Commit Graph

59 Commits

Author SHA1 Message Date
Alan Somers
86571b9c01 Consolidate random sleeps in periodic scripts
Multiple periodic scripts sleep for a random amount of time in order to
mitigate the thundering herd problem. This is bad, because the sum of
multiple uniformly distributed random variables approaches a normal
distribution, so the problem isn't mitigated as effectively as it would be
with a single sleep.

This change creates a single configurable anticongestion sleep. periodic
will only sleep if at least one script requires it, and it will never sleep
more than once per invocation. It also won't sleep if periodic was run
interactively, fixing an unrelated longstanding bug.

PR:		217055
PR:		210188
Reviewed by:	cy
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10211
2017-04-01 04:42:35 +00:00
Alan Somers
c5b5b50ded Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.

etc/defaults/periodic.conf
	Explicitly set defaults for security_show_{success,info,badconfig}

usr.sbin/periodic/periodic.sh
	Update usage string

usr.sbin/periodic/periodic.8
	Minor man page updates

One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.

Reviewed by:	brd
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6477
2016-05-21 02:14:11 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Baptiste Daroussin
01c2b8ac0d use .Mt to mark up email addresses consistently (part2)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:57:27 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Jeremie Le Hen
94582faa19 Include the calling context in the mail subject, if any.
More concretely, periodic security scripts defaults to being
called from daily ones -- daily context -- so the mail subject
will now be "${HOST} daily security run output" instead of
"{HOST} security run output".

If you switch the period of some security checks to weekly, you
will receive another email "${HOST} weekly security run output".
2013-09-03 13:40:24 +00:00
Jeremie Le Hen
195cf868e2 Export a PERIODIC environment variable from periodic(8). This will
allow periodic security scripts to know if they have been called in
a daily or a weekly context.
2013-08-25 08:56:09 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Brooks Davis
df01f319c7 Prevent periodic scripts that run longer than the expected period from
starting up before the previous script finishes.  This prevents an
infinite number of them from piling up and slowing a system down.

Since all the refactoring to make this happen required churning the
indenting of most of this file, make the indentation more consistent.

Reviewed by:	simon
MFC after:	1 week
2012-02-12 23:18:05 +00:00
Ulrich Spörlein
aa12cea2cc mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
Gabor Kovesdan
7c34436e66 - The weekly periodic runs occur on Saturday mornings, not on Sunday mornings
PR:		docs/113975
Submitted by:	Marian Cerny <jojo@matfyz.cz>
Reviewed by:	keramida
Approved by:	re (bmah)
2007-09-07 21:54:45 +00:00
Xin LI
9a0e6be26a Stop mentioning /usr/X11R6.
Approved by:	re (hrs)
2007-07-24 06:41:07 +00:00
David Malone
68c35072f9 Add an option to make periodic(8) quiet when no output was generated.
The man page part of the patch is my fault, the changes to the
periodic script is Dominik's.

PR:		88486
Submitted by:	Dominik Brettnacher <domi@saargate.de>
Reviewed by:	brian
Approved by:	re
MFC after:	1 month
2007-06-22 10:04:05 +00:00
Ruslan Ermilov
59a3c79da6 Sort sections. 2005-01-18 20:02:45 +00:00
Ruslan Ermilov
a866e17077 Added the EXIT STATUS section where appropriate. 2005-01-17 07:44:44 +00:00
Philippe Charnier
490d5836b5 The .Nm utility 2002-07-14 14:47:15 +00:00
Brian Somers
cb36028eff Mention the ``end of output'' for each periodic script.
Submitted by:	David Wolfskill <david@catwhisker.org>
PR:		37036
MFC after:	1 week
2002-05-14 01:15:35 +00:00
Ruslan Ermilov
c9d99fb534 mdoc(7) police: fix markup in revision 1.25. 2001-12-08 16:15:44 +00:00
Crist J. Clark
2204f3ce42 Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by:	ru
Approved by:	ru
2001-12-07 23:57:39 +00:00
Crist J. Clark
a4771d5fb3 Add a BUGS section noting that the basename of a directory containing
periodic(8) scripts must be useable as a sh(1) variable.

