daily revision 1.78
11.1Scgd#!/bin/sh - 21.1Scgd# 31.78Sdarcy# $NetBSD: daily,v 1.78 2011/12/17 12:27:42 darcy Exp $ 41.21Smikel# @(#)daily 8.2 (Berkeley) 1/25/94 51.1Scgd# 61.18Smrg 71.27Smycroftexport PATH=/bin:/usr/bin:/sbin:/usr/sbin 81.28Slukemumask 077 91.28Slukem 101.28Slukemif [ -s /etc/daily.conf ]; then 111.28Slukem . /etc/daily.conf 121.28Slukemfi 131.28Slukem 141.77Schristoshost="$(hostname)" 151.77Schristosdate="$(date)" 161.59Sjmmvrcvar_manpage='daily.conf(5)' 171.1Scgd 181.28Slukemecho "To: ${MAILTO:-root}" 191.28Slukemecho "Subject: $host daily output for $date" 201.28Slukemecho "" 211.18Smrg 221.25Slukemif [ -f /etc/rc.subr ]; then 231.25Slukem . /etc/rc.subr 241.25Slukemelse 251.25Slukem echo "Can't read /etc/rc.subr; aborting." 261.25Slukem exit 1; 271.25Slukemfi 281.25Slukem 291.23Sphilif [ -z "$MAILTO" -o "$USER" != "root" ]; then 301.27Smycroft MAILTO=root 311.23Sphilfi 321.23Sphil 331.76Sjmmvif [ -n "${pkgdb_dir}" ]; then 341.76Sjmmv echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 351.76Sjmmv echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 361.76Sjmmv _compat_K_flag="-K ${pkgdb_dir}" 371.76Sjmmvfi 381.76Sjmmv 391.22Slukemecho "" 401.77Schristosecho "Uptime: $(uptime)" 411.18Smrg 421.29Sabs# Uncommenting any of the finds below would open up a race condition attack 431.29Sabs# based on symlinks, potentially allowing removal of any file on the system. 441.29Sabs# 451.17Sjtc#echo "" 461.17Sjtc#echo "Removing scratch and junk files:" 471.17Sjtc#if [ -d /tmp -a ! -h /tmp ]; then 481.17Sjtc# cd /tmp && { 491.17Sjtc# find . -type f -atime +3 -exec rm -f -- {} \; 501.17Sjtc# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 511.17Sjtc# >/dev/null 2>&1; } 521.17Sjtc#fi 531.1Scgd 541.17Sjtc#if [ -d /var/tmp -a ! -h /var/tmp ]; then 551.17Sjtc# cd /var/tmp && { 561.17Sjtc# find . ! -name . -atime +7 -exec rm -f -- {} \; 571.35Saymeric# find . ! \( -name . -o -name vi.recover \) -type d \ 581.35Saymeric# -mtime +1 -exec rmdir -- {} \; \ 591.17Sjtc# >/dev/null 2>&1; } 601.17Sjtc#fi 611.10Scgd 621.15Spk# Additional junk directory cleanup would go like this: 631.15Spk#if [ -d /scratch -a ! -h /scratch ]; then 641.15Spk# cd /scratch && { 651.15Spk# find . ! -name . -atime +1 -exec rm -f -- {} \; 661.15Spk# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 671.15Spk# >/dev/null 2>&1; } 681.15Spk#fi 691.10Scgd 701.17Sjtc#if [ -d /var/rwho -a ! -h /var/rwho ] ; then 711.17Sjtc# cd /var/rwho && { 721.17Sjtc# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 731.17Sjtc#fi 741.10Scgd 751.70SmarttiDAILYDIR=$(mktemp -d -t _daily) || exit 1 761.18Smrg 771.36Slukemtrap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 781.18Smrg 791.36Slukemif ! cd "$DAILYDIR"; then 801.36Slukem echo "Can not cd to $DAILYDIR". 811.18Smrg exit 1 821.18Smrgfi 831.18Smrg 841.10ScgdTMP=daily.$$ 851.18SmrgTMP2=daily2.