daily revision 1.90 
1#
2#	$OpenBSD: daily,v 1.90 2017/07/10 11:18:48 bluhm Exp $
3#	From: @(#)daily	8.2 (Berkeley) 1/25/94
4#
5# For local additions, create the file /etc/daily.local.
6# To get section headers, use the function next_part in daily.local.
7#
8umask 022
9
10PARTOUT=/var/log/daily.part
11MAINOUT=/var/log/daily.out
12install -o 0 -g 0 -m 600    /dev/null $PARTOUT
13install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
14
15start_part() {
16	TITLE=$1
17	exec > $PARTOUT 2>&1
18}
19
20end_part() {
21	exec >> $MAINOUT 2>&1
22	test -s $PARTOUT || return
23	echo ""
24	echo "$TITLE"
25	cat $PARTOUT
26}
27
28next_part() {
29	end_part
30	start_part "$1"
31}
32
33run_script() {
34	f=/etc/$1
35	test -e $f || return
36	if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then
37		echo "$f has insecure permissions, skipping:"
38		ls -l $f
39		return
40	fi
41	. $f
42}
43
44start_part "Running daily.local:"
45run_script "daily.local"
46
47next_part "Removing scratch and junk files:"
48if [ -d /tmp -a ! -L /tmp ]; then
49	cd /tmp && {
50	find -x . \
51	    \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
52		-o -path './tmux-*' \) \
53	    -prune -o -type f -atime +7 -execdir rm -f -- {} \; 2>/dev/null
54	find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
55	    ! -path ./.ICE-unix ! -name . \
56	    -execdir rmdir -- {} \; >/dev/null 2>&1; }
57fi
58
59# Additional junk directory cleanup would go like this:
60#if [ -d /scratch -a ! -L /scratch ]; then
61#	cd /scratch && {
62#	find . ! -name . -atime +1 -execdir rm -f -- {} \;
63#	find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \
64#	    >/dev/null 2>&1; }
65#fi
66
67next_part "Purging accounting records:"
68if [ -f /var/account/acct ]; then
69	test -f /var/account/acct.2 && \
70		mv -f /var/account/acct.2 /var/account/acct.3
71	test -f /var/account/acct.1 && \
72		mv -f /var/account/acct.1 /var/account/acct.2
73	test -f /var/account/acct.0 && \
74		mv -f /var/account/acct.0 /var/account/acct.1
75	cp -f /var/account/acct /var/account/acct.0
76	sa -sq
77	lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[PT]'
78fi
79
80# If ROOTBACKUP is set to 1 in the environment, and
81# if filesystem named /altroot is type ffs and mounted "xx",
82# use it as a backup root filesystem to be updated daily.
83next_part "Backing up root filesystem:"
84while [ "X$ROOTBACKUP" = X1 ]; do
85	rootbak=`awk '$1 !~ /^#/ && $2 == "/altroot" && $3 == "ffs" && \
86		$4 ~ /xx/ { print $1 }' < /etc/fstab`
87	if [ -z "$rootbak" ]; then
88		echo "No xx ffs /altroot device found in the fstab(5)."
89		break
90	fi
91	rootbak=${rootbak#/dev/}
92	bakdisk=${rootbak%%?(.)[a-p]}
93	sysctl -n hw.disknames | grep -Fqw $bakdisk || break
94	bakpart=${rootbak##$bakdisk?(.)}
95	OLDIFS=$IFS
96	IFS=,
97	for d in `sysctl -n hw.disknames`; do
98		# If the provided disk name is a duid, substitute the device.
99		if [ X$bakdisk = X${d#*:} ]; then
100			bakdisk=${d%:*}
101			rootbak=$bakdisk$bakpart
102		fi
103	done
104	IFS=$OLDIFS
105	baksize=`disklabel $bakdisk 2>/dev/null | \
106		awk -v "part=$bakpart:" '$1 == part { print $2 }'`
107	rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \
108		{ print substr($1, 6) }'`
109	if [ -z "$rootdev" ]; then
110		echo "The root filesystem is not local or not ffs."
111		break
112	fi
113	if [ X$rootdev = X$rootbak ]; then
114		echo "The device $rootdev holds both root and /altroot."
115		break
116	fi
117	rootdisk=${rootdev%[a-p]}
118	rootpart=${rootdev#$rootdisk}
119	rootsize=`disklabel $rootdisk 2>/dev/null | \
120		awk -v "part=$rootpart:" '$1 == part { print $2 }'`
121	if [ $rootsize -gt $baksize ]; then
122		echo "Root ($rootsize) is larger than /altroot ($baksize)."
123		break
124	fi
125	next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:"
126	sync
127	dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \
128		conv=noerror
129	fsck -y /dev/r$rootbak
130	break
131done
132
133next_part "Services that should be running but aren't:"
134rcctl ls failed
135
136next_part "Checking subsystem status:"
137if [ "X$VERBOSESTATUS" != X0 ]; then
138	echo ""
139	echo "disks:"
140	df -ikl
141	echo ""
142	dump W
143else
144	dump w | grep -vB1 ^Dump
145fi
146
147next_part "network:"
148if [ "X$VERBOSESTATUS" != X0 ]; then
149	netstat -ivn
150fi
151
152next_part "Running calendar in the background:"
153if [ "X$CALENDAR" != X0 -a \
154     \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then
155	calendar -a &
156fi
157
158# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck
159# with the no-write flag.
160next_part "Checking filesystems:"
161[ "X$CHECKFILESYSTEMS" = X1 ] && {
162	fsck -n | grep -v '^\*\* Phase'
163}
164
165next_part "Running rdist:"
166if [ -f /etc/Distfile ]; then
167	if [ -d /var/log/rdist ]; then
168		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F`
169	else
170		rdist -f /etc/Distfile
171	fi
172fi
173
174end_part
175[ -s $MAINOUT ] && {
176	sysctl -n kern.version
177	uptime
178	cat $MAINOUT
179} 2>&1 | mail -s "`hostname` daily output" root
180
181
182MAINOUT=/var/log/security.out
183install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
184
185start_part "Running security(8):"
186export SUIDSKIP
187/usr/libexec/security
188end_part
189rm -f $PARTOUT
190
191[ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT
192