1#!/bin/sh - 2# 3# $NetBSD: daily,v 1.93 2018/09/23 23:16:34 kre Exp $ 4# @(#)daily 8.2 (Berkeley) 1/25/94 5# 6 7export PATH=/bin:/usr/bin:/sbin:/usr/sbin 8umask 077 9 10if [ -s /etc/daily.conf ]; then 11 . /etc/daily.conf 12fi 13if [ -s /etc/pkgpath.conf ]; then 14 . /etc/pkgpath.conf 15fi 16 17host="$(hostname)" 18date="$(date)" 19rcvar_manpage='daily.conf(5)' 20 21pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin} 22pkg_info=${pkg_info:-/usr/sbin/pkg_info} 23 24echo "To: ${MAILTO:-root}" 25echo "Subject: $host daily output for $date" 26echo "" 27 28if [ -f /etc/rc.subr ]; then 29 . /etc/rc.subr 30else 31 echo "Can't read /etc/rc.subr; aborting." 32 exit 1; 33fi 34 35if [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then 36 MAILTO=root 37fi 38 39if [ -n "${pkgdb_dir}" ]; then 40 echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 41 echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 42 _compat_K_flag="-K ${pkgdb_dir}" 43fi 44 45echo "" 46echo "Uptime: $(uptime)" 47 48# Uncommenting any of the finds below would open up a race condition attack 49# based on symlinks, potentially allowing removal of any file on the system. 50# 51#echo "" 52#echo "Removing scratch and junk files:" 53#if [ -d /tmp ] && ! [ -h /tmp ]; then 54# cd /tmp && { 55# find . -type f -atime +3 -exec rm -f -- {} \; 56# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 57# >/dev/null 2>&1; } 58#fi 59 60#if [ -d /var/tmp ] && ! [ -h /var/tmp ]; then 61# cd /var/tmp && { 62# find . ! -name . -atime +7 -exec rm -f -- {} \; 63# find . ! \( -name . -o -name vi.recover \) -type d \ 64# -mtime +1 -exec rmdir -- {} \; \ 65# >/dev/null 2>&1; } 66#fi 67 68# Additional junk directory cleanup would go like this: 69#if [ -d /scratch ] && ! [ -h /scratch ]; then 70# cd /scratch && { 71# find . ! -name . -atime +1 -exec rm -f -- {} \; 72# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 73# >/dev/null 2>&1; } 74#fi 75 76#if [ -d /var/rwho ] && ! [ -h /var/rwho ] ; then 77# cd /var/rwho && { 78# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 79#fi 80 81DAILYDIR=$(mktemp -d -t _daily) || exit 1 82 83trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 84 85if ! cd "$DAILYDIR"; then 86 echo "Can not cd to $DAILYDIR". 87 exit 1 88fi 89 90TMP=daily.$$ 91TMP2=daily2.$$ 92 93if checkyesno find_core; then 94 # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 95 ignfstypes="$(echo $find_core_ignore_fstypes | \ 96 sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 97 -e's/^-o //')" 98 # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" 99 # Set ignpaths empty if no find_core_ignore_paths given 100 if [ -n "$find_core_ignore_paths" ]; then 101 ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" 102 ignpaths="( ${ignpaths# -o } ) -prune -o" 103 else 104 ignpaths="" 105 fi 106 find / \( $ignfstypes \) -prune -o \ 107 ${ignpaths} \ 108 -name 'lost+found' -prune -o \ 109 \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 110# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 111# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 112# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 113 114 egrep '\.core$|^core$' $TMP > $TMP2 115 if [ -s $TMP2 ]; then 116 echo "" 117 echo "Possible core dumps:" 118 cat $TMP2 119 fi 120 121# egrep -v '\.core' $TMP > $TMP2 122# if [ -s $TMP2 ]; then 123# echo "" 124# echo "Deleted files:" 125# cat $TMP2 126# fi 127 128 rm -f $TMP $TMP2 129fi 130 131if checkyesno run_msgs; then 132 msgs -c 133fi 134 135if checkyesno expire_news && [ -f /etc/news.expire ]; then 136 /etc/news.expire 137fi 138 139if checkyesno purge_accounting && [ -f /var/account/acct ]; then 140 echo "" 141 echo "Purging accounting records:" 142 if [ -f /var/account/acct.0.gz ]; then 143 mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 144 mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 145 mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 146 else 147 mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 148 mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 149 mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 