272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
272430 |
02-Oct-2014 |
bdrewery |
MFC r271321:
Don't cross mount boundaries when cleaning tmp files.
Approved by: re (gjb) Relnotes: yes
|
263661 |
23-Mar-2014 |
brueffer |
Further refine the auth fail regex to catch more auth failures and reduce false positives.
The committed patch was provided by Christian Marg.
PR: 91732 Submitted by: Daniel O'Connor <doconnor at gsoft.com.au> Skye Poier <spoier at gmail.com> Alan Amesbury <amesbury at umn.edu> Christian Marg <marg at rz.tu-clausthal.de>
|
258121 |
14-Nov-2013 |
glebius |
Merge r257694 from head:
Remove remnants of BIND from /etc, since there is no BIND in base now.
Sorry, that would break users running head and BIND from ports, since ports rely on these scripts. The ports will be fixed soon.
Approved by: re (kib)
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
255963 |
01-Oct-2013 |
des |
Odds and ends left over from BIND and unnoticed because they didn't affect 'make universe'.
Approved by: re (gjb)
|
254978 |
27-Aug-2013 |
jkim |
Fix a typo introduced in r254975.
|
254975 |
27-Aug-2013 |
jlh |
Install 450.status-security.
|
254974 |
27-Aug-2013 |
jlh |
Make the period of each periodic security script configurable.
There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values.
All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE.
"security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO".
Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable.
When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong.
Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier.
Reviewed by: hackers@
|
252205 |
25-Jun-2013 |
jhb |
If daily_status_security_inline is set, the rc value needs to be forced to 3 so that the output of this script is always displayed. In fact, setting this flag is identical to setting daily_status_security_output to an empty string. To make the logic less confusing, change the behavior of daily_status_security_inline such that it just forces daily_status_security_output to an empty string and then applies the normal logic.
PR: conf/178611 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> MFC after: 3 days
|
250533 |
12-May-2013 |
eadler |
Unconditionally install 210.backup-aliases as many MTAs other than sendmail support the use of /etc/aliases.
PR: conf/176098 Submitted by: ak MFC after: 2 weeks
|
249095 |
04-Apr-2013 |
mav |
Remove periodic script for ataraid(4) and add instead script for graid(8).
|
244484 |
20-Dec-2012 |
bapt |
make installation of the 220.backup-pkgdb periodic script depend on PKGTOOLS knob
|
241507 |
13-Oct-2012 |
ume |
Make a command for pkg_info changeable like pkg_version in /etc/periodic/weekly/400.status-pkg to be friendly with pkgng.
MFC after: 1 week
|
237337 |
20-Jun-2012 |
jhb |
Only output a list of file systems that need to be dumped if the system has a non-empty dumpdates file.
Reviewed by: brooks MFC after: 1 week
|
235132 |
07-May-2012 |
jhb |
Display dropped transmit packets in the daily network interface output.
PR: conf/165956 Submitted by: Jeremy Chadwick MFC after: 1 week
|
231171 |
08-Feb-2012 |
gjb |
Add an option to 404.status-zfs (enabled by default) to list all zfs pools on the system.
While here, document daily_status_zfs_enable in periodic.conf(5).
Discussed on: -fs [1] Reviewed by: netchild [1] Approved by: jhb MFC after: 1 week
[1] - http://lists.freebsd.org/pipermail/freebsd-fs/2011-June/011869.html
|
227482 |
13-Nov-2011 |
dougb |
The default setting, daily_accounting_compress="NO", was causing only 1 old file to be saved, so fix this. Problem raised in the PR, but actually required a different solution.
While I'm here, fix a very old off-by-one error causing 1 more file than specified in daily_accounting_save to be saved because acct.0 was not taken into account (pun intended). Change that, and use a more thorough method of finding old files to delete. Partly just because this is the right thing to do, but also to silently fix the extra log that would have been left behind forever with the previous method.
PR: conf/160848 Submitted by: Andrey Zonov <andrey@zonov.org>
|
226865 |
27-Oct-2011 |
delphij |
Increase default scrub threshold from 30 days to 5 weeks. Using whole weeks makes it easier to predicate when the scrub would happen.
MFC after: 1 week
|
226470 |
17-Oct-2011 |
se |
Fix error message in case the backup storage directory does not exist and cannot be created ($daily_backup_pkgdb_dbdir -> $daily_backup_pkgdb_dir). MFC after: 1 week
|
223209 |
17-Jun-2011 |
ed |
Add WITHOUT_UTMPX switch to the build system.
