Page MenuHomeFreeBSD
Files F148315295

D16553.id46154.diff
No OneTemporary
Actions

D16553.id46154.diff
View Options

Index: etc/Makefile
===================================================================
--- etc/Makefile
+++ etc/Makefile
@@ -213,7 +213,6 @@
.if ${MK_NTP} != "no"
${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
.endif
- ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap
${_+_}cd ${.CURDIR}/syslog.d; ${MAKE} install
${_+_}cd ${SRCTOP}/usr.sbin/rmt; ${MAKE} etc-rmt
Index: etc/defaults/Makefile
===================================================================
--- etc/defaults/Makefile
+++ etc/defaults/Makefile
@@ -2,7 +2,7 @@
.include <src.opts.mk>
-FILES= devfs.rules periodic.conf
+FILES= devfs.rules
FILESDIR= /etc/defaults
.if ${MK_BLUETOOTH} != "no"
Index: etc/defaults/periodic.conf
===================================================================
--- etc/defaults/periodic.conf
+++ etc/defaults/periodic.conf
@@ -1,407 +0,0 @@
-#!/bin/sh
-#
-# This is defaults/periodic.conf - a file full of useful variables that
-# you can set to change the default behaviour of periodic jobs on your
-# system. You should not edit this file! Put any overrides into one of the
-# $periodic_conf_files instead and you will be able to update these defaults
-# later without spamming your local configuration information.
-#
-# The $periodic_conf_files files should only contain values which override
-# values set in this file. This eases the upgrade path when defaults
-# are changed and new features are added.
-#
-# For a more detailed explanation of all the periodic.conf variables, please
-# refer to the periodic.conf(5) manual page.
-#
-# $FreeBSD$
-#
-
-# What files override these defaults ?
-periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
-
-# periodic script dirs
-local_periodic="/usr/local/etc/periodic"
-
-# Max time to sleep to avoid causing congestion on download servers
-anticongestion_sleeptime=3600
-
-# Daily options
-
-# These options are used by periodic(8) itself to determine what to do
-# with the output of the sub-programs that are run, and where to send
-# that output. $daily_output might be set to /var/log/daily.log if you
-# wish to log the daily output and have the files rotated by newsyslog(8)
-#
-daily_output="root" # user or /file
-daily_show_success="YES" # scripts returning 0
-daily_show_info="YES" # scripts returning 1
-daily_show_badconfig="NO" # scripts returning 2
-
-# 100.clean-disks
-daily_clean_disks_enable="NO" # Delete files daily
-daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
-daily_clean_disks_days=3 # If older than this
-daily_clean_disks_verbose="YES" # Mention files deleted
-
-# 110.clean-tmps
-daily_clean_tmps_enable="NO" # Delete stuff daily
-daily_clean_tmps_dirs="/tmp" # Delete under here
-daily_clean_tmps_days="3" # If not accessed for
-daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
-daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
-daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
- # Don't delete these
-daily_clean_tmps_verbose="YES" # Mention files deleted
-
-# 120.clean-preserve
-daily_clean_preserve_enable="YES" # Delete files daily
-daily_clean_preserve_days=7 # If not modified for
-daily_clean_preserve_verbose="YES" # Mention files deleted
-
-# 130.clean-msgs
-daily_clean_msgs_enable="YES" # Delete msgs daily
-daily_clean_msgs_days= # If not modified for
-
-# 140.clean-rwho
-daily_clean_rwho_enable="YES" # Delete rwho daily
-daily_clean_rwho_days=7 # If not modified for
-daily_clean_rwho_verbose="YES" # Mention files deleted
-
-# 150.clean-hoststat
-daily_clean_hoststat_enable="YES" # Purge sendmail host
- # status cache daily
-
-# 200.backup-passwd
-daily_backup_passwd_enable="YES" # Backup passwd & group
-
-# 210.backup-aliases
-daily_backup_aliases_enable="YES" # Backup mail aliases
-
-# 300.calendar
-daily_calendar_enable="NO" # Run calendar -a
-
-# 310.accounting
-daily_accounting_enable="YES" # Rotate acct files
-daily_accounting_compress="NO" # Gzip rotated files
-daily_accounting_flags=-q # Flags to /usr/sbin/sa
-daily_accounting_save=3 # How many files to save
-
-# 330.news
-daily_news_expire_enable="YES" # Run news.expire
-
-# 400.status-disks
-daily_status_disks_enable="YES" # Check disk status
-daily_status_disks_df_flags="-l -h" # df(1) flags for check
-
-# 401.status-graid
-daily_status_graid_enable="NO" # Check graid(8)
-
-# 404.status-zfs
-daily_status_zfs_enable="NO" # Check ZFS
-daily_status_zfs_zpool_list_enable="YES" # List ZFS pools
-
-# 406.status-gmirror
-daily_status_gmirror_enable="NO" # Check gmirror(8)
-
-# 407.status-graid3
-daily_status_graid3_enable="NO" # Check graid3(8)
-
-# 408.status-gstripe
-daily_status_gstripe_enable="NO" # Check gstripe(8)
-
-# 409.status-gconcat
-daily_status_gconcat_enable="NO" # Check gconcat(8)
-
-# 410.status-mfi
-daily_status_mfi_enable="NO" # Check mfiutil(8)
-
-# 420.status-network
-daily_status_network_enable="YES" # Check network status
-daily_status_network_usedns="YES" # DNS lookups are ok
-daily_status_network_netstat_flags="-d" # netstat(1) flags
-
-# 430.status-uptime
-daily_status_uptime_enable="YES" # Check system uptime
-
-# 440.status-mailq
-daily_status_mailq_enable="YES" # Check mail status
-daily_status_mailq_shorten="NO" # Shorten output
-daily_status_include_submit_mailq="YES" # Also submit queue
-
-# 450.status-security
-daily_status_security_enable="YES" # Security check
-# See also "Security options" below for more options
-daily_status_security_inline="NO" # Run inline ?
-daily_status_security_output="root" # user or /file
-
-# 460.status-mail-rejects
-daily_status_mail_rejects_enable="YES" # Check mail rejects
-daily_status_mail_rejects_logs=3 # How many logs to check
-daily_status_mail_rejects_shorten="NO" # Shorten output
-
-# 480.leapfile-ntpd
-daily_ntpd_leapfile_enable="YES" # Fetch NTP leapfile
-
-# 480.status-ntpd
-daily_status_ntpd_enable="NO" # Check NTP status
-
-# 500.queuerun
-daily_queuerun_enable="YES" # Run mail queue
-daily_submit_queuerun="YES" # Also submit queue
-
-# 510.status-world-kernel
-daily_status_world_kernel="YES" # Check the running
- # userland/kernel version
-
-# 800.scrub-zfs
-daily_scrub_zfs_enable="NO"
-daily_scrub_zfs_pools="" # empty string selects all pools
-daily_scrub_zfs_default_threshold="35" # days between scrubs
-#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold
-
-# 999.local
-daily_local="/etc/daily.local" # Local scripts
-
-
-# Weekly options
-
-# These options are used by periodic(8) itself to determine what to do
-# with the output of the sub-programs that are run, and where to send
-# that output. $weekly_output might be set to /var/log/weekly.log if you
-# wish to log the weekly output and have the files rotated by newsyslog(8)
-#
-weekly_output="root" # user or /file
-weekly_show_success="YES" # scripts returning 0
-weekly_show_info="YES" # scripts returning 1
-weekly_show_badconfig="NO" # scripts returning 2
-
-# 310.locate
-weekly_locate_enable="YES" # Update locate weekly
-
-# 320.whatis
-weekly_whatis_enable="YES" # Update whatis weekly
-
-# 340.noid
-weekly_noid_enable="NO" # Find unowned files
-weekly_noid_dirs="/" # Look here
-
-# 450.status-security
-weekly_status_security_enable="YES" # Security check
-# See also "Security options" above for more options
-weekly_status_security_inline="NO" # Run inline ?
-weekly_status_security_output="root" # user or /file
-
-# 999.local
-weekly_local="/etc/weekly.local" # Local scripts
-
-
-# Monthly options
-
-# These options are used by periodic(8) itself to determine what to do
-# with the output of the sub-programs that are run, and where to send
-# that output. $monthly_output might be set to /var/log/monthly.log if you
-# wish to log the monthly output and have the files rotated by newsyslog(8)
-#
-monthly_output="root" # user or /file
-monthly_show_success="YES" # scripts returning 0
-monthly_show_info="YES" # scripts returning 1
-monthly_show_badconfig="NO" # scripts returning 2
-
-# 200.accounting
-monthly_accounting_enable="YES" # Login accounting
-
-# 450.status-security
-monthly_status_security_enable="YES" # Security check
-# See also "Security options" above for more options
-monthly_status_security_inline="NO" # Run inline ?
