etc/daily
author jmmv <jmmv@NetBSD.org>
Wed, 20 Jan 2010 22:19:20 +0000
branchtrunk
changeset 187325 3865bd7585cd
parent 187278 d62d0c2b4476
child 187526 4b850391b42d
permissions -rw-r--r--
Default fetch_pkg_vulnerabilities to NO and complain if it is set to that value when packages are found (so that the user knows he is not getting the vulnerability checks). Why? People is complaining. (And somehow, the argument that NetBSD doesn't do any network operation by default convinces me that it should continue to do so.) But still, I will be adding a question to sysinst to enable/disable this.

#!/bin/sh -
#
#	$NetBSD: daily,v 1.74 2010/01/20 22:19:20 jmmv Exp $
#	@(#)daily	8.2 (Berkeley) 1/25/94
#

export PATH=/bin:/usr/bin:/sbin:/usr/sbin
umask 077

if [ -s /etc/daily.conf ]; then
	. /etc/daily.conf
fi

host=`hostname`
date=`date`
rcvar_manpage='daily.conf(5)'

echo "To: ${MAILTO:-root}"
echo "Subject: $host daily output for $date"
echo ""

if [ -f /etc/rc.subr ]; then
	. /etc/rc.subr
else
	echo "Can't read /etc/rc.subr; aborting."
	exit 1;
fi

if [ -z "$MAILTO" -o "$USER" != "root" ]; then
	MAILTO=root
fi

echo ""
echo "Uptime: " `uptime`

# Uncommenting any of the finds below would open up a race condition attack
# based on symlinks, potentially allowing removal of any file on the system.
#
#echo ""
#echo "Removing scratch and junk files:"
#if [ -d /tmp -a ! -h /tmp ]; then
#	cd /tmp && {
#	find . -type f -atime +3 -exec rm -f -- {} \;
#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

#if [ -d /var/tmp -a ! -h /var/tmp ]; then
#	cd /var/tmp && {
#	find . ! -name . -atime +7 -exec rm -f -- {} \;
#	find . ! \( -name . -o -name vi.recover \) -type d \
#		-mtime +1 -exec rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

# Additional junk directory cleanup would go like this:
#if [ -d /scratch -a ! -h /scratch ]; then
#	cd /scratch && {
#	find . ! -name . -atime +1 -exec rm -f -- {} \;
#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
#	    >/dev/null 2>&1; }
#fi

#if [ -d /var/rwho -a ! -h /var/rwho ] ; then
#	cd /var/rwho && {
#	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
#fi

DAILYDIR=$(mktemp -d -t _daily) || exit 1

trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT

if ! cd "$DAILYDIR"; then
	echo "Can not cd to $DAILYDIR".
	exit 1
fi

TMP=daily.$$
TMP2=daily2.$$

if checkyesno find_core; then
	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
	ignfstypes=`echo $find_core_ignore_fstypes | \
		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
		    -e's/^-o //'`
	find / \( $ignfstypes \) -prune -o \
		-name 'lost+found' -prune -o \
		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
#		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
#		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
#			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP

	egrep '\.core$|^core$' $TMP > $TMP2
	if [ -s $TMP2 ]; then
		echo ""
		echo "Possible core dumps:"
		cat $TMP2
	fi

#	egrep -v '\.core' $TMP > $TMP2
#	if [ -s $TMP2 ]; then
#		echo ""
#		echo "Deleted files:"
#		cat $TMP2
#	fi

	rm -f $TMP $TMP2
fi

if checkyesno run_msgs; then
	msgs -c
fi

if checkyesno expire_news && [ -f /etc/news.expire ]; then
	/etc/news.expire
fi

if checkyesno purge_accounting && [ -f /var/account/acct ]; then
	echo ""
	echo "Purging accounting records:"
	if [ -f /var/account/acct.0.gz ]; then
		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
	else
		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
	fi
	cp /var/account/acct /var/account/acct.0
	sa -sq
	if [ -f /var/account/acct.1.gz ]; then
		gzip /var/account/acct.0
	fi
fi

