freebsd-skq/etc/defaults/periodic.conf
brooks 479b7f4288 Add an (off by default) check for negative permissions (where the
group on a object has less permissions that everyone).  These
permissions will not work reliably over NFS if you have more than
14 supplemental groups and are usually not what you mean.

MFC after:	1 week
2010-11-13 00:40:43 +00:00

281 lines
8.6 KiB
Bash

#!/bin/sh
#
# This is defaults/periodic.conf - a file full of useful variables that
# you can set to change the default behaviour of periodic jobs on your
# system. You should not edit this file! Put any overrides into one of the
# $periodic_conf_files instead and you will be able to update these defaults
# later without spamming your local configuration information.
#
# The $periodic_conf_files files should only contain values which override
# values set in this file. This eases the upgrade path when defaults
# are changed and new features are added.
#
# For a more detailed explanation of all the periodic.conf variables, please
# refer to the periodic.conf(5) manual page.
#
# $FreeBSD$
#
# What files override these defaults ?
periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
# periodic script dirs
local_periodic="/usr/local/etc/periodic"
# Daily options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $daily_output might be set to /var/log/daily.log if you
# wish to log the daily output and have the files rotated by newsyslog(8)
#
daily_output="root" # user or /file
daily_show_success="YES" # scripts returning 0
daily_show_info="YES" # scripts returning 1
daily_show_badconfig="NO" # scripts returning 2
# 100.clean-disks
daily_clean_disks_enable="NO" # Delete files daily
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
daily_clean_disks_days=3 # If older than this
daily_clean_disks_verbose="YES" # Mention files deleted
# 110.clean-tmps
daily_clean_tmps_enable="NO" # Delete stuff daily
daily_clean_tmps_dirs="/tmp" # Delete under here
daily_clean_tmps_days="3" # If not accessed for
daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
# Don't delete these
daily_clean_tmps_verbose="YES" # Mention files deleted
# 120.clean-preserve
daily_clean_preserve_enable="YES" # Delete files daily
daily_clean_preserve_days=7 # If not modified for
daily_clean_preserve_verbose="YES" # Mention files deleted
# 130.clean-msgs
daily_clean_msgs_enable="YES" # Delete msgs daily
daily_clean_msgs_days= # If not modified for
# 140.clean-rwho
daily_clean_rwho_enable="YES" # Delete rwho daily
daily_clean_rwho_days=7 # If not modified for
daily_clean_rwho_verbose="YES" # Mention files deleted
# 150.clean-hoststat
daily_clean_hoststat_enable="YES" # Purge sendmail host
# status cache daily
# 200.backup-passwd
daily_backup_passwd_enable="YES" # Backup passwd & group
# 210.backup-aliases
daily_backup_aliases_enable="YES" # Backup mail aliases
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
# 310.accounting
daily_accounting_enable="YES" # Rotate acct files
daily_accounting_compress="NO" # Gzip rotated files
daily_accounting_flags=-q # Flags to /usr/sbin/sa
daily_accounting_save=3 # How many files to save
# 330.news
daily_news_expire_enable="YES" # Run news.expire
# 400.status-disks
daily_status_disks_enable="YES" # Check disk status
daily_status_disks_df_flags="-l -h" # df(1) flags for check
# 404.status-zfs
daily_status_zfs_enable="NO" # Check ZFS
# 405.status-ata_raid
daily_status_ata_raid_enable="NO" # Check ATA raid status
# 406.status-gmirror
daily_status_gmirror_enable="NO" # Check gmirror(8)
# 407.status-graid3
daily_status_graid3_enable="NO" # Check graid3(8)
# 408.status-gstripe
daily_status_gstripe_enable="NO" # Check gstripe(8)
# 409.status-gconcat
daily_status_gconcat_enable="NO" # Check gconcat(8)
# 420.status-network
daily_status_network_enable="YES" # Check network status
daily_status_network_usedns="YES" # DNS lookups are ok
# 430.status-rwho
daily_status_rwho_enable="YES" # Check system status
# 440.status-mailq
daily_status_mailq_enable="YES" # Check mail status
