daily revision 1.89
1#!/bin/sh - 2# 3# $NetBSD: daily,v 1.89 2013/05/01 05:36:25 agc Exp $ 4# @(#)daily 8.2 (Berkeley) 1/25/94 5# 6 7export PATH=/bin:/usr/bin:/sbin:/usr/sbin 8umask 077 9 10if [ -s /etc/daily.conf ]; then 11 . /etc/daily.conf 12fi 13if [ -s /etc/pkgpath.conf ]; then 14 . /etc/pkgpath.conf 15fi 16 17host="$(hostname)" 18date="$(date)" 19rcvar_manpage='daily.conf(5)' 20 21echo "To: ${MAILTO:-root}" 22echo "Subject: $host daily output for $date" 23echo "" 24 25if [ -f /etc/rc.subr ]; then 26 . /etc/rc.subr 27else 28 echo "Can't read /etc/rc.subr; aborting." 29 exit 1; 30fi 31 32if [ -z "$MAILTO" -o "$USER" != "root" ]; then 33 MAILTO=root 34fi 35 36if [ -n "${pkgdb_dir}" ]; then 37 echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 38 echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 39 _compat_K_flag="-K ${pkgdb_dir}" 40fi 41 42echo "" 43echo "Uptime: $(uptime)" 44 45# Uncommenting any of the finds below would open up a race condition attack 46# based on symlinks, potentially allowing removal of any file on the system. 47# 48#echo "" 49#echo "Removing scratch and junk files:" 50#if [ -d /tmp -a ! -h /tmp ]; then 51# cd /tmp && { 52# find . -type f -atime +3 -exec rm -f -- {} \; 53# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 54# >/dev/null 2>&1; } 55#fi 56 57#if [ -d /var/tmp -a ! -h /var/tmp ]; then 58# cd /var/tmp && { 59# find . ! -name . -atime +7 -exec rm -f -- {} \; 60# find . ! \( -name . -o -name vi.recover \) -type d \ 61# -mtime +1 -exec rmdir -- {} \; \ 62# >/dev/null 2>&1; } 63#fi 64 65# Additional junk directory cleanup would go like this: 66#if [ -d /scratch -a ! -h /scratch ]; then 67# cd /scratch && { 68# find . ! -name . -atime +1 -exec rm -f -- {} \; 69# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 70# >/dev/null 2>&1; } 71#fi 72 73#if [ -d /var/rwho -a ! -h /var/rwho ] ; then 74# cd /var/rwho && { 75# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 76#fi 77 78DAILYDIR=$(mktemp -d -t _daily) || exit 1 79 80trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 81 82if ! cd "$DAILYDIR"; then 83 echo "Can not cd to $DAILYDIR". 84 exit 1 85fi 86 87TMP=daily.$$ 88TMP2=daily2.$$ 89 90if checkyesno find_core; then 91 # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 92 ignfstypes="$(echo $find_core_ignore_fstypes | \ 93 sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 94 -e's/^-o //')" 95 # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" 96 # Set ignpaths empty if no find_core_ignore_paths given 97 if [ -n "$find_core_ignore_paths" ]; then 98 ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" 99 ignpaths="( ${ignpaths# -o } ) -prune -o" 100 else 101 ignpaths="" 102 fi 103 find / \( $ignfstypes \) -prune -o \ 104 ${ignpaths} \ 105 -name 'lost+found' -prune -o \ 106 \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 107# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 108# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 109# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 110 111 egrep '\.core$|^core$' $TMP > $TMP2 112 if [ -s $TMP2 ]; then 113 echo "" 114 echo "Possible core dumps:" 115 cat $TMP2 116 fi 117 118# egrep -v '\.core' $TMP > $TMP2 119# if [ -s $TMP2 ]; then 120# echo "" 121# echo "Deleted files:" 122# cat $TMP2 123# fi 124 125 rm -f $TMP $TMP2 126fi 127 128if checkyesno run_msgs; then 129 msgs -c 130fi 131 132if checkyesno expire_news && [ -f /etc/news.expire ]; then 133 /etc/news.expire 134fi 135 136if checkyesno purge_accounting && [ -f /var/account/acct ]; then 137 echo "" 138 echo "Purging accounting records:" 139 if [ -f /var/account/acct.0.gz ]; then 140 mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 141 mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 142 mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 143 else 144 mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 145 mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 146 mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 147 fi 148 cp /var/account/acct /var/account/acct.0 149 sa -sq 150 if [ -f /var/account/acct.1.gz ]; then 151 gzip /var/account/acct.0 152 fi 153fi 154 155if checkyesno run_calendar; then 156 calendar -a > $TMP 2>&1 157 if [ -s $TMP ]; then 158 echo "" 159 echo "Running calendar:" 160 cat $TMP 161 fi 162 rm -f $TMP 163fi 164 165if checkyesno check_disks; then 166 if checkyesno show_remote_fs; then 167 df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 168 else 169 df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 170 fi 171 if [ -s /etc/dumpdates ] ; then 172 dump -W > $TMP2 173 fi 174 if [ -s $TMP -o -s $TMP2 ]; then 175 echo "" 176 echo "Checking subsystem status:" 177 echo "" 178 echo "disks:" 179 if [ -s $TMP ]; then 180 cat $TMP | sed 's/Mounted on/Mount/' 181 echo "" 182 fi 183 if [ -s $TMP2 ]; then 184 cat $TMP2 185 echo "" 186 fi 187 echo "" 188 fi 189 rm -f $TMP $TMP2 190 touch $TMP2 191 for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 192 raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 193 if [ -s $TMP ]; then 194 echo "$dev:" >> $TMP2 195 cat $TMP >> $TMP2 196 fi 197 rm -f $TMP 198 done 199 if [ -s $TMP2 ]; then 200 echo "failed RAIDframe component(s):" 201 cat $TMP2 202 fi 203 rm -f $TMP2 204fi 205 206if checkyesno check_mailq; then 207 mailq > $TMP 208 if ! grep -q "queue is empty$" $TMP; then 209 echo "" 210 echo "mail:" 211 cat $TMP 212 fi 213fi 214 215rm -f $TMP 216 217if checkyesno check_network; then 218 echo "" 219 echo "network:" 220 if checkyesno full_netstat; then 221 netstat -inv 222 else 223 netstat -inv | awk 'BEGIN { 224 ifs[""] = 0; 225 } 226 /^[^\*]* / { 227 if (NR == 1) { 228 printf("%-8s %12s %6s %12s %6s %6s\n", 229 $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 230 next; 231 } 232 if (!($1 in ifs)) { 233 printf("%-8s %12s %6s %12s %6s %6s\n", 234 $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 235 ifs[$1] = 1; 236 } 237 }' 238 fi 239 echo "" 240 t=/var/rwho/* 241 if [ "$t" != '/var/rwho/*' ]; then 242 ruptime 243 fi 244fi 245 246if checkyesno run_fsck; then 247 echo "" 248 echo "Checking filesystems:" 249 fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 250fi 251 252if checkyesno run_rdist && [ -f /etc/Distfile ]; then 253 echo "" 254 echo "Running rdist:" 255 if [ -d /var/log/rdist ]; then 256 logf="$(date +%Y.%b.%d)" 257 rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 258 else 259 rdist -f /etc/Distfile 260 fi 261fi 262 263if ${pkg_info} ${_compat_K_flag} -q -E '*'; then 264 if [ -z "$fetch_pkg_vulnerabilities" ]; then 265 echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." 266 echo "You should set it to YES to enable vulnerability checks" 267 echo "or set it to NO to get rid of this warning." 268 elif checkyesno fetch_pkg_vulnerabilities; then 269 echo "" 270 echo "Fetching package vulnerabilities database:" 271 ( umask 022 && ${pkg_admin} ${_compat_K_flag} \ 272 fetch-pkg-vulnerabilities -u ) 273 fi 274fi 275 276if checkyesno run_security; then 277 SECOUT="$DAILYDIR/sec" 278 sh /etc/security > "$SECOUT" 2>&1 279 if [ ! -s "$SECOUT" ]; then 280 if checkyesno send_empty_security; then 281 echo "Nothing to report on $date" > "$SECOUT" 282 else 283 echo "" 284 echo "Suppressing empty security report." 285 fi 286 fi 287 if [ -s "$SECOUT" ]; then 288 if checkyesno separate_security_email; then 289 mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 290 else 291 echo "" 292 echo "$host daily insecurity output for $date:" 293 cat $SECOUT 294 fi 295 fi 296fi 297 298if checkyesno run_skeyaudit; then 299 if [ -s /etc/skeykeys ]; then 300 echo "" 301 echo "Checking remaining s/key OTPs:" 302 skeyaudit 303 fi 304fi 305 306if checkyesno run_makemandb; then 307 if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then 308 echo "" 309 echo "Updating man page index:" 310 (umask 022; nice -n 5 /usr/sbin/makemandb -Q) 311 fi 312fi 313 314if [ -f /etc/daily.local ]; then 315 ( . /etc/daily.local ) > $TMP 2>&1 316 if [ -s $TMP ] ; then 317 printf "\nRunning /etc/daily.local:\n" 318 cat $TMP 319 fi 320 rm -f $TMP 321fi 322