66754ab3f1
packet counts by pf(4). This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions. The output will look like this (line wrapped): pf denied packets: > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0 Bytes: 0 States: 0 ] > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578 States: 0 ] Submitted by: clive (thanks a lot!) MFC after: 2 weeks
256 lines
7.9 KiB
Bash
256 lines
7.9 KiB
Bash
#!/bin/sh
|
|
#
|
|
# This is defaults/periodic.conf - a file full of useful variables that
|
|
# you can set to change the default behaviour of periodic jobs on your
|
|
# system. You should not edit this file! Put any overrides into one of the
|
|
# $periodic_conf_files instead and you will be able to update these defaults
|
|
# later without spamming your local configuration information.
|
|
#
|
|
# The $periodic_conf_files files should only contain values which override
|
|
# values set in this file. This eases the upgrade path when defaults
|
|
# are changed and new features are added.
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# What files override these defaults ?
|
|
periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
|
|
|
|
# periodic script dirs
|
|
local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
|
|
|
|
|
|
# Daily options
|
|
|
|
# These options are used by periodic(8) itself to determine what to do
|
|
# with the output of the sub-programs that are run, and where to send
|
|
# that output. $daily_output might be set to /var/log/daily.log if you
|
|
# wish to log the daily output and have the files rotated by newsyslog(8)
|
|
#
|
|
daily_output="root" # user or /file
|
|
daily_show_success="YES" # scripts returning 0
|
|
daily_show_info="YES" # scripts returning 1
|
|
daily_show_badconfig="NO" # scripts returning 2
|
|
|
|
# 100.clean-disks
|
|
daily_clean_disks_enable="NO" # Delete files daily
|
|
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
|
|
daily_clean_disks_days=3 # If older than this
|
|
daily_clean_disks_verbose="YES" # Mention files deleted
|
|
|
|
# 110.clean-tmps
|
|
daily_clean_tmps_enable="NO" # Delete stuff daily
|
|
daily_clean_tmps_dirs="/tmp" # Delete under here
|
|
daily_clean_tmps_days="3" # If not accessed for
|
|
daily_clean_tmps_ignore=".X*-lock quota.user quota.group" # Don't delete these
|
|
daily_clean_tmps_verbose="YES" # Mention files deleted
|
|
|
|
# 120.clean-preserve
|
|
daily_clean_preserve_enable="YES" # Delete files daily
|
|
daily_clean_preserve_days=7 # If not modified for
|
|
daily_clean_preserve_verbose="YES" # Mention files deleted
|
|
|
|
# 130.clean-msgs
|
|
daily_clean_msgs_enable="YES" # Delete msgs daily
|
|
daily_clean_msgs_days= # If not modified for
|
|
|
|
# 140.clean-rwho
|
|
daily_clean_rwho_enable="YES" # Delete rwho daily
|
|
daily_clean_rwho_days=7 # If not modified for
|
|
daily_clean_rwho_verbose="YES" # Mention files deleted
|
|
|
|
# 150.clean-hoststat
|
|
daily_clean_hoststat_enable="YES" # Purge sendmail host
|
|
# status cache daily
|
|
|
|
# 200.backup-passwd
|
|
daily_backup_passwd_enable="YES" # Backup passwd & group
|
|
|
|
# 210.backup-aliases
|
|
daily_backup_aliases_enable="YES" # Backup mail aliases
|
|
|
|
# 300.calendar
|
|
daily_calendar_enable="NO" # Run calendar -a
|
|
|
|
# 310.accounting
|
|
daily_accounting_enable="YES" # Rotate acct files
|
|
daily_accounting_compress="NO" # Gzip rotated files
|
|
daily_accounting_flags=-q # Flags to /usr/sbin/sa
|
|
daily_accounting_save=3 # How many files to save
|
|
|
|
# 330.news
|
|
daily_news_expire_enable="YES" # Run news.expire
|
|
|
|
# 400.status-disks
|
|
daily_status_disks_enable="YES" # Check disk status
|
|
daily_status_disks_df_flags="-k -t nonfs" # df(1) flags for check
|
|
|
|
# 405.status-ata_raid
|
|
daily_status_ata_raid_enable="NO" # Check ATA raid status
|
|
|
|
# 420.status-network
|
|
daily_status_network_enable="YES" # Check network status
|
|
daily_status_network_usedns="YES" # DNS lookups are ok
|
|
|
|
# 430.status-rwho
|
|
daily_status_rwho_enable="YES" # Check system status
|
|
|
|
# 440.status-mailq
|
|
daily_status_mailq_enable="YES" # Check mail status
|
|
daily_status_mailq_shorten="NO" # Shorten output
|
|
daily_status_include_submit_mailq="YES" # Also submit queue
|
|
|
|
# 450.status-security
|
|
daily_status_security_enable="YES" # Security check
|
|
# See "Security options" below for more options
|
|
|
|
# 460.status-mail-rejects
|
|
daily_status_mail_rejects_enable="YES" # Check mail rejects
|
|
daily_status_mail_rejects_logs=3 # How many logs to check
|
|
|
|
# 470.status-named
|
|
daily_status_named_enable="YES"
|
|
daily_status_named_usedns="YES" # DNS lookups are ok
|
|
|
|
# 500.queuerun
|
|
daily_queuerun_enable="YES" # Run mail queue
|
|
daily_submit_queuerun="YES" # Also submit queue
|
|
|
|
# 999.local
|
|
daily_local="/etc/daily.local" # Local scripts
|
|
|
|
|
|
# Security options
|
|
|
|
# These options are used by the security periodic(8) scripts spawned in
|
|
# 450.status-security above.
|
|
daily_status_security_inline="NO" # Run inline ?
