1#!/bin/sh -
2#
3#         $NetBSD: daily,v 1.93 2018/09/23 23:16:34 kre Exp $
4#         @(#)daily 8.2 (Berkeley) 1/25/94
5#
6
7export PATH=/bin:/usr/bin:/sbin:/usr/sbin
8umask 077
9
10if [ -s /etc/daily.conf ]; then
11          . /etc/daily.conf
12fi
13if [ -s /etc/pkgpath.conf ]; then
14          . /etc/pkgpath.conf
15fi
16
17host="$(hostname)"
18date="$(date)"
19rcvar_manpage='daily.conf(5)'
20
21pkg_admin=${pkg_admin:-/usr/sbin/pkg_admin}
22pkg_info=${pkg_info:-/usr/sbin/pkg_info}
23
24echo "To: ${MAILTO:-root}"
25echo "Subject: $host daily output for $date"
26echo ""
27
28if [ -f /etc/rc.subr ]; then
29          . /etc/rc.subr
30else
31          echo "Can't read /etc/rc.subr; aborting."
32          exit 1;
33fi
34
35if [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then
36          MAILTO=root
37fi
38
39if [ -n "${pkgdb_dir}" ]; then
40          echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
41          echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
42          _compat_K_flag="-K ${pkgdb_dir}"
43fi
44
45echo ""
46echo "Uptime: $(uptime)"
47
48# Uncommenting any of the finds below would open up a race condition attack
49# based on symlinks, potentially allowing removal of any file on the system.
50#
51#echo ""
52#echo "Removing scratch and junk files:"
53#if [ -d /tmp ] && ! [ -h /tmp ]; then
54#         cd /tmp && {
55#         find . -type f -atime +3 -exec rm -f -- {} \;
56#         find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
57#             >/dev/null 2>&1; }
58#fi
59
60#if [ -d /var/tmp ] && ! [ -h /var/tmp ]; then
61#         cd /var/tmp && {
62#         find . ! -name . -atime +7 -exec rm -f -- {} \;
63#         find . ! \( -name . -o -name vi.recover \) -type d \
64#                   -mtime +1 -exec rmdir -- {} \; \
65#             >/dev/null 2>&1; }
66#fi
67
68# Additional junk directory cleanup would go like this:
69#if [ -d /scratch ] && ! [ -h /scratch ]; then
70#         cd /scratch && {
71#         find . ! -name . -atime +1 -exec rm -f -- {} \;
72#         find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
73#             >/dev/null 2>&1; }
74#fi
75
76#if [ -d /var/rwho ] && ! [ -h /var/rwho ] ; then
77#         cd /var/rwho && {
78#         find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
79#fi
80
81DAILYDIR=$(mktemp -d -t _daily) || exit 1
82
83trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
84
85if ! cd "$DAILYDIR"; then
86          echo "Can not cd to $DAILYDIR".
87          exit 1
88fi
89
90TMP=daily.$$
91TMP2=daily2.$$
92
93if checkyesno find_core; then
94          # Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
95          ignfstypes="$(echo $find_core_ignore_fstypes | \
96                    sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
97                        -e's/^-o //')"
98          # Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
99          # Set ignpaths empty if no find_core_ignore_paths given
100          if [ -n "$find_core_ignore_paths" ]; then
101                    ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
102                    ignpaths="( ${ignpaths# -o } ) -prune -o"
103          else
104                    ignpaths=""
105          fi
106          find / \( $ignfstypes \) -prune -o \
107                    ${ignpaths} \
108                    -name 'lost+found' -prune -o \
109                    \( -name '*.core' -o -name 'core' \) -type f -print > $TMP
110#                   \( -name '[#,]*' -o -name '.#*' -o -name a.out \
111#                      -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
112#                             -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
113
114          egrep '\.core$|^core$' $TMP > $TMP2
115          if [ -s $TMP2 ]; then
116                    echo ""
117                    echo "Possible core dumps:"
118                    cat $TMP2
119          fi
120
121#         egrep -v '\.core' $TMP > $TMP2
122#         if [ -s $TMP2 ]; then
123#                   echo ""
124#                   echo "Deleted files:"
125#                   cat $TMP2
126#         fi
127
128          rm -f $TMP $TMP2
129fi
130
131if checkyesno run_msgs; then
132          msgs -c
133fi
134
135if checkyesno expire_news && [ -f /etc/news.expire ]; then
136          /etc/news.expire
137fi
138
139if checkyesno purge_accounting && [ -f /var/account/acct ]; then
140          echo ""
141          echo "Purging accounting records:"
142          if [ -f /var/account/acct.0.gz ]; then
143                    mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
144                    mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
145                    mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
146          else
147                    mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
148                    mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
149                    mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
150          fi
151          cp /var/account/acct /var/account/acct.0
152          sa -sq
153          if [ -f /var/account/acct.1.gz ]; then
154                    gzip /var/account/acct.0
155          fi
156fi
157
158if checkyesno run_calendar; then
159          calendar -a > $TMP 2>&1
160          if [ -s $TMP ]; then
161                    echo ""
162                    echo "Running calendar:"
163                    cat $TMP
164          fi
165          rm -f $TMP
166fi
167
168if checkyesno check_disks; then
169          if checkyesno show_remote_fs; then
170                    df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
171          else
172                    df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