This knob removes the tools that are exclusively used to view and maintain the databases maintained by utmpx, namely last, users, who, wtmpcvt, ac, lastlogin and utxrm.
The tool w is not in this list, because it has some other functionality which is unrelated to utmpx; it is hardlinked to the uptime tool.
|
223201 |
17-Jun-2011 |
ed |
Don't omit ac(8) as part of WITHOUT_ACCT.
The WITHOUT_ACCT switch is supposed to omit tools related to process accounting, namely accton and sa. ac(8) is just a simple tool that prints statistics based on data in the utx.log database. It has nothing to do with the former.
|
223117 |
15-Jun-2011 |
jpaetzel |
Eliminate extraneous pipelines and tr calls.
Approved by: kib (mentor) MFC after: 3 days
|
223056 |
13-Jun-2011 |
jpaetzel |
Convert the allowed characters '-', '.', and ':' in a ZFS pool name to _ to avoid causing errors in the shell script.
Submitted by: William Grzybowski <william88@gmail.com> Approved by: kib (mentor) MFC after: 7 days Sponsored by: iXsystems
|
221475 |
05-May-2011 |
dougb |
1. If PKG_DBDIR cannot be determined from make, set the default 2. Add the -H flag to tar in case /var/db/pkg itself is a symlink 3. Direct stderr to /dev/null to suppress the leading slash warning [1]
PR: ports/156810 [1] Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com> [1]
|
221432 |
04-May-2011 |
netchild |
The security run requests unmaskable output, even if the only output is to tell that there is a separate email or that the output is logged to a file.
This commit changes the return code for the non-inline case to tell that this message is not important enough and can be masked if necessary. The messages from the security checks themself are not affected by this and show up as before in the periodic security email/file.
The inline case still requests to not mask the output, as with the current way of handling this there is no easy way to handle this.
PR: 138692 Analysis/patch atch by: Chris Cowart <ccowart@timesinks.net> X-MFC after: on request
|
221430 |
04-May-2011 |
netchild |
Use proper return codes (valuable output, invalid config, problems).
MFC after: 1 week
|
220049 |
27-Mar-2011 |
dougb |
Hook the 220.backup-pkgdb script I added to the build unconditionally
Hook up 610.ipf6denied based on MK_IPFILTER as 510.ipfdenied is now
Poked by: Andrzej Tobola <ato@iem.pw.edu.pl>
|
220048 |
27-Mar-2011 |
dougb |
Add svn:executable property on remaining period scripts without it
|
220020 |
26-Mar-2011 |
dougb |
Add a daily period script to back up /var/db/pkg
The final product contains work from the originator, and Florent Thoumie <florent.thoumie@gmail.com>. The final product contains considerable re-working by me, so all responsibility for bugs rests under my pointy hat.
PR: ports/145957 Submitted by: Eitan Adler <EitanAdlerList@gmail.com>
|
220017 |
26-Mar-2011 |
dougb |
Add the svn:executable property to the scripts that are missing it
|
218961 |
22-Feb-2011 |
dougb |
Update how accounting log files are rotated.
The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up.
It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system.
This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script.
As a side effect of reviewing the rc.d script I cleaned it up a bit.
|
217822 |
25-Jan-2011 |
jpaetzel |
Fix logic error introduced in previous commit. Along the way make some efficiency improvements.
Submitted by: jilles Approved by: kib (mentor) MFC after: 3 days
|
217755 |
23-Jan-2011 |
jpaetzel |
This script parses output of userland tools. In the case of a faulted zpool the output causes the script to bail out with syntax errors. Since a scrub of a faulted zpool is pointless, just skip over any pools marked as such.
PR: conf/150228 Submitted by: jpaetzel Approved by: kib (mentor) MFC after: 3 days MFC note: only for RELENG_8
|
215213 |
13-Nov-2010 |
brooks |
Add an (off by default) check for negative permissions (where the group on a object has less permissions that everyone). These permissions will not work reliably over NFS if you have more than 14 supplemental groups and are usually not what you mean.
MFC after: 1 week
|
215045 |
09-Nov-2010 |
delphij |
Hide 460.chkportsum in MK_PKGTOOLS != no case.
Submitted by: Alex Kozlov <spam rm-rf kiev ua> MFC after: 2 weeks
|
211800 |
25-Aug-2010 |
netchild |
- Change the threshold from 'running next scrub the <value+1>th day after the last one' to 'running next scrub the <value>th day after the last one'. - Improve wording.
