xref: /src/etc/daily

#!/bin/sh -
#
#	$NetBSD: daily,v 1.93 2018/09/23 23:16:34 kre Exp $
#	@(#)daily	8.2 (Berkeley) 1/25/94
#

export PATH=/bin:/usr/bin:/sbin:/usr/sbin
umask 077

if [ -s /etc/daily.conf ]; then
	. /etc/daily.conf
fi
if [ -s /etc/pkgpath.conf ]; then
	. /etc/pkgpath.conf
fi

host="$(hostname)"
date="$(date)"
rcvar_manpage='daily.conf(5)'

pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin}
pkg_info=${pkg_info:-/usr/sbin/pkg_info}

echo "To: ${MAILTO:-root}"
echo "Subject: $host daily output for $date"
echo ""

if [ -f /etc/rc.subr ]; then
	. /etc/rc.subr
else
	echo "Can't read /etc/rc.subr; aborting."
	exit 1;
fi

if [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then
	MAILTO=root
fi

if [ -n "${pkgdb_dir}" ]; then
	echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
	echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
	_compat_K_flag="-K ${pkgdb_dir}"
fi

echo ""
echo "Uptime: $(uptime)"

# Uncommenting any of the finds below would open up a race condition attack
# based on symlinks, potentially allowing removal of any file on the system.
#
#echo ""
#echo "Removing scratch and junk files:"
#if [ -d /tmp ] && ! [ -h /tmp ]; then
#	cd /tmp && {
#	find . -type f -atime +3 -exec rm -f -- {} \;
#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

#if [ -d /var/tmp ] && ! [ -h /var/tmp ]; then
#	cd /var/tmp && {
#	find . ! -name . -atime +7 -exec rm -f -- {} \;
#	find . ! \( -name . -o -name vi.recover \) -type d \
#		-mtime +1 -exec rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

# Additional junk directory cleanup would go like this:
#if [ -d /scratch ] && ! [ -h /scratch ]; then
#	cd /scratch && {
#	find . ! -name . -atime +1 -exec rm -f -- {} \;
#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

#if [ -d /var/rwho ] && ! [ -h /var/rwho ] ; then
#	cd /var/rwho && {
#	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
#fi

DAILYDIR=$(mktemp -d -t _daily) || exit 1

trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT

if ! cd "$DAILYDIR"; then
	echo "Can not cd to $DAILYDIR".
	exit 1
fi

TMP=daily.$$
TMP2=daily2.$$

if checkyesno find_core; then
	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
	ignfstypes="$(echo $find_core_ignore_fstypes | \
		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
		    -e's/^-o //')"
	# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
	# Set ignpaths empty if no find_core_ignore_paths given
	if [ -n "$find_core_ignore_paths" ]; then
		ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
		ignpaths="( ${ignpaths# -o } ) -prune -o"
	else
		ignpaths=""
	fi
	find / \( $ignfstypes \) -prune -o \
		${ignpaths} \
		-name 'lost+found' -prune -o \
		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
#		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
#		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
#			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP

	egrep '\.core$|^core$' $TMP > $TMP2
	if [ -s $TMP2 ]; then
		echo ""
		echo "Possible core dumps:"
		cat $TMP2
	fi

#	egrep -v '\.core' $TMP > $TMP2
#	if [ -s $TMP2 ]; then
#		echo ""
#		echo "Deleted files:"
#		cat $TMP2
#	fi

	rm -f $TMP $TMP2
fi

if checkyesno run_msgs; then
	msgs -c
fi

if checkyesno expire_news && [ -f /etc/news.expire ]; then
	/etc/news.expire
fi

if checkyesno purge_accounting && [ -f /var/account/acct ]; then
	echo ""
	echo "Purging accounting records:"
	if [ -f /var/account/acct.0.gz ]; then
		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
	else
		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
	fi
	cp /var/account/acct /var/account/acct.0
	sa -sq
	if [ -f /var/account/acct.1.gz ]; then
		gzip /var/account/acct.0
	fi
fi

if checkyesno run_calendar; then
	calendar -a > $TMP 2>&1
	if [ -s $TMP ]; then
		echo ""
		echo "Running calendar:"
		cat $TMP
	fi
	rm -f $TMP
fi