-monthly_status_security_output="root" # user or /file
-
-# 999.local
-monthly_local="/etc/monthly.local" # Local scripts
-
-
-# Security options
-
-security_show_success="YES" # scripts returning 0
-security_show_info="YES" # scripts returning 1
-security_show_badconfig="NO" # scripts returning 2
-
-# These options are used by the security periodic(8) scripts spawned in
-# daily and weekly 450.status-security.
-security_status_logdir="/var/log" # Directory for logs
-security_status_diff_flags="-b -u" # flags for diff output
-
-# Each of the security_status_*_period options below can have one of the
-# following values:
-# - NO: do not run at all
-# - daily: only run during the daily security status
-# - weekly: only run during the weekly security status
-# - monthly: only run during the monthly security status
-# Note that if periodic security scripts are run from crontab(5) directly,
-# they will be run unless _enable or _period is set to "NO".
-
-# 100.chksetuid
-security_status_chksetuid_enable="YES"
-security_status_chksetuid_period="daily"
-
-# 110.neggrpperm
-security_status_neggrpperm_enable="YES"
-security_status_neggrpperm_period="daily"
-
-# 200.chkmounts
-security_status_chkmounts_enable="YES"
-security_status_chkmounts_period="daily"
-#security_status_chkmounts_ignore="^amd:" # Don't check matching
- # FS types
-security_status_noamd="NO" # Don't check amd mounts
-
-# 300.chkuid0
-security_status_chkuid0_enable="YES"
-security_status_chkuid0_period="daily"
-
-# 400.passwdless
-security_status_passwdless_enable="YES"
-security_status_passwdless_period="daily"
-
-# 410.logincheck
-security_status_logincheck_enable="YES"
-security_status_logincheck_period="daily"
-
-# 500.ipfwdenied
-security_status_ipfwdenied_enable="YES"
-security_status_ipfwdenied_period="daily"
-
-# 510.ipfdenied
-security_status_ipfdenied_enable="YES"
-security_status_ipfdenied_period="daily"
-
-# 520.pfdenied
-security_status_pfdenied_enable="YES"
-security_status_pfdenied_period="daily"
-
-# 550.ipfwlimit
-security_status_ipfwlimit_enable="YES"
-security_status_ipfwlimit_period="daily"
-
-# 610.ipf6denied
-security_status_ipf6denied_enable="YES"
-security_status_ipf6denied_period="daily"
-
-# 700.kernelmsg
-security_status_kernelmsg_enable="YES"
-security_status_kernelmsg_period="daily"
-
-# 800.loginfail
-security_status_loginfail_enable="YES"
-security_status_loginfail_period="daily"
-
-# 900.tcpwrap
-security_status_tcpwrap_enable="YES"
-security_status_tcpwrap_period="daily"
-
-
-
-# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
-# scripts to source defaults/periodic.conf overrides safely.
-
-if [ -z "${source_periodic_confs_defined}" ]; then
- source_periodic_confs_defined=yes
-
- # Sleep for a random amount of time in order to mitigate the thundering
- # herd problem of multiple hosts running periodic simultaneously.
- # Will not sleep when used interactively.
- # Will sleep at most once per invocation of periodic
- anticongestion() {
- [ -n "$PERIODIC_IS_INTERACTIVE" ] && return
- if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
- rm -f $PERIODIC_ANTICONGESTION_FILE
- sleep `jot -r 1 0 ${anticongestion_sleeptime}`
- fi
- }
-
- # Compatibility with old daily variable names.
- # They can be removed in stable/11.
- security_daily_compat_var() {
- local var=$1 dailyvar value
-
- dailyvar=daily_status_security${var#security_status}
- periodvar=${var%enable}period
- eval value=\"\$$dailyvar\"
- [ -z "$value" ] && return
- echo "Warning: Variable \$$dailyvar is deprecated," \
- "use \$$var instead." >&2
- case "$value" in
- [Yy][Ee][Ss])
- eval $var=YES
- eval $periodvar=daily
- ;;
- *)
- eval $var=\"$value\"
- ;;
- esac
- }
-
- check_yesno_period() {
- local var="$1" periodvar value period
-
- eval value=\"\$$var\"
- case "$value" in
- [Yy][Ee][Ss]) ;;
- *) return 1 ;;
- esac
-
- periodvar=${var%enable}period
- eval period=\"\$$periodvar\"
- case "$PERIODIC" in
- "security daily")
- case "$period" in
- [Dd][Aa][Ii][Ll][Yy]) return 0 ;;
- *) return 1 ;;
- esac
- ;;
- "security weekly")
- case "$period" in
- [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
- *) return 1 ;;
- esac
- ;;
- "security monthly")
- case "$period" in
- [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
- *) return 1 ;;
- esac
- ;;
- security)
- # Run directly from crontab(5).
- case "$period" in
- [Nn][Oo]) return 1 ;;
- *) return 0 ;;
- esac
- ;;
- '')
- # Script run manually.
- return 0
- ;;
- *)
- echo "ASSERTION FAILED: Unexpected value for" \
- "\$PERIODIC: '$PERIODIC'" >&2
- exit 127
- ;;
- esac
- }
-
- source_periodic_confs() {
- local i sourced_files
-
- for i in ${periodic_conf_files}; do
- case ${sourced_files} in
- *:$i:*)
- ;;
- *)
- sourced_files="${sourced_files}:$i:"
- [ -r $i ] && . $i
- ;;
- esac
- done
- }
-fi
Index: etc/periodic/Makefile
===================================================================
--- etc/periodic/Makefile
+++ etc/periodic/Makefile
@@ -1,6 +0,0 @@
-# $FreeBSD$
-
-SUBDIR= daily security weekly monthly
-SUBDIR_PARALLEL=
-
-.include <bsd.subdir.mk>
Index: etc/periodic/Makefile.inc
===================================================================
--- etc/periodic/Makefile.inc
+++ etc/periodic/Makefile.inc
@@ -1,5 +0,0 @@
-# $FreeBSD$
-
-BINDIR= /etc/periodic/${.CURDIR:T}
-NO_OBJ=
-FILESMODE= 755
Index: etc/periodic/daily/100.clean-disks
===================================================================
--- etc/periodic/daily/100.clean-disks
+++ etc/periodic/daily/100.clean-disks
@@ -1,55 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Remove garbage files more than $daily_clean_disks_days days old
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_clean_disks_enable" in
- [Yy][Ee][Ss])
- if [ -z "$daily_clean_disks_days" ]
- then
- echo '$daily_clean_disks_enable is set but' \
- '$daily_clean_disks_days is not'
- rc=2
- elif [ -z "$daily_clean_disks_files" ]
- then
- echo '$daily_clean_disks_enable is set but' \
- '$daily_clean_disks_files is not'
- rc=2
- else
- echo ""
- echo "Cleaning disks:"
- set -f noglob
- args="-name "`echo "$daily_clean_disks_files" |
- sed -e 's/^[ ]*//' \
- -e 's/[ ]*$//' \
- -e 's/[ ][ ]*/ -o -name /g'`
-
- case "$daily_clean_disks_verbose" in
- [Yy][Ee][Ss])
- print=-print;;
- *)
- print=;;
- esac
-
- rc=$(find / \( ! -fstype local -o -fstype rdonly \) -prune -o \
- \( $args \) -atime +$daily_clean_disks_days \
- -execdir rm -df {} \; $print | tee /dev/stderr | wc -l)
- [ -z "$print" ] && rc=0
- [ $rc -gt 1 ] && rc=1
- set -f glob
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/110.clean-tmps
===================================================================
--- etc/periodic/daily/110.clean-tmps
+++ etc/periodic/daily/110.clean-tmps
@@ -1,60 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Perform temporary directory cleaning so that long-lived systems
-# don't end up with excessively old files there.
