daily revision 1.93
11.1Scgd#!/bin/sh - 21.1Scgd# 31.93Skre# $NetBSD: daily,v 1.93 2018/09/23 23:16:34 kre Exp $ 41.21Smikel# @(#)daily 8.2 (Berkeley) 1/25/94 51.1Scgd# 61.18Smrg 71.27Smycroftexport PATH=/bin:/usr/bin:/sbin:/usr/sbin 81.28Slukemumask 077 91.28Slukem 101.28Slukemif [ -s /etc/daily.conf ]; then 111.28Slukem . /etc/daily.conf 121.28Slukemfi 131.89Sagcif [ -s /etc/pkgpath.conf ]; then 141.89Sagc . /etc/pkgpath.conf 151.89Sagcfi 161.28Slukem 171.77Schristoshost="$(hostname)" 181.77Schristosdate="$(date)" 191.59Sjmmvrcvar_manpage='daily.conf(5)' 201.1Scgd 211.90Sprlw1pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin} 221.90Sprlw1pkg_info=${pkg_info:-/usr/sbin/pkg_info} 231.90Sprlw1 241.28Slukemecho "To: ${MAILTO:-root}" 251.28Slukemecho "Subject: $host daily output for $date" 261.28Slukemecho "" 271.18Smrg 281.25Slukemif [ -f /etc/rc.subr ]; then 291.25Slukem . /etc/rc.subr 301.25Slukemelse 311.25Slukem echo "Can't read /etc/rc.subr; aborting." 321.25Slukem exit 1; 331.25Slukemfi 341.25Slukem 351.93Skreif [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then 361.27Smycroft MAILTO=root 371.23Sphilfi 381.23Sphil 391.76Sjmmvif [ -n "${pkgdb_dir}" ]; then 401.92Suebayasi echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated" 411.92Suebayasi echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead" 421.92Suebayasi _compat_K_flag="-K ${pkgdb_dir}" 431.76Sjmmvfi 441.76Sjmmv 451.22Slukemecho "" 461.77Schristosecho "Uptime: $(uptime)" 471.18Smrg 481.29Sabs# Uncommenting any of the finds below would open up a race condition attack 491.29Sabs# based on symlinks, potentially allowing removal of any file on the system. 501.29Sabs# 511.17Sjtc#echo "" 521.17Sjtc#echo "Removing scratch and junk files:" 531.93Skre#if [ -d /tmp ] && ! [ -h /tmp ]; then 541.17Sjtc# cd /tmp && { 551.17Sjtc# find . -type f -atime +3 -exec rm -f -- {} \; 561.17Sjtc# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 571.17Sjtc# >/dev/null 2>&1; } 581.17Sjtc#fi 591.1Scgd 601.93Skre#if [ -d /var/tmp ] && ! [ -h /var/tmp ]; then 611.17Sjtc# cd /var/tmp && { 621.17Sjtc# find . ! -name . -atime +7 -exec rm -f -- {} \; 631.35Saymeric# find . ! \( -name . -o -name vi.recover \) -type d \ 641.35Saymeric# -mtime +1 -exec rmdir -- {} \; \ 651.17Sjtc# >/dev/null 2>&1; } 661.17Sjtc#fi 671.10Scgd 681.15Spk# Additional junk directory cleanup would go like this: 691.93Skre#if [ -d /scratch ] && ! [ -h /scratch ]; then 701.15Spk# cd /scratch && { 711.15Spk# find . ! -name . -atime +1 -exec rm -f -- {} \; 721.15Spk# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ 731.15Spk# >/dev/null 2>&1; } 741.15Spk#fi 751.10Scgd 761.93Skre#if [ -d /var/rwho ] && ! [ -h /var/rwho ] ; then 771.17Sjtc# cd /var/rwho && { 781.17Sjtc# find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } 791.17Sjtc#fi 801.10Scgd 811.70SmarttiDAILYDIR=$(mktemp -d -t _daily) || exit 1 821.18Smrg 831.36Slukemtrap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT 841.18Smrg 851.36Slukemif ! cd "$DAILYDIR"; then 861.36Slukem echo "Can not cd to $DAILYDIR". 871.18Smrg exit 1 881.18Smrgfi 891.18Smrg 901.10ScgdTMP=daily.$$ 911.18SmrgTMP2=daily2.$$ 921.18Smrg 931.25Slukemif checkyesno find_core; then 941.62Serh # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" 951.77Schristos ignfstypes="$(echo $find_core_ignore_fstypes | \ 961.62Serh sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ 971.77Schristos -e's/^-o //')" 981.82Schristos # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o" 991.82Schristos # Set ignpaths empty if no find_core_ignore_paths given 1001.82Schristos if [ -n "$find_core_ignore_paths" ]; then 1011.82Schristos ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)" 1021.82Schristos ignpaths="( ${ignpaths# -o } ) -prune -o" 1031.82Schristos else 1041.82Schristos ignpaths="" 1051.82Schristos fi 1061.62Serh find / \( $ignfstypes \) -prune -o \ 1071.82Schristos ${ignpaths} \ 1081.48Satatat -name 'lost+found' -prune -o \ 1091.48Satatat \( -name '*.core' -o -name 'core' \) -type f -print > $TMP 1101.18Smrg# \( -name '[#,]*' -o -name '.