d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
249,634 Commits 4 Branches 49 Tags 2 GiB
18672e1082
Commit Graph

253 Commits

Author SHA1 Message Date
ache
ac09299ab9 Make it work with POSIX sort (POS arg). 
All old sorts understand -k too.
 2002-09-24 18:53:46 +00:00
cjc
1bdbc52de7 Only create a temporary file if we are actually going to do something 
in the script. Eliminates a bug where we create a temp file, but don't
delete it since the rm(1) is only done if the check is enabled.

PR:		bin/40960
Submitted by:	frf <frf@xocolatl.com>
MFC after:	3 days
 2002-08-25 04:09:17 +00:00
schweikh
859c765d64 o Test and change to the correct directory, /var/spool/.hoststat 
o Bring if/then style in sync with /etc/rc scripts

PR:		conf/41570
Submitted by:	Konstantin M Volevatch <cox@rosnet.ru>
MFC after:	1 week
 2002-08-12 11:09:01 +00:00
gshapiro
8cc0839b13 If all file systems are marked nosuid, the line: 
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`

sets ${MP} to an empty string so the next line:

	set ${MP}

actually just dumps all of the shells variables to stdout (and therefore
the security report).  Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.

Reviewed by:	brian
MFC after:	3 days
 2002-08-03 22:33:34 +00:00
ru
ed13465e59 Install scripts via FILES (purposedly not via SCRIPTS that would 
strip the suffixes).
 2002-07-18 12:33:01 +00:00
ru
cd7c90d38f s/${INSTALL} -c/${INSTALL} ${COPY}/ 2002-07-18 12:07:49 +00:00
brian
c4dd2bd45f Mention that we're checking kernel log messages, even if there's 
no output.

PR:		39618
MFC after:	1 week
 2002-06-28 10:32:18 +00:00
brian
58e4877cc4 Temporarily change our umask to 066 so that the potential creation 
of wtmp.0 is done as mode 600.

This ensures that tight permissions set in /etc/newsyslog.conf for
wtmp logging aren't ``betrayed''.

Suggested by:	lumpy <lumpy@the.whole.net>
MFC after:	3 days
 2002-05-17 14:05:08 +00:00
brian
e0be427440 Change `dmesg -a'' to `dmesg''. 
The change was introduced in src/etc/security 1.53 almost a year ago
in an attempt to see ipfw deny message logs.

However, ipfw deny/reject logs have been displayed since version 1.13
of the same file as a separate ``job'' and have since moved to
src/etc/periodic/security/500.ipfwdenied.

MFC after:	3 days
 2002-05-17 13:38:36 +00:00
brian
e0e62927af Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp} 
Problem reported by:	lumpy <lumpy@the.whole.net>
MFC after:		3 days
 2002-05-17 11:34:12 +00:00
brian
4068215add Return 3 unless $daily_status_security_enable != YES. 
Returning $? masks security output when ``periodic security'' is successful !

MFC after:	3 days
 2002-05-17 11:31:45 +00:00
brian
79d9fd6c13 Fix the output when daily_status_mailq_shorten is set to YES 
PR:			23766
Mostly submitted by:	lambert@ssabsd.csw.net
MFC after:		3 days
 2002-05-07 13:11:05 +00:00
cjc
560bc9d245 Remove leading whitespace from the setuid file lists. 
Due to the way we run ls(1), through xargs(1), the leading whitespace
can change even when the setuid files haven't. To avoid displaying
these lines, we currently run diff(1) with the '-w' option. However,
this is probably not the ideal way to go; there is a very, very small
possibility for diff(1) to miss things is shouldn't. So, with the
leading space cleaned, we can revert to the '-b' option which is
"safer."

PR:		conf/37618
Reviewed by:	brian
MFC after:	3 days
 2002-05-05 00:59:37 +00:00
brian
0e37ad70ef Handle .bz2 files created by newsyslog 
PR:			37529
Partially submitted by:	Peter Hollaubek <fifteen@inext.hu>
MFC after:		1 week
 2002-04-30 17:07:32 +00:00
gshapiro
cb7ff33241 Update mail queue related periodic scripts to account for sendmail 8.12's 
clientmqueue (submit mail queue).

