Home | History | Annotate | Line # | Download | only in etc
daily revision 1.89 
      1 #!/bin/sh -
      2 #
      3 #	$NetBSD: daily,v 1.89 2013/05/01 05:36:25 agc Exp $
      4 #	@(#)daily	8.2 (Berkeley) 1/25/94
      5 #
      6 
      7 export PATH=/bin:/usr/bin:/sbin:/usr/sbin
      8 umask 077
      9 
     10 if [ -s /etc/daily.conf ]; then
     11 	. /etc/daily.conf
     12 fi
     13 if [ -s /etc/pkgpath.conf ]; then
     14 	. /etc/pkgpath.conf
     15 fi
     16 
     17 host="$(hostname)"
     18 date="$(date)"
     19 rcvar_manpage='daily.conf(5)'
     20 
     21 echo "To: ${MAILTO:-root}"
     22 echo "Subject: $host daily output for $date"
     23 echo ""
     24 
     25 if [ -f /etc/rc.subr ]; then
     26 	. /etc/rc.subr
     27 else
     28 	echo "Can't read /etc/rc.subr; aborting."
     29 	exit 1;
     30 fi
     31 
     32 if [ -z "$MAILTO" -o "$USER" != "root" ]; then
     33 	MAILTO=root
     34 fi
     35 
     36 if [ -n "${pkgdb_dir}" ]; then
     37     echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
     38     echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
     39     _compat_K_flag="-K ${pkgdb_dir}"
     40 fi
     41 
     42 echo ""
     43 echo "Uptime: $(uptime)"
     44 
     45 # Uncommenting any of the finds below would open up a race condition attack
     46 # based on symlinks, potentially allowing removal of any file on the system.
     47 #
     48 #echo ""
     49 #echo "Removing scratch and junk files:"
     50 #if [ -d /tmp -a ! -h /tmp ]; then
     51 #	cd /tmp && {
     52 #	find . -type f -atime +3 -exec rm -f -- {} \;
     53 #	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
     54 #	    >/dev/null 2>&1; }
     55 #fi
     56 
     57 #if [ -d /var/tmp -a ! -h /var/tmp ]; then
     58 #	cd /var/tmp && {
     59 #	find . ! -name . -atime +7 -exec rm -f -- {} \;
     60 #	find . ! \( -name . -o -name vi.recover \) -type d \
     61 #		-mtime +1 -exec rmdir -- {} \; \
     62 #	    >/dev/null 2>&1; }
     63 #fi
     64 
     65 # Additional junk directory cleanup would go like this:
     66 #if [ -d /scratch -a ! -h /scratch ]; then
     67 #	cd /scratch && {
     68 #	find . ! -name . -atime +1 -exec rm -f -- {} \;
     69 #	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
     70 #	    >/dev/null 2>&1; }
     71 #fi
     72 
     73 #if [ -d /var/rwho -a ! -h /var/rwho ] ; then
     74 #	cd /var/rwho && {
     75 #	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
     76 #fi
     77 
     78 DAILYDIR=$(mktemp -d -t _daily) || exit 1
     79 
     80 trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
     81 
     82 if ! cd "$DAILYDIR"; then
     83 	echo "Can not cd to $DAILYDIR".
     84 	exit 1
     85 fi
     86 
     87 TMP=daily.$$
     88 TMP2=daily2.$$
     89 
     90 if checkyesno find_core; then
     91 	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
     92 	ignfstypes="$(echo $find_core_ignore_fstypes | \
     93 		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
     94 		    -e's/^-o //')"
     95 	# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
     96 	# Set ignpaths empty if no find_core_ignore_paths given
     97 	if [ -n "$find_core_ignore_paths" ]; then
     98 		ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
     99 		ignpaths="( ${ignpaths# -o } ) -prune -o"
    100 	else
    101 		ignpaths=""
    102 	fi
    103 	find / \( $ignfstypes \) -prune -o \
    104 		${ignpaths} \
    105 		-name 'lost+found' -prune -o \
    106 		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
    107 #		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
    108 #		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
    109 #			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
    110 
    111 	egrep '\.core$|^core$' $TMP > $TMP2
    112 	if [ -s $TMP2 ]; then
    113 		echo ""
    114 		echo "Possible core dumps:"
    115 		cat $TMP2
    116 	fi
    117 
    118 #	egrep -v '\.core' $TMP > $TMP2
    119 #	if [ -s $TMP2 ]; then
    120 #		echo ""
    121 #		echo "Deleted files:"
    122 #		cat $TMP2
    123 #	fi
    124 
    125 	rm -f $TMP $TMP2
    126 fi
    127 
    128 if checkyesno run_msgs; then
    129 	msgs -c
    130 fi
    131 
    132 if checkyesno expire_news && [ -f /etc/news.expire ]; then
    133 	/etc/news.expire
    134 fi
    135 
    136 if checkyesno purge_accounting && [ -f /var/account/acct ]; then
    137 	echo ""
    138 	echo "Purging accounting records:"
    139 	if [ -f /var/account/acct.0.gz ]; then
    140 		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
    141 		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
    142 		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
    143 	else
    144 		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
    145 		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
    146 		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
    147 	fi
    148 	cp /var/account/acct /var/account/acct.0