#*' -o -name a.out \ 1111.18Smrg# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ 1121.18Smrg# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP 1131.18Smrg 1141.26Snathanw egrep '\.core$|^core$' $TMP > $TMP2 1151.18Smrg if [ -s $TMP2 ]; then 1161.18Smrg echo "" 1171.18Smrg echo "Possible core dumps:" 1181.18Smrg cat $TMP2 1191.18Smrg fi 1201.18Smrg 1211.18Smrg# egrep -v '\.core' $TMP > $TMP2 1221.18Smrg# if [ -s $TMP2 ]; then 1231.18Smrg# echo "" 1241.18Smrg# echo "Deleted files:" 1251.18Smrg# cat $TMP2 1261.18Smrg# fi 1271.10Scgd 1281.18Smrg rm -f $TMP $TMP2 1291.18Smrgfi 1301.10Scgd 1311.25Slukemif checkyesno run_msgs; then 1321.18Smrg msgs -c 1331.18Smrgfi 1341.1Scgd 1351.25Slukemif checkyesno expire_news && [ -f /etc/news.expire ]; then 1361.1Scgd /etc/news.expire 1371.1Scgdfi 1381.1Scgd 1391.25Slukemif checkyesno purge_accounting && [ -f /var/account/acct ]; then 1401.21Smikel echo "" 1411.21Smikel echo "Purging accounting records:" 1421.58Smrg if [ -f /var/account/acct.0.gz ]; then 1431.58Smrg mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null 1441.58Smrg mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null 1451.58Smrg mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null 1461.58Smrg else 1471.58Smrg mv /var/account/acct.2 /var/account/acct.3 2>/dev/null 1481.58Smrg mv /var/account/acct.1 /var/account/acct.2 2>/dev/null 1491.58Smrg mv /var/account/acct.0 /var/account/acct.1 2>/dev/null 1501.58Smrg fi 1511.21Smikel cp /var/account/acct /var/account/acct.0 1521.21Smikel sa -sq 1531.58Smrg if [ -f /var/account/acct.1.gz ]; then 1541.58Smrg gzip /var/account/acct.0 1551.58Smrg fi 1561.1Scgdfi 1571.1Scgd 1581.25Slukemif checkyesno run_calendar; then 1591.50Sjhawk calendar -a > $TMP 2>&1 1601.18Smrg if [ -s $TMP ]; then 1611.18Smrg echo "" 1621.18Smrg echo "Running calendar:" 1631.18Smrg cat $TMP 1641.18Smrg fi 1651.18Smrg rm -f $TMP 1661.18Smrgfi 1671.1Scgd 1681.25Slukemif checkyesno check_disks; then 1691.55Sperry if checkyesno show_remote_fs; then 1701.72Sperry df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1711.55Sperry else 1721.72Sperry df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP 1731.55Sperry fi 1741.52Sperry if [ -s /etc/dumpdates ] ; then 1751.52Sperry dump -W > $TMP2 1761.52Sperry fi 1771.93Skre if [ -s $TMP ] || [ -s $TMP2 ]; then 1781.18Smrg echo "" 1791.18Smrg echo "Checking subsystem status:" 1801.18Smrg echo "" 1811.18Smrg echo "disks:" 1821.18Smrg if [ -s $TMP ]; then 1831.65Sperry cat $TMP | sed 's/Mounted on/Mount/' 1841.18Smrg echo "" 1851.18Smrg fi 1861.18Smrg if [ -s $TMP2 ]; then 1871.18Smrg cat $TMP2 1881.18Smrg echo "" 1891.18Smrg fi 1901.18Smrg echo "" 1911.18Smrg fi 1921.46Sbouyer rm -f $TMP $TMP2 1931.46Sbouyer touch $TMP2 1941.77Schristos for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do 1951.46Sbouyer raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP 1961.46Sbouyer if [ -s $TMP ]; then 1971.46Sbouyer echo "$dev:" >> $TMP2 1981.46Sbouyer cat $TMP >> $TMP2 1991.46Sbouyer fi 2001.46Sbouyer rm -f $TMP 2011.46Sbouyer done 2021.46Sbouyer if [ -s $TMP2 ]; then 2031.46Sbouyer echo "failed RAIDframe component(s):" 2041.46Sbouyer cat $TMP2 2051.46Sbouyer fi 2061.46Sbouyer rm -f $TMP2 2071.18Smrgfi 2081.18Smrg 2091.25Slukemif checkyesno check_mailq; then 2101.18Smrg mailq > $TMP 2111.44Slukem if ! grep -q "queue is empty$" $TMP; then 2121.18Smrg echo "" 2131.18Smrg echo "mail:" 2141.18Smrg cat $TMP 2151.18Smrg fi 2161.18Smrgfi 2171.18Smrg 2181.18Smrgrm -f $TMP 2191.1Scgd 2201.25Slukemif checkyesno check_network; then 2211.18Smrg echo "" 2221.18Smrg echo "network:" 2231.54Sperry if checkyesno full_netstat; then 2241.54Sperry netstat -inv 2251.54Sperry else 2261.61Smartin netstat -inv | awk 'BEGIN { 2271.54Sperry ifs[""] = 0; 2281.54Sperry } 2291.54Sperry /^[^\*]* / { 2301.54Sperry if (NR == 1) { 2311.