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_clean_tmps_enable" in
- [Yy][Ee][Ss])
- if [ -z "$daily_clean_tmps_days" ]
- then
- echo '$daily_clean_tmps_enable is set but' \
- '$daily_clean_tmps_days is not'
- rc=2
- else
- echo ""
- echo "Removing old temporary files:"
-
- set -f noglob
- args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
- args="${args} -ctime +$daily_clean_tmps_days"
- dargs="-empty -mtime +$daily_clean_tmps_days"
- [ -n "$daily_clean_tmps_ignore" ] && {
- args="$args "`echo " ${daily_clean_tmps_ignore% }" |
- sed 's/[ ][ ]*/ ! -name /g'`
- dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
- sed 's/[ ][ ]*/ ! -name /g'`
- }
- case "$daily_clean_tmps_verbose" in
- [Yy][Ee][Ss])
- print=-print;;
- *)
- print=;;
- esac
-
- rc=$(for dir in $daily_clean_tmps_dirs
- do
- [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
- find -x -d . -type f $args -delete $print
- find -x -d . ! -name . -type d $dargs -delete $print
- } | sed "s,^\\., $dir,"
- done | tee /dev/stderr | wc -l)
- [ -z "$print" ] && rc=0
- [ $rc -gt 1 ] && rc=1
- set -f glob
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/120.clean-preserve
===================================================================
--- etc/periodic/daily/120.clean-preserve
+++ etc/periodic/daily/120.clean-preserve
@@ -1,53 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Remove stale files in /var/preserve
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_clean_preserve_enable" in
- [Yy][Ee][Ss])
- if [ -z "$daily_clean_preserve_days" ]
- then
- echo '$daily_clean_preserve_enable is set but' \
- '$daily_clean_preserve_days is not'
- rc=2
- elif [ ! -d /var/preserve ]
- then
- echo '$daily_clean_preserve_enable is set but /var/preserve' \
- "doesn't exist"
- rc=2
- else
- echo ""
- echo "Removing stale files from /var/preserve:"
-
- if cd /var/preserve
- then
- case "$daily_clean_preserve_verbose" in
- [Yy][Ee][Ss])
- print=-print;;
- *)
- print=;;
- esac
-
- rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \
- -delete $print | tee /dev/stderr | wc -l)
- [ -z "$print" ] && rc=0
- [ $rc -gt 1 ] && rc=1
- else
- rc=3
- fi
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/130.clean-msgs
===================================================================
--- etc/periodic/daily/130.clean-msgs
+++ etc/periodic/daily/130.clean-msgs
@@ -1,35 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Remove system messages
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_clean_msgs_enable" in
- [Yy][Ee][Ss])
- if [ ! -d /var/msgs ]
- then
- echo '$daily_clean_msgs_enable is set but /var/msgs' \
- "doesn't exist"
- rc=2
- else
- echo ""
- echo "Cleaning out old system announcements:"
-
- [ -n "$daily_clean_msgs_days" ] &&
- arg=-${daily_clean_msgs_days#-} || arg=
- msgs -c $arg && rc=0 || rc=3
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/140.clean-rwho
===================================================================
--- etc/periodic/daily/140.clean-rwho
+++ etc/periodic/daily/140.clean-rwho
@@ -1,53 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Remove stale files in /var/rwho
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_clean_rwho_enable" in
- [Yy][Ee][Ss])
- if [ -z "$daily_clean_rwho_days" ]
- then
- echo '$daily_clean_rwho_enable is enabled but' \
- '$daily_clean_rwho_days is not set'
- rc=2
- elif [ ! -d /var/rwho ]
- then
- echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
- "doesn't exist"
- rc=2
- else
- echo ""
- echo "Removing stale files from /var/rwho:"
-
- case "$daily_clean_rwho_verbose" in
- [Yy][Ee][Ss])
- print=-print;;
- *)
- print=;;
- esac
-
- if cd /var/rwho
- then
- rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \
- -delete $print | tee /dev/stderr | wc -l)
- [ -z "$print" ] && rc=0
- [ $rc -gt 1 ] && rc=1
- else
- rc=3
- fi
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/150.clean-hoststat
===================================================================
--- etc/periodic/daily/150.clean-hoststat
+++ etc/periodic/daily/150.clean-hoststat
@@ -1,29 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Remove stale persistent host status files
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]; then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_clean_hoststat_enable" in
- [Yy][Ee][Ss])
- if [ -z "$(hoststat 2>&1)" ]; then
- rc=2
- else
- echo ""
- echo "Removing stale entries from sendmail host status cache:"
- rc=0
- purgestat || rc=1
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/200.backup-passwd
===================================================================
--- etc/periodic/daily/200.backup-passwd
+++ etc/periodic/daily/200.backup-passwd
@@ -1,77 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_backup_passwd_enable" in
- [Yy][Ee][Ss])
- if [ ! -f /etc/master.passwd ]
- then
- echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \
- "doesn't exist"
- rc=2
- elif [ ! -f /etc/group ]
- then
- echo '$daily_backup_passwd_enable" is set but /etc/group' \
- "doesn't exist"
- rc=2
- else
- bak=/var/backups
- rc=0
-
- echo ""
- echo "Backup passwd and group files:"
-
- if [ ! -f $bak/master.passwd.bak ]
- then
- rc=1
- echo "no $bak/master.passwd.bak"
- cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
- fi
-
- if ! cmp -s $bak/master.passwd.bak /etc/master.passwd
- then
- [ $rc -lt 1 ] && rc=1
- echo "$host passwd diffs:"
- diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\
- sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/'
- mv $bak/master.passwd.bak $bak/master.passwd.bak2
- cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
- fi
-
- if [ ! -f $bak/group.bak ]
- then
- [ $rc -lt 1 ] && rc=1
- echo "no $bak/group.bak"
- cp -p /etc/group $bak/group.bak || rc=3
- fi
-
- if ! cmp -s $bak/group.bak /etc/group
- then
- [ $rc -lt 1 ] && rc=1
- echo "$host group diffs:"
- diff -u $bak/group.bak /etc/group
- mv $bak/group.bak $bak/group.bak2
- cp -p /etc/group $bak/group.bak || rc=3
- fi
-
- if [ -f /etc/group ]
- then
- echo ""
- echo "Verifying group file syntax:"
- chkgrp /etc/group || rc=3
- fi
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/210.backup-aliases
===================================================================
--- etc/periodic/daily/210.backup-aliases
+++ etc/periodic/daily/210.backup-aliases
@@ -1,47 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_backup_aliases_enable" in
- [Yy][Ee][Ss])
- if [ ! -f /etc/mail/aliases ]
- then
- echo '$daily_backup_aliases_enable is enabled but' \
- "/etc/mail/aliases doesn't exist"
- rc=2
- else
- bak=/var/backups
- rc=0
-
- echo ""
- echo "Backing up mail aliases:"
-
- if [ ! -f $bak/aliases.bak ]
- then
- echo "no $bak/aliases.bak"
- cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
- fi
-
- if ! cmp -s $bak/aliases.bak /etc/mail/aliases
- then
- [ $rc -lt 1 ] && rc=1
- echo "$host aliases diffs:"
- diff -u $bak/aliases.bak /etc/mail/aliases
- mv $bak/aliases.bak $bak/aliases.bak2
- cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
- fi
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/300.calendar
===================================================================
--- etc/periodic/daily/300.calendar
+++ etc/periodic/daily/300.calendar
@@ -1,29 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# `calendar -a' needs to die. Why? Because it's a bad idea, particular
-# with networked home directories, but also in general. If you want the
-# output of `calendar' mailed to you, set up a cron job to do it,
-# or run it from your ~/.profile or ~/.login.
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_calendar_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Running calendar:"
-
- calendar -a && rc=0 || rc=3;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/310.accounting
===================================================================
--- etc/periodic/daily/310.accounting
+++ etc/periodic/daily/310.accounting
@@ -1,65 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_accounting_enable" in
- [Yy][Ee][Ss])
- if [ ! -f /var/account/acct ]
- then
- echo '$daily_accounting_enable is set but /var/account/acct' \
- "doesn't exist"
- rc=2
- elif [ -z "$daily_accounting_save" ]
- then
- echo '$daily_accounting_enable is set but ' \
- '$daily_accounting_save is not'
- rc=2
- else
- echo ""
- echo "Rotating accounting logs and gathering statistics:"
-
- cd /var/account
- rc=0
-
- n=$(( $daily_accounting_save - 1 ))
- for f in acct.*; do
- case "$f" in acct.\*) continue ;; esac # No files match
- m=${f%.gz} ; m=${m#acct.}
- [ $m -ge $n ] && { rm $f || rc=3; }
- done
-
- m=$n
- n=$(($n - 1))
- while [ $n -ge 0 ]
- do
- [ -f acct.$n.gz ] && { mv -f acct.$n.gz acct.$m.gz || rc=3; }
- [ -f acct.$n ] && { mv -f acct.$n acct.$m || rc=3; }
- m=$n
- n=$(($n - 1))
- done
-
- /etc/rc.d/accounting rotate_log || rc=3
-
- rm -f acct.merge && cp acct.0 acct.merge || rc=3
- sa -s $daily_accounting_flags /var/account/acct.merge || rc=3
- rm acct.merge
-
- case "$daily_accounting_compress" in
- [Yy][Ee][Ss])
- gzip -f acct.0 || rc=3;;
- esac
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/330.news
===================================================================
--- etc/periodic/daily/330.news
+++ etc/periodic/daily/330.news
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Expire news articles
-# (This is present only for backwards compatibility, usually the news
-# system handles this on its own).
