periodic.conf revision 285444
161981Sbrian#!/bin/sh 261981Sbrian# 361981Sbrian# This is defaults/periodic.conf - a file full of useful variables that 461981Sbrian# you can set to change the default behaviour of periodic jobs on your 561981Sbrian# system. You should not edit this file! Put any overrides into one of the 661981Sbrian# $periodic_conf_files instead and you will be able to update these defaults 761981Sbrian# later without spamming your local configuration information. 861981Sbrian# 961981Sbrian# The $periodic_conf_files files should only contain values which override 1061981Sbrian# values set in this file. This eases the upgrade path when defaults 1161981Sbrian# are changed and new features are added. 1261981Sbrian# 13140771Skeramida# For a more detailed explanation of all the periodic.conf variables, please 14140771Skeramida# refer to the periodic.conf(5) manual page. 15140771Skeramida# 1661981Sbrian# $FreeBSD: head/etc/defaults/periodic.conf 285444 2015-07-13 10:15:01Z jlh $ 1761981Sbrian# 1861981Sbrian 1961981Sbrian# What files override these defaults ? 2061981Sbrianperiodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" 2161981Sbrian 2261981Sbrian# periodic script dirs 23170085Sdougblocal_periodic="/usr/local/etc/periodic" 2461981Sbrian 2561981Sbrian 2661981Sbrian# Daily options 2761981Sbrian 2865843Sbrian# These options are used by periodic(8) itself to determine what to do 2965843Sbrian# with the output of the sub-programs that are run, and where to send 3065843Sbrian# that output. $daily_output might be set to /var/log/daily.log if you 3165843Sbrian# wish to log the daily output and have the files rotated by newsyslog(8) 3265843Sbrian# 3365843Sbriandaily_output="root" # user or /file 3465843Sbriandaily_show_success="YES" # scripts returning 0 3565843Sbriandaily_show_info="YES" # scripts returning 1 3665843Sbriandaily_show_badconfig="NO" # scripts returning 2 3765843Sbrian 3861981Sbrian# 100.clean-disks 3961981Sbriandaily_clean_disks_enable="NO" # Delete files daily 4061981Sbriandaily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" 4161981Sbriandaily_clean_disks_days=3 # If older than this 4261981Sbriandaily_clean_disks_verbose="YES" # Mention files deleted 4361981Sbrian 4461981Sbrian# 110.clean-tmps 4561981Sbriandaily_clean_tmps_enable="NO" # Delete stuff daily 4661981Sbriandaily_clean_tmps_dirs="/tmp" # Delete under here 4761981Sbriandaily_clean_tmps_days="3" # If not accessed for 48174028Sjhbdaily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" 49205509Sjoergdaily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" 50236284Seadlerdaily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" 51174028Sjhb # Don't delete these 5261981Sbriandaily_clean_tmps_verbose="YES" # Mention files deleted 5361981Sbrian 5461981Sbrian# 120.clean-preserve 5561981Sbriandaily_clean_preserve_enable="YES" # Delete files daily 5661981Sbriandaily_clean_preserve_days=7 # If not modified for 5761981Sbriandaily_clean_preserve_verbose="YES" # Mention files deleted 5861981Sbrian 5961981Sbrian# 130.clean-msgs 6061981Sbriandaily_clean_msgs_enable="YES" # Delete msgs daily 6161981Sbriandaily_clean_msgs_days= # If not modified for 6261981Sbrian 6361981Sbrian# 140.clean-rwho 