1#!/bin/sh - 2# 3# $NetBSD: daily,v 1.80.2.6 2012/11/20 23:11:47 riz Exp $ 4# @(#)daily 8.2 (Berkeley) 1/25/94 5# 6 7export PATH=/bin:/usr/bin:/sbin:/usr/sbin 8umask 077 9 10if [ -s /etc/daily.conf ]; then 11 . /etc/daily.conf 12fi 13 14host="$(hostname)" 15date="$(date)" 16rcvar_manpage='daily.conf(5)' 17 18echo "To: ${MAILTO:-root}" 19echo "Subject: $host daily output for $date" 20echo "" 21 22if [ -f /etc/rc.subr ]; then 23 . /etc/rc.subr 24else 25 echo "Can't read /etc/rc.subr; aborting." 26 exit 1; 27fi 28 29if [ -z "$MAILTO" -o "$USER" != "root" ]; then 30 MAILTO=root 31fi 32 33if [ -n "${pkgdb_dir}" ]; then 34 echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 35 echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 36 _compat_K_flag="-K ${pkgdb_dir}" 37fi 38 39echo "" 40echo "Uptime: $(uptime)" 41 42# Uncommenting any of the finds below would open up a race condition attack 43# based on symlinks, potentially allowing removal of any file on the system. 44# 45#echo "" 46#echo "Removing scratch and junk files:" 47#if [ -d /tmp -a ! -h /tmp ]; then 48# cd /tmp && { 49# find . -type f -atime +3 -exec rm -f -- {} \; 50# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 51# >/dev/null 2>&1; } 52#fi 53 54#if [ -d /var/tmp -a ! -h /var/tmp ]; then 55# cd /var/tmp && { 56# find . ! -name . -atime +7 -exec rm -f -- {} \; 57# find . ! \( -name . -o -name vi.recover \) -type d \ 58# -mtime +1 -exec rmdir -- {} \; \ 59# >/dev/null 2>&1; } 60#fi 61 62# Additional junk directory cleanup would go like this: 63#if [ -d /scratch -a ! -h /scratch ]; then 64# cd /scratch && { 65# find . ! -name . -atime +1 -exec rm -f -- {} \; 66# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 67# >/dev/null 2>&1; } 68#fi 69 70#if [ -d /var/rwho -a ! -h /var/rwho ] ; then 71# cd /var/rwho && { 72# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 73#fi 74 75DAILYDIR=$(mktemp -d -t _daily) || exit 1 76 77trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 78 79if ! cd "$DAILYDIR"; then 80 echo "Can not cd to $DAILYDIR". 81 exit 1 82fi 83 84TMP=daily.$$ 85TMP2=daily2.$$ 86 87if checkyesno find_core; then 88 # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 89 ignfstypes="$(echo $find_core_ignore_fstypes | \ 90 sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 91 -e's/^-o //')" 92 # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" 93 # Set ignpaths empty if no find_core_ignore_paths given 94 if [ -n "$find_core_ignore_paths" ]; then 95 ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" 96 ignpaths="( ${ignpaths# -o } ) -prune -o" 97 else 98 ignpaths="" 99 fi 100 find / \( $ignfstypes \) -prune -o \ 101 ${ignpaths} \ 102 -name 'lost+found' -prune -o \ 103 \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 104# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 105# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 106# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 107 108 egrep '\.core$|^core$' $TMP > $TMP2 109 if [ -s $TMP2 ]; then 110 echo "" 111 echo "Possible core dumps:" 112 cat $TMP2 113 fi 114 115# egrep -v '\.core' $TMP > $TMP2 116# if [ -s $TMP2 ]; then 117# echo "" 118# echo "Deleted files:" 119# cat $TMP2 120# fi 121 122 rm -f $TMP $TMP2 123fi 124 125if checkyesno run_msgs; then 126 msgs -c 127fi 128 129if checkyesno expire_news && [ -f /etc/news.expire ]; then 130 /etc/news.expire 131fi 132 133if checkyesno purge_accounting && [ -f /var/account/acct ]; then 134 echo "" 135 echo "Purging accounting records:" 136 if [ -f /var/account/acct.0.gz ]; then 137 mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 138 mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 139 mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 140 else 141 mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 142 mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 143 mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 144 fi 145 cp /var/account/acct /var/account/acct.0 146 sa -sq 147 if [ -f /var/account/acct.1.gz ]; then 148 gzip /var/account/acct.0 149 fi 150fi 151 152if checkyesno run_calendar; then 153 calendar -a > $TMP 2>&1 154 if [ -s $TMP ]; then 155 echo "" 156 echo "Running calendar:" 157 cat $TMP 158 fi 159 rm -f $TMP 160fi 161 162if checkyesno check_disks; then 163 if checkyesno show_remote_fs; then 164 df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 165 else 166 df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 167 fi 168 if [ -s /etc/dumpdates ] ; then 169 dump -W > $TMP2 170 fi 171 if [ -s $TMP -o -s $TMP2 ]; then 172 echo "" 173 echo "Checking subsystem status:" 174 echo "" 175 echo "disks:" 176 if [ -s $TMP ]; then 177 cat $TMP | sed 's/Mounted on/Mount/' 178 echo "" 179 fi 180 if [ -s $TMP2 ]; then 181 cat $TMP2 182 echo "" 183 fi 184 echo "" 185 fi 186 rm -f $TMP $TMP2 187 touch $TMP2 188 for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 189 raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 190 if [ -s $TMP ]; then 191 echo "$dev:" >> $TMP2 192 cat $TMP >> $TMP2 193 fi 194 rm -f $TMP 195 done 196 if [ -s $TMP2 ]; then 197 echo "failed RAIDframe component(s):" 198 cat $TMP2 199 fi 200 rm -f $TMP2 201fi 202 203if checkyesno check_mailq; then 204 mailq > $TMP 205 if ! grep -q "queue is empty$" $TMP; then 206 echo "" 207 echo "mail:" 208 cat $TMP 209 fi 210fi 211 212rm -f $TMP 213 214if checkyesno check_network; then 215 echo "" 216 echo "network:" 217 if checkyesno full_netstat; then 218 netstat -inv 219 else 220 netstat -inv | awk 'BEGIN { 221 ifs[""] = 0; 222 } 223 /^[^\*]* / { 224 if (NR == 1) { 225 printf("%-8s %12s %6s %12s %6s %6s\n", 226 $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 227 next; 228 } 229 if (!($1 in ifs)) { 230 printf("%-8s %12s %6s %12s %6s %6s\n", 231 $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 232 ifs[$1] = 1; 233 } 234 }' 235 fi 236 echo "" 237 t=/var/rwho/* 238 if [ "$t" != '/var/rwho/*' ]; then 239 ruptime 240 fi 241fi 242 243if checkyesno run_fsck; then 244 echo "" 245 echo "Checking filesystems:" 246 fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 247fi 248 249if checkyesno run_rdist && [ -f /etc/Distfile ]; then 250 echo "" 251 echo "Running rdist:" 252 if [ -d /var/log/rdist ]; then 253 logf="$(date +%Y.%b.%d)" 254 rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 255 else 256 rdist -f /etc/Distfile 257 fi 258fi 259 260if pkg_info ${_compat_K_flag} -q -E '*'; then 261 if [ -z "fetch_pkg_vulnerabilities" ]; then 262 echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." 263 echo "You should set it to YES to enable vulnerability checks" 264 echo "or set it to NO to get rid of this warning." 265 elif checkyesno fetch_pkg_vulnerabilities; then 266 echo "" 267 echo "Fetching package vulnerabilities database:" 268 ( umask 022 && pkg_admin ${_compat_K_flag} \ 269 fetch-pkg-vulnerabilities -u ) 270 fi 271fi 272 273if checkyesno run_security; then 274 SECOUT="$DAILYDIR/sec" 275 sh /etc/security > "$SECOUT" 2>&1 276 if [ ! -s "$SECOUT" ]; then 277 if checkyesno send_empty_security; then 278 echo "Nothing to report on $date" > "$SECOUT" 279 else 280 echo "" 281 echo "Suppressing empty security report." 282 fi 283 fi 284 if [ -s "$SECOUT" ]; then 285 if checkyesno separate_security_email; then 286 mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 287 else 288 echo "" 289 echo "$host daily insecurity output for $date:" 290 cat $SECOUT 291 fi 292 fi 293fi 294 295if checkyesno run_skeyaudit; then 296 if [ -s /etc/skeykeys ]; then 297 echo "" 298 echo "Checking remaining s/key OTPs:" 299 skeyaudit 300 fi 301fi 302 303if checkyesno run_makemandb; then 304 if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then 305 echo "" 306 echo "Updating man page index:" 307 (umask 022; nice -n 5 /usr/sbin/makemandb -Q) 308 fi 309fi 310 311if [ -f /etc/daily.local ]; then 312 ( . /etc/daily.local ) > $TMP 2>&1 313 if [ -s $TMP ] ; then 314 printf "\nRunning /etc/daily.local:\n" 315 cat $TMP 316 fi 317 rm -f $TMP 318fi 319