#!/bin/sh - # # $OpenBSD: daily,v 1.47 2004/11/15 18:10:48 nick Exp $ # From: @(#)daily 8.2 (Berkeley) 1/25/94 # PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin bak=/var/backups sysctl -n kern.version if [ -f /etc/daily.local ]; then echo "" echo "Running daily.local:" . /etc/daily.local fi TMP=`mktemp /tmp/_daily.XXXXXXXXXX` || exit 1 OUT=`mktemp /tmp/_security.XXXXXXXXXX` || { rm -f ${TMP} exit 1 } trap 'rm -f $TMP $OUT' 0 1 15 echo "" echo "Removing scratch and junk files:" if [ -d /tmp -a ! -L /tmp ]; then cd /tmp && { find -x . \( -path './ssh-*' -o -path './.X11-unix' \) -prune -o \ -type f -atime +3 -execdir rm -f -- {} \; find -x . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ >/dev/null 2>&1; } fi if [ -d /var/tmp -a ! -L /var/tmp ]; then cd /var/tmp && { find -x . \( -path './ssh-*' -o -path './.X11-unix' \) -prune -o \ ! -type d -atime +7 -execdir rm -f -- {} \; find -x . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ >/dev/null 2>&1; } fi # Additional junk directory cleanup would go like this: #if [ -d /scratch -a ! -L /scratch ]; then # cd /scratch && { # find . ! -name . -atime +1 -execdir rm -f -- {} \; # find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ # >/dev/null 2>&1; } #fi if [ -d /var/rwho -a ! -L /var/rwho ] ; then cd /var/rwho && { find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; } fi #find / \( ! -fstype local -o -fstype rdonly -o -fstype fdesc \ # -o -fstype kernfs -o -fstype procfs \) -a -prune -o \ # -name 'lost+found' -a -prune -o \ # -name '*.core' -a -print -o \ # \( -name '[#,]*' -o -name '.#*' -o -name a.out \ # -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ # -a -atime +3 -a -execdir rm -f -- {} \; -a -print > $TMP if egrep -q '\.core$' $TMP; then echo "" echo "Possible core dumps:" egrep '\.core$' $TMP fi if egrep -qv '\.core$' $TMP; then echo "" echo "Deleted files:" egrep -v '\.core$' $TMP fi if [ -d /var/msgs -a ! -L /var/msgs ]; then msgs -c fi if [ -f /var/account/acct ]; then echo "" echo "Purging accounting records:" mv -f /var/account/acct.2 /var/account/acct.3 mv -f /var/account/acct.1 /var/account/acct.2 mv -f /var/account/acct.0 /var/account/acct.1 cp -f /var/account/acct /var/account/acct.0 sa -sq fi # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs, on /dev/* and mounted "xx", # use it as a backup root filesystem to be updated daily. [ "X$ROOTBACKUP" = X1 ] && { rootdev=`awk '$2 == "/" && $1 ~ /^\/dev\// && $3 == "ffs" && \ $4 ~ /rw/ \ { print substr($1, 6) }' < /etc/fstab` rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \ $4 ~ /xx/ \ { print substr($1, 6) }' < /etc/fstab` [ X$rootdev != X -a X$rootbak != X ] && { sync echo "" echo "Backing up root filesystem:" echo "copying /dev/r$rootdev to /dev/r$rootbak" dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ conv=noerror fsck -y /dev/r$rootbak } } # Rotation of mail log now handled automatically by cron and 'newsyslog' echo "" echo "Checking subsystem status:" echo "" echo "disks:" df -kl echo "" dump W echo "" mailq > $TMP if ! grep -q "^/var/spool/mqueue is empty$" $TMP; then echo "" echo "mail:" cat $TMP fi echo "" echo "network:" netstat -ivn echo "" t=/var/rwho/* if [ "$t" != '/var/rwho/*' ]; then echo "" ruptime fi echo "" if [ -d /var/yp/binding -a ! -d /var/yp/`domainname` -o "X$CALENDAR" = X0 ] then if [ "X$CALENDAR" = X0 ]; then echo "Not running calendar, (disabled)." else echo "Not running calendar, (yp client)." fi else echo "Running calendar in the background." calendar -a & fi # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck # with the no-write flag. [ "X$CHECKFILESYSTEMS" = X1 ] && { echo "" echo "Checking filesystems:" fsck -n | grep -v '^\*\* Phase' } if [ -f /etc/Distfile ]; then echo "" echo "Running rdist:" if [ -d /var/log/rdist ]; then logf=`date +%Y.%b.%e` rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf else rdist -f /etc/Distfile fi fi sh /etc/security 2>&1 > $OUT if [ -s $OUT ]; then mail -s "`hostname` daily insecurity output" root < $OUT fi