daily revision 1.86
11.1Scgd#!/bin/sh - 21.1Scgd# 31.86Schristos# $NetBSD: daily,v 1.86 2012/08/03 10:52:46 christos Exp $ 41.21Smikel# @(#)daily 8.2 (Berkeley) 1/25/94 51.1Scgd# 61.18Smrg 71.27Smycroftexport PATH=/bin:/usr/bin:/sbin:/usr/sbin 81.28Slukemumask 077 91.28Slukem 101.28Slukemif [ -s /etc/daily.conf ]; then 111.28Slukem . /etc/daily.conf 121.28Slukemfi 131.28Slukem 141.77Schristoshost="$(hostname)" 151.77Schristosdate="$(date)" 161.59Sjmmvrcvar_manpage='daily.conf(5)' 171.1Scgd 181.28Slukemecho "To: ${MAILTO:-root}" 191.28Slukemecho "Subject: $host daily output for $date" 201.28Slukemecho "" 211.18Smrg 221.25Slukemif [ -f /etc/rc.subr ]; then 231.25Slukem . /etc/rc.subr 241.25Slukemelse 251.25Slukem echo "Can't read /etc/rc.subr; aborting." 261.25Slukem exit 1; 271.25Slukemfi 281.25Slukem 291.23Sphilif [ -z "$MAILTO" -o "$USER" != "root" ]; then 301.27Smycroft MAILTO=root 311.23Sphilfi 321.23Sphil 331.76Sjmmvif [ -n "${pkgdb_dir}" ]; then 341.76Sjmmv echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 351.76Sjmmv echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 361.76Sjmmv _compat_K_flag="-K ${pkgdb_dir}" 371.76Sjmmvfi 381.76Sjmmv 391.22Slukemecho "" 401.77Schristosecho "Uptime: $(uptime)" 411.18Smrg 421.29Sabs# Uncommenting any of the finds below would open up a race condition attack 431.29Sabs# based on symlinks, potentially allowing removal of any file on the system. 441.29Sabs# 451.17Sjtc#echo "" 461.17Sjtc#echo "Removing scratch and junk files:" 471.17Sjtc#if [ -d /tmp -a ! -h /tmp ]; then 481.17Sjtc# cd /tmp && { 491.17Sjtc# find . -type f -atime +3 -exec rm -f -- {} \; 501.17Sjtc# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 511.17Sjtc# >/dev/null 2>&1; } 521.17Sjtc#fi 531.1Scgd 541.17Sjtc#if [ -d /var/tmp -a ! -h /var/tmp ]; then 551.17Sjtc# cd /var/tmp && { 561.17Sjtc# find . ! -name . -atime +7 -exec rm -f -- {} \; 571.35Saymeric# find . ! \( -name . -o -name vi.recover \) -type d \ 581.35Saymeric# -mtime +1 -exec rmdir -- {} \; \ 591.17Sjtc# >/dev/null 2>&1; } 601.17Sjtc#fi 611.10Scgd 621.15Spk# Additional junk directory cleanup would go like this: 631.15Spk#if [ -d /scratch -a ! -h /scratch ]; then 641.15Spk# cd /scratch && { 651.15Spk# find . ! -name . -atime +1 -exec rm -f -- {} \; 661.15Spk# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 671.15Spk# >/dev/null 2>&1; } 681.15Spk#fi 691.10Scgd 701.17Sjtc#if [ -d /var/rwho -a ! -h /var/rwho ] ; then 711.17Sjtc# cd /var/rwho && { 721.17Sjtc# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 731.17Sjtc#fi 741.10Scgd 751.70SmarttiDAILYDIR=$(mktemp -d -t _daily) || exit 1 761.18Smrg 771.36Slukemtrap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 781.18Smrg 791.36Slukemif ! cd "$DAILYDIR"; then 801.36Slukem echo "Can not cd to $DAILYDIR". 811.18Smrg exit 1 821.18Smrgfi 831.18Smrg 841.10ScgdTMP=daily.$$ 851.18SmrgTMP2=daily2.$$ 861.18Smrg 871.25Slukemif checkyesno find_core; then 881.62Serh # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 891.77Schristos ignfstypes="$(echo $find_core_ignore_fstypes | \ 901.62Serh sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 911.77Schristos -e's/^-o //')" 921.82Schristos # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" 931.82Schristos # Set ignpaths empty if no find_core_ignore_paths given 941.82Schristos if [ -n "$find_core_ignore_paths" ]; then 951.82Schristos ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" 961.82Schristos ignpaths="( ${ignpaths# -o } ) -prune -o" 971.82Schristos else 981.82Schristos ignpaths="" 991.82Schristos fi 1001.62Serh find / \( $ignfstypes \) -prune -o \ 1011.82Schristos ${ignpaths} \ 1021.48Satatat -name 'lost+found' -prune -o \ 1031.48Satatat \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 1041.18Smrg# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 1051.18Smrg# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 1061.18Smrg# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 1071.18Smrg 1081.26Snathanw egrep '\.core$|^core$' $TMP > $TMP2 1091.18Smrg if [ -s $TMP2 ]; then 1101.18Smrg echo "" 1111.18Smrg echo "Possible core dumps:" 1121.18Smrg cat $TMP2 1131.18Smrg fi 1141.18Smrg 1151.18Smrg# egrep -v '\.core' $TMP > $TMP2 1161.18Smrg# if [ -s $TMP2 ]; then 1171.18Smrg# echo "" 1181.18Smrg# echo "Deleted files:" 1191.18Smrg# cat $TMP2 1201.18Smrg# fi 1211.10Scgd 1221.18Smrg rm -f $TMP $TMP2 1231.18Smrgfi 1241.10Scgd 1251.25Slukemif checkyesno run_msgs; then 1261.18Smrg msgs -c 1271.18Smrgfi 1281.1Scgd 1291.25Slukemif checkyesno expire_news && [ -f /etc/news.expire ]; then 1301.1Scgd /etc/news.expire 1311.1Scgdfi 1321.1Scgd 1331.25Slukemif checkyesno purge_accounting && [ -f /var/account/acct ]; then 1341.21Smikel echo "" 1351.21Smikel echo "Purging accounting records:" 1361.58Smrg if [ -f /var/account/acct.0.gz ]; then 1371.58Smrg mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 1381.58Smrg mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 1391.58Smrg mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 1401.58Smrg else 1411.58Smrg mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 1421.58Smrg mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 1431.58Smrg mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 1441.58Smrg fi 1451.21Smikel cp /var/account/acct /var/account/acct.0 1461.21Smikel sa -sq 1471.58Smrg if [ -f /var/account/acct.1.gz ]; then 1481.58Smrg gzip /var/account/acct.0 1491.58Smrg fi 1501.1Scgdfi 1511.1Scgd 1521.25Slukemif checkyesno run_calendar; then 1531.50Sjhawk calendar -a > $TMP 2>&1 1541.18Smrg if [ -s $TMP ]; then 1551.18Smrg echo "" 1561.18Smrg echo "Running calendar:" 1571.18Smrg cat $TMP 1581.18Smrg fi 1591.18Smrg rm -f $TMP 1601.18Smrgfi 1611.1Scgd 1621.25Slukemif checkyesno check_disks; then 1631.55Sperry if checkyesno show_remote_fs; then 1641.72Sperry df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1651.55Sperry else 1661.72Sperry df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1671.55Sperry fi 1681.52Sperry if [ -s /etc/dumpdates ] ; then 1691.52Sperry dump -W > $TMP2 1701.52Sperry fi 1711.18Smrg if [ -s $TMP -o -s $TMP2 ]; then 1721.18Smrg echo "" 1731.18Smrg echo "Checking subsystem status:" 1741.18Smrg echo "" 1751.18Smrg echo "disks:" 1761.18Smrg if [ -s $TMP ]; then 1771.65Sperry cat $TMP | sed 's/Mounted on/Mount/' 1781.18Smrg echo "" 1791.18Smrg fi 1801.18Smrg if [ -s $TMP2 ]; then 1811.18Smrg cat $TMP2 1821.18Smrg echo "" 1831.18Smrg fi 1841.18Smrg echo "" 1851.18Smrg fi 1861.46Sbouyer rm -f $TMP $TMP2 1871.46Sbouyer touch $TMP2 1881.77Schristos for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 1891.46Sbouyer raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 1901.46Sbouyer if [ -s $TMP ]; then 1911.46Sbouyer echo "$dev:" >> $TMP2 1921.46Sbouyer cat $TMP >> $TMP2 1931.46Sbouyer fi 1941.46Sbouyer rm -f $TMP 1951.46Sbouyer done 1961.46Sbouyer if [ -s $TMP2 ]; then 1971.46Sbouyer echo "failed RAIDframe component(s):" 1981.46Sbouyer cat $TMP2 1991.46Sbouyer fi 2001.46Sbouyer rm -f $TMP2 2011.18Smrgfi 2021.18Smrg 2031.25Slukemif checkyesno check_mailq; then 2041.18Smrg mailq > $TMP 2051.44Slukem if ! grep -q "queue is empty$" $TMP; then 2061.18Smrg echo "" 2071.18Smrg echo "mail:" 2081.18Smrg cat $TMP 2091.18Smrg fi 2101.18Smrgfi 2111.18Smrg 2121.18Smrgrm -f $TMP 2131.1Scgd 2141.25Slukemif checkyesno check_network; then 2151.18Smrg echo "" 2161.18Smrg echo "network:" 2171.54Sperry if checkyesno full_netstat; then 2181.54Sperry netstat -inv 2191.54Sperry else 2201.61Smartin netstat -inv | awk 'BEGIN { 2211.54Sperry ifs[""] = 0; 2221.54Sperry } 2231.54Sperry /^[^\*]* / { 2241.54Sperry if (NR == 1) { 2251.