6461981Sbriandaily_clean_rwho_enable="YES" # Delete rwho daily 6561981Sbriandaily_clean_rwho_days=7 # If not modified for 6661981Sbriandaily_clean_rwho_verbose="YES" # Mention files deleted 6761981Sbrian 6861981Sbrian# 150.clean-hoststat 69108959Swollmandaily_clean_hoststat_enable="YES" # Purge sendmail host 70108959Swollman # status cache daily 7161981Sbrian 7261981Sbrian# 200.backup-passwd 7361981Sbriandaily_backup_passwd_enable="YES" # Backup passwd & group 7461981Sbrian 7561981Sbrian# 210.backup-aliases 7661981Sbriandaily_backup_aliases_enable="YES" # Backup mail aliases 7761981Sbrian 7861981Sbrian# 300.calendar 7961981Sbriandaily_calendar_enable="NO" # Run calendar -a 8061981Sbrian 8161981Sbrian# 310.accounting 8261981Sbriandaily_accounting_enable="YES" # Rotate acct files 8362054Sbriandaily_accounting_compress="NO" # Gzip rotated files 8477496Sbriandaily_accounting_flags=-q # Flags to /usr/sbin/sa 8577492Sbriandaily_accounting_save=3 # How many files to save 8661981Sbrian 8761981Sbrian# 330.news 8861981Sbriandaily_news_expire_enable="YES" # Run news.expire 8961981Sbrian 9061981Sbrian# 400.status-disks 9161981Sbriandaily_status_disks_enable="YES" # Check disk status 92279952Sjhbdaily_status_disks_df_flags="-l -h" # df(1) flags for check 9361981Sbrian 94249095Smav# 401.status-graid 95249095Smavdaily_status_graid_enable="NO" # Check graid(8) 96249095Smav 97168412Spjd# 404.status-zfs 98168412Spjddaily_status_zfs_enable="NO" # Check ZFS 99231171Sgjbdaily_status_zfs_zpool_list_enable="YES" # List ZFS pools 100168412Spjd 101154304Swollman# 406.status-gmirror 102154304Swollmandaily_status_gmirror_enable="NO" # Check gmirror(8) 103154304Swollman 104156216Sbrueffer# 407.status-graid3 105156216Sbruefferdaily_status_graid3_enable="NO" # Check graid3(8) 106156216Sbrueffer 107156216Sbrueffer# 408.status-gstripe 108156216Sbruefferdaily_status_gstripe_enable="NO" # Check gstripe(8) 109156216Sbrueffer 110156216Sbrueffer# 409.status-gconcat 111156216Sbruefferdaily_status_gconcat_enable="NO" # Check gconcat(8) 112156216Sbrueffer 11361981Sbrian# 420.status-network 11461981Sbriandaily_status_network_enable="YES" # Check network status 11561981Sbriandaily_status_network_usedns="YES" # DNS lookups are ok 116280721Sjhbdaily_status_network_netstat_flags="-d" # netstat(1) flags 11761981Sbrian 11861981Sbrian# 430.status-rwho 11961981Sbriandaily_status_rwho_enable="YES" # Check system status 12061981Sbrian 12161981Sbrian# 440.status-mailq 12261981Sbriandaily_status_mailq_enable="YES" # Check mail status 12361981Sbriandaily_status_mailq_shorten="NO" # Shorten output 12494342Sgshapirodaily_status_include_submit_mailq="YES" # Also submit queue 12561981Sbrian 12661981Sbrian# 450.status-security 12761981Sbriandaily_status_security_enable="YES" # Security check 128254974Sjlh# See also "Security options" below for more options 129254974Sjlhdaily_status_security_inline="NO" # Run inline ? 