daily revision 1.49 
1#!/bin/sh -
2#
3#	$OpenBSD: daily,v 1.49 2005/03/16 18:29:58 millert Exp $
4#	From: @(#)daily	8.2 (Berkeley) 1/25/94
5#
6PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
7bak=/var/backups
8
9sysctl -n kern.version
10
11if [ -f /etc/daily.local ]; then
12	echo ""
13	echo "Running daily.local:"
14	. /etc/daily.local
15fi
16
17TMP=`mktemp /tmp/_daily.XXXXXXXXXX` || exit 1
18OUT=`mktemp /tmp/_security.XXXXXXXXXX` || {
19	rm -f ${TMP}
20	exit 1
21}
22
23trap 'rm -f $TMP $OUT' 0 1 15
24
25echo ""
26echo "Removing scratch and junk files:"
27if [ -d /tmp -a ! -L /tmp ]; then
28	cd /tmp && {
29	find -x . \( -path './ssh-*' -o -path './.X11-unix' \) -prune -o \
30	    -type f -atime +3 -execdir rm -f -- {} \;
31	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
32	    ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
33fi
34
35if [ -d /var/tmp -a ! -L /var/tmp ]; then
36	cd /var/tmp && {
37	find -x . \( -path './ssh-*' -o -path './.X11-unix' \) -prune -o \
38	    ! -type d -atime +7 -execdir rm -f -- {} \;
39	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
40	    ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
41fi
42
43# Additional junk directory cleanup would go like this:
44#if [ -d /scratch -a ! -L /scratch ]; then
45#	cd /scratch && {
46#	find . ! -name . -atime +1 -execdir rm -f -- {} \;
47#	find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
48#	    >/dev/null 2>&1; }
49#fi
50
51if [ -d /var/rwho -a ! -L /var/rwho ] ; then
52	cd /var/rwho && {
53	find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
54fi
55
56#find / \( ! -fstype local -o -fstype rdonly -o -fstype fdesc \
57#		-o -fstype kernfs -o -fstype procfs \) -a -prune -o \
58#	-name 'lost+found' -a -prune -o \
59#	-name '*.core' -a -print -o \
60#	\( -name '[#,]*' -o -name '.#*' -o -name a.out \
61#	   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
62#		-a -atime +3 -a -execdir rm -f -- {} \; -a -print > $TMP
63
64if egrep -q '\.core$' $TMP; then
65	echo ""
66	echo "Possible core dumps:"
67	egrep '\.core$' $TMP
68fi
69
70if egrep -qv '\.core$' $TMP; then
71	echo ""
72	echo "Deleted files:"
73	egrep -v '\.core$' $TMP
74fi
75
76if [ -d /var/msgs -a ! -L /var/msgs ]; then
77	msgs -c
78fi
79
80if [ -f /var/account/acct ]; then
81	echo ""
82	echo "Purging accounting records:"
83	mv -f /var/account/acct.2 /var/account/acct.3
84	mv -f /var/account/acct.1 /var/account/acct.2
85	mv -f /var/account/acct.0 /var/account/acct.1
86	cp -f /var/account/acct /var/account/acct.0
87	sa -sq
88fi
89
90# If ROOTBACKUP is set to 1 in the environment, and
91# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
92# use it as a backup root filesystem to be updated daily.
93[ "X$ROOTBACKUP" = X1 ] && {
94	rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'`
95	rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
96	    $4 ~ /xx/ \
97		{ print substr($1, 6) }' < /etc/fstab`
98	[ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && {
99		sync
100		echo ""
101		echo "Backing up root filesystem:"
102		echo "copying /dev/r$rootdev to /dev/r$rootbak"
103		dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
104			conv=noerror
105		fsck -y /dev/r$rootbak
106	}
107}
108
109# Rotation of mail log now handled automatically by cron and 'newsyslog'
110
111echo ""
112echo "Checking subsystem status:"
113echo ""
114echo "disks:"
115df -kl
116echo ""
117dump W
118echo ""
119
120mailq > $TMP
121if ! grep -q "^/var/spool/mqueue is empty$" $TMP; then
122	echo ""
123	echo "mail:"
124	cat $TMP
125fi
126
127echo ""
128echo "network:"
129netstat -ivn
130echo ""
131
132t=/var/rwho/*
133if [ "$t" != '/var/rwho/*' ]; then
134	echo ""
135	ruptime
136fi
137
138echo ""
139if [ -d /var/yp/binding -a ! -d /var/yp/`domainname` -o "X$CALENDAR" = X0 ]
140then
141	if [ "X$CALENDAR" = X0 ]; then
142		echo "Not running calendar, (disabled)."
143	else
144		echo "Not running calendar, (yp client)."
145	fi
146else
147	echo "Running calendar in the background."
148	calendar -a &
149fi
150
151# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
152# with the no-write flag.
153[ "X$CHECKFILESYSTEMS" = X1 ] && {
154	echo ""
155	echo "Checking filesystems:"
156	fsck -n | grep -v '^\*\* Phase'
157}
158
159if [ -f /etc/Distfile ]; then
160	echo ""
161	echo "Running rdist:"
162	if [ -d /var/log/rdist ]; then
163		logf=`date +%Y.%b.%e`
164		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
165	else
166		rdist -f /etc/Distfile
167	fi
168fi
169
170sh /etc/security 2>&1 > $OUT
171if [ -s $OUT ]; then
172    mail -s "`hostname` daily insecurity output" root < $OUT
173fi
174