$$ 861.18Smrg 871.25Slukemif checkyesno find_core; then 881.62Serh # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 891.77Schristos ignfstypes="$(echo $find_core_ignore_fstypes | \ 901.62Serh sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 911.77Schristos -e's/^-o //')" 921.62Serh find / \( $ignfstypes \) -prune -o \ 931.48Satatat -name 'lost+found' -prune -o \ 941.48Satatat \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 951.18Smrg# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 961.18Smrg# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 971.18Smrg# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 981.18Smrg 991.26Snathanw egrep '\.core$|^core$' $TMP > $TMP2 1001.18Smrg if [ -s $TMP2 ]; then 1011.18Smrg echo "" 1021.18Smrg echo "Possible core dumps:" 1031.18Smrg cat $TMP2 1041.18Smrg fi 1051.18Smrg 1061.18Smrg# egrep -v '\.core' $TMP > $TMP2 1071.18Smrg# if [ -s $TMP2 ]; then 1081.18Smrg# echo "" 1091.18Smrg# echo "Deleted files:" 1101.18Smrg# cat $TMP2 1111.18Smrg# fi 1121.10Scgd 1131.18Smrg rm -f $TMP $TMP2 1141.18Smrgfi 1151.10Scgd 1161.25Slukemif checkyesno run_msgs; then 1171.18Smrg msgs -c 1181.18Smrgfi 1191.1Scgd 1201.25Slukemif checkyesno expire_news && [ -f /etc/news.expire ]; then 1211.1Scgd /etc/news.expire 1221.1Scgdfi 1231.1Scgd 1241.25Slukemif checkyesno purge_accounting && [ -f /var/account/acct ]; then 1251.21Smikel echo "" 1261.21Smikel echo "Purging accounting records:" 1271.58Smrg if [ -f /var/account/acct.0.gz ]; then 1281.58Smrg mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 1291.58Smrg mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 1301.58Smrg mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 1311.58Smrg else 1321.58Smrg mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 1331.58Smrg mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 1341.58Smrg mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 1351.58Smrg fi 1361.21Smikel cp /var/account/acct /var/account/acct.0 1371.21Smikel sa -sq 1381.58Smrg if [ -f /var/account/acct.1.gz ]; then 1391.58Smrg gzip /var/account/acct.0 1401.58Smrg fi 1411.1Scgdfi 1421.1Scgd 1431.25Slukemif checkyesno run_calendar; then 1441.50Sjhawk calendar -a > $TMP 2>&1 1451.18Smrg if [ -s $TMP ]; then 1461.18Smrg echo "" 1471.18Smrg echo "Running calendar:" 1481.18Smrg cat $TMP 1491.18Smrg fi 1501.18Smrg rm -f $TMP 1511.18Smrgfi 1521.1Scgd 1531.25Slukemif checkyesno check_disks; then 1541.55Sperry if checkyesno show_remote_fs; then 1551.72Sperry df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1561.55Sperry else 1571.72Sperry df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1581.55Sperry fi 1591.52Sperry if [ -s /etc/dumpdates ] ; then 1601.52Sperry dump -W > $TMP2 1611.52Sperry fi 1621.18Smrg if [ -s $TMP -o -s $TMP2 ]; then 1631.18Smrg echo "" 1641.18Smrg echo "Checking subsystem status:" 1651.18Smrg echo "" 1661.18Smrg echo "disks:" 1671.18Smrg if [ -s $TMP ]; then 1681.65Sperry cat $TMP | sed 's/Mounted on/Mount/' 1691.18Smrg echo "" 1701.18Smrg fi 1711.18Smrg if [ -s $TMP2 ]; then 1721.18Smrg cat $TMP2 1731.18Smrg echo "" 1741.18Smrg fi 1751.18Smrg echo "" 1761.18Smrg fi 1771.46Sbouyer rm -f $TMP $TMP2 1781.46Sbouyer touch $TMP2 1791.77Schristos for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 1801.46Sbouyer raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 1811.46Sbouyer if [ -s $TMP ]; then 1821.46Sbouyer echo "$dev:" >> $TMP2 1831.46Sbouyer cat $TMP >> $TMP2 1841.46Sbouyer fi 1851.46Sbouyer rm -f $TMP 1861.46Sbouyer done 1871.46Sbouyer if [ -s $TMP2 ]; then 1881.46Sbouyer echo "failed RAIDframe component(s):" 1891.46Sbouyer cat $TMP2 1901.46Sbouyer fi 1911.46Sbouyer rm -f $TMP2 1921.18Smrgfi 1931.18Smrg 1941.25Slukemif checkyesno check_mailq; then 1951.18Smrg mailq > $TMP 1961.44Slukem if ! grep -q "queue is empty$" $TMP; then 1971.18Smrg echo "" 1981.18Smrg echo "mail:" 1991.18Smrg cat $TMP 2001.18Smrg fi 2011.18Smrgfi 2021.18Smrg 2031.18Smrgrm -f $TMP 2041.1Scgd 2051.25Slukemif checkyesno check_network; then 2061.18Smrg echo "" 2071.18Smrg echo "network:" 2081.54Sperry if checkyesno full_netstat; then 2091.54Sperry netstat -inv 2101.54Sperry else 2111.61Smartin netstat -inv | awk 'BEGIN { 2121.54Sperry ifs[""] = 0; 2131.54Sperry } 2141.54Sperry /^[^\*]* / { 2151.54Sperry if (NR == 1) { 2161.