Commit Graph

50 Commits

Author SHA1 Message Date
jhawk
74f5f0da45 Redirect stderr as well as stdout in run_calendar (calendar -a) 2003-10-01 05:34:50 +00:00
jhawk
3b390ffb5f Suppress emailing the daily security report if it is empty, unless
send_empty_security=YES. Implements change-request PR security/17249
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:35:46 +00:00
atatat
3ce3a9a2c4 When finding core files, only print the names of things that are
*files*, (ie, not directories, or symlinks, or...).  Also remove
the -a instances.  They're implicit.
2003-02-04 05:31:18 +00:00
grant
47224db054 fix /etc/security stderr redirection.
from rad@twig.com in PR bin/19553.
2002-12-25 02:41:03 +00:00
bouyer
42b4a64371 If check_disks=YES, check for failed components in RAIDframe devices. 2002-01-27 22:08:50 +00:00
lukem
6297d767ef Ignore errors from /var/account/acct.[123] rotation.
Fix from Katsuomi Hamajima in [misc/13804]
2001-12-18 00:51:16 +00:00
lukem
0770a23f52 Correctly detect empty mailq with new sendmail versions.
Fix from Anne Bennett in [bin/12901]
2001-12-18 00:48:05 +00:00
lukem
9fe1ef5dc8 Add nullfs to the list of file system types to skip during the "big finds".
Fix from Alan Barrett in [misc/14957].
2001-12-18 00:44:20 +00:00
atatat
8d76c9bee4 Watching inode usage is important, too. 2001-11-23 04:20:27 +00:00
perry
b159dba912 Fix a mysterious
csh: Permission denied
	csh: Trying to start from "/var/log"
message.

This was caused by the
	su -m uucp -c "uustat -a"
line being executed in a directory not readable by uucp. The login
shell implied by -m is of course root's shell, /bin/csh, which doesn't
like not being able to read the dir it is in, and thus the errors. By
temporarily cd'ing to /tmp the problem is fixed.

What is really needed, of course, is a way to tell su what shell you
want to use explicitly, especially for use in scripts where the
vagaries of which shell the login executing the script uses should not
be depended on. No such method exists. One should be added.

Indeed, it might also be nice to have a way of telling su to directly
execute a command with -c rather than using a shell to interpret the
command.

I cannot find any standards documents that specify su at the moment,
though. SuSv2 is silent on su(8).
2001-10-23 18:39:03 +00:00
perry
0d724a7b06 stylistic nit: dump -W, not dump W 2001-10-23 17:34:53 +00:00
veego
0674841150 Put the 'uustat -a' into double quotes.
It still doesn't work, but you won't get the error about an Unknown option: `-a'
anymore.

The login shell for uucp is /usr/libexec/uucp/uucico, so su -m doesn't work.
This needs to be fixed.
2001-10-09 05:28:42 +00:00
hubertf
a6d42bbc31 Run uustat with uid=uucp, not with euid=uucp/uid=root, to prevent
some badboys gaining back root privs. Inspided by OpenBSD.
Not that we didn't have this forever... (SA, anyone?)
2001-09-17 23:41:32 +00:00
lukem
e2773e5d61 run fsck with "-n -f" instead of just "-n"; recent changes to fsck
mean that file systems mounted read-write are skipped unless -f is given.
problem noted by andrew brown.
2001-08-09 15:30:30 +00:00
lukem
684e89f355 use mktemp(1) to create temporary directories, and ensure that cleanup traps
are setup asap.
2001-06-18 10:54:02 +00:00
aymeric
eea58e8475 don't remove /var/tmp/vi.recover in (commented *out*) find's.
this fixes PR 11120.
XXX note that this is supposed never to be uncommented due to a security
    issue (see /etc/daily) but there is no reason to do things doubly wrong.
2001-04-22 20:34:48 +00:00
hubertf
389581c1cf run skeyaudit, if run_skeyaudit is set to yes 2000-08-25 01:11:42 +00:00
itojun
2ece7fc42f use netstat -inv for all address familires. PR 10249. 2000-06-04 08:35:10 +00:00
itojun
7f4bafc7bd add "-n" to netstat -i to avoid reverse query and better audit.
print IPv6 interface stat by netstat -inv separately.

