daily revision 1.89
11.1Scgd#!/bin/sh - 21.1Scgd# 31.89Sagc# $NetBSD: daily,v 1.89 2013/05/01 05:36:25 agc Exp $ 41.21Smikel# @(#)daily 8.2 (Berkeley) 1/25/94 51.1Scgd# 61.18Smrg 71.27Smycroftexport PATH=/bin:/usr/bin:/sbin:/usr/sbin 81.28Slukemumask 077 91.28Slukem 101.28Slukemif [ -s /etc/daily.conf ]; then 111.28Slukem . /etc/daily.conf 121.28Slukemfi 131.89Sagcif [ -s /etc/pkgpath.conf ]; then 141.89Sagc . /etc/pkgpath.conf 151.89Sagcfi 161.28Slukem 171.77Schristoshost="$(hostname)" 181.77Schristosdate="$(date)" 191.59Sjmmvrcvar_manpage='daily.conf(5)' 201.1Scgd 211.28Slukemecho "To: ${MAILTO:-root}" 221.28Slukemecho "Subject: $host daily output for $date" 231.28Slukemecho "" 241.18Smrg 251.25Slukemif [ -f /etc/rc.subr ]; then 261.25Slukem . /etc/rc.subr 271.25Slukemelse 281.25Slukem echo "Can't read /etc/rc.subr; aborting." 291.25Slukem exit 1; 301.25Slukemfi 311.25Slukem 321.23Sphilif [ -z "$MAILTO" -o "$USER" != "root" ]; then 331.27Smycroft MAILTO=root 341.23Sphilfi 351.23Sphil 361.76Sjmmvif [ -n "${pkgdb_dir}" ]; then 371.76Sjmmv echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 381.76Sjmmv echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 391.76Sjmmv _compat_K_flag="-K ${pkgdb_dir}" 401.76Sjmmvfi 411.76Sjmmv 421.22Slukemecho "" 431.77Schristosecho "Uptime: $(uptime)" 441.18Smrg 451.29Sabs# Uncommenting any of the finds below would open up a race condition attack 461.29Sabs# based on symlinks, potentially allowing removal of any file on the system. 471.29Sabs# 481.17Sjtc#echo "" 491.17Sjtc#echo "Removing scratch and junk files:" 501.17Sjtc#if [ -d /tmp -a ! -h /tmp ]; then 511.17Sjtc# cd /tmp && { 521.17Sjtc# find . -type f -atime +3 -exec rm -f -- {} \; 531.17Sjtc# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 541.17Sjtc# >/dev/null 2>&1; } 551.17Sjtc#fi 561.1Scgd 571.17Sjtc#if [ -d /var/tmp -a ! -h /var/tmp ]; then 581.17Sjtc# cd /var/tmp && { 591.17Sjtc# find . ! -name . -atime +7 -exec rm -f -- {} \; 601.35Saymeric# find . ! \( -name . -o -name vi.recover \) -type d \ 611.35Saymeric# -mtime +1 -exec rmdir -- {} \; \ 621.17Sjtc# >/dev/null 2>&1; } 631.17Sjtc#fi 641.10Scgd 651.15Spk# Additional junk directory cleanup would go like this: 661.15Spk#if [ -d /scratch -a ! -h /scratch ]; then 671.15Spk# cd /scratch && { 681.15Spk# find . ! -name . -atime +1 -exec rm -f -- {} \; 691.15Spk# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 701.15Spk# >/dev/null 2>&1; } 711.15Spk#fi 721.10Scgd 731.17Sjtc#if [ -d /var/rwho -a ! -h /var/rwho ] ; then 741.17Sjtc# cd /var/rwho && { 751.17Sjtc# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 761.17Sjtc#fi 771.10Scgd 781.70SmarttiDAILYDIR=$(mktemp -d -t _daily) || exit 1 791.18Smrg 801.36Slukemtrap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 811.18Smrg 821.36Slukemif ! cd "$DAILYDIR"; then 831.36Slukem echo "Can not cd to $DAILYDIR". 841.18Smrg exit 1 851.18Smrgfi 861.18Smrg 871.10ScgdTMP=daily.$$ 881.18SmrgTMP2=daily2.$$ 891.18Smrg 901.25Slukemif checkyesno find_core; then 911.62Serh # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 921.77Schristos ignfstypes="$(echo $find_core_ignore_fstypes | \ 931.62Serh sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 941.77Schristos -e's/^-o //')" 951.82Schristos # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" 961.82Schristos # Set ignpaths empty if no find_core_ignore_paths given 971.82Schristos if [ -n "$find_core_ignore_paths" ]; then 981.82Schristos ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" 991.82Schristos ignpaths="( ${ignpaths# -o } ) -prune -o" 1001.82Schristos else 1011.82Schristos ignpaths="" 1021.82Schristos fi 1031.62Serh find / \( $ignfstypes \) -prune -o \ 1041.82Schristos ${ignpaths} \ 1051.48Satatat -name 'lost+found' -prune -o \ 1061.48Satatat \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 1071.18Smrg# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 1081.18Smrg# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 1091.18Smrg# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 1101.18Smrg 1111.26Snathanw egrep '\.core$|^core$' $TMP > $TMP2 1121.18Smrg if [ -s $TMP2 ]; then 1131.18Smrg echo "" 1141.18Smrg echo "Possible core dumps:" 1151.18Smrg cat $TMP2 1161.18Smrg fi 1171.18Smrg 1181.18Smrg# egrep -v '\.core' $TMP > $TMP2 1191.18Smrg# if [ -s $TMP2 ]; then 1201.18Smrg# echo "" 1211.18Smrg# echo "Deleted files:" 1221.18Smrg# cat $TMP2 1231.18Smrg# fi 1241.10Scgd 1251.18Smrg rm -f $TMP $TMP2 1261.18Smrgfi 1271.10Scgd 1281.25Slukemif checkyesno run_msgs; then 1291.18Smrg msgs -c 1301.18Smrgfi 1311.1Scgd 1321.25Slukemif checkyesno expire_news && [ -f /etc/news.expire ]; then 1331.1Scgd /etc/news.expire 1341.1Scgdfi 1351.1Scgd 1361.25Slukemif checkyesno purge_accounting && [ -f /var/account/acct ]; then 1371.21Smikel echo "" 1381.21Smikel echo "Purging accounting records:" 1391.58Smrg if [ -f /var/account/acct.0.gz ]; then 1401.58Smrg mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 1411.58Smrg mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 1421.58Smrg mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 1431.58Smrg else 1441.58Smrg mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 1451.58Smrg mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 1461.58Smrg mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 1471.58Smrg fi 1481.21Smikel cp /var/account/acct /var/account/acct.0 1491.21Smikel sa -sq 1501.58Smrg if [ -f /var/account/acct.1.gz ]; then 1511.58Smrg gzip /var/account/acct.0 1521.58Smrg fi 1531.1Scgdfi 1541.1Scgd 1551.25Slukemif checkyesno run_calendar; then 1561.50Sjhawk calendar -a > $TMP 2>&1 1571.18Smrg if [ -s $TMP ]; then 1581.18Smrg echo "" 1591.18Smrg echo "Running calendar:" 1601.18Smrg cat $TMP 1611.18Smrg fi 1621.18Smrg rm -f $TMP 1631.18Smrgfi 1641.1Scgd 1651.25Slukemif checkyesno check_disks; then 1661.55Sperry if checkyesno show_remote_fs; then 1671.72Sperry df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1681.55Sperry else 1691.72Sperry df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1701.55Sperry fi 1711.52Sperry if [ -s /etc/dumpdates ] ; then 1721.52Sperry dump -W > $TMP2 1731.52Sperry fi 1741.18Smrg if [ -s $TMP -o -s $TMP2 ]; then 1751.18Smrg echo "" 1761.18Smrg echo "Checking subsystem status:" 1771.18Smrg echo "" 1781.18Smrg echo "disks:" 1791.18Smrg if [ -s $TMP ]; then 1801.65Sperry cat $TMP | sed 's/Mounted on/Mount/' 1811.18Smrg echo "" 1821.18Smrg fi 1831.18Smrg if [ -s $TMP2 ]; then 1841.18Smrg cat $TMP2 1851.18Smrg echo "" 1861.18Smrg fi 1871.18Smrg echo "" 1881.18Smrg fi 1891.46Sbouyer rm -f $TMP $TMP2 1901.46Sbouyer touch $TMP2 1911.77Schristos for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 1921.46Sbouyer raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 1931.46Sbouyer if [ -s $TMP ]; then 1941.46Sbouyer echo "$dev:" >> $TMP2 1951.46Sbouyer cat $TMP >> $TMP2 1961.46Sbouyer fi 1971.46Sbouyer rm -f $TMP 1981.46Sbouyer done 1991.46Sbouyer if [ -s $TMP2 ]; then 2001.46Sbouyer echo "failed RAIDframe component(s):" 2011.46Sbouyer cat $TMP2 2021.46Sbouyer fi 2031.46Sbouyer rm -f $TMP2 2041.18Smrgfi 2051.18Smrg 2061.25Slukemif checkyesno check_mailq; then 2071.18Smrg mailq > $TMP 2081.44Slukem if ! grep -q "queue is empty$" $TMP; then 2091.18Smrg echo "" 2101.18Smrg echo "mail:" 2111.18Smrg cat $TMP 2121.18Smrg fi 2131.18Smrgfi 2141.18Smrg 2151.18Smrgrm -f $TMP 2161.1Scgd 2171.25Slukemif checkyesno check_network; then 2181.18Smrg echo "" 2191.18Smrg echo "network:" 2201.54Sperry if checkyesno full_netstat; then 2211.54Sperry netstat -inv 2221.54Sperry else 2231.61Smartin netstat -inv | awk 'BEGIN { 2241.54Sperry ifs[""] = 0; 2251.54Sperry } 2261.54Sperry /^[^\*]* / { 2271.54Sperry if (NR == 1) { 2281.