1#!/bin/sh -
2#
3#	$NetBSD: daily,v 1.93 2018/09/23 23:16:34 kre Exp $
4#	@(#)daily	8.2 (Berkeley) 1/25/94
5#
6
7export PATH=/bin:/usr/bin:/sbin:/usr/sbin
8umask 077
9
10if [ -s /etc/daily.conf ]; then
11	. /etc/daily.conf
12fi
13if [ -s /etc/pkgpath.conf ]; then
14	. /etc/pkgpath.conf
15fi
16
17host="$(hostname)"
18date="$(date)"
19rcvar_manpage='daily.conf(5)'
20
21pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin}
22pkg_info=${pkg_info:-/usr/sbin/pkg_info}
23
24echo "To: ${MAILTO:-root}"
25echo "Subject: $host daily output for $date"
26echo ""
27
28if [ -f /etc/rc.subr ]; then
29	. /etc/rc.subr
30else
31	echo "Can't read /etc/rc.subr; aborting."
32	exit 1;
33fi
34
35if [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then
36	MAILTO=root
37fi
38
39if [ -n "${pkgdb_dir}" ]; then
40	echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
41	echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
42	_compat_K_flag="-K ${pkgdb_dir}"
43fi
44
45echo ""
46echo "Uptime: $(uptime)"
47
48# Uncommenting any of the finds below would open up a race condition attack
49# based on symlinks, potentially allowing removal of any file on the system.
50#
51#echo ""
52#echo "Removing scratch and junk files:"
53#if [ -d /tmp ] && ! [ -h /tmp ]; then
54#	cd /tmp && {
55#	find . -type f -atime +3 -exec rm -f -- {} \;
56#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
57#	    >/dev/null 2>&1; }
58#fi
59
60#if [ -d /var/tmp ] && ! [ -h /var/tmp ]; then
61#	cd /var/tmp && {
62#	find . ! -name . -atime +7 -exec rm -f -- {} \;
63#	find . ! \( -name . -o -name vi.recover \) -type d \
64#		-mtime +1 -exec rmdir -- {} \; \
65#	    >/dev/null 2>&1; }
66#fi
67
68# Additional junk directory cleanup would go like this:
69#if [ -d /scratch ] && ! [ -h /scratch ]; then
70#	cd /scratch && {
71#	find . ! -name . -atime +1 -exec rm -f -- {} \;
72#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
73#	    >/dev/null 2>&1; }
74#fi
75
76#if [ -d /var/rwho ] && ! [ -h /var/rwho ] ; then
77#	cd /var/rwho && {
78#	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
79#fi
80
81DAILYDIR=$(mktemp -d -t _daily) || exit 1
82
83trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
84
85if ! cd "$DAILYDIR"; then
86	echo "Can not cd to $DAILYDIR".
87	exit 1
88fi
89
90TMP=daily.$$
91TMP2=daily2.$$
92
93if checkyesno find_core; then
94	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
95	ignfstypes="$(echo $find_core_ignore_fstypes | \
96		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
97		    -e's/^-o //')"
98	# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
99	# Set ignpaths empty if no find_core_ignore_paths given
100	if [ -n "$find_core_ignore_paths" ]; then
101		ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
102		ignpaths="( ${ignpaths# -o } ) -prune -o"
103	else
104		ignpaths=""
105	fi
106	find / \( $ignfstypes \) -prune -o \
107		${ignpaths} \
108		-name 'lost+found' -prune -o \
109		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
110#		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
111#		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
112#			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
113
114	egrep '\.core$|^core$' $TMP > $TMP2
115	if [ -s $TMP2 ]; then
116		echo ""
117		echo "Possible core dumps:"
118		cat $TMP2
119	fi
120
121#	egrep -v '\.core' $TMP > $TMP2
122#	if [ -s $TMP2 ]; then
123#		echo ""
124#		echo "Deleted files:"
125#		cat $TMP2
126#	fi
127
128	rm -f $TMP $TMP2
129fi
130
131if checkyesno run_msgs; then
132	msgs -c
133fi
134
135if checkyesno expire_news && [ -f /etc/news.expire ]; then
136	/etc/news.expire
137fi
138
139if checkyesno purge_accounting && [ -f /var/account/acct ]; then
140	echo ""
141	echo "Purging accounting records:"
142	if [ -f /var/account/acct.0.gz ]; then
143		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
144		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
145		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
146	else
147		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
148		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
149		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
150	fi