130254974Sjlhdaily_status_security_output="root" # user or /file 13161981Sbrian 13261981Sbrian# 460.status-mail-rejects 13361981Sbriandaily_status_mail_rejects_enable="YES" # Check mail rejects 13462274Sbriandaily_status_mail_rejects_logs=3 # How many logs to check 135175153Sddsdaily_status_mail_rejects_shorten="NO" # Shorten output 13661981Sbrian 137169517Smaxim# 480.status-ntpd 138169517Smaximdaily_status_ntpd_enable="NO" # Check NTP status 139169517Smaxim 14072677Speter# 500.queuerun 14172677Speterdaily_queuerun_enable="YES" # Run mail queue 14294342Sgshapirodaily_submit_queuerun="YES" # Also submit queue 14372677Speter 144277216Sgjb# 510.status-world-kernel 145277216Sgjbdaily_status_world_kernel="YES" # Check the running 146277216Sgjb # userland/kernel version 147277216Sgjb 148226471Sse# 800.scrub-zfs 149226471Ssedaily_scrub_zfs_enable="NO" 150226471Ssedaily_scrub_zfs_pools="" # empty string selects all pools 151226865Sdelphijdaily_scrub_zfs_default_threshold="35" # days between scrubs 152226865Sdelphij#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold 153226471Sse 15461981Sbrian# 999.local 15561981Sbriandaily_local="/etc/daily.local" # Local scripts 15661981Sbrian 15761981Sbrian 158255169Sjlh# Weekly options 159255169Sjlh 160255169Sjlh# These options are used by periodic(8) itself to determine what to do 161255169Sjlh# with the output of the sub-programs that are run, and where to send 162255169Sjlh# that output. $weekly_output might be set to /var/log/weekly.log if you 163255169Sjlh# wish to log the weekly output and have the files rotated by newsyslog(8) 164255169Sjlh# 165255169Sjlhweekly_output="root" # user or /file 166255169Sjlhweekly_show_success="YES" # scripts returning 0 167255169Sjlhweekly_show_info="YES" # scripts returning 1 168255169Sjlhweekly_show_badconfig="NO" # scripts returning 2 169255169Sjlh 170255169Sjlh# 310.locate 171255169Sjlhweekly_locate_enable="YES" # Update locate weekly 172255169Sjlh 173255169Sjlh# 320.whatis 174255169Sjlhweekly_whatis_enable="YES" # Update whatis weekly 175255169Sjlh 176255169Sjlh# 330.catman 177255169Sjlhweekly_catman_enable="NO" # Preformat man pages 178255169Sjlh 179255169Sjlh# 340.noid 180255169Sjlhweekly_noid_enable="NO" # Find unowned files 181255169Sjlhweekly_noid_dirs="/" # Look here 182255169Sjlh 183255169Sjlh# 450.status-security 184255169Sjlhweekly_status_security_enable="YES" # Security check 185255169Sjlh# See also "Security options" above for more options 186255169Sjlhweekly_status_security_inline="NO" # Run inline ? 187255169Sjlhweekly_status_security_output="root" # user or /file 188255169Sjlh 189255169Sjlh# 999.local 190255169Sjlhweekly_local="/etc/weekly.local" # Local scripts 191255169Sjlh 192255169Sjlh 193255169Sjlh# Monthly options 194255169Sjlh 195255169Sjlh# These options are used by periodic(8) itself to determine what to do 196255169Sjlh# with the output of the sub-programs that are run, and where to send 197255169Sjlh# that output. $monthly_output might be set to /var/log/monthly.log if you 198255169Sjlh# wish to log the monthly output and have the files rotated by newsyslog(8) 199255169Sjlh# 200255169Sjlhmonthly_output="root" # user or /file 201255169Sjlhmonthly_show_success="YES" # scripts returning 0 202255169Sjlhmonthly_show_info="YES" # scripts returning 1 203255169Sjlhmonthly_show_badconfig="NO" # scripts returning 2 204255169Sjlh 205255169Sjlh# 200.accounting 206255169Sjlhmonthly_accounting_enable="YES" # Login accounting 207255169Sjlh 208255169Sjlh# 450.status-security 209255169Sjlhmonthly_status_security_enable="YES" # Security check 210255169Sjlh# See also "Security options" above for more options 211255169Sjlhmonthly_status_security_inline="NO" # Run inline ? 