#!/bin/sh - # # $NetBSD: daily,v 1.92 2014/12/13 02:53:08 uebayasi Exp $ # @(#)daily 8.2 (Berkeley) 1/25/94 # export PATH=/bin:/usr/bin:/sbin:/usr/sbin umask 077 if [ -s /etc/daily.conf ]; then . /etc/daily.conf fi if [ -s /etc/pkgpath.conf ]; then . /etc/pkgpath.conf fi host="$(hostname)" date="$(date)" rcvar_manpage='daily.conf(5)' pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin} pkg_info=${pkg_info:-/usr/sbin/pkg_info} echo "To: ${MAILTO:-root}" echo "Subject: $host daily output for $date" echo "" if [ -f /etc/rc.subr ]; then . /etc/rc.subr else echo "Can't read /etc/rc.subr; aborting." exit 1; fi if [ -z "$MAILTO" -o "$USER" != "root" ]; then MAILTO=root fi if [ -n "${pkgdb_dir}" ]; then echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" _compat_K_flag="-K ${pkgdb_dir}" fi echo "" echo "Uptime: $(uptime)" # Uncommenting any of the finds below would open up a race condition attack # based on symlinks, potentially allowing removal of any file on the system. # #echo "" #echo "Removing scratch and junk files:" #if [ -d /tmp -a ! -h /tmp ]; then # cd /tmp && { # find . -type f -atime +3 -exec rm -f -- {} \; # find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ # >/dev/null 2>&1; } #fi #if [ -d /var/tmp -a ! -h /var/tmp ]; then # cd /var/tmp && { # find . ! -name . -atime +7 -exec rm -f -- {} \; # find . ! \( -name . -o -name vi.recover \) -type d \ # -mtime +1 -exec rmdir -- {} \; \ # >/dev/null 2>&1; } #fi # Additional junk directory cleanup would go like this: #if [ -d /scratch -a ! -h /scratch ]; then # cd /scratch && { # find . ! -name . -atime +1 -exec rm -f -- {} \; # find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ # >/dev/null 2>&1; } #fi #if [ -d /var/rwho -a ! -h /var/rwho ] ; then # cd /var/rwho && { # find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } #fi DAILYDIR=$(mktemp -d -t _daily) || exit 1 trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT if ! cd "$DAILYDIR"; then echo "Can not cd to $DAILYDIR". exit 1 fi TMP=daily.$$ TMP2=daily2.$$ if checkyesno find_core; then # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" ignfstypes="$(echo $find_core_ignore_fstypes | \ sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ -e's/^-o //')" # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" # Set ignpaths empty if no find_core_ignore_paths given if [ -n "$find_core_ignore_paths" ]; then ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" ignpaths="( ${ignpaths# -o } ) -prune -o" else ignpaths="" fi find / \( $ignfstypes \) -prune -o \ ${ignpaths} \ -name 'lost+found' -prune -o \ \( -name '*.core' -o -name 'core' \) -type f -print > $TMP # \( -name '[#,]*' -o -name '.#*' -o -name a.out \ # -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ # -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP egrep '\.core$|^core$' $TMP > $TMP2 if [ -s $TMP2 ]; then echo "" echo "Possible core dumps:" cat $TMP2 fi # egrep -v '\.core' $TMP > $TMP2 # if [ -s $TMP2 ]; then # echo "" # echo "Deleted files:" # cat $TMP2 # fi rm -f $TMP $TMP2 fi if checkyesno run_msgs; then msgs -c fi if checkyesno expire_news && [ -f /etc/news.expire ]; then /etc/news.expire fi if checkyesno purge_accounting && [ -f /var/account/acct ]; then echo "" echo "Purging accounting records:" if [ -f /var/account/acct.0.gz ]; then mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null else mv /var/account/acct.2 /var/account/acct.3 2>/dev/null mv /var/account/acct.1 /var/account/acct.2 2>/dev/null mv /var/account/acct.0 /var/account/acct.1 2>/dev/null fi cp /var/account/acct /var/account/acct.0 sa -sq if [ -f /var/account/acct.1.gz ]; then gzip /var/account/acct.0 fi fi if checkyesno run_calendar; then calendar -a > $TMP 2>&1 if [ -s $TMP ]; then echo "" echo "Running calendar:" cat $TMP fi rm -f $TMP fi if checkyesno check_disks; then if checkyesno show_remote_fs; then df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP else df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP fi if [ -s /etc/dumpdates ] ; then dump -W > $TMP2 fi if [ -s $TMP -o -s $TMP2 ]; then echo "" echo "Checking subsystem status:" echo "" echo "disks:" if [ -s $TMP ]; then cat $TMP | sed 's/Mounted on/Mount/' echo "" fi if [ -s $TMP2 ]; then cat $TMP2 echo "" fi echo "" fi rm -f $TMP $TMP2 touch $TMP2 for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP if [ -s $TMP ]; then echo "$dev:" >> $TMP2 cat $TMP >> $TMP2 fi rm -f $TMP done if [ -s $TMP2 ]; then echo "failed RAIDframe component(s):" cat $TMP2 fi rm -f $TMP2 fi if checkyesno check_mailq; then mailq > $TMP if ! grep -q "queue is empty$" $TMP; then echo "" echo "mail:" cat $TMP fi fi rm -f $TMP if checkyesno check_network; then echo "" echo "network:" if checkyesno full_netstat; then netstat -inv else netstat -inv | awk 'BEGIN { ifs[""] = 0; } /^[^\*]* / { if (NR == 1) { printf("%-8s %12s %6s %12s %6s %6s\n", $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); next; } if (!($1 in ifs)) { printf("%-8s %12s %6s %12s %6s %6s\n", $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); ifs[$1] = 1; } }' fi echo "" t=/var/rwho/* if [ "$t" != '/var/rwho/*' ]; then ruptime fi fi if checkyesno run_fsck; then echo "" echo "Checking file systems:" fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' fi if checkyesno run_rdist && [ -f /etc/Distfile ]; then echo "" echo "Running rdist:" if [ -d /var/log/rdist ]; then logf="$(date +%Y.%b.%d)" rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf else rdist -f /etc/Distfile fi fi if ${pkg_info} ${_compat_K_flag} -q -E '*'; then if [ -z "$fetch_pkg_vulnerabilities" ]; then echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." echo "You should set it to YES to enable vulnerability checks" echo "or set it to NO to get rid of this warning." elif checkyesno fetch_pkg_vulnerabilities; then echo "" echo "Fetching package vulnerabilities database:" ( umask 022 && ${pkg_admin} ${_compat_K_flag} \ fetch-pkg-vulnerabilities -u ) fi fi if checkyesno run_security; then SECOUT="$DAILYDIR/sec" sh /etc/security > "$SECOUT" 2>&1 if [ ! -s "$SECOUT" ]; then if checkyesno send_empty_security; then echo "Nothing to report on $date" > "$SECOUT" else echo "" echo "Suppressing empty security report." fi fi if [ -s "$SECOUT" ]; then if checkyesno separate_security_email; then mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT else echo "" echo "$host daily insecurity output for $date:" cat $SECOUT fi fi fi if checkyesno run_skeyaudit; then if [ -s /etc/skeykeys ]; then echo "" echo "Checking remaining s/key OTPs:" skeyaudit fi fi if checkyesno run_makemandb; then if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then echo "" echo "Updating man page index:" (umask 022; nice -n 5 /usr/sbin/makemandb -Q) fi fi if [ -f /etc/daily.local ]; then ( . /etc/daily.local ) > $TMP 2>&1 if [ -s $TMP ] ; then printf "\nRunning /etc/daily.local:\n" cat $TMP fi rm -f $TMP fi