Requested by: jhell <jhell@DataIX.net> MFC after: 1 week
|
211142 |
10-Aug-2010 |
olli |
Connect the new script 490.status-pkg-changes (see r210863) to the build, so it gets actually installed.
Approved by: des (mentor) MFC after: 17 days
|
211141 |
10-Aug-2010 |
gabor |
- Fixes to the chkportsum script to handle better some special cases, like spaces in filename
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> Approved by: delphij (mentor)
|
210863 |
05-Aug-2010 |
olli |
Add a daily script to the periodic framework that reports changes to the package database, i.e. any packages that have been added, updated or deleted in the past 24 hours. The format is intentionally simple and concise.
That information is particularly useful on servers that are maintained by multiple administrators. When someone adds, updates or deletes a package, the others will see it in the daily periodic output.
This script is disabled by default.
PR: conf/113913 Submitted by: olli Approved by: des (mentor) MFC after: 3 weeks
|
210254 |
19-Jul-2010 |
gabor |
- Add a periodic script, which can be used to find installed ports' files with mismatched checksum
PR: conf/124641 Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> Approved by: delphij (mentor)
|
209250 |
17-Jun-2010 |
netchild |
- add the zfs scrub script - move the zfs status script into the MK_ZFS conditional to respect WITHOUT_ZFS
Noticed by: Andrzej Tobola <ato@iem.pw.edu.pl>
|
209195 |
15-Jun-2010 |
netchild |
Add a periodic zfs scrub script.
Features: - configurable amount of days between scrubs (default value or per pool) - do not scrub directly after pool creation (respects the configured number of days between scrubs) - do not scrub if a scrub is in progress - tells how to see the status of the scrub - tells how many days since the last scrub if it skips the scrubbing - warns if a non-existent pool is specified explicitely (default: no pools specified -> all currently imported pools are handled) - runs late in the periodic run to not slow down the other periodic daily scripts
Discussed on: fs@
|
208320 |
20-May-2010 |
jkim |
Add a new build option, MAN_UTILS. This option lets you control building utilities and related support files for manual pages, which were previously controlled by MAN. For POLA, the default depends on MAN, i.e., WITHOUT_MAN implies WITHOUT_MAN_UTILS and WITH_MAN implies WITH_MAN_UTILS. This patch is slightly improved by me from:
PR: misc/145212
|
208060 |
14-May-2010 |
dougb |
Remove trailing white space. No functional changes.
|
202218 |
13-Jan-2010 |
ed |
Let rc and periodic infrastructure and newsyslog use the utmpx files.
|
197552 |
28-Sep-2009 |
cperciva |
Silence warning printed by getfsspec(3) when /etc/fstab does not exist fstab: /etc/fstab:0: No such file or directory and from dump(8) when setfsent(3) fails due to /etc/fstab not existing: DUMP: Can't open /etc/fstab for dump table information: No such...
This makes daily and security periodic runs somewhat cleaner in jails which lack /etc/fstab files.
MFC after: 1 month
|
193302 |
02-Jun-2009 |
brian |
Rather than using both -prune (which requires directory-first tree traversal) and -delete (which implies depth-first traversal), avoid using -delete in favour of -execdir.
This has a side-effect of not removing directories that contain files, even if we delete all of those files, but IMHO that's a better option than specifying all possible local filesystem types in this script.
PR: 122811 MFC after: 3 weeks
|
192970 |
28-May-2009 |
brian |
Update this script so that it handles different ruleset failures differently. The output now shows the ruleset and shortens to slightly different text (using $daily_status_mail_rejects_shorten), but it should be more descriptive.
PR: 35018 Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com MFC after: 3 weeks
|
187210 |
14-Jan-2009 |
ume |
Fix typo to install 400.status-pkg, again.
|
184265 |
25-Oct-2008 |
ed |
Sort `mount -p' output by name before checking for any differences.
I noticed on a system at home that restarting named(8) causes the /var/named/dev mount to be moved to the bottom of the mount list, because it gets remounted. When I received the daily security email this morning, I was quite amazed to see that the security report listed the differences, while it was nothing out of the ordinary.