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2171.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2181.54Sperry next; 2191.54Sperry } 2201.54Sperry if (!($1 in ifs)) { 2211.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2221.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2231.54Sperry ifs[$1] = 1; 2241.54Sperry } 2251.54Sperry }' 2261.54Sperry fi 2271.1Scgd echo "" 2281.18Smrg t=/var/rwho/* 2291.18Smrg if [ "$t" != '/var/rwho/*' ]; then 2301.18Smrg ruptime 2311.18Smrg fi 2321.1Scgdfi 2331.1Scgd 2341.25Slukemif checkyesno run_fsck; then 2351.18Smrg echo "" 2361.18Smrg echo "Checking filesystems:" 2371.71Sbouyer fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 2381.18Smrgfi 2391.1Scgd 2401.1Scgdecho "" 2411.25Slukemif checkyesno run_rdist && [ -f /etc/Distfile ]; then 2421.1Scgd echo "Running rdist:" 2431.20Smikel if [ -d /var/log/rdist ]; then 2441.77Schristos logf="$(date +%Y.%b.%d)" 2451.20Smikel rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 2461.20Smikel else 2471.20Smikel rdist -f /etc/Distfile 2481.20Smikel fi 2491.1Scgdfi 2501.1Scgd 2511.76Sjmmvif pkg_info ${_compat_K_flag} -q -E '*'; then 2521.74Sjmmv echo "" 2531.74Sjmmv echo "Fetching package vulnerabilities database:" 2541.73Sjmmv if checkyesno fetch_pkg_vulnerabilities; then 2551.76Sjmmv ( umask 022 && pkg_admin ${_compat_K_flag} \ 2561.75Sjmmv fetch-pkg-vulnerabilities -u ) 2571.74Sjmmv else 2581.74Sjmmv echo "fetch_pkg_vulnerabilities is set to NO in daily.conf(5)." 2591.74Sjmmv echo "You should set it to YES to enable vulnerability checks." 2601.73Sjmmv fi 2611.73Sjmmvfi 2621.73Sjmmv 2631.25Slukemif checkyesno run_security; then 2641.36Slukem SECOUT="$DAILYDIR/sec" 2651.47Sgrant sh /etc/security > "$SECOUT" 2>&1 2661.36Slukem if [ ! -s "$SECOUT" ]; then 2671.49Sjhawk if checkyesno send_empty_security; then 2681.49Sjhawk echo "Nothing to report on $date" > "$SECOUT" 2691.49Sjhawk else 2701.49Sjhawk echo "" 2711.57Satatat echo "Suppressing empty security report." 2721.49Sjhawk fi 2731.49Sjhawk fi 2741.49Sjhawk if [ -s "$SECOUT" ]; then 2751.78Sdarcy if checkyesno separate_security_email; then 2761.78Sdarcy mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 2771.78Sdarcy else 2781.78Sdarcy echo "" 2791.78Sdarcy echo "$host daily insecurity output for $date:" 2801.78Sdarcy cat $SECOUT 2811.78Sdarcy fi 2821.28Slukem fi 2831.34Shubertffi 2841.34Shubertf 2851.34Shubertfif checkyesno run_skeyaudit; then 2861.52Sperry if [ -s /etc/skeykeys ]; then 2871.52Sperry echo "" 2881.52Sperry echo "Checking remaining s/key OTPs:" 2891.52Sperry skeyaudit 2901.52Sperry fi 2911.31Sadfi 2921.31Sad 2931.31Sadif [ -f /etc/daily.local ]; then 2941.69Shubertf ( . /etc/daily.local ) > $TMP 2>&1 2951.60Skim if [ -s $TMP ] ; then 2961.60Skim printf "\nRunning /etc/daily.local:\n" 2971.60Skim cat $TMP 2981.60Skim fi 2991.60Skim rm -f $TMP 3001.18Smrgfi 301