Home | History | Annotate | Line # | Download | only in etc
daily revision 1.86 
      1 #!/bin/sh -
      2 #
      3 #	$NetBSD: daily,v 1.86 2012/08/03 10:52:46 christos Exp $
      4 #	@(#)daily	8.2 (Berkeley) 1/25/94
      5 #
      6 
      7 export PATH=/bin:/usr/bin:/sbin:/usr/sbin
      8 umask 077
      9 
     10 if [ -s /etc/daily.conf ]; then
     11 	. /etc/daily.conf
     12 fi
     13 
     14 host="$(hostname)"
     15 date="$(date)"
     16 rcvar_manpage='daily.conf(5)'
     17 
     18 echo "To: ${MAILTO:-root}"
     19 echo "Subject: $host daily output for $date"
     20 echo ""
     21 
     22 if [ -f /etc/rc.subr ]; then
     23 	. /etc/rc.subr
     24 else
     25 	echo "Can't read /etc/rc.subr; aborting."
     26 	exit 1;
     27 fi
     28 
     29 if [ -z "$MAILTO" -o "$USER" != "root" ]; then
     30 	MAILTO=root
     31 fi
     32 
     33 if [ -n "${pkgdb_dir}" ]; then
     34     echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
     35     echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
     36     _compat_K_flag="-K ${pkgdb_dir}"
     37 fi
     38 
     39 echo ""
     40 echo "Uptime: $(uptime)"
     41 
     42 # Uncommenting any of the finds below would open up a race condition attack
     43 # based on symlinks, potentially allowing removal of any file on the system.
     44 #
     45 #echo ""
     46 #echo "Removing scratch and junk files:"
     47 #if [ -d /tmp -a ! -h /tmp ]; then
     48 #	cd /tmp && {
     49 #	find . -type f -atime +3 -exec rm -f -- {} \;
     50 #	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
     51 #	    >/dev/null 2>&1; }
     52 #fi
     53 
     54 #if [ -d /var/tmp -a ! -h /var/tmp ]; then
     55 #	cd /var/tmp && {
     56 #	find . ! -name . -atime +7 -exec rm -f -- {} \;
     57 #	find . ! \( -name . -o -name vi.recover \) -type d \
     58 #		-mtime +1 -exec rmdir -- {} \; \
     59 #	    >/dev/null 2>&1; }
     60 #fi
     61 
     62 # Additional junk directory cleanup would go like this:
     63 #if [ -d /scratch -a ! -h /scratch ]; then
     64 #	cd /scratch && {
     65 #	find . ! -name . -atime +1 -exec rm -f -- {} \;
     66 #	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
     67 #	    >/dev/null 2>&1; }
     68 #fi
     69 
     70 #if [ -d /var/rwho -a ! -h /var/rwho ] ; then
     71 #	cd /var/rwho && {
     72 #	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
     73 #fi
     74 
     75 DAILYDIR=$(mktemp -d -t _daily) || exit 1
     76 
     77 trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
     78 
     79 if ! cd "$DAILYDIR"; then
     80 	echo "Can not cd to $DAILYDIR".
     81 	exit 1
     82 fi
     83 
     84 TMP=daily.$$
     85 TMP2=daily2.$$
     86 
     87 if checkyesno find_core; then
     88 	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
     89 	ignfstypes="$(echo $find_core_ignore_fstypes | \
     90 		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
     91 		    -e's/^-o //')"
     92 	# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
     93 	# Set ignpaths empty if no find_core_ignore_paths given
     94 	if [ -n "$find_core_ignore_paths" ]; then
     95 		ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
     96 		ignpaths="( ${ignpaths# -o } ) -prune -o"
     97 	else
     98 		ignpaths=""
     99 	fi
    100 	find / \( $ignfstypes \) -prune -o \
    101 		${ignpaths} \
    102 		-name 'lost+found' -prune -o \
    103 		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
    104 #		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
    105 #		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
    106 #			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
    107 
    108 	egrep '\.core$|^core$' $TMP > $TMP2
    109 	if [ -s $TMP2 ]; then
    110 		echo ""
    111 		echo "Possible core dumps:"
    112 		cat $TMP2
    113 	fi
    114 
    115 #	egrep -v '\.core' $TMP > $TMP2
    116 #	if [ -s $TMP2 ]; then
    117 #		echo ""
    118 #		echo "Deleted files:"
    119 #		cat $TMP2
    120 #	fi
    121 
    122 	rm -f $TMP $TMP2
    123 fi
    124 
    125 if checkyesno run_msgs; then
    126 	msgs -c
    127 fi
    128 
    129 if checkyesno expire_news && [ -f /etc/news.expire ]; then
    130 	/etc/news.expire
    131 fi
    132 
    133 if checkyesno purge_accounting && [ -f /var/account/acct ]; then
    134 	echo ""
    135 	echo "Purging accounting records:"
    136 	if [ -f /var/account/acct.0.gz ]; then
    137 		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
    138 		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
    139 		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
    140 	else
    141 		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
    142 		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
    143 		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
    144 	fi
    145 	cp /var/account/acct /var/account/acct.0
    146 	sa -sq
