Commit Graph

87 Commits

Author SHA1 Message Date
wiz c9ea1856a7 Use new makemandb -Q flag to be really quiet. 2012-08-29 20:34:18 +00:00
christos 3351729a81 only announce fetching vulnerabilities file if we do. 2012-08-03 10:52:46 +00:00
christos 778f4384b4 PR/46757: Check for fetch_pkg_vulnerabilities unset first. 2012-07-31 09:23:09 +00:00
jdf 890333e6c9 Call `makemandb -q` instead of `makemandb`, as proposed by Edgar Fuss on
tech-userlevel on 20th of July 2012, 12:38.
2012-07-30 22:13:38 +00:00
christos da43ca12af PR/46757: Edgar Fuß: Change default to pkg_vulnerabilities from NO to unset,
and make unset insted of NO to produce warnings, so that setting it to NO does
produce warnings (if it is inappropriate for the machine to warn about this).
2012-07-30 17:09:33 +00:00
christos e763a079db PR/46756: Edgar Fuß: Enable ignoring subdirectories in daily's find_core 2012-07-30 17:06:51 +00:00
joerg 0ca3cd9bc0 Run makemandb with the normal 022 umask, not the restrictive 077. 2012-02-15 23:30:11 +00:00
joerg e795c61763 Don't overwrite run_makemandb. The default is already set in daily.conf. 2012-02-09 13:38:44 +00:00
joerg 410d0f4380 Import the new apropos/whatis.
This code has been developed by Abhinav Upadhyay as part of Google's Summer
of Code 2011. It uses libmandoc to parse man pages and builds a Full
Text Index in a SQLite database. The combination of indexing the full
manual page, filtering out stop words and ranking individual matches
based on the section gives a much improved user experience.

The old makewhatis and friends are kept under MKMAKEMANDB=no for now.
2012-02-07 19:13:24 +00:00
darcy 5bc4a2e2d4 Add option to include daily insecurity output in daily output.
PR bin/17029
2011-12-17 12:27:42 +00:00
christos 4f848eee4b `` -> $() 2010-12-27 03:38:52 +00:00
jmmv 53cb2117e8 Deprecate the pkgdb_dir settings from daily.conf and security.conf in
favor of the PKG_DBDIR variable in /etc/pkg_install.conf.  The purpose
of this is to only have to define the location of the packages database
in a single place and have all other system components pick it up.

pkgdb_dir is still honored if defined and the scripts will spit out a
warning in that case, asking the administrator to migrate to the
PKG_DBDIR setting.  We can't remove this compatibility workaround until,
at least, after NetBSD 6 is released.
2010-02-05 16:29:02 +00:00
jmmv 224ba7b2c8 Reset the umask while refreshing the vulnerabilities database so that it
remains world-readable.  Otherwise, it ends up with 600 permissions which
make it unusable for building pkgsrc packages as non-root.

Problem found by wiz@.
2010-01-27 16:22:41 +00:00
jmmv 8026500970 Default fetch_pkg_vulnerabilities to NO and complain if it is set to that
value when packages are found (so that the user knows he is not getting the
vulnerability checks).

Why?  People is complaining.  (And somehow, the argument that NetBSD doesn't
do any network operation by default convinces me that it should continue to
do so.)

But still, I will be adding a question to sysinst to enable/disable this.
2010-01-20 22:19:20 +00:00
jmmv 497b5f8044 Add the fetch_pkg_vulnerabilities option to the daily script to keep the
packages vulnerability database up to date.  This will only fetch the
file from the server if it has changed since the last run.

Add the check_pkg_vulnerabilities and check_pkg_signatures options to the
security script to check that the installed packages are sane.

All of these options are enabled by default but they will only run if
there is, at least, one installed package.
2010-01-19 22:08:11 +00:00
perry b2595274cc add ptyfs to the list of file systems that don't get put into the
nightly df listing
2009-03-29 16:04:15 +00:00
bouyer db3a18456b Add a run_fsck_flags variable to daily.conf(5), allowing extra flags to
be passed to to daily fsck run.
For example, run_fsck_flags="-Tffs:-X" will run the nighly fsck_ffs on a
snapshot :)
2008-08-30 10:53:22 +00:00
martti d405da7f9d Use "mktemp -d -t xxx" to create the temporary directories. This will use
TMPDIR environment variable if set, otherwise use /tmp.  (misc/35544)
2007-06-06 13:30:47 +00:00
hubertf bfc0884386 Make the daily script immune to changes of the current working directory
in /etc/daily.local. Fixed PR misc/33461.
2006-12-17 23:24:09 +00:00
christos 3353f7d077 goodbye uucp 2006-11-12 01:20:00 +00:00
christos fea3bc82d3 PR/34274: Brian A. Seklecki: Check for uustat before blindly executing since
it might not be there if uucp is not installed.
2006-08-30 18:06:09 +00:00
jdolecek 94172cbcb1 in short netstat output, use 12 characters for [IO]pkts columns, so that
it doesn't overflow too easily
2006-05-27 08:56:47 +00:00
perry 15e3f0cc19 Small ugly hack -- sed "Mounted on" to "Mount" so that the df line
fits in <80 columns.

