daily revision 1.63 
1#
2#	$OpenBSD: daily,v 1.63 2009/05/21 01:27:52 schwarze Exp $
3#	From: @(#)daily	8.2 (Berkeley) 1/25/94
4#
5umask 022
6
7PARTOUT=/var/log/daily.part
8MAINOUT=/var/log/daily.out
9install -o 0 -g 0 -m 600    /dev/null $PARTOUT
10install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
11
12start_part() {
13	TITLE=$1
14	exec > $PARTOUT 2>&1
15}
16
17end_part() {
18	exec >> $MAINOUT 2>&1
19	test -s $PARTOUT || return
20	echo ""
21	echo "$TITLE"
22	cat $PARTOUT
23}
24
25next_part() {
26	end_part
27	start_part "$1"
28}
29
30run_script() {
31	f=/etc/$1
32	test -e $f || return
33	if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
34		echo "$f has insecure permissions, skipping:"
35		ls -l $f
36		return
37	fi
38	. $f
39}
40
41start_part "Running daily.local:"
42run_script "daily.local"
43
44next_part "Removing scratch and junk files:"
45if [ -d /tmp -a ! -L /tmp ]; then
46	cd /tmp && {
47	find -x . \
48	    \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
49	    -prune -o -type f -atime +3 -execdir rm -f -- {} \;
50	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
51	    ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
52fi
53
54if [ -d /var/tmp -a ! -L /var/tmp ]; then
55	cd /var/tmp && {
56	find -x . \
57	    \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \
58	    -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
59	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
60	    ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; }
61fi
62
63# Additional junk directory cleanup would go like this:
64#if [ -d /scratch -a ! -L /scratch ]; then
65#	cd /scratch && {
66#	find . ! -name . -atime +1 -execdir rm -f -- {} \;
67#	find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
68#	    >/dev/null 2>&1; }
69#fi
70
71if [ -d /var/rwho -a ! -L /var/rwho ] ; then
72	cd /var/rwho && {
73	find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
74fi
75
76if [ -d /var/msgs -a ! -L /var/msgs ]; then
77	msgs -c
78fi
79
80next_part "Purging accounting records:"
81if [ -f /var/account/acct ]; then
82	mv -f /var/account/acct.2 /var/account/acct.3
83	mv -f /var/account/acct.1 /var/account/acct.2
84	mv -f /var/account/acct.0 /var/account/acct.1
85	cp -f /var/account/acct /var/account/acct.0
86	sa -sq
87fi
88
89# If ROOTBACKUP is set to 1 in the environment, and
90# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx",
91# use it as a backup root filesystem to be updated daily.
92next_part "Backing up root filesystem:"
93[ "X$ROOTBACKUP" = X1 ] && {
94	rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'`
95	rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \
96	    $4 ~ /xx/ \
97		{ print substr($1, 6) }' < /etc/fstab`
98	[ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && \
99	    sysctl -n hw.disknames | grep -Fqw ${rootbak%[a-p]} && {
100		next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
101		sync
102		dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
103			conv=noerror
104		fsck -y /dev/r$rootbak
105	}
106}
107
108next_part "Checking subsystem status:"
109if [ "X$VERBOSESTATUS" != X0 ]; then
110	echo ""
111	echo "disks:"
112	df -kl
113	echo ""
114	dump W
115fi
116
117# The first two regular expressions handle sendmail, the third postfix.
118# When the queue is empty, exim -bp keeps silent.
119next_part "mail:"
120mailq | grep -v -e "^/var/spool/mqueue is empty$" \
121		-e "^[[:blank:]]*Total requests: 0$" \
122		-e "^Mail queue is empty$"
123
124next_part "network:"
125if [ "X$VERBOSESTATUS" != X0 ]; then
126	netstat -ivn
127
128	t=/var/rwho/*
129	if [ "$t" != '/var/rwho/*' ]; then
130		echo ""
131		ruptime
132	fi
133fi
134
135next_part "Running calendar in the background:"
136if [ "X$CALENDAR" != X0 -a \
137     \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
138	calendar -a &
139fi
140
141# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
142# with the no-write flag.
143next_part "Checking filesystems:"
144[ "X$CHECKFILESYSTEMS" = X1 ] && {
145	fsck -n | grep -v '^\*\* Phase'
146}
147
148next_part "Running rdist:"
149if [ -f /etc/Distfile ]; then
150	if [ -d /var/log/rdist ]; then
151		logf=`date +%Y.%b.%e`
152		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
153	else
154		rdist -f /etc/Distfile
155	fi
156fi
157
158end_part
159[ -s $MAINOUT ] && {
160	sysctl -n kern.version
161	uptime
162	cat $MAINOUT
163} 2>&1 | mail -s "`hostname` daily output" root
164
165
166MAINOUT=/var/log/security.out
167install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
168
169start_part "Running /etc/security:"
170run_script "security"
171end_part
172rm -f $PARTOUT
173
174[ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT
175