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2261.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2271.54Sperry next; 2281.54Sperry } 2291.54Sperry if (!($1 in ifs)) { 2301.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2311.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2321.54Sperry ifs[$1] = 1; 2331.54Sperry } 2341.54Sperry }' 2351.54Sperry fi 2361.1Scgd echo "" 2371.18Smrg t=/var/rwho/* 2381.18Smrg if [ "$t" != '/var/rwho/*' ]; then 2391.18Smrg ruptime 2401.18Smrg fi 2411.1Scgdfi 2421.1Scgd 2431.25Slukemif checkyesno run_fsck; then 2441.18Smrg echo "" 2451.18Smrg echo "Checking filesystems:" 2461.71Sbouyer fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 2471.18Smrgfi 2481.1Scgd 2491.25Slukemif checkyesno run_rdist && [ -f /etc/Distfile ]; then 2501.85Schristos echo "" 2511.1Scgd echo "Running rdist:" 2521.20Smikel if [ -d /var/log/rdist ]; then 2531.77Schristos logf="$(date +%Y.%b.%d)" 2541.20Smikel rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 2551.20Smikel else 2561.20Smikel rdist -f /etc/Distfile 2571.20Smikel fi 2581.1Scgdfi 2591.1Scgd 2601.76Sjmmvif pkg_info ${_compat_K_flag} -q -E '*'; then 2611.85Schristos if [ -z "fetch_pkg_vulnerabilities" ]; then 2621.83Schristos echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." 2631.83Schristos echo "You should set it to YES to enable vulnerability checks" 2641.83Schristos echo "or set it to NO to get rid of this warning." 2651.85Schristos elif checkyesno fetch_pkg_vulnerabilities; then 2661.86Schristos echo "" 2671.86Schristos echo "Fetching package vulnerabilities database:" 2681.85Schristos ( umask 022 && pkg_admin ${_compat_K_flag} \ 2691.85Schristos fetch-pkg-vulnerabilities -u ) 2701.73Sjmmv fi 2711.73Sjmmvfi 2721.73Sjmmv 2731.25Slukemif checkyesno run_security; then 2741.36Slukem SECOUT="$DAILYDIR/sec" 2751.47Sgrant sh /etc/security > "$SECOUT" 2>&1 2761.36Slukem if [ ! -s "$SECOUT" ]; then 2771.49Sjhawk if checkyesno send_empty_security; then 2781.49Sjhawk echo "Nothing to report on $date" > "$SECOUT" 2791.49Sjhawk else 2801.49Sjhawk echo "" 2811.57Satatat echo "Suppressing empty security report." 2821.49Sjhawk fi 2831.49Sjhawk fi 2841.49Sjhawk if [ -s "$SECOUT" ]; then 2851.78Sdarcy if checkyesno separate_security_email; then 2861.78Sdarcy mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 2871.78Sdarcy else 2881.78Sdarcy echo "" 2891.78Sdarcy echo "$host daily insecurity output for $date:" 2901.78Sdarcy cat $SECOUT 2911.78Sdarcy fi 2921.28Slukem fi 2931.34Shubertffi 2941.34Shubertf 2951.34Shubertfif checkyesno run_skeyaudit; then 2961.52Sperry if [ -s /etc/skeykeys ]; then 2971.52Sperry echo "" 2981.52Sperry echo "Checking remaining s/key OTPs:" 2991.52Sperry skeyaudit 3001.52Sperry fi 3011.31Sadfi 3021.31Sad 3031.79Sjoergif checkyesno run_makemandb; then 3041.79Sjoerg if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then 3051.79Sjoerg echo "" 3061.79Sjoerg echo "Updating man page index:" 3071.84Sjdf (umask 022; nice -n 5 /usr/sbin/makemandb -q) 3081.79Sjoerg fi 3091.79Sjoergfi 3101.79Sjoerg 3111.31Sadif [ -f /etc/daily.local ]; then 3121.69Shubertf ( . /etc/daily.local ) > $TMP 2>&1 3131.60Skim if [ -s $TMP ] ; then 3141.60Skim printf "\nRunning /etc/daily.local:\n" 3151.60Skim cat $TMP 3161.60Skim fi 3171.60Skim rm -f $TMP 3181.18Smrgfi 319