periodic.conf revision 256284
1#!/bin/sh 2# 3# This is defaults/periodic.conf - a file full of useful variables that 4# you can set to change the default behaviour of periodic jobs on your 5# system. You should not edit this file! Put any overrides into one of the 6# $periodic_conf_files instead and you will be able to update these defaults 7# later without spamming your local configuration information. 8# 9# The $periodic_conf_files files should only contain values which override 10# values set in this file. This eases the upgrade path when defaults 11# are changed and new features are added. 12# 13# For a more detailed explanation of all the periodic.conf variables, please 14# refer to the periodic.conf(5) manual page. 15# 16# $FreeBSD: head/etc/defaults/periodic.conf 256284 2013-10-10 18:05:13Z gjb $ 17# 18 19# What files override these defaults ? 20periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" 21 22# periodic script dirs 23local_periodic="/usr/local/etc/periodic" 24 25 26# Daily options 27 28# These options are used by periodic(8) itself to determine what to do 29# with the output of the sub-programs that are run, and where to send 30# that output. $daily_output might be set to /var/log/daily.log if you 31# wish to log the daily output and have the files rotated by newsyslog(8) 32# 33daily_output="root" # user or /file 34daily_show_success="YES" # scripts returning 0 35daily_show_info="YES" # scripts returning 1 36daily_show_badconfig="NO" # scripts returning 2 37 38# 100.clean-disks 39daily_clean_disks_enable="NO" # Delete files daily 40daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" 41daily_clean_disks_days=3 # If older than this 42daily_clean_disks_verbose="YES" # Mention files deleted 43 44# 110.clean-tmps 45daily_clean_tmps_enable="NO" # Delete stuff daily 46daily_clean_tmps_dirs="/tmp" # Delete under here 47daily_clean_tmps_days="3" # If not accessed for 48daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" 49daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" 50daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" 51 # Don't delete these 52daily_clean_tmps_verbose="YES" # Mention files deleted 53 54# 120.clean-preserve 55daily_clean_preserve_enable="YES" # Delete files daily 56daily_clean_preserve_days=7 # If not modified for 57daily_clean_preserve_verbose="YES" # Mention files deleted 58 59# 130.clean-msgs 60daily_clean_msgs_enable="YES" # Delete msgs daily 61daily_clean_msgs_days= # If not modified for 62 63# 140.clean-rwho 64daily_clean_rwho_enable="YES" # Delete rwho daily 65daily_clean_rwho_days=7 # If not modified for 66daily_clean_rwho_verbose="YES" # Mention files deleted 67 68# 150.clean-hoststat 69daily_clean_hoststat_enable="YES" # Purge sendmail host 70 # status cache daily 71 72# 200.backup-passwd 73daily_backup_passwd_enable="YES" # Backup passwd & group 74 75# 210.backup-aliases 76daily_backup_aliases_enable="YES" # Backup mail aliases 77 78# 220.backup-pkgdb 79daily_backup_pkgdb_enable="YES" # Backup /var/db/pkg 80daily_backup_pkgdb_dir="/var/backups" 81 82# 300.calendar 83daily_calendar_enable="NO" # Run calendar -a 84 85# 310.accounting 86daily_accounting_enable="YES" # Rotate acct files 87daily_accounting_compress="NO" # Gzip rotated files 88daily_accounting_flags=-q # Flags to /usr/sbin/sa 89daily_accounting_save=3 # How many files to save 90 91# 330.news 92daily_news_expire_enable="YES" # Run news.expire 93 94# 400.status-disks 95daily_status_disks_enable="YES" # Check disk status 96daily_status_disks_df_flags="-l -h" # df(1) flags for check 97 98# 401.status-graid 99daily_status_graid_enable="NO" # Check graid(8) 100 101# 404.status-zfs 102daily_status_zfs_enable="NO" # Check ZFS 103daily_status_zfs_zpool_list_enable="YES" # List ZFS pools 104 105# 406.status-gmirror 106daily_status_gmirror_enable="NO" # Check gmirror(8) 107 108# 407.status-graid3 109daily_status_graid3_enable="NO" # Check graid3(8) 110 111# 408.status-gstripe 112daily_status_gstripe_enable="NO" # Check gstripe(8) 113 114# 409.status-gconcat 115daily_status_gconcat_enable="NO" # Check gconcat(8) 116 117# 420.status-network 118daily_status_network_enable="YES" # Check network status 119daily_status_network_usedns="YES" # DNS lookups are ok 120 121# 430.status-rwho 122daily_status_rwho_enable="YES" # Check system status 123 124# 440.status-mailq 125daily_status_mailq_enable="YES" # Check mail status 126daily_status_mailq_shorten="NO" # Shorten output 127daily_status_include_submit_mailq="YES" # Also submit queue 128 129# 450.status-security 130daily_status_security_enable="YES" # Security check 131# See also "Security options" below for more options 132daily_status_security_inline="NO" # Run inline ? 