1997-08-12 17:48:49 +00:00
|
|
|
#!/bin/sh -
|
|
|
|
|
#
|
1999-08-28 01:35:59 +00:00
|
|
|
# $FreeBSD$
|
1997-08-12 17:48:49 +00:00
|
|
|
#
|
|
|
|
|
# Run nightly periodic scripts
|
|
|
|
|
#
|
Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.
etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}
usr.sbin/periodic/periodic.sh
Update usage string
usr.sbin/periodic/periodic.8
Minor man page updates
One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.
Reviewed by: brd
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6477
2016-05-21 02:14:11 +00:00
|
|
|
# usage: periodic { daily | weekly | monthly | security } - run standard scripts
|
1997-08-12 17:48:49 +00:00
|
|
|
# periodic /absolute/path/to/directory - run periodic scripts in dir
|
|
|
|
|
#
|
|
|
|
|
|
1997-08-13 06:02:18 +00:00
|
|
|
usage () {
|
1997-08-12 17:48:49 +00:00
|
|
|
echo "usage: $0 <directory of files to execute>" 1>&2
|
Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.
etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}
usr.sbin/periodic/periodic.sh
Update usage string
usr.sbin/periodic/periodic.8
Minor man page updates
One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.
Reviewed by: brd
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6477
2016-05-21 02:14:11 +00:00
|
|
|
echo "or $0 { daily | weekly | monthly | security }" 1>&2
|
1997-08-12 17:48:49 +00:00
|
|
|
exit 1
|
1997-08-13 06:02:18 +00:00
|
|
|
}
|
|
|
|
|
|
2012-02-12 23:18:05 +00:00
|
|
|
output_pipe()
|
|
|
|
|
{
|
|
|
|
|
# Where's our output going ?
|
|
|
|
|
eval output=\$${1##*/}_output
|
|
|
|
|
case "$output" in
|
|
|
|
|
/*) pipe="cat >>$output";;
|
|
|
|
|
"") pipe=cat;;
|
2013-09-03 13:40:24 +00:00
|
|
|
*) pipe="mail -E -s '$host ${2}${2:+ }${1##*/} run output' $output";;
|
2012-02-12 23:18:05 +00:00
|
|
|
esac
|
|
|
|
|
eval $pipe
|
|
|
|
|
}
|
|
|
|
|
|
1997-08-13 06:02:18 +00:00
|
|
|
if [ $# -lt 1 ] ; then
|
|
|
|
|
usage
|
|
|
|
|
fi
|
|
|
|
|
|
2017-06-20 06:20:09 +00:00
|
|
|
# If possible, check the global system configuration file,
|
1999-02-14 20:06:02 +00:00
|
|
|
# to see if there are additional dirs to check
|
2000-06-23 01:18:31 +00:00
|
|
|
if [ -r /etc/defaults/periodic.conf ]; then
|
|
|
|
|
. /etc/defaults/periodic.conf
|
|
|
|
|
source_periodic_confs
|
1997-08-12 17:48:49 +00:00
|
|
|
fi
|
|
|
|
|
|
1999-01-01 17:37:33 +00:00
|
|
|
host=`hostname`
|
2000-03-29 07:05:29 +00:00
|
|
|
export host
|
2012-02-12 23:18:05 +00:00
|
|
|
|
|
|
|
|
# If we were called normally, then create a lock file for each argument
|
|
|
|
|
# in turn and reinvoke ourselves with the LOCKED argument. This prevents
|
|
|
|
|
# very long running jobs from being overlapped by another run as this is
|
2017-06-20 06:20:09 +00:00
|
|
|
# will lead the system running progressivly slower and more and more jobs
|
2012-02-12 23:18:05 +00:00
|
|
|
# are run at once.
|
|
|
|
|
if [ $1 != "LOCKED" ]; then
|
|
|
|
|
ret=0
|
|
|
|
|
for arg; do
|
|
|
|
|
lockfile=/var/run/periodic.${arg##*/}.lock
|
|
|
|
|
lockf -t 0 "${lockfile}" /bin/sh $0 LOCKED "$arg"
|
|
|
|
|
case $? in
|
|
|
|
|
0) ;;
|
|
|
|
|
73) #EX_CANTCREATE
|
2013-09-03 13:40:24 +00:00
|
|
|
echo "can't create ${lockfile}" | \
|
|
|
|
|
output_pipe $arg "$PERIODIC"
|
2012-02-12 23:18:05 +00:00
|
|
|
ret=1
|
|
|
|
|
;;
|
|
|
|
|
75) #EX_TEMPFAIL
|
|
|
|
|
echo "$host ${arg##*/} prior run still in progress" | \
|
2013-09-03 13:40:24 +00:00
|
|
|
output_pipe $arg "$PERIODIC"
|
2012-02-12 23:18:05 +00:00
|
|
|
ret=1
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
ret=1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
exit $ret
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ $# -ne 2 ]; then
|
|
|
|
|
usage
|
|
|
|
|
fi
|
|
|
|
|
shift
|
|
|
|
|
arg=$1
|
|
|
|
|
|
2017-04-01 04:42:35 +00:00
|
|
|
if [ -z "$PERIODIC_ANTICONGESTION_FILE" ] ; then
|
|
|
|
|
export PERIODIC_ANTICONGESTION_FILE=`mktemp ${TMPDIR:-/tmp}/periodic.anticongestion.XXXXXXXXXX`
|
|
|
|
|
fi
|
|
|
|
|
if tty > /dev/null 2>&1; then
|
|
|
|
|
export PERIODIC_IS_INTERACTIVE=1
|
|
|
|
|
fi
|
2000-11-02 06:33:57 +00:00
|
|
|
tmp_output=`mktemp ${TMPDIR:-/tmp}/periodic.XXXXXXXXXX`
|
2013-09-03 13:40:24 +00:00
|
|
|
context="$PERIODIC"
|
2013-08-25 08:56:09 +00:00
|
|
|
export PERIODIC="$arg${PERIODIC:+ }${PERIODIC}"