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_news_expire_enable" in
- [Yy][Ee][Ss])
- if [ ! -f /etc/news.expire ]
- then
- echo '$daily_news_expire_enable is set but /etc/news.expire' \
- "doesn't exist"
- rc=2
- else
- echo ""
- echo "Running news.expire:"
-
- /etc/news.expire && rc=0 || rc=3
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/400.status-disks
===================================================================
--- etc/periodic/daily/400.status-disks
+++ etc/periodic/daily/400.status-disks
@@ -1,40 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_disks_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Disk status:"
-
- if [ -n "${daily_status_disks_ignore}" ] ; then
- ignore="egrep -v ${daily_status_disks_ignore}"
- else
- ignore="cat"
- fi
- (df $daily_status_disks_df_flags | ${ignore}) && rc=1 || rc=3
-
- # display which filesystems need backing up
- if [ -s /etc/dumpdates ]; then
- if ! [ -f /etc/fstab ]; then
- export PATH_FSTAB=/dev/null
- fi
-
- echo ""
- dump W || rc=3
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/401.status-graid
===================================================================
--- etc/periodic/daily/401.status-graid
+++ etc/periodic/daily/401.status-graid
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_graid_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of graid(8) devices:'
-
- if graid status; then
- components="$(graid status -s | fgrep -v OPTIMAL)"
- if [ "${components}" ]; then
- rc=3
- else
- rc=0
- fi
- else
- rc=2
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/404.status-zfs
===================================================================
--- etc/periodic/daily/404.status-zfs
+++ etc/periodic/daily/404.status-zfs
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_zfs_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of zfs pools:'
-
- case "$daily_status_zfs_zpool_list_enable" in
- [Yy][Ee][Ss])
- lout=`zpool list`
- echo "$lout"
- echo
- ;;
- *)
- ;;
- esac
- sout=`zpool status -x`
- echo "$sout"
- # zpool status -x always exits with 0, so we have to interpret its
- # output to see what's going on.
- if [ "$sout" = "all pools are healthy" \
- -o "$sout" = "no pools available" ]; then
- rc=0
- else
- rc=1
- fi
- ;;
-
- *)
- rc=0
- ;;
-esac
-
-exit $rc
Index: etc/periodic/daily/406.status-gmirror
===================================================================
--- etc/periodic/daily/406.status-gmirror
+++ etc/periodic/daily/406.status-gmirror
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_gmirror_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of gmirror(8) devices:'
-
- if gmirror status; then
- components="$(gmirror status -s | fgrep -v COMPLETE)"
- if [ "${components}" ]; then
- rc=3
- else
- rc=0
- fi
- else
- rc=2
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/407.status-graid3
===================================================================
--- etc/periodic/daily/407.status-graid3
+++ etc/periodic/daily/407.status-graid3
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_graid3_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of graid3(8) devices:'
-
- if graid3 status; then
- components="$(graid3 status -s | fgrep -v COMPLETE)"
- if [ "${components}" ]; then
- rc=3
- else
- rc=0
- fi
- else
- rc=2
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/408.status-gstripe
===================================================================
--- etc/periodic/daily/408.status-gstripe
+++ etc/periodic/daily/408.status-gstripe
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_gstripe_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of gstripe(8) devices:'
-
- if gstripe status; then
- components="$(gstripe status -s | fgrep -v UP)"
- if [ "${components}" ]; then
- rc=3
- else
- rc=0
- fi
- else
- rc=2
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/409.status-gconcat
===================================================================
--- etc/periodic/daily/409.status-gconcat
+++ etc/periodic/daily/409.status-gconcat
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_gconcat_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of gconcat(8) devices:'
-
- if gconcat status; then
- components="$(gconcat status -s | fgrep -v UP)"
- if [ "${components}" ]; then
- rc=3
- else
- rc=0
- fi
- else
- rc=2
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/410.status-mfi
===================================================================
--- etc/periodic/daily/410.status-mfi
+++ etc/periodic/daily/410.status-mfi
@@ -1,33 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_mfi_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Checking status of mfi(4) devices:'
-
- if mfiutil show volumes; then
- if mfiutil show volumes | grep -q DEGRADED; then
- rc=3
- else
- rc=0
- fi
- else
- rc=2
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/420.status-network
===================================================================
--- etc/periodic/daily/420.status-network
+++ etc/periodic/daily/420.status-network
@@ -1,31 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_network_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Network interface status:"
-
- flags="${daily_status_network_netstat_flags}"
- case "$daily_status_network_usedns" in
- [Yy][Ee][Ss])
- ;;
- *)
- flags="${flags} -n";;
- esac
- netstat -i ${flags} && rc=0 || rc=3;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/430.status-uptime
===================================================================
--- etc/periodic/daily/430.status-uptime
+++ etc/periodic/daily/430.status-uptime
@@ -1,38 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_uptime_enable" in
- [Yy][Ee][Ss])
- rwho=$(echo /var/rwho/*)
- if [ -f "${rwho%% *}" ]
- then
- echo ""
- echo "Local network system status:"
- prog=ruptime
- else
- echo ""
- echo "Local system status:"
- prog=uptime
- fi
- rc=$($prog | tee /dev/stderr | wc -l)
- if [ $? -eq 0 ]
- then
- [ $rc -gt 1 ] && rc=1
- else
- rc=3
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/440.status-mailq
===================================================================
--- etc/periodic/daily/440.status-mailq
+++ etc/periodic/daily/440.status-mailq
@@ -1,66 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_mailq_enable" in
- [Yy][Ee][Ss])
- if [ ! -x /usr/bin/mailq ]
- then
- echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \
- "isn't executable"
- rc=2
- else
- echo ""
- echo "Mail in local queue:"
-
- rc=$(case "$daily_status_mailq_shorten" in
- [Yy][Ee][Ss])
- mailq |
- egrep -e '^[[:space:]]+[^[:space:]]+@' |
- sort |
- uniq -c |
- sort -nr |
- awk '$1 >= 1 {print $1, $2}';;
- *)
- mailq;;
- esac | tee /dev/stderr |
- egrep -v '(mqueue is empty|Total requests)' | wc -l)
- [ $rc -gt 0 ] && rc=1 || rc=0
-
- case "$daily_status_include_submit_mailq" in
- [Yy][Ee][Ss])
- if [ -f /etc/mail/submit.cf ]
- then
- echo ""
- echo "Mail in submit queue:"
-
- rc_submit=$(case "$daily_status_mailq_shorten" in
- [Yy][Ee][Ss])
- mailq -Ac |
- egrep -e '^[[:space:]]+[^[:space:]]+@' |
- sort |
- uniq -c |
- sort -nr |
- awk '$1 >= 1 {print $1, $2}';;
- *)
- mailq -Ac;;
- esac | tee /dev/stderr |
- egrep -v '(mqueue is empty|Total requests)' | wc -l)
- [ $rc_submit -gt 0 ] && rc=1
- fi;;
- esac
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/450.status-security
===================================================================
--- etc/periodic/daily/450.status-security
+++ etc/periodic/daily/450.status-security
@@ -1,47 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_security_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Security check:"
-
- case "$daily_status_security_inline" in
- [Yy][Ee][Ss])
- daily_status_security_output="";;
- esac
-
