forced to 3 so that the output of this script is always displayed.
In fact, setting this flag is identical to setting
daily_status_security_output to an empty string. To make the logic
less confusing, change the behavior of daily_status_security_inline
such that it just forces daily_status_security_output to an empty
string and then applies the normal logic.
PR: conf/178611
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
MFC after: 3 days
only 1 old file to be saved, so fix this. Problem raised in the PR,
but actually required a different solution.
While I'm here, fix a very old off-by-one error causing 1 more file
than specified in daily_accounting_save to be saved because acct.0
was not taken into account (pun intended). Change that, and use a more
thorough method of finding old files to delete. Partly just because this
is the right thing to do, but also to silently fix the extra log that
would have been left behind forever with the previous method.
PR: conf/160848
Submitted by: Andrey Zonov <andrey@zonov.org>
to avoid causing errors in the shell script.
Submitted by: William Grzybowski <william88@gmail.com>
Approved by: kib (mentor)
MFC after: 7 days
Sponsored by: iXsystems
2. Add the -H flag to tar in case /var/db/pkg itself is a symlink
3. Direct stderr to /dev/null to suppress the leading slash warning [1]
PR: ports/156810 [1]
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com> [1]
tell that there is a separate email or that the output is logged to a file.
This commit changes the return code for the non-inline case to tell that
this message is not important enough and can be masked if necessary. The
messages from the security checks themself are not affected by this and
show up as before in the periodic security email/file.
The inline case still requests to not mask the output, as with the current
way of handling this there is no easy way to handle this.
PR: 138692
Analysis/patch atch by: Chris Cowart <ccowart@timesinks.net>
X-MFC after: on request
The final product contains work from the originator, and
Florent Thoumie <florent.thoumie@gmail.com>. The final
product contains considerable re-working by me, so all
responsibility for bugs rests under my pointy hat.
PR: ports/145957
Submitted by: Eitan Adler <EitanAdlerList@gmail.com>
The old version had a race between the time that the old file was
cp'ed to acct.0 and the time that 'sa -s' was run that prevented
the commands that occurred in the meantime from being backed up.
It's also arguable that the old version was inefficient in using
cp which can be a problem on a space-constrained system.
This version avoids both problems, albeit it's considerably more
complicated. The advantage of putting the log rotation in the rc.d
script is that it can handle the _enable and _file questions without
having to do gymnastics to discover either value in the periodic script.
As a side effect of reviewing the rc.d script I cleaned it up a bit.
zpool the output causes the script to bail out with syntax errors.
Since a scrub of a faulted zpool is pointless, just skip over any pools
marked as such.
PR: conf/150228
Submitted by: jpaetzel
Approved by: kib (mentor)
MFC after: 3 days
MFC note: only for RELENG_8
changes to the package database, i.e. any packages that
have been added, updated or deleted in the past 24 hours.
The format is intentionally simple and concise.
That information is particularly useful on servers that
are maintained by multiple administrators. When someone
adds, updates or deletes a package, the others will see
it in the daily periodic output.
This script is disabled by default.
PR: conf/113913
Submitted by: olli
Approved by: des (mentor)
MFC after: 3 weeks
Features:
- configurable amount of days between scrubs (default value or per pool)
- do not scrub directly after pool creation (respects the configured
number of days between scrubs)
- do not scrub if a scrub is in progress
- tells how to see the status of the scrub
- tells how many days since the last scrub if it skips the scrubbing
- warns if a non-existent pool is specified explicitely
(default: no pools specified -> all currently imported pools are
handled)
- runs late in the periodic run to not slow down the other periodic daily
scripts
Discussed on: fs@
fstab: /etc/fstab:0: No such file or directory
and from dump(8) when setfsent(3) fails due to /etc/fstab not existing:
DUMP: Can't open /etc/fstab for dump table information: No such...
This makes daily and security periodic runs somewhat cleaner in jails
which lack /etc/fstab files.
MFC after: 1 month
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
PR: 122811
MFC after: 3 weeks
differently. The output now shows the ruleset and shortens to
slightly different text (using $daily_status_mail_rejects_shorten),
but it should be more descriptive.
PR: 35018
Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com
MFC after: 3 weeks
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd
Reviewed by: various (posted to arch)
MFC after: 1 month
the rejected mail reports to tally the rejects per blacklist without
providing details about individual sender hosts. The default configuration
keeps the reports in their original form.
MFC after: 1 week
Simplify the shell scripting a bit, and remove a useless grep | sed
The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.
PR: conf/74228
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
reject. For example:
Checking for rejected mail hosts:
48 getherbalnow.info (451... resolve)
46 absorb.com (451... resolve)
4 tgmart01.codns.com (553... exist)
3 kali.com.cn (451... resolve)
2 genie.com (451... resolve)
1 zv.qy (553... exist)
1 zd.hinet.hr (553... exist)
....
The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).
While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.
I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....
PR: 17377
Idea from: root at ns dot internet dot dk
MFC after: 7 days