212255169Sjlhmonthly_status_security_output="root" # user or /file 213255169Sjlh 214255169Sjlh# 999.local 215255169Sjlhmonthly_local="/etc/monthly.local" # Local scripts 216255169Sjlh 217255169Sjlh 21887514Scjc# Security options 21987514Scjc 220101607Sfanf# These options are used by the security periodic(8) scripts spawned in 221254974Sjlh# daily and weekly 450.status-security. 222254974Sjlhsecurity_status_logdir="/var/log" # Directory for logs 223254974Sjlhsecurity_status_diff_flags="-b -u" # flags for diff output 22487514Scjc 225255169Sjlh# Each of the security_status_*_period options below can have one of the 226254974Sjlh# following values: 227255169Sjlh# - NO: do not run at all 228254974Sjlh# - daily: only run during the daily security status 229254974Sjlh# - weekly: only run during the weekly security status 230255169Sjlh# - monthly: only run during the monthly security status 231255169Sjlh# Note that if periodic security scripts are run from crontab(5) directly, 232255169Sjlh# they will be run unless _enable or _period is set to "NO". 233254974Sjlh 23487514Scjc# 100.chksetuid 235254974Sjlhsecurity_status_chksetuid_enable="YES" 236254974Sjlhsecurity_status_chksetuid_period="daily" 23787514Scjc 238215213Sbrooks# 110.neggrpperm 239254974Sjlhsecurity_status_neggrpperm_enable="YES" 240254974Sjlhsecurity_status_neggrpperm_period="daily" 241215213Sbrooks 24287514Scjc# 200.chkmounts 243254974Sjlhsecurity_status_chkmounts_enable="YES" 244254974Sjlhsecurity_status_chkmounts_period="daily" 245254974Sjlh#security_status_chkmounts_ignore="^amd:" # Don't check matching 24687514Scjc # FS types 247254974Sjlhsecurity_status_noamd="NO" # Don't check amd mounts 24887514Scjc 24987514Scjc# 300.chkuid0 250254974Sjlhsecurity_status_chkuid0_enable="YES" 251254974Sjlhsecurity_status_chkuid0_period="daily" 25287514Scjc 25387514Scjc# 400.passwdless 254254974Sjlhsecurity_status_passwdless_enable="YES" 255254974Sjlhsecurity_status_passwdless_period="daily" 25687514Scjc 257161602Strhodes# 410.logincheck 258254974Sjlhsecurity_status_logincheck_enable="YES" 259254974Sjlhsecurity_status_logincheck_period="daily" 260161602Strhodes 26187514Scjc# 500.ipfwdenied 262254974Sjlhsecurity_status_ipfwdenied_enable="YES" 263254974Sjlhsecurity_status_ipfwdenied_period="daily" 26487514Scjc 265105937Sthomas# 510.ipfdenied 266254974Sjlhsecurity_status_ipfdenied_enable="YES" 267254974Sjlhsecurity_status_ipfdenied_period="daily" 268105937Sthomas 269138061Smlaier# 520.pfdenied 270254974Sjlhsecurity_status_pfdenied_enable="YES" 271254974Sjlhsecurity_status_pfdenied_period="daily" 272138061Smlaier 27387514Scjc# 550.ipfwlimit 274254974Sjlhsecurity_status_ipfwlimit_enable="YES" 275254974Sjlhsecurity_status_ipfwlimit_period="daily" 27687514Scjc 277128473Sdarrenr# 610.ipf6denied 278254974Sjlhsecurity_status_ipf6denied_enable="YES" 279254974Sjlhsecurity_status_ipf6denied_period="daily" 280128473Sdarrenr 28187514Scjc# 700.kernelmsg 282254974Sjlhsecurity_status_kernelmsg_enable="YES" 283254974Sjlhsecurity_status_kernelmsg_period="daily" 28487514Scjc 28587514Scjc# 800.loginfail 286254974Sjlhsecurity_status_loginfail_enable="YES" 287254974Sjlhsecurity_status_loginfail_period="daily" 28887514Scjc 28987514Scjc# 900.tcpwrap 290254974Sjlhsecurity_status_tcpwrap_enable="YES" 291254974Sjlhsecurity_status_tcpwrap_period="daily" 29287514Scjc 29387514Scjc 29461981Sbrian 29561981Sbrian# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* 29661981Sbrian# scripts to source defaults/periodic.conf overrides safely. 