- export security_output="${daily_status_security_output}"
- rc=0
- case "${daily_status_security_output}" in
- "")
- if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
- then
- periodic security > $tempfile || rc=3
- if [ -s "$tempfile" ]; then
- cat "$tempfile"
- rc=3
- fi
- rm -f "$tempfile"
- fi;;
- /*)
- echo " (output logged separately)"
- periodic security || rc=3;;
- *)
- echo " (output mailed separately)"
- periodic security || rc=3;;
- esac;;
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/460.status-mail-rejects
===================================================================
--- etc/periodic/daily/460.status-mail-rejects
+++ etc/periodic/daily/460.status-mail-rejects
@@ -1,73 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_mail_rejects_shorten" in
-[Yy][Ee][Ss]) shorten='cut -d" " -f2,3';;
-*) shorten=cat;;
-esac
-
-case "$daily_status_mail_rejects_enable" in
- [Yy][Ee][Ss])
- if [ ! -d /etc/mail ]
- then
- echo '$daily_status_mail_rejects_enable is set but /etc/mail' \
- "doesn't exist"
- rc=2
- elif [ ! -f /var/log/maillog ]
- then
- echo '$daily_status_mail_rejects_enable is set but ' \
- "/var/log/maillog doesn't exist"
- rc=2
- elif [ "$daily_status_mail_rejects_logs" -le 0 ]
- then
- echo '$daily_status_mail_rejects_enable is set but ' \
- '$daily_status_mail_rejects_logs is not greater than zero'
- rc=2
- else
- echo
- echo Checking for rejected mail hosts:
-
- yesterday=$(date -v-1d '+%b %e')
- today=$(date '+%b %e')
- n=$(($daily_status_mail_rejects_logs - 2))
- rc=$({
- while [ $n -ge 0 ]
- do
- if [ -f /var/log/maillog.$n ]
- then
- cat /var/log/maillog.$n
- elif [ -f /var/log/maillog.$n.gz ]
- then
- zcat -fc /var/log/maillog.$n.gz
- elif [ -f /var/log/maillog.$n.bz2 ]
- then
- bzcat -fc /var/log/maillog.$n.bz2
- fi
- n=$(($n - 1))
- done
- cat /var/log/maillog
- } | sed -Ene "/^$today/q" -e "/^$yesterday/{"'
- s/.*ruleset=check_relay,.* relay=([^,]+), reject=([^ ]*).*/\2 check_relay \1/p
- t end
- s/.*ruleset=check_rcpt,.* arg1=<?([^>,]+).* reject=([^ ]+) .* ([^ ]+)/\2 check_rcpt \1 \3/p
- t end
- s/.*ruleset=check_([^,]+),.* arg1=<?([^@]+@)?([^>,]+).* reject=([^ ]+) .* ([^ ]+)/\4 check_\1 \3 \5/p
- :end
- }' | eval $shorten | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l)
- [ $rc -gt 0 ] && rc=1
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/480.leapfile-ntpd
===================================================================
--- etc/periodic/daily/480.leapfile-ntpd
+++ etc/periodic/daily/480.leapfile-ntpd
@@ -1,23 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_ntpd_leapfile_enable" in
- [Yy][Ee][Ss])
- if service ntpd oneneedfetch; then
- anticongestion
- service ntpd onefetch
- fi
- ;;
-esac
-
-exit $rc
Index: etc/periodic/daily/480.status-ntpd
===================================================================
--- etc/periodic/daily/480.status-ntpd
+++ etc/periodic/daily/480.status-ntpd
@@ -1,28 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-rc=0
-
-case "$daily_status_ntpd_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "NTP status:"
-
- synchronized=$(ntpq -pn | tee /dev/stderr | grep '^\*')
- if [ -z "$synchronized" ]; then
- rc=1
- fi
- ;;
-esac
-
-exit $rc
Index: etc/periodic/daily/500.queuerun
===================================================================
--- etc/periodic/daily/500.queuerun
+++ etc/periodic/daily/500.queuerun
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_queuerun_enable" in
- [Yy][Ee][Ss])
- if [ ! -x /usr/sbin/sendmail ]
- then
- echo '$daily_queuerun_enable is set but /usr/sbin/sendmail' \
- "isn't executable"
- rc=2
- else
- /usr/sbin/sendmail -q >/dev/null 2>&1 &
- case "$daily_submit_queuerun" in
- [Yy][Ee][Ss])
- if [ -f /etc/mail/submit.cf ]
- then
- /usr/sbin/sendmail -q -Ac >/dev/null 2>&1 &
- fi;;
- esac
- rc=0
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/510.status-world-kernel
===================================================================
--- etc/periodic/daily/510.status-world-kernel
+++ etc/periodic/daily/510.status-world-kernel
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Check that the running userland and kernel versions are in sync.
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$daily_status_world_kernel" in
- [Yy][Ee][Ss])
- rc=0
- _U=$(/usr/bin/uname -U 2>/dev/null)
- _K=$(/usr/bin/uname -K 2>/dev/null)
- [ -z "${_U}" -o -z "${_K}" ] && exit 0
- echo ""
- echo "Checking userland and kernel versions:"
- if [ "${_U}" != "${_K}" ]; then
- echo "Userland and kernel are not in sync"
- echo "Userland version: ${_U}"
- echo "Kernel version: ${_K}"
- rc=1
- else
- echo "Userland and kernel are in sync."
- fi
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/daily/800.scrub-zfs
===================================================================
--- etc/periodic/daily/800.scrub-zfs
+++ etc/periodic/daily/800.scrub-zfs
@@ -1,110 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-
-newline="
-" # A single newline
-
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-: ${daily_scrub_zfs_default_threshold=35}
-
-case "$daily_scrub_zfs_enable" in
- [Yy][Ee][Ss])
- echo
- echo 'Scrubbing of zfs pools:'
-
- if [ -z "${daily_scrub_zfs_pools}" ]; then
- daily_scrub_zfs_pools="$(zpool list -H -o name)"
- fi
-
- rc=0
- for pool in ${daily_scrub_zfs_pools}; do
- # sanity check
- _status=$(zpool list "${pool}" 2> /dev/null)
- if [ $? -ne 0 ]; then
- rc=2
- echo " WARNING: pool '${pool}' specified in"
- echo " '/etc/periodic.conf:daily_scrub_zfs_pools'"
- echo " does not exist"
- continue
- fi
- _status=${_status##*$newline}
- case ${_status} in
- *FAULTED*)
- rc=3
- echo "Skipping faulted pool: ${pool}"
- continue ;;
- *UNAVAIL*)
- rc=4
- echo "Skipping unavailable pool: ${pool}"
- continue ;;
- esac
-
- # determine how many days shall be between scrubs
- eval _pool_threshold=\${daily_scrub_zfs_$(echo "${pool}"|tr ".:-" "_")_threshold}
- if [ -z "${_pool_threshold}" ];then
- _pool_threshold=${daily_scrub_zfs_default_threshold}
- fi
-
- _last_scrub=$(zpool history ${pool} | \
- egrep "^[0-9\.\:\-]{19} zpool scrub ${pool}\$" | tail -1 |\
- cut -d ' ' -f 1)
- if [ -z "${_last_scrub}" ]; then
- # creation time of the pool if no scrub was done
- _last_scrub=$(zpool history ${pool} | \
- sed -ne '2s/ .*$//p')
- fi
- if [ -z "${_last_scrub}" ]; then
- echo " skipping scrubbing of pool '${pool}':"
- echo " can't get last scrubbing date"
- continue
- fi
-
- # Now minus last scrub (both in seconds) converted to days.
- _scrub_diff=$(expr -e \( $(date +%s) - \
- $(date -j -v -70M -f %F.%T ${_last_scrub} +%s) \) / 60 / 60 / 24)
- if [ ${_scrub_diff} -lt ${_pool_threshold} ]; then
- echo " skipping scrubbing of pool '${pool}':"
- echo " last scrubbing is ${_scrub_diff} days ago, threshold is set to ${_pool_threshold} days"
- continue
- fi
-
- _status="$(zpool status ${pool} | grep scan:)"
- case "${_status}" in
- *"scrub in progress"*)
- echo " scrubbing of pool '${pool}' already in progress, skipping:"
- ;;
- *"resilver in progress"*)
- echo " resilvering of pool '${pool}' is in progress, skipping:"
- ;;
- *"none requested"*)
- echo " starting first scrub (since reboot) of pool '${pool}':"
- zpool scrub ${pool}
- [ $rc -eq 0 ] && rc=1
- ;;
- *)
- echo " starting scrub of pool '${pool}':"
- zpool scrub ${pool}
- [ $rc -eq 0 ] && rc=1
- ;;
- esac
-
- echo " consult 'zpool status ${pool}' for the result"
- done
- ;;
-
- *)
- rc=0
- ;;
-esac
-
-exit $rc
Index: etc/periodic/daily/999.local
===================================================================
--- etc/periodic/daily/999.local
+++ etc/periodic/daily/999.local
@@ -1,43 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-# Run the old /etc/daily.local script. This is really for backwards
-# compatibility more than anything else.
