daily (revision ebc67df82ae2491b692b8f41c1e3f5f12004edfd) - OpenGrok cross reference for /netbsd-src/etc/daily

61f28255Scgd#!/bin/sh -
61f28255Scgd#
*ebc67df8Skre#	$NetBSD: daily,v 1.93 2018/09/23 23:16:34 kre Exp $
d351214aSmikel#	@(#)daily	8.2 (Berkeley) 1/25/94
61f28255Scgd#
016b324aSmrg
bd8157b7Smycroftexport PATH=/bin:/usr/bin:/sbin:/usr/sbin
016b324aSmrgumask 077
016b324aSmrg
d1f7e40eSlukemif [ -s /etc/daily.conf ]; then
d1f7e40eSlukem	. /etc/daily.conf
d1f7e40eSlukemfi
1410cf30Sagcif [ -s /etc/pkgpath.conf ]; then
1410cf30Sagc	. /etc/pkgpath.conf
1410cf30Sagcfi
d1f7e40eSlukem
4f848eeeSchristoshost="$(hostname)"
4f848eeeSchristosdate="$(date)"
3c8a1444Sjmmvrcvar_manpage='daily.conf(5)'
d1f7e40eSlukem
dc76b0b0Sprlw1pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin}
dc76b0b0Sprlw1pkg_info=${pkg_info:-/usr/sbin/pkg_info}
dc76b0b0Sprlw1
d1f7e40eSlukemecho "To: ${MAILTO:-root}"
d1f7e40eSlukemecho "Subject: $host daily output for $date"
d1f7e40eSlukemecho ""
d1f7e40eSlukem
8f59ce8eSlukemif [ -f /etc/rc.subr ]; then
8f59ce8eSlukem	. /etc/rc.subr
8f59ce8eSlukemelse
8f59ce8eSlukem	echo "Can't read /etc/rc.subr; aborting."
8f59ce8eSlukem	exit 1;
8f59ce8eSlukemfi
8f59ce8eSlukem
*ebc67df8Skreif [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then
ce3196e8Sphil	MAILTO=root
ce3196e8Sphilfi
ce3196e8Sphil
53cb2117Sjmmvif [ -n "${pkgdb_dir}" ]; then
53cb2117Sjmmv	echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
53cb2117Sjmmv	echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
53cb2117Sjmmv	_compat_K_flag="-K ${pkgdb_dir}"
53cb2117Sjmmvfi
53cb2117Sjmmv
f067035dSlukemecho ""
4f848eeeSchristosecho "Uptime: $(uptime)"
f067035dSlukem
0780a6b0Sabs# Uncommenting any of the finds below would open up a race condition attack
0780a6b0Sabs# based on symlinks, potentially allowing removal of any file on the system.
0780a6b0Sabs#
4371fb29Sjtc#echo ""
4371fb29Sjtc#echo "Removing scratch and junk files:"
*ebc67df8Skre#if [ -d /tmp ] && ! [ -h /tmp ]; then
4371fb29Sjtc#	cd /tmp && {
4371fb29Sjtc#	find . -type f -atime +3 -exec rm -f -- {} \;
4371fb29Sjtc#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
4371fb29Sjtc#	    >/dev/null 2>&1; }
4371fb29Sjtc#fi
61f28255Scgd
*ebc67df8Skre#if [ -d /var/tmp ] && ! [ -h /var/tmp ]; then
4371fb29Sjtc#	cd /var/tmp && {
4371fb29Sjtc#	find . ! -name . -atime +7 -exec rm -f -- {} \;
eea58e84Saymeric#	find . ! \( -name . -o -name vi.recover \) -type d \
eea58e84Saymeric#		-mtime +1 -exec rmdir -- {} \; \
4371fb29Sjtc#	    >/dev/null 2>&1; }
4371fb29Sjtc#fi
8671b6cbScgd
e471d816Spk# Additional junk directory cleanup would go like this:
*ebc67df8Skre#if [ -d /scratch ] && ! [ -h /scratch ]; then
e471d816Spk#	cd /scratch && {
e471d816Spk#	find . ! -name . -atime +1 -exec rm -f -- {} \;
e471d816Spk#	find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
e471d816Spk#	    >/dev/null 2>&1; }
e471d816Spk#fi
8671b6cbScgd
*ebc67df8Skre#if [ -d /var/rwho ] && ! [ -h /var/rwho ] ; then
4371fb29Sjtc#	cd /var/rwho && {
4371fb29Sjtc#	find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
4371fb29Sjtc#fi
8671b6cbScgd
d405da7fSmarttiDAILYDIR=$(mktemp -d -t _daily) || exit 1
016b324aSmrg
684e89f3Slukemtrap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
016b324aSmrg
684e89f3Slukemif ! cd "$DAILYDIR"; then
684e89f3Slukem	echo "Can not cd to $DAILYDIR".