|
|
daily_status_security_output="root" # user or /file
|
|
daily_status_security_noamd="NO" # Don't check amd mounts
|
|
daily_status_security_logdir="/var/log" # Directory for logs
|
|
daily_status_security_diff_flags="-b -u" # flags for diff output
|
|
|
|
# 100.chksetuid
|
|
daily_status_security_chksetuid_enable="YES"
|
|
|
|
# 200.chkmounts
|
|
daily_status_security_chkmounts_enable="YES"
|
|
#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching
|
|
# FS types
|
|
|
|
# 300.chkuid0
|
|
daily_status_security_chkuid0_enable="YES"
|
|
|
|
# 400.passwdless
|
|
daily_status_security_passwdless_enable="YES"
|
|
|
|
# 500.ipfwdenied
|
|
daily_status_security_ipfwdenied_enable="YES"
|
|
|
|
# 510.ipfdenied
|
|
daily_status_security_ipfdenied_enable="YES"
|
|
|
|
# 520.pfdenied
|
|
daily_status_security_pfdenied_enable="YES"
|
|
|
|
# 550.ipfwlimit
|
|
daily_status_security_ipfwlimit_enable="YES"
|
|
|
|
# 600.ip6fwdenied
|
|
daily_status_security_ip6fwdenied_enable="YES"
|
|
|
|
# 610.ipf6denied
|
|
daily_status_security_ipf6denied_enable="YES"
|
|
|
|
# 650.ip6fwlimit
|
|
daily_status_security_ip6fwlimit_enable="YES"
|
|
|
|
# 700.kernelmsg
|
|
daily_status_security_kernelmsg_enable="YES"
|
|
|
|
# 800.loginfail
|
|
daily_status_security_loginfail_enable="YES"
|
|
|
|
# 900.tcpwrap
|
|
daily_status_security_tcpwrap_enable="YES"
|
|
|
|
|
|
# Weekly options
|
|
|
|
# These options are used by periodic(8) itself to determine what to do
|
|
# with the output of the sub-programs that are run, and where to send
|
|
# that output. $weekly_output might be set to /var/log/weekly.log if you
|
|
# wish to log the weekly output and have the files rotated by newsyslog(8)
|
|
#
|
|
weekly_output="root" # user or /file
|
|
weekly_show_success="YES" # scripts returning 0
|
|
weekly_show_info="YES" # scripts returning 1
|
|
weekly_show_badconfig="NO" # scripts returning 2
|
|
|
|
# 120.clean-kvmdb
|
|
weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly
|
|
weekly_clean_kvmdb_days=7 # If not accessed for
|
|
weekly_clean_kvmdb_verbose="YES" # Mention files deleted
|
|
|
|
# 310.locate
|
|
weekly_locate_enable="YES" # Update locate weekly
|
|
|
|
# 320.whatis
|
|
weekly_whatis_enable="YES" # Update whatis weekly
|
|
|
|
# 330.catman
|
|
weekly_catman_enable="NO" # Preformat man pages
|
|
|
|
# 340.noid
|
|
weekly_noid_enable="NO" # Find unowned files
|
|
weekly_noid_dirs="/" # Look here
|
|
|
|
# 400.status-pkg
|
|
weekly_status_pkg_enable="NO" # Find out-of-date pkgs
|
|
pkg_version=pkg_version # Use this program
|
|
pkg_version_index=/usr/ports/INDEX-5 # Use this index file
|
|
|
|
# 999.local
|
|
weekly_local="/etc/weekly.local" # Local scripts
|
|
|
|
|
|
# Monthly options
|
|
|
|
# These options are used by periodic(8) itself to determine what to do
|
|
# with the output of the sub-programs that are run, and where to send
|
|
# that output. $monthly_output might be set to /var/log/monthly.log if you
|
|
# wish to log the monthly output and have the files rotated by newsyslog(8)
|
|
#
|
|
monthly_output="root" # user or /file
|
|
monthly_show_success="YES" # scripts returning 0
|
|
monthly_show_info="YES" # scripts returning 1
|
|
monthly_show_badconfig="NO" # scripts returning 2
|
|
|
|
# 200.accounting
|
|
monthly_accounting_enable="YES" # Login accounting
|
|
|
|
# 999.local
|
|
monthly_local="/etc/monthly.local" # Local scripts
|
|
|
|
|
|
# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
|
|
# scripts to source defaults/periodic.conf overrides safely.
|
|
|
|
if [ -z "${source_periodic_confs_defined}" ]; then
|
|
source_periodic_confs_defined=yes
|
|
source_periodic_confs () {
|
|
local i sourced_files
|
|
|
|
for i in ${periodic_conf_files}; do
|
|
case ${sourced_files} in
|
|
*:$i:*)
|
|
;;
|
|
*)
|
|
sourced_files="${sourced_files}:$i:"
|
|
[ -r $i ] && . $i
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
fi
|