhod tentacles

Have df(1) in the daily output show the inodes used/free.

a few developers thought this was a reasonable/good idea.

ugly spaces

backout atactl check; I had warned that this would try a lot of code
paths which are rarely tried. Problem reported by a few on the list.

Add a SMART check using atactl(8) against disks that support and have
SMART enabled.

Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.

inputs from sthen@ halex@ weerd@
ok deraadt@

Fix previous fix for /altroot processing. Should now work for both
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.

ok halex@ deraadt@

Let /altroot work with a duid-based fstab.

Reported by & fix tested by Dave Anderson. Thanks!

ok deraadt@

closing fd 0-2 is indeed bad style and potentially dangerous, as pointed
out by Arne Becker, who also supplied the diff, thanks!

ok schwarze@
agreed by many

Even though SUIDSKIP used to be a mere shell variable, it was propagated
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.

Switch from the old shell script /etc/security
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.

Silence errors in the temp dir cleanup process

ok phessler@ sthen@

Kill msgs. Noone uses it, and it has a longjmp in it.
Lots of agreement.

handle portslock. reminded by antoine@

Three rdist log file name improvements on one single line:
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@

polish comments, no functional change:
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@

Before dd'ing raw partitions around, do stricter sanity checking:
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense

skip the ROOTBACKUP when the destination disk device is not configured;
suggested, tweaked and ok by guenther@

handle PATH in the same way as in monthly(8) and weekly(8),
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@

move kern.version and uptime back to the top of the output
by moving it down to the bottom of the code;
"I definitely like this" ajacoutot@

New variable VERBOSESTATUS (=1 by default).
When set to 0, daily(8) won't send mail unless there is something to report.
Using feedback from kettenis@ henning@ jmc@
OK sthen@ jmc@

avoid unnecessary changes of the output
in order not to annoy parser scripts and their owners (like henning@)

make weekly and monthly silent by default
add the same infrastructure to daily; silencing daily needs another step
discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@
"immediately commit" deraadt@ (without seeing the final diff)

remove dead code and the associated documentation
while here, remove the misleading shbang and an unused variable
and add the missing cross reference to ac(8)
ok sthen@ jmc@

Force umask to 022 so we don't heritate 077 from root's crontab command
(output logs are still umask 077)

"i think this is right" deraadt@

make code look better

Exit when asked to. OK by deraadt, spotted by lumpy.

Remove fdescfs

Remove kernfs, okay deraadt@.

ok, add uptime after kernel version

Don't rmdir .ICE-unix from /tmp or /var/tmp either. OK deraadt@

Don't rmdir vi.recover or .X11-unix from /tmp or /var/tmp. OK deraadt@

Use df to verify that we are not booted from the altboot before doing
the / -> /altroot copy. OK deraadt@

add kern.version to daily report. ok deraadt@

remove check for /etc/news.expire;
ok millert@

some more extra mktemp randomness; millert@ ok

by means of utilising -f avoid some warnings when rotating accounting files; millert@ ok

- no more /var/ssyslog (unused)
- no more /var/spool/lpd (lpd uses /var/spool/output)
- no more /var/preserve (old vi directory)
- update docs to reflect this

help with systrace provos@
help and ok millert@

When creating > 1 files with mktemp(1), make sure that if the creation
of the n'th (n>1) file fails, the previous ones get removed before exit(1)
Idea by jason; ok millert deraadt

Use `hostname` not `hostname -s` in subject for consistency with
daily, weekly, and monthly. Closes PR 3017.

have df only display statistics about local filesystems (-l flag)

ok millert@

zap trailing spaces and tabs

Change when calendar(1) is such so that it is after mailq runs.
That way we avoid a flurry of transient calendar mail in the mailq.

Be anal about ssh and X11 hooks.

the first part of uucp going away. It will become a package

branches: 1.35.2;
Add -n to the netstat invocation. Faster running, less chance of being spoofed, no unneeded dial-on-demands

Correctly check empty mailq, closes PR 1602 (cjclark@alum.mit.edu)

branches: 1.33.2;

pipe output from /etc/security to a temp file and then check that
output was created before sending off a mail message to root.
This suppresses an empty mail message and a warning appended to the
end of the daily status report. OK millert@

Conform to the test(1) man page: use -L instead of -h when testing for
symbolic links (the -h flag is for compatibility only); millert@ ok

Prune /tmp traversal at .X11-unix
Since /tmp might be a link to /var/tmp, prune at ssh-* or .X11-unix
like the find on /tmp does.

use netstat -iv, not -i, to avoid truncation of ipv6 address. ok by deraadt

fix per pr1192; also == "xx" -> ~ /xx/, same thought

run pruning find with -x, to avoid /tmp based mountpoint pruning

no need for Subject: line, crontab does it

Only run msgs -c if /var/msgs exists and is not a symlink.