016b324aSmrg	exit 1
016b324aSmrgfi
016b324aSmrg
8671b6cbScgdTMP=daily.$$
016b324aSmrgTMP2=daily2.$$
016b324aSmrg
8f59ce8eSlukemif checkyesno find_core; then
7da8bb10Serh	# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
4f848eeeSchristos	ignfstypes="$(echo $find_core_ignore_fstypes | \
7da8bb10Serh		sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
4f848eeeSchristos		    -e's/^-o //')"
e763a079Schristos	# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
e763a079Schristos	# Set ignpaths empty if no find_core_ignore_paths given
e763a079Schristos	if [ -n "$find_core_ignore_paths" ]; then
e763a079Schristos		ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
e763a079Schristos		ignpaths="( ${ignpaths# -o } ) -prune -o"
e763a079Schristos	else
e763a079Schristos		ignpaths=""
e763a079Schristos	fi
7da8bb10Serh	find / \( $ignfstypes \) -prune -o \
e763a079Schristos		${ignpaths} \
3ce3a9a2Satatat		-name 'lost+found' -prune -o \
3ce3a9a2Satatat		\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
4371fb29Sjtc#		\( -name '[#,]*' -o -name '.#*' -o -name a.out \
4371fb29Sjtc#		   -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
4371fb29Sjtc#			-a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
8671b6cbScgd
a93021e9Snathanw	egrep '\.core$|^core$' $TMP > $TMP2
016b324aSmrg	if [ -s $TMP2 ]; then
8671b6cbScgd		echo ""
8671b6cbScgd		echo "Possible core dumps:"
016b324aSmrg		cat $TMP2
016b324aSmrg	fi
8671b6cbScgd
016b324aSmrg#	egrep -v '\.core' $TMP > $TMP2
016b324aSmrg#	if [ -s $TMP2 ]; then
016b324aSmrg#		echo ""
016b324aSmrg#		echo "Deleted files:"
016b324aSmrg#		cat $TMP2
016b324aSmrg#	fi
8671b6cbScgd
016b324aSmrg	rm -f $TMP $TMP2
016b324aSmrgfi
9bc01e96Scgd
8f59ce8eSlukemif checkyesno run_msgs; then
8671b6cbScgd	msgs -c
016b324aSmrgfi
7bdc3a61Scgd
8f59ce8eSlukemif checkyesno expire_news && [ -f /etc/news.expire ]; then
61f28255Scgd	/etc/news.expire
61f28255Scgdfi
61f28255Scgd
8f59ce8eSlukemif checkyesno purge_accounting && [ -f /var/account/acct ]; then
d351214aSmikel	echo ""
d351214aSmikel	echo "Purging accounting records:"
9be30af8Smrg	if [ -f /var/account/acct.0.gz ]; then
9be30af8Smrg		mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
9be30af8Smrg		mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
9be30af8Smrg		mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
9be30af8Smrg	else
6297d767Slukem		mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
6297d767Slukem		mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
6297d767Slukem		mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
9be30af8Smrg	fi
d351214aSmikel	cp /var/account/acct /var/account/acct.0
d351214aSmikel	sa -sq
9be30af8Smrg	if [ -f /var/account/acct.1.gz ]; then
9be30af8Smrg		gzip /var/account/acct.0
9be30af8Smrg	fi
b09f56e8Scgdfi
61f28255Scgd
8f59ce8eSlukemif checkyesno run_calendar; then
74f5f0daSjhawk	calendar -a > $TMP 2>&1