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2291.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2301.54Sperry next; 2311.54Sperry } 2321.54Sperry if (!($1 in ifs)) { 2331.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2341.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2351.54Sperry ifs[$1] = 1; 2361.54Sperry } 2371.54Sperry }' 2381.54Sperry fi 2391.1Scgd echo "" 2401.18Smrg t=/var/rwho/* 2411.18Smrg if [ "$t" != '/var/rwho/*' ]; then 2421.18Smrg ruptime 2431.18Smrg fi 2441.1Scgdfi 2451.1Scgd 2461.25Slukemif checkyesno run_fsck; then 2471.18Smrg echo "" 2481.18Smrg echo "Checking filesystems:" 2491.71Sbouyer fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 2501.18Smrgfi 2511.1Scgd 2521.25Slukemif checkyesno run_rdist && [ -f /etc/Distfile ]; then 2531.85Schristos echo "" 2541.1Scgd echo "Running rdist:" 2551.20Smikel if [ -d /var/log/rdist ]; then 2561.77Schristos logf="$(date +%Y.%b.%d)" 2571.20Smikel rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 2581.20Smikel else 2591.20Smikel rdist -f /etc/Distfile 2601.20Smikel fi 2611.1Scgdfi 2621.1Scgd 2631.89Sagcif ${pkg_info} ${_compat_K_flag} -q -E '*'; then 2641.88Schristos if [ -z "$fetch_pkg_vulnerabilities" ]; then 2651.83Schristos echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." 2661.83Schristos echo "You should set it to YES to enable vulnerability checks" 2671.83Schristos echo "or set it to NO to get rid of this warning." 2681.85Schristos elif checkyesno fetch_pkg_vulnerabilities; then 2691.86Schristos echo "" 2701.86Schristos echo "Fetching package vulnerabilities database:" 2711.89Sagc ( umask 022 && ${pkg_admin} ${_compat_K_flag} \ 2721.85Schristos fetch-pkg-vulnerabilities -u ) 2731.73Sjmmv fi 2741.73Sjmmvfi 2751.73Sjmmv 2761.25Slukemif checkyesno run_security; then 2771.36Slukem SECOUT="$DAILYDIR/sec" 2781.47Sgrant sh /etc/security > "$SECOUT" 2>&1 2791.36Slukem if [ ! -s "$SECOUT" ]; then 2801.49Sjhawk if checkyesno send_empty_security; then 2811.49Sjhawk echo "Nothing to report on $date" > "$SECOUT" 2821.49Sjhawk else 2831.49Sjhawk echo "" 2841.57Satatat echo "Suppressing empty security report." 2851.49Sjhawk fi 2861.49Sjhawk fi 2871.49Sjhawk if [ -s "$SECOUT" ]; then 2881.78Sdarcy if checkyesno separate_security_email; then 2891.78Sdarcy mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 2901.78Sdarcy else 2911.78Sdarcy echo "" 2921.78Sdarcy echo "$host daily insecurity output for $date:" 2931.78Sdarcy cat $SECOUT 2941.78Sdarcy fi 2951.28Slukem fi 2961.34Shubertffi 2971.34Shubertf 2981.34Shubertfif checkyesno run_skeyaudit; then 2991.52Sperry if [ -s /etc/skeykeys ]; then 3001.52Sperry echo "" 3011.52Sperry echo "Checking remaining s/key OTPs:" 3021.52Sperry skeyaudit 3031.52Sperry fi 3041.31Sadfi 3051.31Sad 3061.79Sjoergif checkyesno run_makemandb; then 3071.79Sjoerg if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then 3081.79Sjoerg echo "" 3091.79Sjoerg echo "Updating man page index:" 3101.87Swiz (umask 022; nice -n 5 /usr/sbin/makemandb -Q) 3111.79Sjoerg fi 3121.79Sjoergfi 3131.79Sjoerg 3141.31Sadif [ -f /etc/daily.local ]; then 3151.69Shubertf ( . /etc/daily.local ) > $TMP 2>&1 3161.60Skim if [ -s $TMP ] ; then 3171.60Skim printf "\nRunning /etc/daily.local:\n" 3181.60Skim cat $TMP 3191.60Skim fi 3201.60Skim rm -f $TMP 3211.18Smrgfi 322