daily revision 1.63
1# 2# $OpenBSD: daily,v 1.63 2009/05/21 01:27:52 schwarze Exp $ 3# From: @(#)daily 8.2 (Berkeley) 1/25/94 4# 5umask 022 6 7PARTOUT=/var/log/daily.part 8MAINOUT=/var/log/daily.out 9install -o 0 -g 0 -m 600 /dev/null $PARTOUT 10install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT 11 12start_part() { 13 TITLE=$1 14 exec > $PARTOUT 2>&1 15} 16 17end_part() { 18 exec >> $MAINOUT 2>&1 19 test -s $PARTOUT || return 20 echo "" 21 echo "$TITLE" 22 cat $PARTOUT 23} 24 25next_part() { 26 end_part 27 start_part "$1" 28} 29 30run_script() { 31 f=/etc/$1 32 test -e $f || return 33 if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then 34 echo "$f has insecure permissions, skipping:" 35 ls -l $f 36 return 37 fi 38 . $f 39} 40 41start_part "Running daily.local:" 42run_script "daily.local" 43 44next_part "Removing scratch and junk files:" 45if [ -d /tmp -a ! -L /tmp ]; then 46 cd /tmp && { 47 find -x . \ 48 \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \ 49 -prune -o -type f -atime +3 -execdir rm -f -- {} \; 50 find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ 51 ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; } 52fi 53 54if [ -d /var/tmp -a ! -L /var/tmp ]; then 55 cd /var/tmp && { 56 find -x . \ 57 \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \) \ 58 -prune -o ! -type d -atime +7 -execdir rm -f -- {} \; 59 find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ 60 ! -path ./.ICE-unix ! -name . -execdir rmdir -- {} \; >/dev/null 2>&1; } 61fi 62 63# Additional junk directory cleanup would go like this: 64#if [ -d /scratch -a ! -L /scratch ]; then 65# cd /scratch && { 66# find . ! -name . -atime +1 -execdir rm -f -- {} \; 67# find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ 68# >/dev/null 2>&1; } 69#fi 70 71if [ -d /var/rwho -a ! -L /var/rwho ] ; then 72 cd /var/rwho && { 73 find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; } 74fi 75 76if [ -d /var/msgs -a ! -L /var/msgs ]; then 77 msgs -c 78fi 79 80next_part "Purging accounting records:" 81if [ -f /var/account/acct ]; then 82 mv -f /var/account/acct.2 /var/account/acct.3 83 mv -f /var/account/acct.1 /var/account/acct.2 84 mv -f /var/account/acct.0 /var/account/acct.1 85 cp -f /var/account/acct /var/account/acct.0 86 sa -sq 87fi 88 89# If ROOTBACKUP is set to 1 in the environment, and 90# if filesystem named /altroot is type ffs, on /dev/* and mounted "xx", 91# use it as a backup root filesystem to be updated daily. 92next_part "Backing up root filesystem:" 93[ "X$ROOTBACKUP" = X1 ] && { 94 rootdev=`df -n / | awk '/^\/dev\// { print substr($1, 6) }'` 95 rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \ 96 $4 ~ /xx/ \ 97 { print substr($1, 6) }' < /etc/fstab` 98 [ X$rootdev != X -a X$rootbak != X -a X$rootdev != X$rootbak ] && \ 99 sysctl -n hw.disknames | grep -Fqw ${rootbak%[a-p]} && { 100 next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:" 101 sync 102 dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ 103 conv=noerror 104 fsck -y /dev/r$rootbak 105 } 106} 107 108next_part "Checking subsystem status:" 109if [ "X$VERBOSESTATUS" != X0 ]; then 110 echo "" 111 echo "disks:" 112 df -kl 113 echo "" 114 dump W 115fi 116 117# The first two regular expressions handle sendmail, the third postfix. 118# When the queue is empty, exim -bp keeps silent. 119next_part "mail:" 120mailq | grep -v -e "^/var/spool/mqueue is empty$" \ 121 -e "^[[:blank:]]*Total requests: 0$" \ 122 -e "^Mail queue is empty$" 123 124next_part "network:" 125if [ "X$VERBOSESTATUS" != X0 ]; then 126 netstat -ivn 127 128 t=/var/rwho/* 129 if [ "$t" != '/var/rwho/*' ]; then 130 echo "" 131 ruptime 132 fi 133fi 134 135next_part "Running calendar in the background:" 136if [ "X$CALENDAR" != X0 -a \ 137 \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then 138 calendar -a & 139fi 140 141# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck 142# with the no-write flag. 143next_part "Checking filesystems:" 144[ "X$CHECKFILESYSTEMS" = X1 ] && { 145 fsck -n | grep -v '^\*\* Phase' 146} 147 148next_part "Running rdist:" 149if [ -f /etc/Distfile ]; then 150 if [ -d /var/log/rdist ]; then 151 logf=`date +%Y.%b.%e` 152 rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 153 else 154 rdist -f /etc/Distfile 155 fi 156fi 157 158end_part 159[ -s $MAINOUT ] && { 160 sysctl -n kern.version 161 uptime 162 cat $MAINOUT 163} 2>&1 | mail -s "`hostname` daily output" root 164 165 166MAINOUT=/var/log/security.out 167install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT 168 169start_part "Running /etc/security:" 170run_script "security" 171end_part 172rm -f $PARTOUT 173 174[ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT 175