comments from: hubertf and others
2000-01-20 04:13:54 +00:00
ad
645ee40728 - Make /etc/daily run /etc/daily.local if it exists. Make similar change for
weekly and monthly scripts.
- Update FILES section in manpages.
2000-01-10 17:03:49 +00:00
enami
b614ae7a89 Use %d instead of %e to generate rdist log filename using date(1) so that
the resulting filename doesn't contain white space.
2000-01-07 03:52:23 +00:00
abs
0780a6b041 Add a comment about why you do not want to uncomment the finds. 1999-01-06 03:24:06 +00:00
lukem
d1f7e40ebd * daily/weekly/monthly:
- change to always output a valid To: and Subject: line.
    - To: recipient obtained from $MAILTO (defaults to root).
    - add date to Subject: line. closes [bin/4526] from Giles Lean
      <giles@nemeton.com.au>
* daily: explicitly print 'Nothing to report' if /etc/security didn't
  report anything.
* crontab: pass output of scripts through sendmail -t instead of
1998-09-15 05:06:30 +00:00
mycroft
bd8157b7d3 Format police. 1998-07-16 05:21:56 +00:00
nathanw
a93021e9be Find core files named "core" as well as "*.core". 1998-06-28 21:37:59 +00:00
lukem
8f59ce8e35 include rc.subr and use appropriately 1998-01-26 12:02:43 +00:00
lukem
7c5015bdd6 for $check_uucp:
- use /usr/libexec/uucp/clean.daily instead of /etc/uuclean.daily
- use 'su daemon -c command' instead of 'echo "command" | su daemon'
1997-10-27 04:18:06 +00:00
phil
ce3196e8dd Allows root to specify a MAILTO and have the security report mailed to
the same user as the daily output.  If $USER is not root or MAILTO is
not set, MAILTO is set to root.  Closes PR 2409.
1997-07-11 00:36:55 +00:00
lukem
f067035d68 Add output of uptime to report.
From Hubert Feyrer <feyrer@smaug.fh-regensburg.de> in [bin/3220]
1997-06-23 01:45:21 +00:00
mikel
d351214af2 bug fix and improvements, mostly from Enami Tsugutomo in PR misc/3681. 1997-05-30 05:18:59 +00:00
mikel
ef538c3176 cleanup Lite-1 merge 1997-02-15 10:02:07 +00:00
mikel
a4b0df8ac6 fix typo 1997-01-09 05:44:46 +00:00
mrg
016b324a94 add configuration file for daily, weekly, montly, as
daily.conf, weekly.conf and montly.conf.  the file
allows each action taken by all scripts to be turned
on or off.
1997-01-05 11:21:09 +00:00
jtc
4371fb2956 Comment out code which traverses the directory hierarchy and removes
files, as the ``find . ... -exec rm'' used to do so can be subverted
and used to remove arbitrary files.
1996-07-02 23:10:35 +00:00
mrg
f01ac0c37f add rcsid and remove dated /var/preserve check. 1996-03-26 04:21:27 +00:00
pk
e471d816de Don't stomp on arbitrary directories.
(Perhaps there should be a `source /etc/daily.local' hook..)
1996-03-25 09:23:15 +00:00
mycroft
3df08b7f25 Fix the fstype-based pruning algorithms. Partly suggested by John Kohl. 1994-10-18 16:52:56 +00:00
cgd
91778fe0ca update to new security script 1994-06-15 04:28:06 +00:00
cgd
b09f56e8b1 automatically enable accounting and rotate logs 1994-02-26 03:29:23 +00:00
cgd
9bc01e962d remove temp file 1994-02-19 07:56:02 +00:00
cgd
8671b6cb65 less paranoia, more 4.4-ish, enable msgs -c 1994-02-19 07:54:08 +00:00
cgd
7bdc3a6134 comment out find...rm's, and fix other comments... 1994-02-18 05:40:22 +00:00
cgd
a6083990c5 building "whatis" db daily is *stupid* 1993-12-22 09:24:50 +00:00
cgd
2a3476d4a9 redirect /etc/security's stderr to the security mailing, too. 1993-10-26 01:39:45 +00:00
cgd
640e7bf41e arrange for all log rotations to be handled by /usr/bin/newsyslog 1993-05-21 14:45:16 +00:00
cgd
a7a0d9856e fix find & deletion of old files so that it doesn't look in kernfs
or fdesc fs
1993-04-09 10:25:02 +00:00
glass
b3d044e80e Added /etc/rpc for librpc support
fixed crontab so it works (oops)
fixed /etc/daily whatis.db support
1993-04-03 01:12:21 +00:00
glass
0bde8f403d automagically build the 'whatis.db' including machine pages 1993-04-02 09:43:41 +00:00
cgd
560cb21a4d updated for current system setup, and made logs compressed 1993-04-02 07:56:43 +00:00
cgd
61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00