if checkyesno check_disks; then
	if checkyesno show_remote_fs; then
		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
	else
		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
	fi
	if [ -s /etc/dumpdates ] ; then
		dump -W > $TMP2
	fi
	if [ -s $TMP ] || [ -s $TMP2 ]; then
		echo ""
		echo "Checking subsystem status:"
		echo ""
		echo "disks:"
		if [ -s $TMP ]; then
			cat $TMP | sed 's/Mounted on/Mount/'
			echo ""
		fi
		if [ -s $TMP2 ]; then
			cat $TMP2
			echo ""
		fi
		echo ""
	fi
	rm -f $TMP $TMP2
	touch $TMP2
	for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
		if [ -s $TMP ]; then
			echo "$dev:" >> $TMP2
			cat $TMP >> $TMP2
		fi
		rm -f $TMP
	done
	if [ -s $TMP2 ]; then
		echo "failed RAIDframe component(s):"
			cat $TMP2
	fi
	rm -f $TMP2
fi

if checkyesno check_mailq; then
	mailq > $TMP
	if ! grep -q "queue is empty$" $TMP; then
		echo ""
		echo "mail:"
		cat $TMP
	fi
fi

rm -f $TMP

if checkyesno check_network; then
	echo ""
	echo "network:"
	if checkyesno full_netstat; then
		netstat -inv
	else
		netstat -inv | awk 'BEGIN {
			ifs[""] = 0;
		}
		/^[^\*]* / {
			if (NR == 1) {
				printf("%-8s %12s %6s %12s %6s %6s\n",
				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
				next;
			}
			if (!($1 in ifs)) {
				printf("%-8s %12s %6s %12s %6s %6s\n",
				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
				ifs[$1] = 1;
			}
		}'
	fi
	echo ""
	t=/var/rwho/*
	if [ "$t" != '/var/rwho/*' ]; then
		ruptime
	fi
fi

if checkyesno run_fsck; then
	echo ""
	echo "Checking file systems:"
	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
fi

if checkyesno run_rdist && [ -f /etc/Distfile ]; then
	echo ""
	echo "Running rdist:"
	if [ -d /var/log/rdist ]; then
		logf="$(date +%Y.%b.%d)"
		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
	else
		rdist -f /etc/Distfile 
	fi
fi

if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
	if [ -z "$fetch_pkg_vulnerabilities" ]; then
		echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
		echo "You should set it to YES to enable vulnerability checks"
		echo "or set it to NO to get rid of this warning."
	elif checkyesno fetch_pkg_vulnerabilities; then
		echo ""
		echo "Fetching package vulnerabilities database:"
		( umask 022 && ${pkg_admin} ${_compat_K_flag} \
		    fetch-pkg-vulnerabilities -u )
	fi
fi

if checkyesno run_security; then
	SECOUT="$DAILYDIR/sec"
	sh /etc/security > "$SECOUT" 2>&1
	if [ ! -s "$SECOUT" ]; then
		if checkyesno send_empty_security; then
			echo "Nothing to report on $date" > "$SECOUT"
		else
			echo ""
			echo "Suppressing empty security report."
		fi
	fi
	if [ -s "$SECOUT" ]; then
		if checkyesno separate_security_email; then
			mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
		else
		    echo ""
		    echo "$host daily insecurity output for $date:"
		    cat $SECOUT
		fi
	fi
fi

if checkyesno run_skeyaudit; then
	if [ -s /etc/skeykeys ]; then
		echo ""
		echo "Checking remaining s/key OTPs:"
		skeyaudit
	fi
fi

if checkyesno run_makemandb; then
	if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then
		echo ""
		echo "Updating man page index:"
		(umask 022; nice -n 5 /usr/sbin/makemandb -Q)
	fi
fi

if [ -f /etc/daily.local ]; then
	( . /etc/daily.local ) > $TMP 2>&1
	if [ -s $TMP ] ; then
		printf "\nRunning /etc/daily.local:\n"
		cat $TMP
	fi
	rm -f $TMP
fi