    147 	if [ -f /var/account/acct.1.gz ]; then
    148 		gzip /var/account/acct.0
    149 	fi
    150 fi
    151 
    152 if checkyesno run_calendar; then
    153 	calendar -a > $TMP 2>&1
    154 	if [ -s $TMP ]; then
    155 		echo ""
    156 		echo "Running calendar:"
    157 		cat $TMP
    158 	fi
    159 	rm -f $TMP
    160 fi
    161 
    162 if checkyesno check_disks; then
    163 	if checkyesno show_remote_fs; then
    164 		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
    165 	else
    166 		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
    167 	fi
    168 	if [ -s /etc/dumpdates ] ; then
    169 		dump -W > $TMP2
    170 	fi
    171 	if [ -s $TMP -o -s $TMP2 ]; then
    172 		echo ""
    173 		echo "Checking subsystem status:"
    174 		echo ""
    175 		echo "disks:"
    176 		if [ -s $TMP ]; then
    177 			cat $TMP | sed 's/Mounted on/Mount/'
    178 			echo ""
    179 		fi
    180 		if [ -s $TMP2 ]; then
    181 			cat $TMP2
    182 			echo ""
    183 		fi
    184 		echo ""
    185 	fi
    186 	rm -f $TMP $TMP2
    187 	touch $TMP2
    188 	for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
    189 		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
    190 		if [ -s $TMP ]; then
    191 			echo "$dev:" >> $TMP2
    192 			cat $TMP >> $TMP2
    193 		fi
    194 		rm -f $TMP
    195 	done
    196 	if [ -s $TMP2 ]; then
    197 		echo "failed RAIDframe component(s):"
    198 			cat $TMP2
    199 	fi
    200 	rm -f $TMP2
    201 fi
    202 
    203 if checkyesno check_mailq; then
    204 	mailq > $TMP
    205 	if ! grep -q "queue is empty$" $TMP; then
    206 		echo ""
    207 		echo "mail:"
    208 		cat $TMP
    209 	fi
    210 fi
    211 
    212 rm -f $TMP
    213 
    214 if checkyesno check_network; then
    215 	echo ""
    216 	echo "network:"
    217 	if checkyesno full_netstat; then
    218 		netstat -inv
    219 	else
    220 		netstat -inv | awk 'BEGIN {
    221 			ifs[""] = 0;
    222 		}
    223 		/^[^\*]* / {
    224 			if (NR == 1) {
    225 				printf("%-8s %12s %6s %12s %6s %6s\n",
    226 				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
    227 				next;
    228 			}
    229 			if (!($1 in ifs)) {
    230 				printf("%-8s %12s %6s %12s %6s %6s\n",
    231 				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
    232 				ifs[$1] = 1;
    233 			}
    234 		}'
    235 	fi
    236 	echo ""
    237 	t=/var/rwho/*
    238 	if [ "$t" != '/var/rwho/*' ]; then
    239 		ruptime
    240 	fi
    241 fi
    242 
    243 if checkyesno run_fsck; then
    244 	echo ""
    245 	echo "Checking filesystems:"
    246 	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
    247 fi
    248 
    249 if checkyesno run_rdist && [ -f /etc/Distfile ]; then
    250 	echo ""
    251 	echo "Running rdist:"
    252 	if [ -d /var/log/rdist ]; then
    253 		logf="$(date +%Y.%b.%d)"
    254 		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
    255 	else
    256 		rdist -f /etc/Distfile 
    257 	fi
    258 fi
    259 
    260 if pkg_info ${_compat_K_flag} -q -E '*'; then
    261 	if [ -z "fetch_pkg_vulnerabilities" ]; then
    262 		echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
    263 		echo "You should set it to YES to enable vulnerability checks"
    264 		echo "or set it to NO to get rid of this warning."
    265 	elif checkyesno fetch_pkg_vulnerabilities; then
    266 		echo ""
    267 		echo "Fetching package vulnerabilities database:"
    268 		( umask 022 && pkg_admin ${_compat_K_flag} \
    269 		    fetch-pkg-vulnerabilities -u )
    270 	fi
    271 fi
    272 
    273 if checkyesno run_security; then
    274 	SECOUT="$DAILYDIR/sec"
    275 	sh /etc/security > "$SECOUT" 2>&1
    276 	if [ ! -s "$SECOUT" ]; then
    277 		if checkyesno send_empty_security; then
    278 			echo "Nothing to report on $date" > "$SECOUT"
    279 		else
    280 			echo ""
    281 			echo "Suppressing empty security report."
    282 		fi
    283 	fi
    284 	if [ -s "$SECOUT" ]; then
    285 		if checkyesno separate_security_email; then
    286 			mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
    287 		else
    288 		    echo ""
    289 		    echo "$host daily insecurity output for $date:"
    290 		    cat $SECOUT
    291 		fi
    292 	fi
    293 fi
    294 
    295 if checkyesno run_skeyaudit; then
    296 	if [ -s /etc/skeykeys ]; then
    297 		echo ""
    298 		echo "Checking remaining s/key OTPs:"
    299 		skeyaudit
    300 	fi
    301 fi
    302 
    303 if checkyesno run_makemandb; then
    304 	if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then
    305 		echo ""
    306 		echo "Updating man page index:"
    307 		(umask 022; nice -n 5 /usr/sbin/makemandb -q)
    308 	fi
    309 fi
    310 
    311 if [ -f /etc/daily.local ]; then
    312 	( . /etc/daily.local ) > $TMP 2>&1
    313 	if [ -s $TMP ] ; then
    314 		printf "\nRunning /etc/daily.local:\n"
    315 		cat $TMP
    316 	fi
    317 	rm -f $TMP
    318 fi
    319