daily revision 1.82 
1#!/bin/sh -
2#
3#	$NetBSD: daily,v 1.82 2012/07/30 17:06:51 christos Exp $
4#	@(#)daily	8.2 (Berkeley) 1/25/94
5#
6
7export PATH=/bin:/usr/bin:/sbin:/usr/sbin
8umask 077
9
10if [ -s /etc/daily.conf ]; then
11	. /etc/daily.conf
12fi
13
14host="$(hostname)"
15date="$(date)"
16rcvar_manpage='daily.conf(5)'
17
18echo "To: ${MAILTO:-root}"
19echo "Subject: $host daily output for $date"
20echo ""
21
22if [ -f /etc/rc.subr ]; then
23	. /etc/rc.subr
24else
25	echo "Can't read /etc/rc.subr; aborting."
26	exit 1;
27fi
28
29if [ -z "$MAILTO" -o "$USER" != "root" ]; then
30	MAILTO=root
31fi
32
33if [ -n "${pkgdb_dir}" ]; then
34    echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
35    echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
36    _compat_K_flag="-K ${pkgdb_dir}"
37fi
38
39echo ""
40echo "Uptime: $(uptime)"
41
42# Uncommenting any of the finds below would open up a race condition attack
43# based on symlinks, potentially allowing removal of any file on the system.
44#
45#echo ""
46#echo "Removing scratch and junk files:"
47#if [ -d /tmp -a ! -h /tmp ]; then
48#	cd /tmp && {
49#	find . -type f -atime +3 -exec rm -f -- {} \;
50#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
51#	    >/dev/null 2>&1; }
52#fi
53
54#if [ -d /var/tmp -a ! -h /var/tmp ]; then
55#	cd /var/tmp && {
56#	find . ! -name . -atime +7 -exec rm -f -- {} \;
57#	find . ! \( -name . -o -name vi.recover \) -type d \
58#		-mtime +1 -exec rmdir -- {} \; \
59#	    >/dev/null 2>&1; }
60#fi
61
62# Additional junk directory cleanup would go like this:
63#if [ -d /scratch -a ! -h /scratch ]; then
64#	cd /scratch && {
65#	find . ! -name . -atime +1 -exec rm -f -- {} \;
66#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
67#	    >/dev/null 2>&1; }
68#fi
69
70#if [ -d /var/rwho -a ! -h /var/rwho ] ; then
71#	cd /var/rwho && {
72#	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
73#fi
74
75DAILYDIR=$(mktemp -d -t _daily) || exit 1
76
77trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
78
79if ! cd "$DAILYDIR"; then
80	echo "Can not cd to $DAILYDIR".
81	exit 1
82fi
83
84TMP=daily.$$
85TMP2=daily2.$$
86
87if checkyesno find_core; then
88	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
89	ignfstypes="$(echo $find_core_ignore_fstypes | \
90		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
91		    -e's/^-o //')"
92	# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
93	# Set ignpaths empty if no find_core_ignore_paths given
94	if [ -n "$find_core_ignore_paths" ]; then
95		ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
96		ignpaths="( ${ignpaths# -o } ) -prune -o"
97	else
98		ignpaths=""
99	fi
100	find / \( $ignfstypes \) -prune -o \
101		${ignpaths} \
102		-name 'lost+found' -prune -o \
103		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
104#		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
105#		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
106#			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
107
108	egrep '\.core$|^core$' $TMP > $TMP2
109	if [ -s $TMP2 ]; then
110		echo ""
111		echo "Possible core dumps:"
112		cat $TMP2
113	fi
114
115#	egrep -v '\.core' $TMP > $TMP2
116#	if [ -s $TMP2 ]; then
117#		echo ""
118#		echo "Deleted files:"
119#		cat $TMP2
120#	fi
121
122	rm -f $TMP $TMP2
123fi
124
125if checkyesno run_msgs; then
126	msgs -c
127fi
128
129if checkyesno expire_news && [ -f /etc/news.expire ]; then
130	/etc/news.expire
131fi
132
133if checkyesno purge_accounting && [ -f /var/account/acct ]; then
134	echo ""
135	echo "Purging accounting records:"
136	if [ -f /var/account/acct.0.gz ]; then
137		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
138		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
139		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
140	else
141		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
142		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
143		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
144	fi
145	cp /var/account/acct /var/account/acct.0