The new mailq display is only active if both the old
daily_status_mailq_enable is set to "YES" and the new
daily_status_include_submit_mailq is set to "YES" so people who disabled
440.status-mailq won't have any surprises.

Likewise, the new queue run is only active if both the old
daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun
is set to "YES" so people who disabled 500.queuerun won't have any
surprises.

While I am here, remove the [ ! -d /var/spool/mqueue ] checks from
both scripts as the queue directory isn't always /var/spool/mqueue for
the main daemon -- it can be set to anything in the sendmail.cf file.

MFC after:	1 week
 2002-04-10 03:58:40 +00:00
rwatson
5ccd83be46 No need to explicitly check for both cases when using grep -i. 2002-03-12 21:44:33 +00:00
rwatson
dcb54d0614 Update login failure checking to check auth.log instead of messages, 
and teach it to look for more general classes of failures, including
SSH login failures.  This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
 2002-03-11 19:39:08 +00:00
cjc
be470ebd23 Environmental variable was not being passed to a subshell as intended. 
PR:		bin/35558
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
 2002-03-05 19:13:05 +00:00
brian
1e17be1181 Set rc=1 rather than 0 so that setting daily_show_success=YES masks 
the output of all goes well.

PR:		34825
Submitted by:	Valentin Nechayev <netch@netch.kiev.ua>
MFC after:	3 weeks
 2002-02-13 19:10:07 +00:00
cjc
1a95751be8 Fix a stray character that found its way into a filename. 2001-12-14 22:25:04 +00:00
ru
1255b8caf5 Work around the bugfeature of test(1). 
PR:		bin/32822
 2001-12-14 08:58:21 +00:00
cjc
ba1e7b8577 Long ago, there was just /etc/daily. Then /etc/security was split out 
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by:	ru
Approved by:	ru
 2001-12-07 23:57:39 +00:00
silby
d03f718884 Make sure the security check output includes a To: line in the 
same way the daily run output does.
 2001-11-28 04:07:03 +00:00
brian
f0503f1783 Handle wtmp.0 being compressed 
PR:		32113
Submitted by:	Yar Tikhiy <yar@comp.chem.msu.su>
MFC after:	1 week
 2001-11-20 15:01:24 +00:00
cjc
05f295d22b After further discussion on -CURRENT, some people (jhb) do not like 
the idea of not masking passwords on comments in case the
administrator comments out an entry without clearing the
password. Instead completely ignore comments (since they have no
security impact) when doing the diff of the old and new passwd file.

Suggested by:	rwatson
 2001-11-14 09:30:01 +00:00
cjc
bfc3513ef7 No need to hide stuff in the $FreeBSD$ tag or in other comments like, 
Backup passwd and group files:
  1c1
  < # $FreeBSD:(password):09:07 peter Exp $
  ---
  > # $FreeBSD:(password):27:16 ache Exp $

MFC after:	1 week
 2001-11-11 07:15:19 +00:00
kris
5b604460fa UUCP removal Phase III. 2001-10-01 06:27:44 +00:00
kris
ef052bd8a5 Run the uustat command as the uucp user, not as root. 2001-09-09 05:53:01 +00:00
brian
f3c04d92b8 Remove $daily_status_named_logs and figure out which /var/log/messages* 
files to look an (in the same way that /etc/security does).

Don't single-quote $start, reducing it to an empty string.

MFC after:	3 days
 2001-07-26 02:37:12 +00:00
brian
7fee5bd138 Don't try to remove directories unless we've emptied them first 
Submitted by:	NIIMI Satoshi <sa2c@and.or.jp>
PR:		28355
MFC after:	1 week
 2001-07-19 12:08:24 +00:00
tobez
b0177f628c Recognize and support new output which pkg_version(1) might produce. 
PR:             27707
Approved by:    bmah, markm
 2001-06-11 21:31:50 +00:00
dougb
05769a88e2 Small adjustment to whitespace in output 2001-06-01 16:40:57 +00:00
ru
e7a85be33f Remove vestiges of MFS. 2001-06-01 10:07:28 +00:00
dougb
01c607845d Truly limit the path to local filesystems. 2001-05-31 09:53:53 +00:00
brian
3322ac2963 Default daily_accounting_flags to -q. I thought this was a typo in the 
originally submitted patch (oops!).