|
1997-08-12 17:48:49 +00:00
|
|
|
|
1997-08-13 06:02:18 +00:00
|
|
|
# Execute each executable file in the directory list. If the x bit is not
|
1997-08-12 17:48:49 +00:00
|
|
|
# set, assume the user didn't really want us to muck with it (it's a
|
|
|
|
|
# README file or has been disabled).
|
|
|
|
|
|
2012-02-12 23:18:05 +00:00
|
|
|
success=YES info=YES badconfig=NO empty_output=YES # Defaults when ${run}_* aren't YES/NO
|
|
|
|
|
for var in success info badconfig empty_output; do
|
|
|
|
|
case $(eval echo "\$${arg##*/}_show_$var") in
|
|
|
|
|
[Yy][Ee][Ss]) eval $var=YES;;
|
|
|
|
|
[Nn][Oo]) eval $var=NO;;
|
2000-09-14 17:19:15 +00:00
|
|
|
esac
|
2012-02-12 23:18:05 +00:00
|
|
|
done
|
2000-09-14 17:19:15 +00:00
|
|
|
|
2012-02-12 23:18:05 +00:00
|
|
|
case $arg in
|
|
|
|
|
/*) if [ -d "$arg" ]; then
|
|
|
|
|
dirlist="$arg"
|
|
|
|
|
else
|
2017-06-20 06:20:09 +00:00
|
|
|
echo "$0: $arg not found" >&2
|
2017-11-20 23:51:51 +00:00
|
|
|
exit 1
|
2012-02-12 23:18:05 +00:00
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
*) dirlist=
|
|
|
|
|
for top in /etc/periodic ${local_periodic}; do
|
|
|
|
|
[ -d $top/$arg ] && dirlist="$dirlist $top/$arg"
|
1997-08-13 06:02:18 +00:00
|
|
|
done
|
2012-02-12 23:18:05 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
2000-09-14 17:19:15 +00:00
|
|
|
|
2012-02-12 23:18:05 +00:00
|
|
|
{
|
|
|
|
|
empty=TRUE
|
|
|
|
|
processed=0
|
|
|
|
|
for dir in $dirlist; do
|
|
|
|
|
for file in $dir/*; do
|
|
|
|
|
if [ -x $file -a ! -d $file ]; then
|
|
|
|
|
output=TRUE
|
|
|
|
|
processed=$(($processed + 1))
|
|
|
|
|
$file </dev/null >$tmp_output 2>&1
|
|
|
|
|
rc=$?
|
|
|
|
|
if [ -s $tmp_output ]; then
|
|
|
|
|
case $rc in
|
|
|
|
|
0) [ $success = NO ] && output=FALSE;;
|
|
|
|
|
1) [ $info = NO ] && output=FALSE;;
|
|
|
|
|
2) [ $badconfig = NO ] && output=FALSE;;
|
|
|
|
|
esac
|
|
|
|
|
[ $output = TRUE ] && { cat $tmp_output; empty=FALSE; }
|
2000-09-16 21:59:34 +00:00
|
|
|
fi
|
2012-02-12 23:18:05 +00:00
|
|
|
cp /dev/null $tmp_output
|
|
|
|
|
fi
|
2000-09-16 21:59:34 +00:00
|
|
|
done
|
2012-02-12 23:18:05 +00:00
|
|
|
done
|
|
|
|
|
if [ $empty = TRUE ]; then
|
|
|
|
|
if [ $empty_output = TRUE ]; then
|
2007-06-22 10:04:05 +00:00
|
|
|
[ $processed = 1 ] && plural= || plural=s
|
|
|
|
|
echo "No output from the $processed file$plural processed"
|
2000-09-16 21:59:34 +00:00
|
|
|
fi
|
2012-02-12 23:18:05 +00:00
|
|
|
else
|
|
|
|
|
echo ""
|
|
|
|
|
echo "-- End of $arg output --"
|
|
|
|
|
fi
|
2013-09-03 13:40:24 +00:00
|
|
|
} | output_pipe $arg "$context"
|
2012-02-12 23:18:05 +00:00
|
|
|
|
2000-11-26 03:37:34 +00:00
|
|
|
rm -f $tmp_output
|
2017-04-01 04:42:35 +00:00
|
|
|
rm -f $PERIODIC_ANTICONGESTION_FILE
|