146	sa -sq
147	if [ -f /var/account/acct.1.gz ]; then
148		gzip /var/account/acct.0
149	fi
150fi
151
152if checkyesno run_calendar; then
153	calendar -a > $TMP 2>&1
154	if [ -s $TMP ]; then
155		echo ""
156		echo "Running calendar:"
157		cat $TMP
158	fi
159	rm -f $TMP
160fi
161
162if checkyesno check_disks; then
163	if checkyesno show_remote_fs; then
164		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
165	else
166		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
167	fi
168	if [ -s /etc/dumpdates ] ; then
169		dump -W > $TMP2
170	fi
171	if [ -s $TMP -o -s $TMP2 ]; then
172		echo ""
173		echo "Checking subsystem status:"
174		echo ""
175		echo "disks:"
176		if [ -s $TMP ]; then
177			cat $TMP | sed 's/Mounted on/Mount/'
178			echo ""
179		fi
180		if [ -s $TMP2 ]; then
181			cat $TMP2
182			echo ""
183		fi
184		echo ""
185	fi
186	rm -f $TMP $TMP2
187	touch $TMP2
188	for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
189		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
190		if [ -s $TMP ]; then
191			echo "$dev:" >> $TMP2
192			cat $TMP >> $TMP2
193		fi
194		rm -f $TMP
195	done
196	if [ -s $TMP2 ]; then
197		echo "failed RAIDframe component(s):"
198			cat $TMP2
199	fi
200	rm -f $TMP2
201fi
202
203if checkyesno check_mailq; then
204	mailq > $TMP
205	if ! grep -q "queue is empty$" $TMP; then
206		echo ""
207		echo "mail:"
208		cat $TMP
209	fi
210fi
211
212rm -f $TMP
213
214if checkyesno check_network; then
215	echo ""
216	echo "network:"
217	if checkyesno full_netstat; then
218		netstat -inv
219	else
220		netstat -inv | awk 'BEGIN {
221			ifs[""] = 0;
222		}
223		/^[^\*]* / {
224			if (NR == 1) {
225				printf("%-8s %12s %6s %12s %6s %6s\n",
226				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
227				next;
228			}
229			if (!($1 in ifs)) {
230				printf("%-8s %12s %6s %12s %6s %6s\n",
231				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
232				ifs[$1] = 1;
233			}
234		}'
235	fi
236	echo ""
237	t=/var/rwho/*
238	if [ "$t" != '/var/rwho/*' ]; then
239		ruptime
240	fi
241fi
242
243if checkyesno run_fsck; then
244	echo ""
245	echo "Checking filesystems:"
246	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
247fi
248
249echo ""
250if checkyesno run_rdist && [ -f /etc/Distfile ]; then
251	echo "Running rdist:"
252	if [ -d /var/log/rdist ]; then
253		logf="$(date +%Y.%b.%d)"
254		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
255	else
256		rdist -f /etc/Distfile 
257	fi
258fi
259
260if pkg_info ${_compat_K_flag} -q -E '*'; then
261	echo ""
262	echo "Fetching package vulnerabilities database:"
263	if checkyesno fetch_pkg_vulnerabilities; then
264		( umask 022 && pkg_admin ${_compat_K_flag} \
265		    fetch-pkg-vulnerabilities -u )
266	else
267		echo "fetch_pkg_vulnerabilities is set to NO in daily.conf(5)."
268		echo "You should set it to YES to enable vulnerability checks."
269	fi
270fi
271
272if checkyesno run_security; then
273	SECOUT="$DAILYDIR/sec"
274	sh /etc/security > "$SECOUT" 2>&1
275	if [ ! -s "$SECOUT" ]; then
276		if checkyesno send_empty_security; then
277			echo "Nothing to report on $date" > "$SECOUT"
278		else
279			echo ""
280			echo "Suppressing empty security report."
281		fi
282	fi
283	if [ -s "$SECOUT" ]; then
284		if checkyesno separate_security_email; then
285			mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
286		else
287		    echo ""
288		    echo "$host daily insecurity output for $date:"
289		    cat $SECOUT
290		fi
291	fi
292fi
293
294if checkyesno run_skeyaudit; then
295	if [ -s /etc/skeykeys ]; then
296		echo ""
297		echo "Checking remaining s/key OTPs:"
298		skeyaudit
299	fi
300fi
301
302if checkyesno run_makemandb; then
303	if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then
304		echo ""
305		echo "Updating man page index:"
306		(umask 022; nice -n 5 /usr/sbin/makemandb)
307	fi
308fi
309
310if [ -f /etc/daily.local ]; then
311	( . /etc/daily.local ) > $TMP 2>&1
312	if [ -s $TMP ] ; then
313		printf "\nRunning /etc/daily.local:\n"
314		cat $TMP
315	fi
316	rm -f $TMP
317fi
318