Don't prune dirs in /var/tmp on first pass; problem noted by m4@umn.edu

do not delete files like that, geez

Don't remove files in /tmp/ssh-*

fix root backup

indent

run calendar in the background

1 fix from enami@ba2.so-net.or.jp

Add option to turn off calendar via env variables settable via cron.
Ie: ``CALENDAR=0'' will turn it off which is useful for machines with
no local users that do not run YP.

lite2 daily + our changes. We can remove old tmp files now that fts(3)
is safe and we have -execdir.

No point in ls'ing the template, it will never exist.

Less output when not needed.

use mktemp(1) and don't talk about core files unless it finds some.

Improved handling of temporary files.

indicate hostname in security report

indent

only run calendar on yp server; from matthieu@laas.fr

slight clarification.

daily: disable the fscks by default.
rc: add /usr/local/lib to ldconfig.

still print about ugly files; from Todd.Miller@cs.colorado.edu

whoops

disable find | rm entities until we have a safe way of doing them

sync & label

sync with netbsd 960418

check for /etc/{daily,weekly,monthly}.local and run if they exist

branches: 1.1.1;
Initial revision

Use find -delete instead of execing rm and rmdir.
OK sthen@ denis@

Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@

Show unveil(2) violators in lastcomm(1) output and daily mail.
input Janne Johansson, schwarze@; OK deraadt@ millert@

Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.

ok rob, schwarze

Test if an acct file exists before trying to rename it. This silences
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka

Report processes that were killed due to pledge or memory access
violations in the daily mail.
OK millert@ jmc@

Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.

Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.

Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree

Tweak rcctl wording.

from ian@

Rename the 'faulty' list action to 'failed'; it clearer.

prodded by matthieu@
ok millert@ jung@ sthen@

Run "rcctl ls faulty", which is silent when all services work as expected.
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea

Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp
to /usr/ports/pobj years ago.

OK millert@, ajacoutot@

VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting

"go ahead" schwarze@

Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.

Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.

done with rpe
ok many

don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena
ok schwarze@

jmc spotted more ruptime tentacles

rm rwhod tentacles

Have df(1) in the daily output show the inodes used/free.

a few developers thought this was a reasonable/good idea.

ugly spaces

backout atactl check; I had warned that this would try a lot of code
paths which are rarely tried. Problem reported by a few on the list.

Add a SMART check using atactl(8) against disks that support and have
SMART enabled.

Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.

inputs from sthen@ halex@ weerd@
ok deraadt@

Fix previous fix for /altroot processing. Should now work for both
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.

ok halex@ deraadt@

Let /altroot work with a duid-based fstab.

Reported by & fix tested by Dave Anderson. Thanks!

ok deraadt@

closing fd 0-2 is indeed bad style and potentially dangerous, as pointed
out by Arne Becker, who also supplied the diff, thanks!

ok schwarze@
agreed by many

Even though SUIDSKIP used to be a mere shell variable, it was propagated
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.

Switch from the old shell script /etc/security
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.

Silence errors in the temp dir cleanup process

ok phessler@ sthen@

Kill msgs. Noone uses it, and it has a longjmp in it.
Lots of agreement.

handle portslock. reminded by antoine@

Three rdist log file name improvements on one single line:
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@

polish comments, no functional change:
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@

Before dd'ing raw partitions around, do stricter sanity checking:
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense

skip the ROOTBACKUP when the destination disk device is not configured;
suggested, tweaked and ok by guenther@

handle PATH in the same way as in monthly(8) and weekly(8),
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@

move kern.version and uptime back to the top of the output
by moving it down to the bottom of the code;
"I definitely like this" ajacoutot@

New variable VERBOSESTATUS (=1 by default).
When set to 0, daily(8) won't send mail unless there is something to report.
Using feedback from kettenis@ henning@ jmc@
OK sthen@ jmc@

avoid unnecessary changes of the output
in order not to annoy parser scripts and their owners (like henning@)

make weekly and monthly silent by default
add the same infrastructure to daily; silencing daily needs another step
discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@
"immediately commit" deraadt@ (without seeing the final diff)

remove dead code and the associated documentation
while here, remove the misleading shbang and an unused variable
and add the missing cross reference to ac(8)
ok sthen@ jmc@

Force umask to 022 so we don't heritate 077 from root's crontab command
(output logs are still umask 077)

"i think this is right" deraadt@

make code look better

Exit when asked to. OK by deraadt, spotted by lumpy.