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-rc=0
-for script in $daily_local
-do
- echo ''
- case "$script" in
- /*)
- if [ -x "$script" ]
- then
- echo "Running $script:"
-
- $script || rc=3
- elif [ -f "$script" ]
- then
- echo "Running $script:"
-
- sh $script || rc=3
- else
- echo "$script: No such file"
- [ $rc -lt 2 ] && rc=2
- fi;;
- *)
- echo "$script: Not an absolute path"
- [ $rc -lt 2 ] && rc=2;;
- esac
-done
-
-exit $rc
Index: etc/periodic/daily/Makefile
===================================================================
--- etc/periodic/daily/Makefile
+++ etc/periodic/daily/Makefile
@@ -1,62 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-FILESGROUPS=FILES
-
-FILES= 100.clean-disks \
- 110.clean-tmps \
- 120.clean-preserve \
- 140.clean-rwho \
- 200.backup-passwd \
- 210.backup-aliases \
- 330.news \
- 400.status-disks \
- 401.status-graid \
- 406.status-gmirror \
- 407.status-graid3 \
- 408.status-gstripe \
- 409.status-gconcat \
- 410.status-mfi \
- 420.status-network \
- 430.status-uptime \
- 450.status-security \
- 510.status-world-kernel \
- 999.local
-
-# NB: keep these sorted by MK_* knobs
-
-.if ${MK_ACCT} != "no"
-FILESGROUPS+= ACCT
-ACCT+= 310.accounting
-.endif
-ACCTDIR= /etc/periodic/daily
-ACCTMODE= ${BINMODE}
-ACCTPACKAGE= acct
-
-.if ${MK_CALENDAR} != "no"
-FILES+= 300.calendar
-.endif
-
-.if ${MK_MAIL} != "no"
-FILES+= 130.clean-msgs
-.endif
-
-.if ${MK_NTP} != "no"
-FILES+= 480.status-ntpd \
- 480.leapfile-ntpd
-.endif
-
-.if ${MK_SENDMAIL} != "no"
-FILES+= 150.clean-hoststat \
- 440.status-mailq \
- 460.status-mail-rejects \
- 500.queuerun
-.endif
-
-.if ${MK_ZFS} != "no"
-FILES+= 404.status-zfs \
- 800.scrub-zfs
-.endif
-
-.include <bsd.prog.mk>
Index: etc/periodic/monthly/200.accounting
===================================================================
--- etc/periodic/monthly/200.accounting
+++ etc/periodic/monthly/200.accounting
@@ -1,51 +0,0 @@
-#!/bin/sh -
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-oldmask=$(umask)
-umask 066
-case "$monthly_accounting_enable" in
- [Yy][Ee][Ss])
- W=/var/log/utx.log
- rc=0
- remove=NO
- if [ ! -f $W.0 ]
- then
- if [ -f $W.0.gz ]
- then
- remove=YES
- zcat $W.0.gz > $W.0 || rc=1
- elif [ -f $W.0.bz2 ]
- then
- remove=YES
- bzcat $W.0.bz2 > $W.0 || rc=1
- else
- echo '$monthly_accounting_enable is set but' \
- "$W.0 doesn't exist"
- rc=2
- fi
- fi
- if [ $rc -eq 0 ]
- then
- echo ""
- echo "Doing login accounting:"
-
- rc=$(ac -p -w $W.0 | sort -nr -k 2 | tee /dev/stderr | wc -l)
- [ $rc -gt 0 ] && rc=1
- fi
- [ $remove = YES ] && rm -f $W.0;;
-
- *) rc=0;;
-esac
-
-umask $oldmask
-exit $rc
Index: etc/periodic/monthly/450.status-security
===================================================================
--- etc/periodic/monthly/450.status-security
+++ etc/periodic/monthly/450.status-security
@@ -1,47 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$monthly_status_security_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Security check:"
-
- case "$monthly_status_security_inline" in
- [Yy][Ee][Ss])
- monthly_status_security_output="";;
- esac
-
- export security_output="${monthly_status_security_output}"
- rc=0
- case "${monthly_status_security_output}" in
- "")
- if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
- then
- periodic security > $tempfile || rc=3
- if [ -s "$tempfile" ]; then
- cat "$tempfile"
- rc=3
- fi
- rm -f "$tempfile"
- fi;;
- /*)
- echo " (output logged separately)"
- periodic security || rc=3;;
- *)
- echo " (output mailed separately)"
- periodic security || rc=3;;
- esac;;
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/monthly/999.local
===================================================================
--- etc/periodic/monthly/999.local
+++ etc/periodic/monthly/999.local
@@ -1,40 +0,0 @@
-#!/bin/sh -
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-rc=0
-for script in $monthly_local
-do
- echo ''
- case "$script" in
- /*)
- if [ -x "$script" ]
- then
- echo "Running $script:"
-
- $script || rc=3
- elif [ -f "$script" ]
- then
- echo "Running $script:"
-
- sh $script || rc=3
- else
- echo "$script: No such file"
- [ $rc -lt 2 ] && rc=2
- fi;;
- *)
- echo "$script: Not an absolute path"
- [ $rc -lt 2 ] && rc=2;;
- esac
-done
-
-exit $rc
Index: etc/periodic/monthly/Makefile
===================================================================
--- etc/periodic/monthly/Makefile
+++ etc/periodic/monthly/Makefile
@@ -1,20 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-FILESGROUPS=FILES
-
-FILES= 450.status-security \
- 999.local
-
-# NB: keep these sorted by MK_* knobs
-
-.if ${MK_UTMPX} != "no"
-FILESGROUPS+= ACCT
-ACCT+= 200.accounting
-.endif
-ACCTDIR= /etc/periodic/monthly
-ACCTMODE= ${BINMODE}
-ACCTPACKAGE= acct
-
-.include <bsd.prog.mk>
Index: etc/periodic/security/100.chksetuid
===================================================================
--- etc/periodic/security/100.chksetuid
+++ etc/periodic/security/100.chksetuid
@@ -1,62 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_chksetuid_enable
-
-rc=0
-
-if check_yesno_period security_status_chksetuid_enable
-then
- echo ""
- echo 'Checking setuid files and devices:'
- IFS=$'\n' # Don't split mount points with spaces or tabs
- MP=`mount -t ufs,zfs | awk '
- $0 !~ /no(suid|exec)/ {
- sub(/^.* on \//, "/");
- sub(/ \(.*\)/, "");
- print $0
- }'`
- find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
- \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
- \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
- check_diff setuid - "${host} setuid diffs:"
- rc=$?
-fi
-
-exit $rc
Index: etc/periodic/security/110.neggrpperm
===================================================================
--- etc/periodic/security/110.neggrpperm
+++ etc/periodic/security/110.neggrpperm
@@ -1,61 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_neggrpperm_enable
-
-rc=0
-
-if check_yesno_period security_status_neggrpperm_enable
-then
- echo ""
- echo 'Checking negative group permissions:'
- IFS=$'\n' # Don't split mount points with spaces or tabs
- MP=`mount -t ufs,zfs | awk '
- $0 !~ /no(suid|exec)/ {
- sub(/^.* on \//, "/");
- sub(/ \(.*\)/, "");
- print $0
- }'`
- n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
- \( \( ! -perm +010 -and -perm +001 \) -or \
- \( ! -perm +020 -and -perm +002 \) -or \
- \( ! -perm +040 -and -perm +004 \) \) \
- -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0
-fi
-
-exit $rc
Index: etc/periodic/security/200.chkmounts
===================================================================
--- etc/periodic/security/200.chkmounts
+++ etc/periodic/security/200.chkmounts
@@ -1,65 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# Show changes in the way filesystems are mounted
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_chkmounts_enable
-security_daily_compat_var security_status_chkmounts_ignore
-security_daily_compat_var security_status_noamd
-
-ignore="${security_status_chkmounts_ignore}"
-rc=0
-
-if check_yesno_period security_status_chkmounts_enable
-then
- case "$security_status_noamd" in
- [Yy][Ee][Ss])
- ignore="${ignore}|^amd:"
- esac
- [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
- if ! [ -f /etc/fstab ]; then
- export PATH_FSTAB=/dev/null
- fi
- mount -p | sort | ${cmd} |
- check_diff mount - "${host} changes in mounted filesystems:"
- rc=$?
-fi
-
-exit "$rc"
Index: etc/periodic/security/300.chkuid0
===================================================================
--- etc/periodic/security/300.chkuid0
+++ etc/periodic/security/300.chkuid0
@@ -1,54 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_chkuid0_enable
-
-rc=0
-
-if check_yesno_period security_status_chkuid0_enable
-then
- echo ""
- echo 'Checking for uids of 0:'
- n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd |
- tee /dev/stderr |
- sed -e '/^root 0$/d' -e '/^toor 0$/d' |
- wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0
-fi
-
-exit "$rc"
Index: etc/periodic/security/400.passwdless
===================================================================
--- etc/periodic/security/400.passwdless
+++ etc/periodic/security/400.passwdless
@@ -1,51 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_passwdless_enable
-
-rc=0
-
-if check_yesno_period security_status_passwdless_enable
-then
- echo ""
- echo 'Checking for passwordless accounts:'
- n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
- tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0
-fi
-
-exit "$rc"
Index: etc/periodic/security/410.logincheck
===================================================================
--- etc/periodic/security/410.logincheck
+++ etc/periodic/security/410.logincheck
@@ -1,55 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2006 Tom Rhodes
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_logincheck_enable
-
-rc=0
-
-if check_yesno_period security_status_logincheck_enable
-then
- echo ""
- echo 'Checking login.conf permissions:'
- if [ -G /etc/login.conf -a -O /etc/login.conf ]; then
- n=0
- else
- echo "Bad ownership of /etc/login.conf"
- n=1
- fi
- [ $n -gt 0 ] && rc=1 || rc=0
-fi
-
-exit "$rc"
Index: etc/periodic/security/500.ipfwdenied
===================================================================
--- etc/periodic/security/500.ipfwdenied
+++ etc/periodic/security/500.ipfwdenied
@@ -1,54 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_ipfwdenied_enable
-
-rc=0
-
-if check_yesno_period security_status_ipfwdenied_enable
-then
- TMP=`mktemp -t security`
- if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
- check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:"
- fi
- rc=$?