150 fi 151 cp /var/account/acct /var/account/acct.0 152 sa -sq 153 if [ -f /var/account/acct.1.gz ]; then 154 gzip /var/account/acct.0 155 fi 156fi 157 158if checkyesno run_calendar; then 159 calendar -a > $TMP 2>&1 160 if [ -s $TMP ]; then 161 echo "" 162 echo "Running calendar:" 163 cat $TMP 164 fi 165 rm -f $TMP 166fi 167 168if checkyesno check_disks; then 169 if checkyesno show_remote_fs; then 170 df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 171 else 172 df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 173 fi 174 if [ -s /etc/dumpdates ] ; then 175 dump -W > $TMP2 176 fi 177 if [ -s $TMP ] || [ -s $TMP2 ]; then 178 echo "" 179 echo "Checking subsystem status:" 180 echo "" 181 echo "disks:" 182 if [ -s $TMP ]; then 183 cat $TMP | sed 's/Mounted on/Mount/' 184 echo "" 185 fi 186 if [ -s $TMP2 ]; then 187 cat $TMP2 188 echo "" 189 fi 190 echo "" 191 fi 192 rm -f $TMP $TMP2 193 touch $TMP2 194 for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 195 raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 196 if [ -s $TMP ]; then 197 echo "$dev:" >> $TMP2 198 cat $TMP >> $TMP2 199 fi 200 rm -f $TMP 201 done 202 if [ -s $TMP2 ]; then 203 echo "failed RAIDframe component(s):" 204 cat $TMP2 205 fi 206 rm -f $TMP2 207fi 208 209if checkyesno check_mailq; then 210 mailq > $TMP 211 if ! grep -q "queue is empty$" $TMP; then 212 echo "" 213 echo "mail:" 214 cat $TMP 215 fi 216fi 217 218rm -f $TMP 219 220if checkyesno check_network; then 221 echo "" 222 echo "network:" 223 if checkyesno full_netstat; then 224 netstat -inv 225 else 226 netstat -inv | awk 'BEGIN { 227 ifs[""] = 0; 228 } 229 /^[^\*]* / { 230 if (NR == 1) { 231 printf("%-8s %12s %6s %12s %6s %6s\n", 232 $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 233 next; 234 } 235 if (!($1 in ifs)) { 236 printf("%-8s %12s %6s %12s %6s %6s\n", 237 $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 238 ifs[$1] = 1; 239 } 240 }' 241 fi 242 echo "" 243 t=/var/rwho/* 244 if [ "$t" != '/var/rwho/*' ]; then 245 ruptime 246 fi 247fi 248 249if checkyesno run_fsck; then 250 echo "" 251 echo "Checking file systems:" 252 fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 253fi 254 255if checkyesno run_rdist && [ -f /etc/Distfile ]; then 256 echo "" 257 echo "Running rdist:" 258 if [ -d /var/log/rdist ]; then 259 logf="$(date +%Y.%b.%d)" 260 rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 261 else 262 rdist -f /etc/Distfile 263 fi 264fi 265 266if ${pkg_info} ${_compat_K_flag} -q -E '*'; then 267 if [ -z "$fetch_pkg_vulnerabilities" ]; then 268 echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." 269 echo "You should set it to YES to enable vulnerability checks" 270 echo "or set it to NO to get rid of this warning." 271 elif checkyesno fetch_pkg_vulnerabilities; then 272 echo "" 273 echo "Fetching package vulnerabilities database:" 274 ( umask 022 && ${pkg_admin} ${_compat_K_flag} \ 275 fetch-pkg-vulnerabilities -u ) 276 fi 277fi 278 279if checkyesno run_security; then 280 SECOUT="$DAILYDIR/sec" 281 sh /etc/security > "$SECOUT" 2>&1 282 if [ ! -s "$SECOUT" ]; then 283 if checkyesno send_empty_security; then 284 echo "Nothing to report on $date" > "$SECOUT" 285 else 286 echo "" 287 echo "Suppressing empty security report." 288 fi 289 fi 290 if [ -s "$SECOUT" ]; then 291 if checkyesno separate_security_email; then 292 mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 293 else 294 echo "" 295 echo "$host daily insecurity output for $date:" 296 cat $SECOUT 297 fi 298 fi 299fi 300 301if checkyesno run_skeyaudit; then 302 if [ -s /etc/skeykeys ]; then 303 echo "" 304 echo "Checking remaining s/key OTPs:" 305 skeyaudit 306 fi 307fi 308 309if checkyesno run_makemandb; then 310 if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then 311 echo "" 312 echo "Updating man page index:" 313 (umask 022; nice -n 5 /usr/sbin/makemandb -Q) 314 fi 315fi 316 317if [ -f /etc/daily.local ]; then 318 ( . /etc/daily.local ) > $TMP 2>&1 319 if [ -s $TMP ] ; then 320 printf "\nRunning /etc/daily.local:\n" 321 cat $TMP 322 fi 323 rm -f $TMP 324fi 325