if checkyesno run_calendar; then
	calendar -a > $TMP 2>&1
	if [ -s $TMP ]; then
		echo ""
		echo "Running calendar:"
		cat $TMP
	fi
	rm -f $TMP
fi

if checkyesno check_disks; then
	if checkyesno show_remote_fs; then
		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
	else
		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
	fi
	if [ -s /etc/dumpdates ] ; then
		dump -W > $TMP2
	fi
	if [ -s $TMP -o -s $TMP2 ]; then
		echo ""
		echo "Checking subsystem status:"
		echo ""
		echo "disks:"
		if [ -s $TMP ]; then
			cat $TMP | sed 's/Mounted on/Mount/'
			echo ""
		fi
		if [ -s $TMP2 ]; then
			cat $TMP2
			echo ""
		fi
		echo ""
	fi
	rm -f $TMP $TMP2
	touch $TMP2
	for dev in `iostat -x | awk '/^raid/ { print $1 }'`; do
		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
		if [ -s $TMP ]; then
			echo "$dev:" >> $TMP2
			cat $TMP >> $TMP2
		fi
		rm -f $TMP
	done
	if [ -s $TMP2 ]; then
		echo "failed RAIDframe component(s):"
			cat $TMP2
	fi
	rm -f $TMP2
fi

if checkyesno check_mailq; then
	mailq > $TMP
	if ! grep -q "queue is empty$" $TMP; then
		echo ""
		echo "mail:"
		cat $TMP
	fi
fi

rm -f $TMP

if checkyesno check_network; then
	echo ""
	echo "network:"
	if checkyesno full_netstat; then
		netstat -inv
	else
		netstat -inv | awk 'BEGIN {
			ifs[""] = 0;
		}
		/^[^\*]* / {
			if (NR == 1) {
				printf("%-8s %12s %6s %12s %6s %6s\n",
				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
				next;
			}
			if (!($1 in ifs)) {
				printf("%-8s %12s %6s %12s %6s %6s\n",
				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
				ifs[$1] = 1;
			}
		}'
	fi
	echo ""
	t=/var/rwho/*
	if [ "$t" != '/var/rwho/*' ]; then
		ruptime
	fi
fi

if checkyesno run_fsck; then
	echo ""
	echo "Checking filesystems:"
	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
fi

echo ""
if checkyesno run_rdist && [ -f /etc/Distfile ]; then
	echo "Running rdist:"
	if [ -d /var/log/rdist ]; then
		logf=`date +%Y.%b.%d`
		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
	else
		rdist -f /etc/Distfile 
	fi
fi

: ${pkgdb_dir:=/var/db/pkg}

if pkg_info -K ${pkgdb_dir} -q -E '*'; then
	echo ""
	echo "Fetching package vulnerabilities database:"
	if checkyesno fetch_pkg_vulnerabilities; then
		pkg_admin -K ${pkgdb_dir} fetch-pkg-vulnerabilities -u
	else
		echo "fetch_pkg_vulnerabilities is set to NO in daily.conf(5)."
		echo "You should set it to YES to enable vulnerability checks."
	fi
fi

if checkyesno run_security; then
	SECOUT="$DAILYDIR/sec"
	sh /etc/security > "$SECOUT" 2>&1
	if [ ! -s "$SECOUT" ]; then
		if checkyesno send_empty_security; then
			echo "Nothing to report on $date" > "$SECOUT"
		else
			echo ""
			echo "Suppressing empty security report."
		fi
	fi
	if [ -s "$SECOUT" ]; then
		mail -s "$host daily insecurity output for $date" \
		    "$MAILTO" < "$SECOUT"
	fi
fi

if checkyesno run_skeyaudit; then
	if [ -s /etc/skeykeys ]; then
		echo ""
		echo "Checking remaining s/key OTPs:"
		skeyaudit
	fi
fi

if [ -f /etc/daily.local ]; then
	( . /etc/daily.local ) > $TMP 2>&1
	if [ -s $TMP ] ; then
		printf "\nRunning /etc/daily.local:\n"
		cat $TMP
	fi
	rm -f $TMP
fi