freebsd-skq/etc/defaults/periodic.conf
mlaier 7e3eabcfe7 Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

The output will look like this (line wrapped):

  pf denied packets:
  > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
    Bytes: 0 States: 0 ]
  > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
    States: 0 ]

Submitted by:	clive (thanks a lot!)
MFC after:	2 weeks
2004-11-24 18:41:53 +00:00

256 lines
7.9 KiB
Bash

#!/bin/sh
#
# This is defaults/periodic.conf - a file full of useful variables that
# you can set to change the default behaviour of periodic jobs on your
# system. You should not edit this file! Put any overrides into one of the
# $periodic_conf_files instead and you will be able to update these defaults
# later without spamming your local configuration information.
#
# The $periodic_conf_files files should only contain values which override
# values set in this file. This eases the upgrade path when defaults
# are changed and new features are added.
#
# $FreeBSD$
#
# What files override these defaults ?
periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
# periodic script dirs
local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
# Daily options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $daily_output might be set to /var/log/daily.log if you
# wish to log the daily output and have the files rotated by newsyslog(8)
#
daily_output="root" # user or /file
daily_show_success="YES" # scripts returning 0
daily_show_info="YES" # scripts returning 1
daily_show_badconfig="NO" # scripts returning 2
# 100.clean-disks
daily_clean_disks_enable="NO" # Delete files daily
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
daily_clean_disks_days=3 # If older than this
daily_clean_disks_verbose="YES" # Mention files deleted
# 110.clean-tmps
daily_clean_tmps_enable="NO" # Delete stuff daily
daily_clean_tmps_dirs="/tmp" # Delete under here
daily_clean_tmps_days="3" # If not accessed for
daily_clean_tmps_ignore=".X*-lock quota.user quota.group" # Don't delete these
daily_clean_tmps_verbose="YES" # Mention files deleted
# 120.clean-preserve
daily_clean_preserve_enable="YES" # Delete files daily
daily_clean_preserve_days=7 # If not modified for
daily_clean_preserve_verbose="YES" # Mention files deleted
# 130.clean-msgs
daily_clean_msgs_enable="YES" # Delete msgs daily
daily_clean_msgs_days= # If not modified for
# 140.clean-rwho
daily_clean_rwho_enable="YES" # Delete rwho daily
daily_clean_rwho_days=7 # If not modified for
daily_clean_rwho_verbose="YES" # Mention files deleted
# 150.clean-hoststat
daily_clean_hoststat_enable="YES" # Purge sendmail host
# status cache daily
# 200.backup-passwd
daily_backup_passwd_enable="YES" # Backup passwd & group
# 210.backup-aliases
daily_backup_aliases_enable="YES" # Backup mail aliases
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
# 310.accounting
daily_accounting_enable="YES" # Rotate acct files
daily_accounting_compress="NO" # Gzip rotated files
daily_accounting_flags=-q # Flags to /usr/sbin/sa
daily_accounting_save=3 # How many files to save
# 330.news
daily_news_expire_enable="YES" # Run news.expire
# 400.status-disks
daily_status_disks_enable="YES" # Check disk status
daily_status_disks_df_flags="-k -t nonfs" # df(1) flags for check
# 405.status-ata_raid
daily_status_ata_raid_enable="NO" # Check ATA raid status
# 420.status-network
daily_status_network_enable="YES" # Check network status
daily_status_network_usedns="YES" # DNS lookups are ok
# 430.status-rwho
daily_status_rwho_enable="YES" # Check system status
# 440.status-mailq
daily_status_mailq_enable="YES" # Check mail status
daily_status_mailq_shorten="NO" # Shorten output
daily_status_include_submit_mailq="YES" # Also submit queue
# 450.status-security
daily_status_security_enable="YES" # Security check
# See "Security options" below for more options
# 460.status-mail-rejects
daily_status_mail_rejects_enable="YES" # Check mail rejects
daily_status_mail_rejects_logs=3 # How many logs to check
# 470.status-named
daily_status_named_enable="YES"
daily_status_named_usedns="YES" # DNS lookups are ok
# 500.queuerun
daily_queuerun_enable="YES" # Run mail queue
daily_submit_queuerun="YES" # Also submit queue
# 999.local
daily_local="/etc/daily.local" # Local scripts
# Security options
# These options are used by the security periodic(8) scripts spawned in
# 450.status-security above.
daily_status_security_inline="NO" # Run inline ?
daily_status_security_output="root" # user or /file
daily_status_security_noamd="NO" # Don't check amd mounts
daily_status_security_logdir="/var/log" # Directory for logs
daily_status_security_diff_flags="-b -u" # flags for diff output
# 100.chksetuid
daily_status_security_chksetuid_enable="YES"
# 200.chkmounts
daily_status_security_chkmounts_enable="YES"
#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching
# FS types
# 300.chkuid0
daily_status_security_chkuid0_enable="YES"
# 400.passwdless
daily_status_security_passwdless_enable="YES"
# 500.ipfwdenied
daily_status_security_ipfwdenied_enable="YES"
# 510.ipfdenied
daily_status_security_ipfdenied_enable="YES"
# 520.pfdenied
daily_status_security_pfdenied_enable="YES"
# 550.ipfwlimit
daily_status_security_ipfwlimit_enable="YES"
# 600.ip6fwdenied
daily_status_security_ip6fwdenied_enable="YES"
# 610.ipf6denied
daily_status_security_ipf6denied_enable="YES"
# 650.ip6fwlimit
daily_status_security_ip6fwlimit_enable="YES"
# 700.kernelmsg
daily_status_security_kernelmsg_enable="YES"
# 800.loginfail
daily_status_security_loginfail_enable="YES"
# 900.tcpwrap
daily_status_security_tcpwrap_enable="YES"
# Weekly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $weekly_output might be set to /var/log/weekly.log if you
# wish to log the weekly output and have the files rotated by newsyslog(8)
#
weekly_output="root" # user or /file
weekly_show_success="YES" # scripts returning 0
weekly_show_info="YES" # scripts returning 1
weekly_show_badconfig="NO" # scripts returning 2
# 120.clean-kvmdb
weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly
weekly_clean_kvmdb_days=7 # If not accessed for
weekly_clean_kvmdb_verbose="YES" # Mention files deleted
# 310.locate
weekly_locate_enable="YES" # Update locate weekly
# 320.whatis
weekly_whatis_enable="YES" # Update whatis weekly
# 330.catman
weekly_catman_enable="NO" # Preformat man pages
# 340.noid
weekly_noid_enable="NO" # Find unowned files
weekly_noid_dirs="/" # Look here
# 400.status-pkg
weekly_status_pkg_enable="NO" # Find out-of-date pkgs
pkg_version=pkg_version # Use this program
pkg_version_index=/usr/ports/INDEX-5 # Use this index file
# 999.local
weekly_local="/etc/weekly.local" # Local scripts
# Monthly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $monthly_output might be set to /var/log/monthly.log if you
# wish to log the monthly output and have the files rotated by newsyslog(8)
#
monthly_output="root" # user or /file
monthly_show_success="YES" # scripts returning 0
monthly_show_info="YES" # scripts returning 1
monthly_show_badconfig="NO" # scripts returning 2
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
# 999.local
monthly_local="/etc/monthly.local" # Local scripts
# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
# scripts to source defaults/periodic.conf overrides safely.
if [ -z "${source_periodic_confs_defined}" ]; then
source_periodic_confs_defined=yes
source_periodic_confs () {
local i sourced_files
for i in ${periodic_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
[ -r $i ] && . $i
;;
esac
done
}
fi