# # $OpenBSD: daily,v 1.67 2010/07/25 08:49:03 espie Exp $ # From: @(#)daily 8.2 (Berkeley) 1/25/94 # # For local additions, create the file /etc/daily.local. # To get section headers, use the function next_part in daily.local. # umask 022 PARTOUT=/var/log/daily.part MAINOUT=/var/log/daily.out install -o 0 -g 0 -m 600 /dev/null $PARTOUT install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT start_part() { TITLE=$1 exec > $PARTOUT 2>&1 } end_part() { exec >> $MAINOUT 2>&1 test -s $PARTOUT || return echo "" echo "$TITLE" cat $PARTOUT } next_part() { end_part start_part "$1" } run_script() { f=/etc/$1 test -e $f || return if [ `stat -f '%Sp%u' $f | cut -b1,6,9,11-` != '---0' ]; then echo "$f has insecure permissions, skipping:" ls -l $f return fi . $f } start_part "Running daily.local:" run_script "daily.local" next_part "Removing scratch and junk files:" if [ -d /tmp -a ! -L /tmp ]; then cd /tmp && { find -x . \ \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ -o -path ./portslocks \) \ -prune -o -type f -atime +3 -execdir rm -f -- {} \; find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ ! -path ./.ICE-unix ! -path ./portslocks ! -name . \ -execdir rmdir -- {} \; >/dev/null 2>&1; } fi if [ -d /var/tmp -a ! -L /var/tmp ]; then cd /var/tmp && { find -x . \ \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ -o -path ./portslocks \) \ -prune -o ! -type d -atime +7 -execdir rm -f -- {} \; find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ ! -path ./.ICE-unix ! -path ./portslocks ! -name . \ -execdir rmdir -- {} \; >/dev/null 2>&1; } fi # Additional junk directory cleanup would go like this: #if [ -d /scratch -a ! -L /scratch ]; then # cd /scratch && { # find . ! -name . -atime +1 -execdir rm -f -- {} \; # find . ! -name . -type d -mtime +1 -execdir rmdir -- {} \; \ # >/dev/null 2>&1; } #fi if [ -d /var/rwho -a ! -L /var/rwho ] ; then cd /var/rwho && { find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; } fi if [ -d /var/msgs -a ! -L /var/msgs ]; then msgs -c fi next_part "Purging accounting records:" if [ -f /var/account/acct ]; then mv -f /var/account/acct.2 /var/account/acct.3 mv -f /var/account/acct.1 /var/account/acct.2 mv -f /var/account/acct.0 /var/account/acct.1 cp -f /var/account/acct /var/account/acct.0 sa -sq fi # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs, on /dev/* and mounted "xx", # use it as a backup root filesystem to be updated daily. next_part "Backing up root filesystem:" while [ "X$ROOTBACKUP" = X1 ]; do rootbak=`awk '$2 == "/altroot" && $1 ~ /^\/dev\// && $3 == "ffs" && \ $4 ~ /xx/ \ { print substr($1, 6) }' < /etc/fstab` if [ -z "$rootbak" ]; then echo "No xx ffs /altroot device found in the fstab(5)." break fi bakdisk=${rootbak%[a-p]} sysctl -n hw.disknames | grep -Fqw $bakdisk || break bakpart=${rootbak#$bakdisk} baksize=`disklabel $bakdisk 2>/dev/null | \ awk -v "part=$bakpart:" '$1 == part { print $2 }'` rootdev=`mount | awk '$3 == "/" && $1 ~ /^\/dev\// && $5 == "ffs" \ { print substr($1, 6) }'` if [ -z "$rootdev" ]; then echo "The root filesystem is not local or not ffs." break fi if [ X$rootdev = X$rootbak ]; then echo "The device $rootdev holds both root and /altroot." break fi rootdisk=${rootdev%[a-p]} rootpart=${rootdev#$rootdisk} rootsize=`disklabel $rootdisk 2>/dev/null | \ awk -v "part=$rootpart:" '$1 == part { print $2 }'` if [ $rootsize -gt $baksize ]; then echo "Root ($rootsize) is larger than /altroot ($baksize)." break fi next_part "Backing up root=/dev/r$rootdev to /dev/r$rootbak:" sync dd if=/dev/r$rootdev of=/dev/r$rootbak bs=16b seek=1 skip=1 \ conv=noerror fsck -y /dev/r$rootbak break done next_part "Checking subsystem status:" if [ "X$VERBOSESTATUS" != X0 ]; then echo "" echo "disks:" df -kl echo "" dump W fi # The first two regular expressions handle sendmail, the third postfix. # When the queue is empty, smtpd(8) and exim -bp keep silent. next_part "mail:" mailq | grep -v -e "^/var/spool/mqueue is empty$" \ -e "^[[:blank:]]*Total requests: 0$" \ -e "^Mail queue is empty$" next_part "network:" if [ "X$VERBOSESTATUS" != X0 ]; then netstat -ivn t=/var/rwho/* if [ "$t" != '/var/rwho/*' ]; then echo "" ruptime fi fi next_part "Running calendar in the background:" if [ "X$CALENDAR" != X0 -a \ \( -d /var/yp/`domainname` -o ! -d /var/yp/binding \) ]; then calendar -a & fi # If CHECKFILESYSTEMS is set to 1 in the environment, run fsck # with the no-write flag. next_part "Checking filesystems:" [ "X$CHECKFILESYSTEMS" = X1 ] && { fsck -n | grep -v '^\*\* Phase' } next_part "Running rdist:" if [ -f /etc/Distfile ]; then if [ -d /var/log/rdist ]; then rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/`date +%F` else rdist -f /etc/Distfile fi fi end_part [ -s $MAINOUT ] && { sysctl -n kern.version uptime cat $MAINOUT } 2>&1 | mail -s "`hostname` daily output" root MAINOUT=/var/log/security.out install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT start_part "Running /etc/security:" run_script "security" end_part rm -f $PARTOUT [ -s $MAINOUT ] && mail -s "`hostname` daily insecurity output" root < $MAINOUT