- rm -f ${TMP}
-fi
-
-exit $rc
Index: etc/periodic/security/510.ipfdenied
===================================================================
--- etc/periodic/security/510.ipfdenied
+++ etc/periodic/security/510.ipfdenied
@@ -1,54 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_ipfdenied_enable
-
-rc=0
-
-if check_yesno_period security_status_ipfdenied_enable
-then
- TMP=`mktemp -t security`
- if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then
- check_diff new_only ipf ${TMP} "${host} ipf denied packets:"
- fi
- rc=$?
- rm -f ${TMP}
-fi
-
-exit $rc
Index: etc/periodic/security/520.pfdenied
===================================================================
--- etc/periodic/security/520.pfdenied
+++ etc/periodic/security/520.pfdenied
@@ -1,59 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2004 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_pfdenied_enable
-
-rc=0
-
-if check_yesno_period security_status_pfdenied_enable
-then
- TMP=`mktemp -t security`
- for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
- do
- pfctl -a ${_a} -sr -v -z 2>/dev/null | \
- nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}
- done
- if [ -s ${TMP} ]; then
- check_diff new_only pf ${TMP} "${host} pf denied packets:"
- fi
- rc=$?
- rm -f ${TMP}
-fi
-
-exit $rc
Index: etc/periodic/security/550.ipfwlimit
===================================================================
--- etc/periodic/security/550.ipfwlimit
+++ etc/periodic/security/550.ipfwlimit
@@ -1,69 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# Show ipfw rules which have reached the log limit
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_ipfwlimit_enable
-
-rc=0
-
-if check_yesno_period security_status_ipfwlimit_enable
-then
- IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null`
- if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then
- exit 0
- fi
- TMP=`mktemp -t security`
- ipfw -a list | grep " log " | \
- grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
- awk \
- '{if ($6 == "logamount") {
- if ($2 > $7)
- {print $0}}
- }' > ${TMP}
-
- if [ -s "${TMP}" ]; then
- rc=1
- echo ""
- echo 'ipfw log limit reached:'
- cat ${TMP}
- fi
- rm -f ${TMP}
-fi
-
-exit $rc
Index: etc/periodic/security/610.ipf6denied
===================================================================
--- etc/periodic/security/610.ipf6denied
+++ etc/periodic/security/610.ipf6denied
@@ -1,54 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_ipf6denied_enable
-
-rc=0
-
-if check_yesno_period security_status_ipf6denied_enable
-then
- TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
- if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then
- check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:"
- fi
- rc=$?
- rm -f ${TMP}
-fi
-
-exit $rc
Index: etc/periodic/security/700.kernelmsg
===================================================================
--- etc/periodic/security/700.kernelmsg
+++ etc/periodic/security/700.kernelmsg
@@ -1,54 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# Show kernel log messages
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-security_daily_compat_var security_status_kernelmsg_enable
-
-rc=0
-
-if check_yesno_period security_status_kernelmsg_enable
-then
- dmesg 2>/dev/null |
- check_diff new_only dmesg - "${host} kernel log messages:"
- rc=$?
-fi
-
-exit $rc
Index: etc/periodic/security/800.loginfail
===================================================================
--- etc/periodic/security/800.loginfail
+++ etc/periodic/security/800.loginfail
@@ -1,72 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# Show login failures
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_logdir
-security_daily_compat_var security_status_loginfail_enable
-
-LOG="${security_status_logdir}"
-
-yesterday=`date -v-1d "+%b %e "`
-
-catmsgs() {
- find ${LOG} -name 'auth.log.*' -mtime -2 |
- sort -t. -r -n -k 2,2 |
- while read f
- do
- case $f in
- *.gz) zcat -f $f;;
- *.bz2) bzcat -f $f;;
- esac
- done
- [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
-}
-
-rc=0
-
-if check_yesno_period security_status_loginfail_enable
-then
- echo ""
- echo "${host} login failures:"
- n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
- tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0
-fi
-
-exit $rc
Index: etc/periodic/security/900.tcpwrap
===================================================================
--- etc/periodic/security/900.tcpwrap
+++ etc/periodic/security/900.tcpwrap
@@ -1,72 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# Show tcp_wrapper warning messages
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-security_daily_compat_var security_status_logdir
-security_daily_compat_var security_status_tcpwrap_enable
-
-LOG="${security_status_logdir}"
-
-yesterday=`date -v-1d "+%b %e "`
-
-catmsgs() {
- find ${LOG} -name 'messages.*' -mtime -2 |
- sort -t. -r -n -k 2,2 |
- while read f
- do
- case $f in
- *.gz) zcat -f $f;;
- *.bz2) bzcat -f $f;;
- esac
- done
- [ -f ${LOG}/messages ] && cat $LOG/messages
-}
-
-rc=0
-
-if check_yesno_period security_status_tcpwrap_enable
-then
- echo ""
- echo "${host} refused connections:"
- n=$(catmsgs | grep -i "^$yesterday.*refused connect" |
- tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0
-fi
-
-exit $rc
Index: etc/periodic/security/Makefile
===================================================================
--- etc/periodic/security/Makefile
+++ etc/periodic/security/Makefile
@@ -1,37 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-FILESGROUPS= FILES DATA
-
-FILES= 100.chksetuid \
- 110.neggrpperm \
- 200.chkmounts \
- 300.chkuid0 \
- 400.passwdless \
- 410.logincheck \
- 700.kernelmsg \
- 800.loginfail
-DATA= security.functions
-
-# NB: keep these sorted by MK_* knobs
-
-.if ${MK_IPFILTER} != "no"
-FILES+= 510.ipfdenied
-FILES+= 610.ipf6denied
-.endif
-
-.if ${MK_IPFW} != "no"
-FILES+= 500.ipfwdenied \
- 550.ipfwlimit
-.endif
-
-.if ${MK_PF} != "no"
-FILES+= 520.pfdenied
-.endif
-
-.if ${MK_INETD} != "no" && ${MK_TCP_WRAPPERS} != "no"
-FILES+= 900.tcpwrap
-.endif
-
-.include <bsd.prog.mk>
Index: etc/periodic/security/security.functions
===================================================================
--- etc/periodic/security/security.functions
+++ etc/periodic/security/security.functions
@@ -1,87 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2001 The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# This is a library file, so we only try to do something when sourced.
-case "$0" in
-*/security.functions) exit 0 ;;
-esac
-
-security_daily_compat_var security_status_logdir
-security_daily_compat_var security_status_diff_flags
-
-#
-# Show differences in the output of an audit command
-#
-
-LOG="${security_status_logdir}"
-rc=0
-
-# Usage: COMMAND | check_diff [new_only] LABEL - MSG
-# COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG
-# if $1 is new_only, show only the 'new' part of the diff.
-# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
-
-check_diff() {
- unset IFS
- rc=0
- if [ "$1" = "new_only" ]; then
- shift
- filter="grep '^[>+][^+]'"
- else
- filter="cat"
- fi
- label="$1"; shift
- tmpf="$1"; shift
- msg="$1"; shift
-
- if [ "${tmpf}" = "-" ]; then
- tmpf=`mktemp -t security`
- cat > ${tmpf}
- fi
-
- if [ ! -f ${LOG}/${label}.today ]; then
- rc=1
- echo ""
- echo "No ${LOG}/${label}.today"
- cp ${tmpf} ${LOG}/${label}.today || rc=3
- fi
-
- if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then
- [ $rc -lt 1 ] && rc=1
- echo ""
- echo "${msg}"
- diff ${security_status_diff_flags} ${LOG}/${label}.today \
- ${tmpf} | eval "${filter}"
- mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
- mv ${tmpf} ${LOG}/${label}.today || rc=3
- fi
-
- rm -f ${tmpf}
- exit ${rc}
-}
Index: etc/periodic/weekly/310.locate
===================================================================
--- etc/periodic/weekly/310.locate
+++ etc/periodic/weekly/310.locate
@@ -1,32 +0,0 @@
-#!/bin/sh -
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$weekly_locate_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Rebuilding locate database:"
-
- locdb=/var/db/locate.database
-
- touch $locdb && rc=0 || rc=3
- chown nobody $locdb || rc=3
- chmod 644 $locdb || rc=3
-
- cd /
- echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
- chmod 444 $locdb || rc=3;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/weekly/320.whatis
===================================================================
--- etc/periodic/weekly/320.whatis
+++ etc/periodic/weekly/320.whatis
@@ -1,51 +0,0 @@
-#!/bin/sh -
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$weekly_whatis_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Rebuilding whatis database:"
-
- MANPATH=`/usr/bin/manpath -q`
- if [ $? = 0 ]
- then
- if [ -z "${MANPATH}" ]
- then
- echo "manpath failed to find any manpage directories"
- rc=3
- else
- man_locales=`/usr/bin/manpath -qL`
- rc=0
-
- # Build whatis(1) database(s) for original, non-localized
- # manpages.
- /usr/libexec/makewhatis.local "${MANPATH}" || rc=3
-
- # Build whatis(1) database(s) for localized manpages.