016b324aSmrg	if [ -s $TMP ]; then
61f28255Scgd		echo ""
61f28255Scgd		echo "Running calendar:"
016b324aSmrg		cat $TMP
016b324aSmrg	fi
016b324aSmrg	rm -f $TMP
016b324aSmrgfi
61f28255Scgd
8f59ce8eSlukemif checkyesno check_disks; then
16a3b1f9Sperry	if checkyesno show_remote_fs; then
b2595274Sperry		df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
16a3b1f9Sperry	else
b2595274Sperry		df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
16a3b1f9Sperry	fi
eda014eaSperry	if [ -s /etc/dumpdates ] ; then
0d724a7bSperry		dump -W > $TMP2
eda014eaSperry	fi
*ebc67df8Skre	if [ -s $TMP ] || [ -s $TMP2 ]; then
61f28255Scgd		echo ""
61f28255Scgd		echo "Checking subsystem status:"
61f28255Scgd		echo ""
61f28255Scgd		echo "disks:"
016b324aSmrg		if [ -s $TMP ]; then
15e3f0ccSperry			cat $TMP | sed 's/Mounted on/Mount/'
61f28255Scgd			echo ""
016b324aSmrg		fi
016b324aSmrg		if [ -s $TMP2 ]; then
016b324aSmrg			cat $TMP2
61f28255Scgd			echo ""
016b324aSmrg		fi
61f28255Scgd		echo ""
016b324aSmrg	fi
016b324aSmrg	rm -f $TMP $TMP2
42b4a643Sbouyer	touch $TMP2
4f848eeeSchristos	for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
42b4a643Sbouyer		raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
42b4a643Sbouyer		if [ -s $TMP ]; then
42b4a643Sbouyer			echo "$dev:" >> $TMP2
42b4a643Sbouyer			cat $TMP >> $TMP2
42b4a643Sbouyer		fi
42b4a643Sbouyer		rm -f $TMP
42b4a643Sbouyer	done
42b4a643Sbouyer	if [ -s $TMP2 ]; then
42b4a643Sbouyer		echo "failed RAIDframe component(s):"
42b4a643Sbouyer			cat $TMP2
42b4a643Sbouyer	fi
42b4a643Sbouyer	rm -f $TMP2
42b4a643Sbouyerfi
016b324aSmrg
8f59ce8eSlukemif checkyesno check_mailq; then
016b324aSmrg	mailq > $TMP
0770a23fSlukem	if ! grep -q "queue is empty$" $TMP; then
016b324aSmrg		echo ""
016b324aSmrg		echo "mail:"
016b324aSmrg		cat $TMP
016b324aSmrg	fi
016b324aSmrgfi
016b324aSmrg
016b324aSmrgrm -f $TMP
016b324aSmrg
8f59ce8eSlukemif checkyesno check_network; then
61f28255Scgd	echo ""
61f28255Scgd	echo "network:"
43a0fc6fSperry	if checkyesno full_netstat; then
2ece7fc4Sitojun		netstat -inv
43a0fc6fSperry	else
5a942efbSmartin		netstat -inv | awk 'BEGIN {
43a0fc6fSperry			ifs[""] = 0;
43a0fc6fSperry		}
43a0fc6fSperry		/^[^\*]* / {
43a0fc6fSperry			if (NR == 1) {
94172cbcSjdolecek				printf("%-8s %12s %6s %12s %6s %6s\n",
43a0fc6fSperry				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
43a0fc6fSperry				next;
43a0fc6fSperry			}
43a0fc6fSperry			if (!($1 in ifs)) {
94172cbcSjdolecek				printf("%-8s %12s %6s %12s %6s %6s\n",
43a0fc6fSperry				  $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
43a0fc6fSperry				ifs[$1] = 1;
43a0fc6fSperry			}
43a0fc6fSperry		}'
43a0fc6fSperry	fi
61f28255Scgd	echo ""
016b324aSmrg	t=/var/rwho/*
016b324aSmrg	if [ "$t" != '/var/rwho/*' ]; then
61f28255Scgd		ruptime
016b324aSmrg	fi
016b324aSmrgfi
61f28255Scgd
8f59ce8eSlukemif checkyesno run_fsck; then