Remove fdescfs

Remove kernfs, okay deraadt@.

ok, add uptime after kernel version

Don't rmdir .ICE-unix from /tmp or /var/tmp either. OK deraadt@

Don't rmdir vi.recover or .X11-unix from /tmp or /var/tmp. OK deraadt@

Use df to verify that we are not booted from the altboot before doing
the / -> /altroot copy. OK deraadt@

add kern.version to daily report. ok deraadt@

remove check for /etc/news.expire;
ok millert@

some more extra mktemp randomness; millert@ ok

by means of utilising -f avoid some warnings when rotating accounting files; millert@ ok

- no more /var/ssyslog (unused)
- no more /var/spool/lpd (lpd uses /var/spool/output)
- no more /var/preserve (old vi directory)
- update docs to reflect this

help with systrace provos@
help and ok millert@

When creating > 1 files with mktemp(1), make sure that if the creation
of the n'th (n>1) file fails, the previous ones get removed before exit(1)
Idea by jason; ok millert deraadt

Use `hostname` not `hostname -s` in subject for consistency with
daily, weekly, and monthly. Closes PR 3017.

have df only display statistics about local filesystems (-l flag)

ok millert@

zap trailing spaces and tabs

Change when calendar(1) is such so that it is after mailq runs.
That way we avoid a flurry of transient calendar mail in the mailq.

Be anal about ssh and X11 hooks.

the first part of uucp going away. It will become a package

branches: 1.35.2;
Add -n to the netstat invocation. Faster running, less chance of being spoofed, no unneeded dial-on-demands

Correctly check empty mailq, closes PR 1602 (cjclark@alum.mit.edu)

branches: 1.33.2;

pipe output from /etc/security to a temp file and then check that
output was created before sending off a mail message to root.
This suppresses an empty mail message and a warning appended to the
end of the daily status report. OK millert@

Conform to the test(1) man page: use -L instead of -h when testing for
symbolic links (the -h flag is for compatibility only); millert@ ok

Prune /tmp traversal at .X11-unix
Since /tmp might be a link to /var/tmp, prune at ssh-* or .X11-unix
like the find on /tmp does.

use netstat -iv, not -i, to avoid truncation of ipv6 address. ok by deraadt

fix per pr1192; also == "xx" -> ~ /xx/, same thought

run pruning find with -x, to avoid /tmp based mountpoint pruning

no need for Subject: line, crontab does it

Only run msgs -c if /var/msgs exists and is not a symlink.

Don't prune dirs in /var/tmp on first pass; problem noted by m4@umn.edu

do not delete files like that, geez

Don't remove files in /tmp/ssh-*

fix root backup

indent

run calendar in the background

1 fix from enami@ba2.so-net.or.jp

Add option to turn off calendar via env variables settable via cron.
Ie: ``CALENDAR=0'' will turn it off which is useful for machines with
no local users that do not run YP.

lite2 daily + our changes. We can remove old tmp files now that fts(3)
is safe and we have -execdir.

No point in ls'ing the template, it will never exist.

Less output when not needed.

use mktemp(1) and don't talk about core files unless it finds some.

Improved handling of temporary files.

indicate hostname in security report

indent

only run calendar on yp server; from matthieu@laas.fr

slight clarification.

daily: disable the fscks by default.
rc: add /usr/local/lib to ldconfig.

still print about ugly files; from Todd.Miller@cs.colorado.edu

whoops

disable find | rm entities until we have a safe way of doing them

sync & label

sync with netbsd 960418

check for /etc/{daily,weekly,monthly}.local and run if they exist

branches: 1.1.1;
Initial revision

Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@

Show unveil(2) violators in lastcomm(1) output and daily mail.
input Janne Johansson, schwarze@; OK deraadt@ millert@

Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.

ok rob, schwarze

Test if an acct file exists before trying to rename it. This silences
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka

Report processes that were killed due to pledge or memory access
violations in the daily mail.
OK millert@ jmc@

Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.

Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.

Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree

Tweak rcctl wording.

from ian@

Rename the 'faulty' list action to 'failed'; it clearer.

prodded by matthieu@
ok millert@ jung@ sthen@

Run "rcctl ls faulty", which is silent when all services work as expected.
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea

Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp
to /usr/ports/pobj years ago.

OK millert@, ajacoutot@

VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting

"go ahead" schwarze@

Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.

Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.

done with rpe
ok many

don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena
ok schwarze@

jmc spotted more ruptime tentacles

rm rwhod tentacles

Have df(1) in the daily output show the inodes used/free.

a few developers thought this was a reasonable/good idea.

ugly spaces

backout atactl check; I had warned that this would try a lot of code
paths which are rarely tried. Problem reported by a few on the list.

Add a SMART check using atactl(8) against disks that support and have
SMART enabled.

Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.

inputs from sthen@ halex@ weerd@
ok deraadt@

Fix previous fix for /altroot processing. Should now work for both
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.

ok halex@ deraadt@

Let /altroot work with a duid-based fstab.

Reported by & fix tested by Dave Anderson. Thanks!

ok deraadt@

closing fd 0-2 is indeed bad style and potentially dangerous, as pointed
out by Arne Becker, who also supplied the diff, thanks!

ok schwarze@
agreed by many

Even though SUIDSKIP used to be a mere shell variable, it was propagated
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.

Switch from the old shell script /etc/security
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.

Silence errors in the temp dir cleanup process

ok phessler@ sthen@

Kill msgs. Noone uses it, and it has a longjmp in it.
Lots of agreement.

handle portslock. reminded by antoine@

Three rdist log file name improvements on one single line:
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@

polish comments, no functional change:
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@

Before dd'ing raw partitions around, do stricter sanity checking:
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense

skip the ROOTBACKUP when the destination disk device is not configured;
suggested, tweaked and ok by guenther@

handle PATH in the same way as in monthly(8) and weekly(8),
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@

move kern.version and uptime back to the top of the output
by moving it down to the bottom of the code;
"I definitely like this" ajacoutot@

New variable VERBOSESTATUS (=1 by default).
When set to 0, daily(8) won't send mail unless there is something to report.
Using feedback from kettenis@ henning@ jmc@
OK sthen@ jmc@

avoid unnecessary changes of the output
in order not to annoy parser scripts and their owners (like henning@)

make weekly and monthly silent by default
add the same infrastructure to daily; silencing daily needs another step
discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@
"immediately commit" deraadt@ (without seeing the final diff)

remove dead code and the associated documentation
while here, remove the misleading shbang and an unused variable
and add the missing cross reference to ac(8)
ok sthen@ jmc@

Force umask to 022 so we don't heritate 077 from root's crontab command
(output logs are still umask 077)

"i think this is right" deraadt@

make code look better

Exit when asked to. OK by deraadt, spotted by lumpy.

Remove fdescfs

Remove kernfs, okay deraadt@.

ok, add uptime after kernel version

Don't rmdir .ICE-unix from /tmp or /var/tmp either. OK deraadt@

Don't rmdir vi.recover or .X11-unix from /tmp or /var/tmp. OK deraadt@

Use df to verify that we are not booted from the altboot before doing
the / -> /altroot copy. OK deraadt@

add kern.version to daily report. ok deraadt@

remove check for /etc/news.expire;
ok millert@

some more extra mktemp randomness; millert@ ok

by means of utilising -f avoid some warnings when rotating accounting files; millert@ ok

- no more /var/ssyslog (unused)
- no more /var/spool/lpd (lpd uses /var/spool/output)
- no more /var/preserve (old vi directory)
- update docs to reflect this

help with systrace provos@
help and ok millert@

When creating > 1 files with mktemp(1), make sure that if the creation
of the n'th (n>1) file fails, the previous ones get removed before exit(1)
Idea by jason; ok millert deraadt

Use `hostname` not `hostname -s` in subject for consistency with
daily, weekly, and monthly. Closes PR 3017.

have df only display statistics about local filesystems (-l flag)

ok millert@

zap trailing spaces and tabs