    149 	sa -sq
    150 	if [ -f /var/account/acct.1.gz ]; then
    151 		gzip /var/account/acct.0
    152 	fi
    153 fi
    154 
    155 if checkyesno run_calendar; then
    156 	calendar -a > $TMP 2>&1
    157 	if [ -s $TMP ]; then
    158 		echo ""
    159 		echo "Running calendar:"
    160 		cat $TMP
    161 	fi
    162 	rm -f $TMP
    163 fi
    164 
    165 if checkyesno check_disks; then
    166 	if checkyesno show_remote_fs; then
    167 		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
    168 	else
    169 		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
    170 	fi
    171 	if [ -s /etc/dumpdates ] ; then
    172 		dump -W > $TMP2
    173 	fi
    174 	if [ -s $TMP -o -s $TMP2 ]; then
    175 		echo ""
    176 		echo "Checking subsystem status:"
    177 		echo ""
    178 		echo "disks:"
    179 		if [ -s $TMP ]; then
    180 			cat $TMP | sed 's/Mounted on/Mount/'
    181 			echo ""
    182 		fi
    183 		if [ -s $TMP2 ]; then
    184 			cat $TMP2
    185 			echo ""
    186 		fi
    187 		echo ""
    188 	fi
    189 	rm -f $TMP $TMP2
    190 	touch $TMP2
    191 	for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
    192 		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
    193 		if [ -s $TMP ]; then
    194 			echo "$dev:" >> $TMP2
    195 			cat $TMP >> $TMP2
    196 		fi
    197 		rm -f $TMP
    198 	done
    199 	if [ -s $TMP2 ]; then
    200 		echo "failed RAIDframe component(s):"
    201 			cat $TMP2
    202 	fi
    203 	rm -f $TMP2
    204 fi
    205 
    206 if checkyesno check_mailq; then
    207 	mailq > $TMP
    208 	if ! grep -q "queue is empty$" $TMP; then
    209 		echo ""
    210 		echo "mail:"
    211 		cat $TMP
    212 	fi
    213 fi
    214 
    215 rm -f $TMP
    216 
    217 if checkyesno check_network; then
    218 	echo ""
    219 	echo "network:"
    220 	if checkyesno full_netstat; then
    221 		netstat -inv
    222 	else
    223 		netstat -inv | awk 'BEGIN {
    224 			ifs[""] = 0;
    225 		}
    226 		/^[^\*]* / {
    227 			if (NR == 1) {
    228 				printf("%-8s %12s %6s %12s %6s %6s\n",
    229 				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
    230 				next;
    231 			}
    232 			if (!($1 in ifs)) {
    233 				printf("%-8s %12s %6s %12s %6s %6s\n",
    234 				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
    235 				ifs[$1] = 1;
    236 			}
    237 		}'
    238 	fi
    239 	echo ""
    240 	t=/var/rwho/*
    241 	if [ "$t" != '/var/rwho/*' ]; then
    242 		ruptime
    243 	fi
    244 fi
    245 
    246 if checkyesno run_fsck; then
    247 	echo ""
    248 	echo "Checking filesystems:"
    249 	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
    250 fi
    251 
    252 if checkyesno run_rdist && [ -f /etc/Distfile ]; then
    253 	echo ""
    254 	echo "Running rdist:"
    255 	if [ -d /var/log/rdist ]; then
    256 		logf="$(date +%Y.%b.%d)"
    257 		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
    258 	else
    259 		rdist -f /etc/Distfile 
    260 	fi
    261 fi
    262 
    263 if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
    264 	if [ -z "$fetch_pkg_vulnerabilities" ]; then
    265 		echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
    266 		echo "You should set it to YES to enable vulnerability checks"
    267 		echo "or set it to NO to get rid of this warning."
    268 	elif checkyesno fetch_pkg_vulnerabilities; then
    269 		echo ""
    270 		echo "Fetching package vulnerabilities database:"
    271 		( umask 022 && ${pkg_admin} ${_compat_K_flag} \
    272 		    fetch-pkg-vulnerabilities -u )
    273 	fi
    274 fi
    275 
    276 if checkyesno run_security; then
    277 	SECOUT="$DAILYDIR/sec"
    278 	sh /etc/security > "$SECOUT" 2>&1
    279 	if [ ! -s "$SECOUT" ]; then
    280 		if checkyesno send_empty_security; then
    281 			echo "Nothing to report on $date" > "$SECOUT"
    282 		else
    283 			echo ""
    284 			echo "Suppressing empty security report."
    285 		fi
    286 	fi
    287 	if [ -s "$SECOUT" ]; then
    288 		if checkyesno separate_security_email; then
    289 			mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
    290 		else
    291 		    echo ""
    292 		    echo "$host daily insecurity output for $date:"
    293 		    cat $SECOUT
    294 		fi
    295 	fi
    296 fi
    297 
    298 if checkyesno run_skeyaudit; then
    299 	if [ -s /etc/skeykeys ]; then
    300 		echo ""
    301 		echo "Checking remaining s/key OTPs:"
    302 		skeyaudit
    303 	fi
    304 fi
    305 
    306 if checkyesno run_makemandb; then
    307 	if [ -f /etc/man.conf -a -x /usr/sbin/makemandb ]; then
    308 		echo ""
    309 		echo "Updating man page index:"
    310 		(umask 022; nice -n 5 /usr/sbin/makemandb -Q)
    311 	fi
    312 fi
    313 
    314 if [ -f /etc/daily.local ]; then
    315 	( . /etc/daily.local ) > $TMP 2>&1
    316 	if [ -s $TMP ] ; then
    317 		printf "\nRunning /etc/daily.local:\n"
    318 		cat $TMP
    319 	fi
    320 	rm -f $TMP
    321 fi
    322