61f28255Scgd	echo ""
61f28255Scgd	echo "Checking file systems:"
db3a1845Sbouyer	fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
016b324aSmrgfi
61f28255Scgd
8f59ce8eSlukemif checkyesno run_rdist && [ -f /etc/Distfile ]; then
778f4384Schristos	echo ""
61f28255Scgd	echo "Running rdist:"
ef538c31Smikel	if [ -d /var/log/rdist ]; then
4f848eeeSchristos		logf="$(date +%Y.%b.%d)"
ef538c31Smikel		rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
ef538c31Smikel	else
61f28255Scgd		rdist -f /etc/Distfile
61f28255Scgd	fi
ef538c31Smikelfi
61f28255Scgd
1410cf30Sagcif ${pkg_info} ${_compat_K_flag} -q -E '*'; then
774aa666Schristos	if [ -z "$fetch_pkg_vulnerabilities" ]; then
da43ca12Schristos		echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
da43ca12Schristos		echo "You should set it to YES to enable vulnerability checks"
da43ca12Schristos		echo "or set it to NO to get rid of this warning."
778f4384Schristos	elif checkyesno fetch_pkg_vulnerabilities; then
3351729aSchristos		echo ""
3351729aSchristos		echo "Fetching package vulnerabilities database:"
1410cf30Sagc		( umask 022 && ${pkg_admin} ${_compat_K_flag} \
778f4384Schristos		    fetch-pkg-vulnerabilities -u )
497b5f80Sjmmv	fi
497b5f80Sjmmvfi
497b5f80Sjmmv
8f59ce8eSlukemif checkyesno run_security; then
684e89f3Slukem	SECOUT="$DAILYDIR/sec"
47224db0Sgrant	sh /etc/security > "$SECOUT" 2>&1
684e89f3Slukem	if [ ! -s "$SECOUT" ]; then
3b390ffbSjhawk		if checkyesno send_empty_security; then
684e89f3Slukem			echo "Nothing to report on $date" > "$SECOUT"
3b390ffbSjhawk		else
3b390ffbSjhawk			echo ""
da4f7330Satatat			echo "Suppressing empty security report."
d1f7e40eSlukem		fi
3b390ffbSjhawk	fi
3b390ffbSjhawk	if [ -s "$SECOUT" ]; then
5bc4a2e2Sdarcy		if checkyesno separate_security_email; then
5bc4a2e2Sdarcy			mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
5bc4a2e2Sdarcy		else
5bc4a2e2Sdarcy		    echo ""
5bc4a2e2Sdarcy		    echo "$host daily insecurity output for $date:"
5bc4a2e2Sdarcy		    cat $SECOUT
5bc4a2e2Sdarcy		fi
3b390ffbSjhawk	fi
016b324aSmrgfi
016b324aSmrg
389581c1Shubertfif checkyesno run_skeyaudit; then
eda014eaSperry	if [ -s /etc/skeykeys ]; then
389581c1Shubertf		echo ""
389581c1Shubertf		echo "Checking remaining s/key OTPs:"
389581c1Shubertf		skeyaudit
389581c1Shubertf	fi
eda014eaSperryfi
389581c1Shubertf
410d0f43Sjoergif checkyesno run_makemandb; then
*ebc67df8Skre	if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then
410d0f43Sjoerg		echo ""
410d0f43Sjoerg		echo "Updating man page index:"
c9ea1856Swiz		(umask 022; nice -n 5 /usr/sbin/makemandb -Q)
410d0f43Sjoerg	fi
410d0f43Sjoergfi
410d0f43Sjoerg
645ee407Sadif [ -f /etc/daily.local ]; then
bfc08843Shubertf	( . /etc/daily.local ) > $TMP 2>&1
ed816845Skim	if [ -s $TMP ] ; then
ed816845Skim		printf "\nRunning /etc/daily.local:\n"
ed816845Skim		cat $TMP
ed816845Skim	fi
ed816845Skim	rm -f $TMP
645ee407Sadfi