151	cp /var/account/acct /var/account/acct.0
152	sa -sq
153	if [ -f /var/account/acct.1.gz ]; then
154		gzip /var/account/acct.0
155	fi
156fi
157
158if checkyesno run_calendar; then
159	calendar -a > $TMP 2>&1
160	if [ -s $TMP ]; then
161		echo ""
162		echo "Running calendar:"
163		cat $TMP
164	fi
165	rm -f $TMP
166fi
167
168if checkyesno check_disks; then
169	if checkyesno show_remote_fs; then
170		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
171	else
172		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
173	fi
174	if [ -s /etc/dumpdates ] ; then
175		dump -W > $TMP2
176	fi
177	if [ -s $TMP ] || [ -s $TMP2 ]; then
178		echo ""
179		echo "Checking subsystem status:"
180		echo ""
181		echo "disks:"
182		if [ -s $TMP ]; then
183			cat $TMP | sed 's/Mounted on/Mount/'
184			echo ""
185		fi
186		if [ -s $TMP2 ]; then
187			cat $TMP2
188			echo ""
189		fi
190		echo ""
191	fi
192	rm -f $TMP $TMP2
193	touch $TMP2
194	for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
195		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
196		if [ -s $TMP ]; then
197			echo "$dev:" >> $TMP2
198			cat $TMP >> $TMP2
199		fi
200		rm -f $TMP
201	done
202	if [ -s $TMP2 ]; then
203		echo "failed RAIDframe component(s):"
204			cat $TMP2
205	fi
206	rm -f $TMP2
207fi
208
209if checkyesno check_mailq; then
210	mailq > $TMP
211	if ! grep -q "queue is empty$" $TMP; then
212		echo ""
213		echo "mail:"
214		cat $TMP
215	fi
216fi
217
218rm -f $TMP
219
220if checkyesno check_network; then
221	echo ""
222	echo "network:"
223	if checkyesno full_netstat; then
224		netstat -inv
225	else
226		netstat -inv | awk 'BEGIN {
227			ifs[""] = 0;
228		}
229		/^[^\*]* / {
230			if (NR == 1) {
231				printf("%-8s %12s %6s %12s %6s %6s\n",
232				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
233				next;
234			}
235			if (!($1 in ifs)) {
236				printf("%-8s %12s %6s %12s %6s %6s\n",
237				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
238				ifs[$1] = 1;
239			}
240		}'
241	fi
242	echo ""
243	t=/var/rwho/*
244	if [ "$t" != '/var/rwho/*' ]; then
245		ruptime
246	fi
247fi
248
249if checkyesno run_fsck; then
250	echo ""
251	echo "Checking file systems:"
252	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
253fi
254
255if checkyesno run_rdist && [ -f /etc/Distfile ]; then
256	echo ""
257	echo "Running rdist:"
258	if [ -d /var/log/rdist ]; then
259		logf="$(date +%Y.%b.%d)"
260		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
261	else
262		rdist -f /etc/Distfile 
263	fi
264fi
265
266if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
267	if [ -z "$fetch_pkg_vulnerabilities" ]; then
268		echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
269		echo "You should set it to YES to enable vulnerability checks"
270		echo "or set it to NO to get rid of this warning."
271	elif checkyesno fetch_pkg_vulnerabilities; then
272		echo ""
273		echo "Fetching package vulnerabilities database:"
274		( umask 022 && ${pkg_admin} ${_compat_K_flag} \
275		    fetch-pkg-vulnerabilities -u )
276	fi
277fi
278
279if checkyesno run_security; then
280	SECOUT="$DAILYDIR/sec"
281	sh /etc/security > "$SECOUT" 2>&1
282	if [ ! -s "$SECOUT" ]; then
283		if checkyesno send_empty_security; then
284			echo "Nothing to report on $date" > "$SECOUT"
285		else
286			echo ""
287			echo "Suppressing empty security report."
288		fi
289	fi
290	if [ -s "$SECOUT" ]; then
291		if checkyesno separate_security_email; then
292			mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
293		else
294		    echo ""
295		    echo "$host daily insecurity output for $date:"
296		    cat $SECOUT
297		fi
298	fi
299fi
300
301if checkyesno run_skeyaudit; then
302	if [ -s /etc/skeykeys ]; then
303		echo ""
304		echo "Checking remaining s/key OTPs:"
305		skeyaudit
306	fi
307fi
308
309if checkyesno run_makemandb; then
310	if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then
311		echo ""
312		echo "Updating man page index:"
313		(umask 022; nice -n 5 /usr/sbin/makemandb -Q)
314	fi
315fi
316
317if [ -f /etc/daily.local ]; then
318	( . /etc/daily.local ) > $TMP 2>&1
319	if [ -s $TMP ] ; then
320		printf "\nRunning /etc/daily.local:\n"
321		cat $TMP
322	fi
323	rm -f $TMP
324fi
325