#!/bin/sh - # # $NetBSD: daily,v 1.75 2010/01/27 16:22:41 jmmv Exp $ # @(#)daily 8.2 (Berkeley) 1/25/94 # export PATH=/bin:/usr/bin:/sbin:/usr/sbin umask 077 if [ -s /etc/daily.conf ]; then . /etc/daily.conf fi host=`hostname` date=`date` rcvar_manpage='daily.conf(5)' echo "To: ${MAILTO:-root}" echo "Subject: $host daily output for $date" echo "" if [ -f /etc/rc.subr ]; then . /etc/rc.subr else echo "Can't read /etc/rc.subr; aborting." exit 1; fi if [ -z "$MAILTO" -o "$USER" != "root" ]; then MAILTO=root fi echo "" echo "Uptime: " `uptime` # Uncommenting any of the finds below would open up a race condition attack # based on symlinks, potentially allowing removal of any file on the system. # #echo "" #echo "Removing scratch and junk files:" #if [ -d /tmp -a ! -h /tmp ]; then # cd /tmp && { # find . -type f -atime +3 -exec rm -f -- {} \; # find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ # >/dev/null 2>&1; } #fi #if [ -d /var/tmp -a ! -h /var/tmp ]; then # cd /var/tmp && { # find . ! -name . -atime +7 -exec rm -f -- {} \; # find . ! \( -name . -o -name vi.recover \) -type d \ # -mtime +1 -exec rmdir -- {} \; \ # >/dev/null 2>&1; } #fi # Additional junk directory cleanup would go like this: #if [ -d /scratch -a ! -h /scratch ]; then # cd /scratch && { # find . ! -name . -atime +1 -exec rm -f -- {} \; # find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \ # >/dev/null 2>&1; } #fi #if [ -d /var/rwho -a ! -h /var/rwho ] ; then # cd /var/rwho && { # find . ! -name . -mtime +7 -exec rm -f -- {} \; ; } #fi DAILYDIR=$(mktemp -d -t _daily) || exit 1 trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT if ! cd "$DAILYDIR"; then echo "Can not cd to $DAILYDIR". exit 1 fi TMP=daily.$$ TMP2=daily2.$$ if checkyesno find_core; then # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax" ignfstypes=`echo $find_core_ignore_fstypes | \ sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \ -e's/^-o //'` find / \( $ignfstypes \) -prune -o \ -name 'lost+found' -prune -o \ \( -name '*.core' -o -name 'core' \) -type f -print > $TMP # \( -name '[#,]*' -o -name '.#*' -o -name a.out \ # -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ # -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP egrep '\.core$|^core$' $TMP > $TMP2 if [ -s $TMP2 ]; then echo "" echo "Possible core dumps:" cat $TMP2 fi # egrep -v '\.core' $TMP > $TMP2 # if [ -s $TMP2 ]; then # echo "" # echo "Deleted files:" # cat $TMP2 # fi rm -f $TMP $TMP2 fi if checkyesno run_msgs; then msgs -c fi if checkyesno expire_news && [ -f /etc/news.expire ]; then /etc/news.expire fi if checkyesno purge_accounting && [ -f /var/account/acct ]; then echo "" echo "Purging accounting records:" if [ -f /var/account/acct.0.gz ]; then mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null else mv /var/account/acct.2 /var/account/acct.3 2>/dev/null mv /var/account/acct.1 /var/account/acct.2 2>/dev/null mv /var/account/acct.0 /var/account/acct.1 2>/dev/null fi cp /var/account/acct /var/account/acct.0 sa -sq if [ -f /var/account/acct.1.gz ]; then gzip /var/account/acct.0 fi fi if checkyesno run_calendar; then calendar -a > $TMP 2>&1 if [ -s $TMP ]; then echo "" echo "Running calendar:" cat $TMP fi rm -f $TMP fi if checkyesno check_disks; then if checkyesno show_remote_fs; then df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP else df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP fi if [ -s /etc/dumpdates ] ; then dump -W > $TMP2 fi if [ -s $TMP -o -s $TMP2 ]; then echo "" echo "Checking subsystem status:" echo "" echo "disks:" if [ -s $TMP ]; then cat $TMP | sed 's/Mounted on/Mount/' echo "" fi if [ -s $TMP2 ]; then cat $TMP2 echo "" fi echo "" fi rm -f $TMP $TMP2 touch $TMP2 for dev in `iostat -x | awk '/^raid/ { print $1 }'`; do raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP if [ -s $TMP ]; then echo "$dev:" >> $TMP2 cat $TMP >> $TMP2 fi rm -f $TMP done if [ -s $TMP2 ]; then echo "failed RAIDframe component(s):" cat $TMP2 fi rm -f $TMP2 fi if checkyesno check_mailq; then mailq > $TMP if ! grep -q "queue is empty$" $TMP; then echo "" echo "mail:" cat $TMP fi fi rm -f $TMP if checkyesno check_network; then echo "" echo "network:" if checkyesno full_netstat; then netstat -inv else netstat -inv | awk 'BEGIN { ifs[""] = 0; } /^[^\*]* / { if (NR == 1) { printf("%-8s %12s %6s %12s %6s %6s\n", $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); next; } if (!($1 in ifs)) { printf("%-8s %12s %6s %12s %6s %6s\n", $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF); ifs[$1] = 1; } }' fi echo "" t=/var/rwho/* if [ "$t" != '/var/rwho/*' ]; then ruptime fi fi if checkyesno run_fsck; then echo "" echo "Checking filesystems:" fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase' fi echo "" if checkyesno run_rdist && [ -f /etc/Distfile ]; then echo "Running rdist:" if [ -d /var/log/rdist ]; then logf=`date +%Y.%b.%d` rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf else rdist -f /etc/Distfile fi fi : ${pkgdb_dir:=/var/db/pkg} if pkg_info -K ${pkgdb_dir} -q -E '*'; then echo "" echo "Fetching package vulnerabilities database:" if checkyesno fetch_pkg_vulnerabilities; then ( umask 022 && pkg_admin -K ${pkgdb_dir} \ fetch-pkg-vulnerabilities -u ) else echo "fetch_pkg_vulnerabilities is set to NO in daily.conf(5)." echo "You should set it to YES to enable vulnerability checks." fi fi if checkyesno run_security; then SECOUT="$DAILYDIR/sec" sh /etc/security > "$SECOUT" 2>&1 if [ ! -s "$SECOUT" ]; then if checkyesno send_empty_security; then echo "Nothing to report on $date" > "$SECOUT" else echo "" echo "Suppressing empty security report." fi fi if [ -s "$SECOUT" ]; then mail -s "$host daily insecurity output for $date" \ "$MAILTO" < "$SECOUT" fi fi if checkyesno run_skeyaudit; then if [ -s /etc/skeykeys ]; then echo "" echo "Checking remaining s/key OTPs:" skeyaudit fi fi if [ -f /etc/daily.local ]; then ( . /etc/daily.local ) > $TMP 2>&1 if [ -s $TMP ] ; then printf "\nRunning /etc/daily.local:\n" cat $TMP fi rm -f $TMP fi