- if [ X"${man_locales}" != X ]
- then
- for i in ${man_locales}
- do
- LC_ALL=$i /usr/libexec/makewhatis.local -a \
- -L "${MANPATH}" || rc=3
- done
- fi
- fi
- else
- rc=3
- fi;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/weekly/340.noid
===================================================================
--- etc/periodic/weekly/340.noid
+++ etc/periodic/weekly/340.noid
@@ -1,29 +0,0 @@
-#!/bin/sh -
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$weekly_noid_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Check for files with an unknown user or group:"
-
- rc=$(find -H ${weekly_noid_dirs:-/} \
- \( ! -fstype local -prune -or -name \* \) -and \
- \( -nogroup -o -nouser \) -print | sed 's/^/ /' |
- tee /dev/stderr | wc -l)
- [ $rc -gt 1 ] && rc=1
- ;;
-
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/weekly/450.status-security
===================================================================
--- etc/periodic/weekly/450.status-security
+++ etc/periodic/weekly/450.status-security
@@ -1,47 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-case "$weekly_status_security_enable" in
- [Yy][Ee][Ss])
- echo ""
- echo "Security check:"
-
- case "$weekly_status_security_inline" in
- [Yy][Ee][Ss])
- weekly_status_security_output="";;
- esac
-
- export security_output="${weekly_status_security_output}"
- rc=0
- case "${weekly_status_security_output}" in
- "")
- if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
- then
- periodic security > $tempfile || rc=3
- if [ -s "$tempfile" ]; then
- cat "$tempfile"
- rc=3
- fi
- rm -f "$tempfile"
- fi;;
- /*)
- echo " (output logged separately)"
- periodic security || rc=3;;
- *)
- echo " (output mailed separately)"
- periodic security || rc=3;;
- esac;;
- *) rc=0;;
-esac
-
-exit $rc
Index: etc/periodic/weekly/999.local
===================================================================
--- etc/periodic/weekly/999.local
+++ etc/periodic/weekly/999.local
@@ -1,40 +0,0 @@
-#!/bin/sh -
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-rc=0
-for script in $weekly_local
-do
- echo ''
- case "$script" in
- /*)
- if [ -x "$script" ]
- then
- echo "Running $script:"
-
- $script || rc=3
- elif [ -f "$script" ]
- then
- echo "Running $script:"
-
- sh $script || rc=3
- else
- echo "$script: No such file"
- [ $rc -lt 2 ] && rc=2
- fi;;
- *)
- echo "$script: Not an absolute path"
- [ $rc -lt 2 ] && rc=2;;
- esac
-done
-
-exit $rc
Index: etc/periodic/weekly/Makefile
===================================================================
--- etc/periodic/weekly/Makefile
+++ etc/periodic/weekly/Makefile
@@ -1,19 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-FILES= 340.noid \
- 450.status-security \
- 999.local
-
-# NB: keep these sorted by MK_* knobs
-
-.if ${MK_LOCATE} != "no"
-FILES+= 310.locate
-.endif
-
-.if ${MK_MAN_UTILS} != "no"
-FILES+= 320.whatis
-.endif
-
-.include <bsd.prog.mk>
Index: usr.sbin/periodic/Makefile
===================================================================
--- usr.sbin/periodic/Makefile
+++ usr.sbin/periodic/Makefile
@@ -3,4 +3,9 @@
SCRIPTS=periodic.sh
MAN= periodic.8
+CONFS= periodic.conf
+CONFSDIR= /etc/defaults
+
+SUBDIR= etc
+
.include <bsd.prog.mk>
Index: usr.sbin/periodic/etc/Makefile.inc
===================================================================
--- usr.sbin/periodic/etc/Makefile.inc
+++ usr.sbin/periodic/etc/Makefile.inc
@@ -1,5 +1,6 @@
# $FreeBSD$
-BINDIR= /etc/periodic/${.CURDIR:T}
+CONFMODE= 755
+CONFDIR= ETC_PERIODIC_${.CURDIR:T:U}
+ETC_PERIODIC_${.CURDIR:T:U}= /etc/periodic/${.CURDIR:T}
NO_OBJ=
-FILESMODE= 755
Index: usr.sbin/periodic/etc/daily/Makefile
===================================================================
--- usr.sbin/periodic/etc/daily/Makefile
+++ usr.sbin/periodic/etc/daily/Makefile
@@ -2,9 +2,9 @@
.include <src.opts.mk>
-FILESGROUPS=FILES
+CONFGROUPS=CONFS
-FILES= 100.clean-disks \
+CONFS= 100.clean-disks \
110.clean-tmps \
120.clean-preserve \
140.clean-rwho \
@@ -27,35 +27,34 @@
# NB: keep these sorted by MK_* knobs
.if ${MK_ACCT} != "no"
-FILESGROUPS+= ACCT
+CONFGROUPS+= ACCT
ACCT+= 310.accounting
-.endif
-ACCTDIR= /etc/periodic/daily
ACCTMODE= ${BINMODE}
ACCTPACKAGE= acct
+.endif
.if ${MK_CALENDAR} != "no"
-FILES+= 300.calendar
+CONFS+= 300.calendar
.endif
.if ${MK_MAIL} != "no"
-FILES+= 130.clean-msgs
+CONFS+= 130.clean-msgs
.endif
.if ${MK_NTP} != "no"
-FILES+= 480.status-ntpd \
+CONFS+= 480.status-ntpd \
480.leapfile-ntpd
.endif
.if ${MK_SENDMAIL} != "no"
-FILES+= 150.clean-hoststat \
+CONFS+= 150.clean-hoststat \
440.status-mailq \
460.status-mail-rejects \
500.queuerun
.endif
.if ${MK_ZFS} != "no"
-FILES+= 404.status-zfs \
+CONFS+= 404.status-zfs \
800.scrub-zfs
.endif
Index: usr.sbin/periodic/etc/monthly/Makefile
===================================================================
--- usr.sbin/periodic/etc/monthly/Makefile
+++ usr.sbin/periodic/etc/monthly/Makefile
@@ -2,19 +2,18 @@
.include <src.opts.mk>
-FILESGROUPS=FILES
+CONFGROUPS= CONFS
-FILES= 450.status-security \
+CONFS= 450.status-security \
999.local
# NB: keep these sorted by MK_* knobs
.if ${MK_UTMPX} != "no"
-FILESGROUPS+= ACCT
+CONFGROUPS+= ACCT
ACCT+= 200.accounting
-.endif
-ACCTDIR= /etc/periodic/monthly
ACCTMODE= ${BINMODE}
ACCTPACKAGE= acct
+.endif
.include <bsd.prog.mk>
Index: usr.sbin/periodic/etc/security/Makefile
===================================================================
--- usr.sbin/periodic/etc/security/Makefile
+++ usr.sbin/periodic/etc/security/Makefile
@@ -2,9 +2,9 @@
.include <src.opts.mk>
-FILESGROUPS= FILES DATA
+CONFGROUPS= CONFS DATA
-FILES= 100.chksetuid \
+CONFS= 100.chksetuid \
110.neggrpperm \
200.chkmounts \
300.chkuid0 \
@@ -13,25 +13,28 @@
700.kernelmsg \
800.loginfail
DATA= security.functions
+DATAMODE= 444
+
+CONFDIR= /etc/periodic/security
# NB: keep these sorted by MK_* knobs
.if ${MK_IPFILTER} != "no"
-FILES+= 510.ipfdenied
-FILES+= 610.ipf6denied
+CONFS+= 510.ipfdenied
+CONFS+= 610.ipf6denied
.endif
.if ${MK_IPFW} != "no"
-FILES+= 500.ipfwdenied \
+CONFS+= 500.ipfwdenied \
550.ipfwlimit
.endif
.if ${MK_PF} != "no"
-FILES+= 520.pfdenied
+CONFS+= 520.pfdenied
.endif
.if ${MK_INETD} != "no" && ${MK_TCP_WRAPPERS} != "no"
-FILES+= 900.tcpwrap
+CONFS+= 900.tcpwrap
.endif
.include <bsd.prog.mk>
Index: usr.sbin/periodic/etc/weekly/Makefile
===================================================================
--- usr.sbin/periodic/etc/weekly/Makefile
+++ usr.sbin/periodic/etc/weekly/Makefile
@@ -2,18 +2,18 @@
.include <src.opts.mk>
-FILES= 340.noid \
+CONFS= 340.noid \
450.status-security \
999.local
# NB: keep these sorted by MK_* knobs
.if ${MK_LOCATE} != "no"
-FILES+= 310.locate
+CONFS+= 310.locate
.endif
.if ${MK_MAN_UTILS} != "no"
-FILES+= 320.whatis
+CONFS+= 320.whatis
.endif
.include <bsd.prog.mk>

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 18, 3:27 AM (16 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29874678
Default Alt Text
D16553.id46154.diff (96 KB)

Event Timeline