173          fi
174          if [ -s /etc/dumpdates ] ; then
175                    dump -W > $TMP2
176          fi
177          if [ -s $TMP ] || [ -s $TMP2 ]; then
178                    echo ""
179                    echo "Checking subsystem status:"
180                    echo ""
181                    echo "disks:"
182                    if [ -s $TMP ]; then
183                              cat $TMP | sed 's/Mounted on/Mount/'
184                              echo ""
185                    fi
186                    if [ -s $TMP2 ]; then
187                              cat $TMP2
188                              echo ""
189                    fi
190                    echo ""
191          fi
192          rm -f $TMP $TMP2
193          touch $TMP2
194          for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
195                    raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
196                    if [ -s $TMP ]; then
197                              echo "$dev:" >> $TMP2
198                              cat $TMP >> $TMP2
199                    fi
200                    rm -f $TMP
201          done
202          if [ -s $TMP2 ]; then
203                    echo "failed RAIDframe component(s):"
204                              cat $TMP2
205          fi
206          rm -f $TMP2
207fi
208
209if checkyesno check_mailq; then
210          mailq > $TMP
211          if ! grep -q "queue is empty$" $TMP; then
212                    echo ""
213                    echo "mail:"
214                    cat $TMP
215          fi
216fi
217
218rm -f $TMP
219
220if checkyesno check_network; then
221          echo ""
222          echo "network:"
223          if checkyesno full_netstat; then
224                    netstat -inv
225          else
226                    netstat -inv | awk 'BEGIN {
227                              ifs[""] = 0;
228                    }
229                    /^[^\*]* / {
230                              if (NR == 1) {
231                                        printf("%-8s %12s %6s %12s %6s %6s\n",
232                                          $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
233                                        next;
234                              }
235                              if (!($1 in ifs)) {
236                                        printf("%-8s %12s %6s %12s %6s %6s\n",
237                                          $1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
238                                        ifs[$1] = 1;
239                              }
240                    }'
241          fi
242          echo ""
243          t=/var/rwho/*
244          if [ "$t" != '/var/rwho/*' ]; then
245                    ruptime
246          fi
247fi
248
249if checkyesno run_fsck; then
250          echo ""
251          echo "Checking file systems:"
252          fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
253fi
254
255if checkyesno run_rdist && [ -f /etc/Distfile ]; then
256          echo ""
257          echo "Running rdist:"
258          if [ -d /var/log/rdist ]; then
259                    logf="$(date +%Y.%b.%d)"
260                    rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
261          else
262                    rdist -f /etc/Distfile
263          fi
264fi
265
266if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
267          if [ -z "$fetch_pkg_vulnerabilities" ]; then
268                    echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
269                    echo "You should set it to YES to enable vulnerability checks"
270                    echo "or set it to NO to get rid of this warning."
271          elif checkyesno fetch_pkg_vulnerabilities; then
272                    echo ""
273                    echo "Fetching package vulnerabilities database:"
274                    ( umask 022 && ${pkg_admin} ${_compat_K_flag} \
275                        fetch-pkg-vulnerabilities -u )
276          fi
277fi
278
279if checkyesno run_security; then
280          SECOUT="$DAILYDIR/sec"
281          sh /etc/security > "$SECOUT" 2>&1
282          if [ ! -s "$SECOUT" ]; then
283                    if checkyesno send_empty_security; then
284                              echo "Nothing to report on $date" > "$SECOUT"
285                    else
286                              echo ""
287                              echo "Suppressing empty security report."
288                    fi
289          fi
290          if [ -s "$SECOUT" ]; then
291                    if checkyesno separate_security_email; then
292                              mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
293                    else
294                        echo ""
295                        echo "$host daily insecurity output for $date:"
296                        cat $SECOUT
297                    fi
298          fi
299fi
300
301if checkyesno run_skeyaudit; then
302          if [ -s /etc/skeykeys ]; then
303                    echo ""
304                    echo "Checking remaining s/key OTPs:"
305                    skeyaudit
306          fi
307fi
308
309if checkyesno run_makemandb; then
310          if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then
311                    echo ""
312                    echo "Updating man page index:"
313                    (umask 022; nice -n 5 /usr/sbin/makemandb -Q)
314          fi
315fi
316
317if [ -f /etc/daily.local ]; then
318          ( . /etc/daily.local ) > $TMP 2>&1
319          if [ -s $TMP ] ; then
320                    printf "\nRunning /etc/daily.local:\n"
321                    cat $TMP
322          fi
323          rm -f $TMP
324fi
325