MFC after:	2 days
2001-11-28 21:43:53 +00:00
Ruslan Ermilov
5849041b6f mdoc(7) police: Fix markup. 2001-11-20 12:38:18 +00:00
Ruslan Ermilov
6575e6daae mdoc(7) police: expand plain text xrefs. 2001-08-08 11:48:28 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Ruslan Ermilov
a4c37c816b mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 15:12:08 +00:00
Ruslan Ermilov
eb0838029f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
Dima Dorfman
5e75e35cca Grammar police: "its", not "it's", is the possessive form of "it". 2001-04-15 19:53:47 +00:00
Ruslan Ermilov
b9ad8c8635 beforeinstall -> SCRIPTS. 2001-04-07 11:21:35 +00:00
Ruslan Ermilov
345e52e742 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
Ruslan Ermilov
9884911506 mdoc(7) police: fixed broken references. 2001-01-16 11:52:00 +00:00
Ruslan Ermilov
ed40311694 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
Ruslan Ermilov
7a2650d625 mdoc(7) police: use canonical form of .Dd macro. 2000-12-11 15:57:16 +00:00
Kris Kennaway
a3125484c9 Properly fix the temporary file creation in the case of multiple
command-line arguments.

Noticed by:	dynamo <dynamo@ime.net>
2000-11-26 03:37:34 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Kris Kennaway
5542f1c473 Don't use a trivially predictable temporary filename and keep recreating
it again and again, practically begging the Bad Man to insert his symlink
underneath it and send us down the path to oblivion.

Noticed by:	David Lary <dlary@secureworks.net>
2000-11-02 06:33:57 +00:00
Brian Somers
e4b13c6df1 Fix a typo
Spotted by: Manfred Antar <null@pozo.com>
2000-09-20 19:59:44 +00:00
Brian Somers
df470af5f8 Put temporary output in ${TMPDIR:-/tmp}
If $<basedir>_output is not set, don't redirect output

PR:	21395
2000-09-19 22:15:00 +00:00
Brian Somers
8a7f44a640 Don't clobber $? before using it.
Submitted by:	James Barkley <jbarkley@wgate.com>
2000-09-19 21:46:54 +00:00
Brian Somers
15ef3dc005 Fix situations where none of the scripts executed produce output,
so that we don't see any more ``null message body, hope that's
ok'' messages.

We now see something like ``No output from the 3 files processed''.

Lump all output for a given periodic argument together so that
people with /usr/local/etc/periodic/daily (for example) will
get the output of those jobs together with the normal daily run
rather than getting a second email.

Prompted by: ben
2000-09-16 21:59:34 +00:00
Brian Somers
9ed55d1192 Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8).  Output may be masked based on variable values in
periodic.conf.

It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.

The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).

PR:	21250
2000-09-14 17:19:15 +00:00
Brian Somers
f3e285ba7d Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf.
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.

Not objected to by: freebsd-arch
2000-06-23 01:18:31 +00:00
Neil Blakey-Milner
b61bde0916 Update periodic to use the function source_rc_confs that
/etc/defaults/rc.conf now exports.
2000-04-27 17:11:03 +00:00
Chris Piazza
2bed2aa31f export host after setting it.
This is needed so passwd diffs show the hostname instead of
" passwd diffs:"

PR:		17651
Submitted by:	Giorgos Keramidas <keramida@ceid.upatras.gr>
2000-03-29 07:05:29 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Guy Helmer
f8c6d853b0 local_cron -> local_periodic
PR:		docs/11253
1999-04-23 18:26:55 +00:00
Jordan K. Hubbard
f10c8b1a7b Look in correct rc.conf file.
Submitted by:	Kevin Street <street@iname.com
1999-02-14 20:06:02 +00:00
Bill Fumerola
54724311ee Make periodic(8) and the security mailings reflect the full FQDN, as opposed
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.

PR:		bin/9091
Submitted By:	Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list
1999-01-01 17:37:33 +00:00
Tim Vanderhoek
9300774d7e Directories aren't executable.
Submitted by:	Dennis Glatting <dennis.glatting@software-munitions.com>
		(misc/9147)
1998-12-29 22:48:54 +00:00