Also check for an empty $daily_accounting_save.

Submitted by:	Udo Schweigert <Udo.Schweigert@cert.siemens.de>
 2001-05-30 20:23:43 +00:00
brian
4358d0941f Add $daily_accounting_save and $daily_accounting_flags 
Submitted by:	Udo Schweigert <Udo.Schweigert@cert.siemens.de>
MFC after:	2 weeks
 2001-05-30 16:46:53 +00:00
dirk
0da4be9c47 Add 470.status-named. 
Reminded by:	gshapiro
 2001-05-11 09:32:48 +00:00
joe
4d0c552ae1 Remind the user that they need to check CPAN manually for updates 
to perl5 modules installed by hand.
 2001-04-28 16:15:50 +00:00
ru
3cbad34d06 Fixed typo. 
PR:		bin/26836
Submitted by:	Matthew Seaman <matthew.seaman@tornadogroup.com>
 2001-04-25 12:11:54 +00:00
dirk
9af3a3e675 Check for denied zone transfers (AXFR and IXFR). 2001-04-21 22:36:30 +00:00
brian
92b5e926cb Identify obsolete ports 2001-03-25 11:35:22 +00:00
ru
3e8d7346e8 setlocale(3) has been fixed to match POSIX standard: 
LC_ALL takes precedence over other LC_* envariables.
 2001-03-02 16:52:14 +00:00
ache
e4a32d7040 Add 500.queuerun 2001-02-19 07:12:37 +00:00
peter
336d5fa6f8 Move the sendmail -q from cron to periodic, as suggested by a few people. 
This has the benefit of adding a random start time element as daily
processing takes a different amount of time on different machines.
 2001-02-19 02:47:42 +00:00
brian
9233b23065 Allow the output of /etc/security to be logged or mailed to different 
users in line with ${daily,weekly,monthly}_output using a new
$daily_status_security_output variable.

PR:	24643
 2001-01-30 10:24:18 +00:00
brian
5920344071 Cope with ports that have multiple versions *and* have embedded ``-''s 
in their name.
 2001-01-02 15:17:59 +00:00
brian
a11ea16dad Understand ``multiple versions'' lines emitted from pkg_version. 2001-01-02 13:28:47 +00:00
brian
d756562577 Handle multiple words in $daily_clean_disks_files 
PR:			23805
Submitted mostly by:	Norbert Papke <npapke@telus.net>
 2000-12-24 03:22:45 +00:00
dougb
b13f26d45b Finish the job of conditionalizing UUCP by preventing files in /etc/uucp 
from being installed, and make rmail conditional on neither of
NO_SENDMAIL and NOUUCP.

PR:		bin/21321
Submitted by:	Me
 2000-10-29 06:57:59 +00:00
brian
6e80549f22 Case is irrelevant when sorting mail redirects 
PR:		21600
Submitted by:	David Wolfskill <dhw@whistle.com>
 2000-10-02 21:54:38 +00:00
brian
72594a8f52 Remove a forgotten line 
Submitted by:	Philipp Mergenthaler <un1i@rz.uni-karlsruhe.de>
 2000-09-22 06:54:28 +00:00
brian
4484d23ba7 Another overhaul of the periodic stuff. 
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8).  Output may be masked based on variable values in
periodic.conf.

It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.

The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).

PR:	21250
 2000-09-14 17:19:15 +00:00
brian
32b4d974c8 Correct variable spelling 
PR: 20841
 2000-08-25 18:50:54 +00:00
gshapiro
2424c7393a Complete migration of aliases file to /etc/mail/aliases. 
The maintainers of share/examples/diskless/README.TEMPLATING and mergemaster
have been contacted so those may be updated as well.
 2000-08-13 18:38:58 +00:00
brian
20b74ed074 Correct dodgy wild card expansion 
PR:	20514
 2000-08-10 10:58:44 +00:00
sheldonh
b896bc0c05 Introduce a new option, daily_status_disks_df_flags, which specifies 
the command-line arguments to be used for the call to df(1) when
daily_status_disks_enable is set to YES.