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2321.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2331.54Sperry next; 2341.54Sperry } 2351.54Sperry if (!($1 in ifs)) { 2361.66Sjdolecek printf("%-8s %12s %6s %12s %6s %6s\n", 2371.54Sperry $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); 2381.54Sperry ifs[$1] = 1; 2391.54Sperry } 2401.54Sperry }' 2411.54Sperry fi 2421.1Scgd echo "" 2431.18Smrg t=/var/rwho/* 2441.18Smrg if [ "$t" != '/var/rwho/*' ]; then 2451.18Smrg ruptime 2461.18Smrg fi 2471.1Scgdfi 2481.1Scgd 2491.25Slukemif checkyesno run_fsck; then 2501.18Smrg echo "" 2511.91Swiz echo "Checking file systems:" 2521.71Sbouyer fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' 2531.18Smrgfi 2541.1Scgd 2551.25Slukemif checkyesno run_rdist && [ -f /etc/Distfile ]; then 2561.85Schristos echo "" 2571.1Scgd echo "Running rdist:" 2581.20Smikel if [ -d /var/log/rdist ]; then 2591.77Schristos logf="$(date +%Y.%b.%d)" 2601.20Smikel rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf 2611.20Smikel else 2621.20Smikel rdist -f /etc/Distfile 2631.20Smikel fi 2641.1Scgdfi 2651.1Scgd 2661.89Sagcif ${pkg_info} ${_compat_K_flag} -q -E '*'; then 2671.88Schristos if [ -z "$fetch_pkg_vulnerabilities" ]; then 2681.83Schristos echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)." 2691.83Schristos echo "You should set it to YES to enable vulnerability checks" 2701.83Schristos echo "or set it to NO to get rid of this warning." 2711.85Schristos elif checkyesno fetch_pkg_vulnerabilities; then 2721.86Schristos echo "" 2731.86Schristos echo "Fetching package vulnerabilities database:" 2741.89Sagc ( umask 022 && ${pkg_admin} ${_compat_K_flag} \ 2751.85Schristos fetch-pkg-vulnerabilities -u ) 2761.73Sjmmv fi 2771.73Sjmmvfi 2781.73Sjmmv 2791.25Slukemif checkyesno run_security; then 2801.36Slukem SECOUT="$DAILYDIR/sec" 2811.47Sgrant sh /etc/security > "$SECOUT" 2>&1 2821.36Slukem if [ ! -s "$SECOUT" ]; then 2831.49Sjhawk if checkyesno send_empty_security; then 2841.49Sjhawk echo "Nothing to report on $date" > "$SECOUT" 2851.49Sjhawk else 2861.49Sjhawk echo "" 2871.57Satatat echo "Suppressing empty security report." 2881.49Sjhawk fi 2891.49Sjhawk fi 2901.49Sjhawk if [ -s "$SECOUT" ]; then 2911.78Sdarcy if checkyesno separate_security_email; then 2921.78Sdarcy mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT 2931.78Sdarcy else 2941.78Sdarcy echo "" 2951.78Sdarcy echo "$host daily insecurity output for $date:" 2961.78Sdarcy cat $SECOUT 2971.78Sdarcy fi 2981.28Slukem fi 2991.34Shubertffi 3001.34Shubertf 3011.34Shubertfif checkyesno run_skeyaudit; then 3021.52Sperry if [ -s /etc/skeykeys ]; then 3031.52Sperry echo "" 3041.52Sperry echo "Checking remaining s/key OTPs:" 3051.52Sperry skeyaudit 3061.52Sperry fi 3071.31Sadfi 3081.31Sad 3091.79Sjoergif checkyesno run_makemandb; then 3101.93Skre if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then 3111.79Sjoerg echo "" 3121.79Sjoerg echo "Updating man page index:" 3131.87Swiz (umask 022; nice -n 5 /usr/sbin/makemandb -Q) 3141.79Sjoerg fi 3151.79Sjoergfi 3161.79Sjoerg 3171.31Sadif [ -f /etc/daily.local ]; then 3181.69Shubertf ( . /etc/daily.local ) > $TMP 2>&1 3191.60Skim if [ -s $TMP ] ; then 3201.60Skim printf "\nRunning /etc/daily.local:\n" 3211.60Skim cat $TMP 3221.60Skim fi 3231.60Skim rm -f $TMP 3241.18Smrgfi 325