133daily_status_security_output="root" # user or /file 134 135# 460.status-mail-rejects 136daily_status_mail_rejects_enable="YES" # Check mail rejects 137daily_status_mail_rejects_logs=3 # How many logs to check 138daily_status_mail_rejects_shorten="NO" # Shorten output 139 140# 470.status-named 141daily_status_named_enable="YES" 142daily_status_named_usedns="YES" # DNS lookups are ok 143 144# 480.status-ntpd 145daily_status_ntpd_enable="NO" # Check NTP status 146 147# 490.status-pkg-changes 148daily_status_pkg_changes_enable="NO" # Show package changes 149pkg_info="pkg_info" # Use this program 150 151# 500.queuerun 152daily_queuerun_enable="YES" # Run mail queue 153daily_submit_queuerun="YES" # Also submit queue 154 155# 800.scrub-zfs 156daily_scrub_zfs_enable="NO" 157daily_scrub_zfs_pools="" # empty string selects all pools 158daily_scrub_zfs_default_threshold="35" # days between scrubs 159#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold 160 161# 999.local 162daily_local="/etc/daily.local" # Local scripts 163 164 165# Weekly options 166 167# These options are used by periodic(8) itself to determine what to do 168# with the output of the sub-programs that are run, and where to send 169# that output. $weekly_output might be set to /var/log/weekly.log if you 170# wish to log the weekly output and have the files rotated by newsyslog(8) 171# 172weekly_output="root" # user or /file 173weekly_show_success="YES" # scripts returning 0 174weekly_show_info="YES" # scripts returning 1 175weekly_show_badconfig="NO" # scripts returning 2 176 177# 310.locate 178weekly_locate_enable="YES" # Update locate weekly 179 180# 320.whatis 181weekly_whatis_enable="YES" # Update whatis weekly 182 183# 330.catman 184weekly_catman_enable="NO" # Preformat man pages 185 186# 340.noid 187weekly_noid_enable="NO" # Find unowned files 188weekly_noid_dirs="/" # Look here 189 190# 400.status-pkg 191weekly_status_pkg_enable="NO" # Find out-of-date pkgs 192pkg_version=pkg_version # Use this program 193pkg_version_index=/usr/ports/INDEX-11 # Use this index file 194 195# 450.status-security 196weekly_status_security_enable="YES" # Security check 197# See also "Security options" above for more options 198weekly_status_security_inline="NO" # Run inline ? 199weekly_status_security_output="root" # user or /file 200 201# 999.local 202weekly_local="/etc/weekly.local" # Local scripts 203 204 205# Monthly options 206 207# These options are used by periodic(8) itself to determine what to do 208# with the output of the sub-programs that are run, and where to send 209# that output. $monthly_output might be set to /var/log/monthly.log if you 210# wish to log the monthly output and have the files rotated by newsyslog(8) 211# 212monthly_output="root" # user or /file 213monthly_show_success="YES" # scripts returning 0 214monthly_show_info="YES" # scripts returning 1 215monthly_show_badconfig="NO" # scripts returning 2 216 217# 200.accounting 218monthly_accounting_enable="YES" # Login accounting 219 220# 450.status-security 221monthly_status_security_enable="YES" # Security check 222# See also "Security options" above for more options 223monthly_status_security_inline="NO" # Run inline ? 224monthly_status_security_output="root" # user or /file 225 226# 999.local 227monthly_local="/etc/monthly.local" # Local scripts 228 229 230# Security options 231 232# These options are used by the security periodic(8) scripts spawned in 233# daily and weekly 450.status-security. 