The name of the new variable was chosen by the maintainer of our
periodic hierarchy, Brian Somers.

PR:		19631
 2000-07-05 10:47:01 +00:00
brian
d220ee616b Add $daily_status_mail_rejects_logs, defaulting to 3 to control 
how many /var/log/maillog* files to check

PR:	19587
 2000-06-30 09:41:16 +00:00
brian
97d1a2bb34 Correct two variable names 
Mostly submitted by:	howardjp@wam.umd.edu
PR:			19567
 2000-06-30 09:39:51 +00:00
joe
c328bb90a7 Added 400.status-pkg. 
Forgotten by:	brian
 2000-06-28 14:37:22 +00:00
brian
1400b2309b Add weekly_status_pkg_enable (defaults to NO) 2000-06-27 11:20:08 +00:00
brian
0ef3538e30 Allow compressed acct files 
PR:		19483
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
 2000-06-25 08:59:26 +00:00
brian
8d5a977e22 daily_status_network_enable -> daily_status_network_usedns 
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
 2000-06-23 12:33:16 +00:00
brian
567e3fdcca Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf. 
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.

Not objected to by: freebsd-arch
 2000-06-23 01:18:31 +00:00
brian
ceb9d96a6e Use $clear_daily_* from rc.conf to decide what should be deleted 
Reviewed by:	The silence of -committers
 2000-06-09 17:05:11 +00:00
brian
85c7b2d731 Clean /tmp and /var/tmp if $clear_tmp_enable is set to YES in rc.conf 
Clean /compat/linux/tmp if $linux_enable is also set to YES in rc.conf
 2000-06-08 08:48:15 +00:00
obrien
1731b249cc Revert to rev 1.3 since the sed'ing is wrong. Revisit this after 4.0-RELEASE. 2000-01-27 22:52:43 +00:00
obrien
fb20480840 Update the sed action to match the change to "diff -u". 
Otherwise the encrypted password of any account who's information changed
was shown in the daily email to root.

Submitted by:	jhb
 2000-01-20 03:12:57 +00:00
obrien
79ed6d89a6 Use the *much* more readable unified diff format. 1999-12-28 21:38:12 +00:00
ache
a2d665c87a Use manpath -L for man locales 1999-11-23 03:21:19 +00:00
ghelmer
15b0a898a0 "make install" did not install 150.clean-hoststat. 
PR:	bin/12497
 1999-11-04 03:00:33 +00:00
ache
876db407b1 localize it 
Submitted by: "Alexey Zelkin" <phantom@crimea.edu>
 1999-09-11 18:55:02 +00:00
peter
289c0d262f $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
sheldonh
3d09e3478e Update the locate database even if user nobody can't stat root's 
home directory.