daily_status_mailq_shorten="NO" # Shorten output
daily_status_include_submit_mailq="YES" # Also submit queue
# 450.status-security
daily_status_security_enable="YES" # Security check
# See "Security options" below for more options
# 460.status-mail-rejects
daily_status_mail_rejects_enable="YES" # Check mail rejects
daily_status_mail_rejects_logs=3 # How many logs to check
daily_status_mail_rejects_shorten="NO" # Shorten output
# 470.status-named
daily_status_named_enable="YES"
daily_status_named_usedns="YES" # DNS lookups are ok
# 480.status-ntpd
daily_status_ntpd_enable="NO" # Check NTP status
# 490.status-pkg-changes
daily_status_pkg_changes_enable="NO" # Show package changes
# 500.queuerun
daily_queuerun_enable="YES" # Run mail queue
daily_submit_queuerun="YES" # Also submit queue
# 999.local
daily_local="/etc/daily.local" # Local scripts
# Security options
# These options are used by the security periodic(8) scripts spawned in
# 450.status-security above.
daily_status_security_inline="NO" # Run inline ?
daily_status_security_output="root" # user or /file
daily_status_security_noamd="NO" # Don't check amd mounts
daily_status_security_logdir="/var/log" # Directory for logs
daily_status_security_diff_flags="-b -u" # flags for diff output
# 100.chksetuid
daily_status_security_chksetuid_enable="YES"
# 110.neggrpperm
daily_status_security_neggrpperm_enable="NO"
# 200.chkmounts
daily_status_security_chkmounts_enable="YES"
#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching
# FS types
# 300.chkuid0
daily_status_security_chkuid0_enable="YES"
# 400.passwdless
daily_status_security_passwdless_enable="YES"
# 410.logincheck
daily_status_security_logincheck_enable="YES"
# 460.chkportsum
daily_status_security_chkportsum_enable="NO" # Check ports w/ wrong checksum
# 500.ipfwdenied
daily_status_security_ipfwdenied_enable="YES"
# 510.ipfdenied
daily_status_security_ipfdenied_enable="YES"
# 520.pfdenied
daily_status_security_pfdenied_enable="YES"
# 550.ipfwlimit
daily_status_security_ipfwlimit_enable="YES"
# 610.ipf6denied
daily_status_security_ipf6denied_enable="YES"
# 700.kernelmsg
daily_status_security_kernelmsg_enable="YES"
# 800.loginfail
daily_status_security_loginfail_enable="YES"
# 900.tcpwrap
daily_status_security_tcpwrap_enable="YES"
# Weekly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $weekly_output might be set to /var/log/weekly.log if you
# wish to log the weekly output and have the files rotated by newsyslog(8)
#
weekly_output="root" # user or /file
weekly_show_success="YES" # scripts returning 0
weekly_show_info="YES" # scripts returning 1
weekly_show_badconfig="NO" # scripts returning 2
# 310.locate
weekly_locate_enable="YES" # Update locate weekly
# 320.whatis
weekly_whatis_enable="YES" # Update whatis weekly
# 330.catman
weekly_catman_enable="NO" # Preformat man pages
# 340.noid
weekly_noid_enable="NO" # Find unowned files
weekly_noid_dirs="/" # Look here
# 400.status-pkg
weekly_status_pkg_enable="NO" # Find out-of-date pkgs
pkg_version=pkg_version # Use this program
pkg_version_index=/usr/ports/INDEX-9 # Use this index file
# 999.local
weekly_local="/etc/weekly.local" # Local scripts
# Monthly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $monthly_output might be set to /var/log/monthly.log if you
# wish to log the monthly output and have the files rotated by newsyslog(8)
#
monthly_output="root" # user or /file
monthly_show_success="YES" # scripts returning 0
monthly_show_info="YES" # scripts returning 1
monthly_show_badconfig="NO" # scripts returning 2
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
# 999.local
monthly_local="/etc/monthly.local" # Local scripts
# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
# scripts to source defaults/periodic.conf overrides safely.
if [ -z "${source_periodic_confs_defined}" ]; then
source_periodic_confs_defined=yes
source_periodic_confs () {
local i sourced_files
for i in ${periodic_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
[ -r $i ] && . $i
;;
esac
done
}
fi