29761981Sbrian 29861981Sbrianif [ -z "${source_periodic_confs_defined}" ]; then 29961981Sbrian source_periodic_confs_defined=yes 300254974Sjlh 301254974Sjlh # Compatibility with old daily variable names. 302254974Sjlh # They can be removed in stable/11. 303254974Sjlh security_daily_compat_var() { 304254974Sjlh local var=$1 dailyvar value 305254974Sjlh 306257361Sjlh dailyvar=daily_status_security${var#security_status} 307254974Sjlh periodvar=${var%enable}period 308254974Sjlh eval value=\"\$$dailyvar\" 309254974Sjlh [ -z "$value" ] && return 310254974Sjlh echo "Warning: Variable \$$dailyvar is deprecated," \ 311254974Sjlh "use \$$var instead." >&2 312254974Sjlh case "$value" in 313254974Sjlh [Yy][Ee][Ss]) 314254974Sjlh $var=YES 315254974Sjlh $periodvar=daily 316254974Sjlh ;; 317254974Sjlh *) 318257364Sjlh eval $var=\"$value\" 319254974Sjlh ;; 320254974Sjlh esac 321254974Sjlh } 322254974Sjlh 323254974Sjlh check_yesno_period() { 324254974Sjlh local var="$1" periodvar value period 325254974Sjlh 326254974Sjlh eval value=\"\$$var\" 327254974Sjlh case "$value" in 328254974Sjlh [Yy][Ee][Ss]) ;; 329254974Sjlh *) return 1 ;; 330254974Sjlh esac 331254974Sjlh 332254974Sjlh periodvar=${var%enable}period 333254974Sjlh eval period=\"\$$periodvar\" 334254974Sjlh case "$PERIODIC" in 335254974Sjlh "security daily") 336254974Sjlh case "$period" in 337254974Sjlh [Dd][Aa][Ii][Ll][Yy]) return 0 ;; 338254974Sjlh *) return 1 ;; 339254974Sjlh esac 340254974Sjlh ;; 341254974Sjlh "security weekly") 342254974Sjlh case "$period" in 343254974Sjlh [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; 344254974Sjlh *) return 1 ;; 345254974Sjlh esac 346254974Sjlh ;; 347254974Sjlh "security monthly") 348254974Sjlh case "$period" in 349254974Sjlh [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; 350254974Sjlh *) return 1 ;; 351254974Sjlh esac 352254974Sjlh ;; 353254974Sjlh security) 354254974Sjlh # Run directly from crontab(5). 355254974Sjlh case "$period" in 356254974Sjlh [Nn][Oo]) return 1 ;; 357254974Sjlh *) return 0 ;; 358254974Sjlh esac 359254974Sjlh ;; 360285444Sjlh '') 361285444Sjlh # Script run manually. 362285444Sjlh return 0 363285444Sjlh ;; 364254974Sjlh *) 365285444Sjlh echo "ASSERTION FAILED: Unexpected value for" \ 366254974Sjlh "\$PERIODIC: '$PERIODIC'" >&2 367254974Sjlh exit 127 368254974Sjlh ;; 369254974Sjlh esac 370254974Sjlh } 371254974Sjlh 372238416Skevlo source_periodic_confs() { 37361981Sbrian local i sourced_files 37461981Sbrian 37561981Sbrian for i in ${periodic_conf_files}; do 37661981Sbrian case ${sourced_files} in 37761981Sbrian *:$i:*) 37861981Sbrian ;; 37961981Sbrian *) 38061981Sbrian sourced_files="${sourced_files}:$i:" 38161981Sbrian [ -r $i ] && . $i 38261981Sbrian ;; 38361981Sbrian esac 38461981Sbrian done 38561981Sbrian } 38661981Sbrianfi 387