daily revision 1.90
1# 2# $OpenBSD: daily,v 1.90 2017/07/10 11:18:48 bluhm Exp $ 3# From: @(#)daily 8.2 (Berkeley) 1/25/94 4# 5# For local additions, create the file /etc/daily.local. 6# To get section headers, use the function next_part in daily.local. 7# 8umask 022 9 10PARTOUT=/var/log/daily.part 11MAINOUT=/var/log/daily.out 12install -o 0 -g 0 -m 600 /dev/null $PARTOUT 13install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT 14 15start_part() { 16 TITLE=$1 17 exec > $PARTOUT 2>&1 18} 19 20end_part() { 21 exec >> $MAINOUT 2>&1 22 test -s $PARTOUT || return 23 echo "" 24 echo "$TITLE" 25 cat $PARTOUT 26} 27 28next_part() { 29 end_part 30 start_part "$1" 31} 32 33run_script() { 34 f=/etc/$1 35 test -e $f || return 36 if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then 37 echo "$f has insecure permissions, skipping:" 38 ls -l $f 39 return 40 fi 41 . $f 42} 43 44start_part "Running daily.local:" 45run_script "daily.local" 46 47next_part "Removing scratch and junk files:" 48if [ -d /tmp -a ! -L /tmp ]; then 49 cd /tmp && { 50 find -x . \ 51 \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ 52 -o -path './tmux-*' \) \ 53 -prune -o -type f -atime +7 -execdir rm -f -- {} \; 2>/dev/null 54 find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ 55 ! -path ./.ICE-unix ! -name . \ 56 -execdir rmdir -- {} \; >/dev/null 2>&1; } 57fi 58 59# Additional junk directory cleanup would go like this: 60#if [ -d /scratch -a ! -L /scratch ]; then 61# cd /scratch && { 62# find . ! -name . -atime +1 -execdir rm -f -- {} \; 63# find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ 64# >/dev/null 2>&1; } 65#fi 66 67next_part "Purging accounting records:" 68if [ -f /var/account/acct ]; then 69 test -f /var/account/acct.2 && \ 70 mv -f /var/account/acct.2 /var/account/acct.3 71 test -f /var/account/acct.1 && \ 72 mv -f /var/account/acct.1 /var/account/acct.2 73 test -f /var/account/acct.0 && \ 74 mv -f /var/account/acct.0 /var/account/acct.1 75 cp -f /var/account/acct /var/account/acct.0 76 sa -sq 77 lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[PT]' 78fi 79 80# If ROOTBACKUP is set to 1 in the environment, and 81# if filesystem named /altroot is type ffs and mounted "xx", 82# use it as a backup root filesystem to be updated daily. 83next_part "Backing up root filesystem:" 84while [ "X$ROOTBACKUP" = X1 ]; do 85 rootbak=`awk '$1 !~ /^#/ && $2 == "/altroot" && $3 == "ffs" && \ 86 $4 ~ /xx/ { print $1 }' < /etc/fstab` 87 if [ -z "$rootbak" ]; then 88 echo "No xx ffs /altroot device found in the fstab(5)." 89 break 90 fi 91 rootbak=${rootbak#/dev/} 92 bakdisk=${rootbak%%?(.)[a-p]} 93 sysctl -n hw.disknames | grep -Fqw $bakdisk || break 94 bakpart=${rootbak##$bakdisk?(.)} 95 OLDIFS=$IFS 96 IFS=, 97 for d in `sysctl -n hw.disknames`; do 98 # If the provided disk name is a duid, substitute the device. 99 if [ X$bakdisk = X${d#*:} ]; then 100 bakdisk=${d%:*} 101 rootbak=$bakdisk$bakpart 102 fi 103 done 104 IFS=$OLDIFS 105 baksize=`disklabel $bakdisk 2>/dev/null | \ 106 awk -v "part=$bakpart:" '$1 == part { print $2 }'` 107 rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \ 108 { print substr($1, 6) }'` 109 if [ -z "$rootdev" ]; then 110 echo "The root filesystem is not local or not ffs." 111 break 112 fi 113 if [ X$rootdev = X$rootbak ]; then 114 echo "The device $rootdev holds both root and /altroot." 115 break 116 fi 117 rootdisk=${rootdev%[a-p]} 118 rootpart=${rootdev#$rootdisk} 119 rootsize=`disklabel $rootdisk 2>/dev/null | \ 120 awk -v "part=$rootpart:" '$1 == part { print $2 }'` 121 if [ $rootsize -gt $baksize ]; then 122 echo "Root ($rootsize) is larger than /altroot ($baksize)." 123 break 124 fi 125 next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:" 126 sync 127 dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ 128 conv=noerror 129 fsck -y /dev/r$rootbak 130 break 131done 132 133next_part "Services that should be running but aren't:" 134rcctl ls failed 135 136next_part "Checking subsystem status:" 137if [ "X$VERBOSESTATUS" != X0 ]; then 138 echo "" 139 echo "disks:" 140 df -ikl 141 echo "" 142 dump W 143else 144 dump w | grep -vB1 ^Dump 145fi 146 147next_part "network:" 148if [ "X$VERBOSESTATUS" != X0 ]; then 149 netstat -ivn 150fi 151 152next_part "Running calendar in the background:" 153if [ "X$CALENDAR" != X0 -a \ 154 \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then 155 calendar -a & 156fi 157 158# If CHECKFILESYSTEMS is set to 1 in the environment, run fsck 159# with the no-write flag. 160next_part "Checking filesystems:" 161[ "X$CHECKFILESYSTEMS" = X1 ] && { 162 fsck -n | grep -v '^\*\* Phase' 163} 164 165next_part "Running rdist:" 166if [ -f /etc/Distfile ]; then 167 if [ -d /var/log/rdist ]; then 168 rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F` 169 else 170 rdist -f /etc/Distfile 171 fi 172fi 173 174end_part 175[ -s $MAINOUT ] && { 176 sysctl -n kern.version 177 uptime 178 cat $MAINOUT 179} 2>&1 | mail -s "`hostname` daily output" root 180 181 182MAINOUT=/var/log/security.out 183install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT 184 185start_part "Running security(8):" 186export SUIDSKIP 187/usr/libexec/security 188end_part 189rm -f $PARTOUT 190 191[ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT 192