daily revision 1.49
1#!/bin/sh - 2# 3# $OpenBSD: daily,v 1.49 2005/03/16 18:29:58 millert Exp $ 4# From: @(#)daily 8.2 (Berkeley) 1/25/94 5# 6PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin 7bak=/var/backups 8 9sysctl -n kern.version 10 11if [ -f /etc/daily.local ]; then 12 echo "" 13 echo "Running daily.local:" 14 . /etc/daily.local 15fi 16 17TMP=`mktemp /tmp/_daily.XXXXXXXXXX` || exit 1 18OUT=`mktemp /tmp/_security.XXXXXXXXXX` || { 19 rm -f ${TMP} 20 exit 1 21} 22 23trap 'rm -f $TMP $OUT' 0 1 15 24 25echo "" 26echo "Removing scratch and junk files:" 27if [ -d /tmp -a ! -L /tmp ]; then 28 cd /tmp && { 29 find -x . \( -path './ssh-*' -o -path './.X11-unix' \) -prune -o \ 30 -type f -atime +3 -execdir rm -f -- {} \; 31 find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ 32 ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; } 33fi 34 35if [ -d /var/tmp -a ! -L /var/tmp ]; then 36 cd /var/tmp && { 37 find -x . \( -path './ssh-*' -o -path './.X11-unix' \) -prune -o \ 38 ! -type d -atime +7 -execdir rm -f -- {} \; 39 find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ 40 ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; } 41fi 42 43# Additional junk directory cleanup would go like this: 44#if [ -d /scratch -a ! -L /scratch ]; then 45# cd /scratch && { 46# find . ! -name . -atime +1 -execdir rm -f -- {} \; 47# find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ 48# >/dev/null 2>&1; } 49#fi 50 51if [ -d /var/rwho -a ! -L /var/rwho ] ; then 52 cd /var/rwho && { 53 find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; } 54fi 55 56#find / \( ! -fstype local -o -fstype rdonly -o -fstype fdesc \ 57# -o -fstype kernfs -o -fstype procfs \) -a -prune -o \ 58# -name 'lost+found' -a -prune -o \ 59# -name '*.core' -a -print -o \ 60# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 61# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 62# -a -atime +3 -a -execdir rm -f -- {} \; -a -print > $TMP 63 64if egrep -q '\.core$' $TMP; then 65 echo "" 66 echo "Possible core dumps:" 67 egrep '\.core$' $TMP 68fi 69 70if egrep -qv '\.core$' $TMP; then 71 echo "" 72 echo "Deleted files:" 73 egrep -v '\.core$' $TMP 74fi 75 76if [ -d /var/msgs -a ! -L /var/msgs ]; then 77 msgs -c 78fi 79 80if [ -f /var/account/acct ]; then 81 echo "" 82 echo "Purging accounting records:" 83 mv -f /var/account/acct.2 /var/account/acct.3 84 mv -f /var/account/acct.1 /var/account/acct.2 85 mv -f /var/account/acct.0 /var/account/acct.1 86 cp -f /var/account/acct /var/account/acct.0 87 sa -sq 88fi 89 90# If ROOTBACKUP is set to 1 in the environment, and 91# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx", 92# use it as a backup root filesystem to be updated daily. 93[ "X$ROOTBACKUP" = X1 ] && { 94 rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'` 95 rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \ 96 $4 ~ /xx/ \ 97 { print substr($1, 6) }' < /etc/fstab` 98 [ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && { 99 sync 100 echo "" 101 echo "Backing up root filesystem:" 102 echo "copying /dev/r$rootdev to /dev/r$rootbak" 103 dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ 104 conv=noerror 105 fsck -y /dev/r$rootbak 106 } 107} 108 109# Rotation of mail log now handled automatically by cron and 'newsyslog' 110 111echo "" 112echo "Checking subsystem status:" 113echo "" 114echo "disks:" 115df -kl 116echo "" 117dump W 118echo "" 119 120mailq > $TMP 121if ! grep -q "^/var/spool/mqueue is empty$" $TMP; then 122 echo "" 123 echo "mail:" 124 cat $TMP 125fi 126 127echo "" 128echo "network:" 129netstat -ivn 130echo "" 131 132t=/var/rwho/* 133if [ "$t" != '/var/rwho/*' ]; then 134 echo "" 135 ruptime 136fi 137 138echo "" 139if [ -d /var/yp/binding -a ! -d /var/yp/`domainname` -o "X$CALENDAR" = X0 ] 140then 141 if [ "X$CALENDAR" = X0 ]; then 142 echo "Not running calendar, (disabled)." 143 else 144 echo "Not running calendar, (yp client)." 145 fi 146else 147 echo "Running calendar in the background." 148 calendar -a & 149fi 150 151# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck 152# with the no-write flag. 153[ "X$CHECKFILESYSTEMS" = X1 ] && { 154 echo "" 155 echo "Checking filesystems:" 156 fsck -n | grep -v '^\*\* Phase' 157} 158 159if [ -f /etc/Distfile ]; then 160 echo "" 161 echo "Running rdist:" 162 if [ -d /var/log/rdist ]; then 163 logf=`date +%Y.%b.%e` 164 rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 165 else 166 rdist -f /etc/Distfile 167 fi 168fi 169 170sh /etc/security 2>&1 > $OUT 171if [ -s $OUT ]; then 172 mail -s "`hostname` daily insecurity output" root < $OUT 173fi 174