We should probably do this better -- I'm going to look into importing
der mouse's halign program to make a cleaner job of this.
2005-08-22 14:24:45 +00:00
sketch 715473130b Quote MAILTO properly so that more descriptive names can be used. 2005-01-09 13:07:14 +00:00
soren c43d1a68db Print interface packet counters as strings to prevent integer overflow in awk. 2004-11-22 04:53:46 +00:00
erh 7da8bb106d PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.
2004-09-28 15:03:58 +00:00
martin 5a942efb7b If not doing full_netstat, use the -v option anyway to avoid truncating
interface names like bridge0 or pppoe0 - the awk post processing reserves
enough space for the column already.
2004-05-28 03:55:30 +00:00
kim ed816845e6 Avoid the output "Running xxx.local" if the "xxx.local" script
does not produce any output.  This matches what /etc/security
already does with /etc/security.local output.
2004-04-09 17:35:21 +00:00
jmmv 3c8a1444d9 Introduce and use the rcvar_manpage variable, which contains the manual page
name where the user should look at for documentation about rcvar.  It defaults
to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.

This variable is useful to let the daily, weekly, monthly and security scripts
tune the warning message shown when any of the variables they handle is not
properly set.

Closes PR misc/23908.
2004-04-02 13:13:47 +00:00
mrg 9be30af863 apply kre's patch from PR#18628:
if /var/account/acct.0.gz exists, keep all the old accounting files
in gzipped format.
2004-03-29 02:17:26 +00:00
atatat da4f7330e5 Also supress speling erors. 2003-12-28 16:34:03 +00:00
lukem 8d18845ac2 add null & fdesc to the list of file system types to skip in check_disks 2003-12-10 09:25:36 +00:00
perry 16a3b1f9cc Add back nfs partition display if show_remote_fs is on.
As requested by Grant.
2003-12-08 01:17:37 +00:00
perry 43a0fc6fac Change the default behavior of the netstat run during check_network to
print a summary rather than the full (and not usually desired) output
of netstat -inv. The old behavior can be returned by simply setting
full_netstat to YES in daily.conf.

Original idea by me, cleaner and more correct execution via small awk
script from Greg Woods.
2003-12-07 22:22:15 +00:00
perry 760b3486e4 suppress disk reports about nfs mounts, kernfs and procfs. 2003-12-07 16:55:04 +00:00
perry eda014eade Don't print "Last dump" report if /etc/dumpdates is zero length or absent.
Don't print OTP/skey report if /etc/skeyskeys is zero length or absent.
2003-12-07 16:35:04 +00:00
perry d9adb3cb0f use -h ("human readable") instead of -k on nightly df 2003-12-07 16:20:18 +00:00
jhawk 74f5f0da45 Redirect stderr as well as stdout in run_calendar (calendar -a) 2003-10-01 05:34:50 +00:00
jhawk 3b390ffb5f Suppress emailing the daily security report if it is empty, unless
send_empty_security=YES. Implements change-request PR security/17249
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:35:46 +00:00
atatat 3ce3a9a2c4 When finding core files, only print the names of things that are
*files*, (ie, not directories, or symlinks, or...).  Also remove
the -a instances.  They're implicit.
2003-02-04 05:31:18 +00:00
grant 47224db054 fix /etc/security stderr redirection.
from rad@twig.com in PR bin/19553.
2002-12-25 02:41:03 +00:00
bouyer 42b4a64371 If check_disks=YES, check for failed components in RAIDframe devices. 2002-01-27 22:08:50 +00:00
lukem 6297d767ef Ignore errors from /var/account/acct.[123] rotation.
Fix from Katsuomi Hamajima in [misc/13804]
2001-12-18 00:51:16 +00:00
lukem 0770a23f52 Correctly detect empty mailq with new sendmail versions.
Fix from Anne Bennett in [bin/12901]
2001-12-18 00:48:05 +00:00
lukem 9fe1ef5dc8 Add nullfs to the list of file system types to skip during the "big finds".
Fix from Alan Barrett in [misc/14957].
2001-12-18 00:44:20 +00:00
atatat 8d76c9bee4 Watching inode usage is important, too. 2001-11-23 04:20:27 +00:00
perry b159dba912 Fix a mysterious
csh: Permission denied
	csh: Trying to start from "/var/log"
message.

This was caused by the
	su -m uucp -c "uustat -a"
line being executed in a directory not readable by uucp. The login
shell implied by -m is of course root's shell, /bin/csh, which doesn't
like not being able to read the dir it is in, and thus the errors. By
temporarily cd'ing to /tmp the problem is fixed.

What is really needed, of course, is a way to tell su what shell you
want to use explicitly, especially for use in scripts where the
vagaries of which shell the login executing the script uses should not
be depended on. No such method exists. One should be added.

Indeed, it might also be nice to have a way of telling su to directly
execute a command with -c rather than using a shell to interpret the
command.

I cannot find any standards documents that specify su at the moment,
though. SuSv2 is silent on su(8).
2001-10-23 18:39:03 +00:00
perry 0d724a7b06 stylistic nit: dump -W, not dump W 2001-10-23 17:34:53 +00:00
veego 0674841150 Put the 'uustat -a' into double quotes.
It still doesn't work, but you won't get the error about an Unknown option: `-a'
anymore.

The login shell for uucp is /usr/libexec/uucp/uucico, so su -m doesn't work.
This needs to be fixed.
2001-10-09 05:28:42 +00:00
hubertf a6d42bbc31 Run uustat with uid=uucp, not with euid=uucp/uid=root, to prevent
some badboys gaining back root privs. Inspided by OpenBSD.
Not that we didn't have this forever... (SA, anyone?)
2001-09-17 23:41:32 +00:00