234security_status_logdir="/var/log" # Directory for logs 235security_status_diff_flags="-b -u" # flags for diff output 236 237# Each of the security_status_*_period options below can have one of the 238# following values: 239# - NO: do not run at all 240# - daily: only run during the daily security status 241# - weekly: only run during the weekly security status 242# - monthly: only run during the monthly security status 243# Note that if periodic security scripts are run from crontab(5) directly, 244# they will be run unless _enable or _period is set to "NO". 245 246# 100.chksetuid 247security_status_chksetuid_enable="YES" 248security_status_chksetuid_period="daily" 249 250# 110.neggrpperm 251security_status_neggrpperm_enable="YES" 252security_status_neggrpperm_period="daily" 253 254# 200.chkmounts 255security_status_chkmounts_enable="YES" 256security_status_chkmounts_period="daily" 257#security_status_chkmounts_ignore="^amd:" # Don't check matching 258 # FS types 259security_status_noamd="NO" # Don't check amd mounts 260 261# 300.chkuid0 262security_status_chkuid0_enable="YES" 263security_status_chkuid0_period="daily" 264 265# 400.passwdless 266security_status_passwdless_enable="YES" 267security_status_passwdless_period="daily" 268 269# 410.logincheck 270security_status_logincheck_enable="YES" 271security_status_logincheck_period="daily" 272 273# 460.chkportsum 274security_status_chkportsum_enable="NO" # Check ports w/ wrong checksum 275security_status_chkportsum_period="daily" 276 277# 500.ipfwdenied 278security_status_ipfwdenied_enable="YES" 279security_status_ipfwdenied_period="daily" 280 281# 510.ipfdenied 282security_status_ipfdenied_enable="YES" 283security_status_ipfdenied_period="daily" 284 285# 520.pfdenied 286security_status_pfdenied_enable="YES" 287security_status_pfdenied_period="daily" 288 289# 550.ipfwlimit 290security_status_ipfwlimit_enable="YES" 291security_status_ipfwlimit_period="daily" 292 293# 610.ipf6denied 294security_status_ipf6denied_enable="YES" 295security_status_ipf6denied_period="daily" 296 297# 700.kernelmsg 298security_status_kernelmsg_enable="YES" 299security_status_kernelmsg_period="daily" 300 301# 800.loginfail 302security_status_loginfail_enable="YES" 303security_status_loginfail_period="daily" 304 305# 900.tcpwrap 306security_status_tcpwrap_enable="YES" 307security_status_tcpwrap_period="daily" 308 309 310 311# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* 312# scripts to source defaults/periodic.conf overrides safely. 313 314if [ -z "${source_periodic_confs_defined}" ]; then 315 source_periodic_confs_defined=yes 316 317 # Compatibility with old daily variable names. 318 # They can be removed in stable/11. 319 security_daily_compat_var() { 320 local var=$1 dailyvar value 321 322 dailyvar=daily_status_security${#status_security} 323 periodvar=${var%enable}period 324 eval value=\"\$$dailyvar\" 325 [ -z "$value" ] && return 326 echo "Warning: Variable \$$dailyvar is deprecated," \ 327 "use \$$var instead." >&2 328 case "$value" in 329 [Yy][Ee][Ss]) 330 $var=YES 331 $periodvar=daily 332 ;; 333 *) 334 $var="$value" 335 ;; 336 esac 337 } 338 339 check_yesno_period() { 340 local var="$1" periodvar value period 341 342 eval value=\"\$$var\" 343 case "$value" in 344 [Yy][Ee][Ss]) ;; 345 *) return 1 ;; 346 esac 347 348 periodvar=${var%enable}period 349 eval period=\"\$$periodvar\" 350 case "$PERIODIC" in 351 "security daily") 352 case "$period" in 353 [Dd][Aa][Ii][Ll][Yy]) return 0 ;; 354 *) return 1 ;; 355 esac 356 ;; 357 "security weekly") 358 case "$period" in 359 [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; 360 *) return 1 ;; 361 esac 362 ;; 363 "security monthly") 364 case "$period" in 365 [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; 366 *) return 1 ;; 367 esac 368 ;; 369 security) 370 # Run directly from crontab(5). 371 case "$period" in 372 [Nn][Oo]) return 1 ;; 373 *) return 0 ;; 374 esac 375 ;; 376 *) 377 echo "ASSERTION FAILED: Unexpected value for " \ 378 "\$PERIODIC: '$PERIODIC'" >&2 379 exit 127 380 ;; 381 esac 382 } 383 384 source_periodic_confs() { 385 local i sourced_files 386 387 for i in ${periodic_conf_files}; do 388 case ${sourced_files} in 389 *:$i:*) 390 ;; 391 *) 392 sourced_files="${sourced_files}:$i:" 393 [ -r $i ] && . $i 394 ;; 395 esac 396 done 397 } 398fi 399