PR:	10700
Submitted by:	Sergey Korsak <skif@1plus1.net>
 1999-06-21 18:36:18 +00:00
brian
6c60b3cb5f Don't delete quota files when clean-tmps is enabled. 1999-06-10 00:34:15 +00:00
wollman
c3ead1bc25 Remove remaining traces of the prototype... 1999-03-30 15:31:35 +00:00
wollman
4444bea042 Clean up persistent host status from sendmail(8) (if so configured). 
I had accumulated years' worth of junk files; now others won't
have to.
 1999-03-30 15:30:44 +00:00
joerg
efd64fb913 Finally remove the ancient `-exec rm -f {} ;' cruft that used to be 
used to cleanup old files, and replace it by -delete which has been
present in our find(1) for ages now.
 1999-03-21 12:34:06 +00:00
wollman
86eed8a334 Now that newsyslog is capable of doing this at a specific time, 
let it rotate /var/log/wtmp again, and update monthly/200.accounting to
take this into account.  (Some sites might want to change the parameters
of the rotation; it's easier to do this when it's all centralized in
newsyslog.conf.)
 1999-01-28 20:03:31 +00:00
billf
7368cdd0db UUCP Cleanup should be done by the UUCP user. 
PR:		bin/7749
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
 1999-01-01 21:07:39 +00:00
joerg
576997d4f6 Avoid the ``ruptime: no hosts in /var/rwho.'' message by not calling 
rwho iff /var/rwho is empty.  Call `uptime' instead.  This doesn't
belong under `network' right away, but at least reports the same
informaton about the local system.  rwhod is not turned on by default
(for good reason), and i've already seen too many of the above
messages...
 1998-10-06 09:46:46 +00:00
obrien
18dba2fe21 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:06 +00:00
bde
1f215376b1 Fixed double slashes in a pathname. 
Fixed some style bugs.  Ensure no creation of an obj directory so that
we don't need to chdir before installing.
 1998-05-31 11:38:25 +00:00
des
5c3662c36d Add a chkgrp run after backing up the passwd and group files. 
Suggested-by: Andreas Klemm
 1998-05-24 15:57:31 +00:00
des
5558637778 Changed /usr/sbin/mailq to /usr/bin/mailq 1998-04-17 22:53:59 +00:00
danny
0bab56da41 PR: 1708, 5448 
Reviewed by:	Alex Nash, Steve Price
Enhance wtmp monthly handling
 1998-02-09 11:36:43 +00:00
wosch
d0bf9a43f4 Count _all_ rejects, not made by check_mail and check_relay only. 
There can be private rules which produce rejects.
Pointed out by: áÎÄÒÅÊ þÅÒÎÏ×
 1998-02-09 11:28:59 +00:00
wosch
291ce3bfba Count hosts and sort by score. 1998-02-05 15:38:17 +00:00
wosch
0729b6bb89 Replace sed(1) with perl(1). The 4.4BSD sed programm is 
200 times slower than perl or SunOS 5.5.1 sed.
 1998-02-05 15:33:54 +00:00
brian
7af9f5342e Remove ``start='' used when testing :-( 1998-01-26 02:26:29 +00:00
brian
f5c8de67c0 Just list one of each domain that was rejected 
(although only by Scheck_relay or Scheck_mail).
Suggested by: ache
 1998-01-23 01:58:18 +00:00
wosch
3ef8b0b8d7 Add an example for busy mail servers, commented out. 1998-01-18 22:28:06 +00:00
ache
473242b8c3 Do not run by default. Can grow your root mailbox up to 2Mb per day 
since SPAMmers like to retry often
 1998-01-18 12:06:40 +00:00
steve
bf1b24637d Use manpath(1) to determine the value of ${MANPATH} instead of 
using one of two hard-coded values.

PR:		5365
Submitted by:	Ruslan Shevchenko <rssh@cam.grad.kiev.ua>
 1998-01-09 23:56:45 +00:00
bde
8cf5931511 Don't test for executability of /usr/sbin/sysctl [before execing 
plain sysctl].  We already assumed that many standard commands
exist, and sysctl is not special.
 1998-01-01 09:04:47 +00:00
brian
9475f7b51a Check for rejected mail 
Not commented on by: freebsd-hackers
 1997-11-22 04:02:51 +00:00
wosch
3c4c203704 Check for files belongs to an unknown user or unknown group. 
Do not run by default.
 1997-11-01 15:03:05 +00:00
wosch
883fab98f1 Delete unused code. 1997-11-01 15:00:40 +00:00
ache
ce64e4e169 Fix typo in my prev. commit 1997-09-11 15:21:30 +00:00
ache
a5d0d0dc36 Do not remove /var/tmp/vi.recover 1997-09-01 11:07:55 +00:00
pst
0b901e2d64 Remove 100.clean-src 1997-08-18 16:49:40 +00:00
pst
68eaf42a45 Cosmetic changes. 
Submitted by:	Philippe Charnier <charnier@xp11.frmug.org>
 1997-08-17 17:55:45 +00:00
pst
738fa2d3d2 This was disabled, but it doesn't even make sense to leave it in as 
an example, it's totally bogus.
 1997-08-17 17:54:41 +00:00
pst
1d67bc6abb Copy /etc/cron.d to /etc/periodic per-request of many. 
This wasn't done with a repository copy because there was no
history of any consequence.  Flames to me.
 1997-08-16 17:04:02 +00:00