If we just throw the `mount -p' output through sort(1), we'll only receive notifications about changes to mounts if something has really changed.
|
183242 |
21-Sep-2008 |
sam |
add new build knobs and jigger some existing controls to improve control over the result of buildworld and installworld; this especially helps packaging systems such as nanobsd
Reviewed by: various (posted to arch) MFC after: 1 month
|
181531 |
10-Aug-2008 |
antoine |
Improve periodic/security/550.ipfwlimit a bit: - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1] MFC after: 1 month
|
180111 |
30-Jun-2008 |
mtm |
Rev. 1.8 broke matching on lines where the failure mode is at the head of the message, such as: Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1
PR: conf/124569 Submitted by: Taku <taku@tekipaki.jp>
|
177606 |
25-Mar-2008 |
remko |
Add a missing ;.
PR: misc/122069 Submitted by: taku@tekipaki.jp MFC after: 3 days Approved by: imp (mentor, implicit trivial change).
|
175906 |
03-Feb-2008 |
des |
Eliminate xargs in favor of find -exec {} +
|
175890 |
02-Feb-2008 |
des |
Rewrite to consume significantly less memory, by using find -s instead of find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get.
Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might.
MFC after: 2 weeks
|
175153 |
08-Jan-2008 |
dds |
A new configuration variable, daily_status_mail_rejects_shorten, allows the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form.
MFC after: 1 week
|
173873 |
23-Nov-2007 |
ru |
Also check setuid executables on ZFS.
|
169556 |
14-May-2007 |
maxim |
o Install 480.status-ntpd.
Pointed out by: Henrik Brix Anders
|
169517 |
13-May-2007 |
maxim |
o Add a script to check ntpd(8) state. Default is off.
PR: conf/112604 Submitted by: Oliver Fromme MFC after: 1 month
|
168412 |
06-Apr-2007 |
pjd |
Add ZFS periodic scripts that monitors status of ZFS pools.
Submitted by: des
|
166928 |
23-Feb-2007 |
remko |
Only match on log messages containing fail,invalid, bad or illegal. This prevents matching on systems that have a name that matches the query.
PR: conf/107560 Submitted by: Christian Laursen <cfsl at pil dot dk> MFC after: 3 days Approved by: imp (mentor)
|
166912 |
23-Feb-2007 |
remko |
Move to the preferred syntax for nice (-n) instead of the depricated one.
PR: conf/108611 Submitted by: TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp> Approved by: imp (mentor)
|
166519 |
05-Feb-2007 |
jdp |
Use egrep instead of grep so that reporting of login failures (broken by revision 1.6) works again. This fix is already in RELENG_6, but was never committed to HEAD.
|
161708 |
29-Aug-2006 |
ru |
The kvm_mkdb(8) is long dead.
|
161602 |
25-Aug-2006 |
trhodes |
Add login.conf checking to periodic security scripts. If the login.conf file is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
Head nod: ru, rwatson
|
159525 |
11-Jun-2006 |
maxim |
o Add missed $start variable in the grep statement back.
PR: conf/96658 Submitted by: James Snow MFC after: 1 week
|
158497 |
12-May-2006 |
mlaier |
Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts. Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw scripts as well.
|
156435 |
08-Mar-2006 |
matteo |
Fix output and exit status when daily_mailq_shorten is set to YES
PR: conf/93472 MFC after: 3
|
156312 |
05-Mar-2006 |
matteo |
Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs
PR: conf/70973 Submitted by: Ryan Sommers" <ryans@gamersimpact.com> Approved by: philip (mentor) MFC after: 3 days
|
156215 |
02-Mar-2006 |
brueffer |
Add periodic scripts that check the status of graid3(8), gstripe(8) and gconcat(8) devices, respectively.
Approved by: rwatson (mentor)
|
155422 |
07-Feb-2006 |
matteo |
When there are no interesting information in output, exit with 0.
PR: conf/92299 Submitted by: Petr Rehor <prehor@gmail.com> Approved by: philip (mentor) MFC after: 3 days
|
154652 |
21-Jan-2006 |
maxim |
o Add 406.status-gmirror, sort.
Submitted by: brueffer
|
154304 |
13-Jan-2006 |
wollman |
Add a daily script to show the status of gmirror(8) devices.
|
152697 |
22-Nov-2005 |
dougb |
Update the test for failed zone transfers to reflect BIND 9.3.1 semantics Simplify the shell scripting a bit, and remove a useless grep | sed
The problem was pointed out by the PR, and I used part of the solution suggested there, but the semantics changed again for 9.2.x -> 9.3.x.
PR: conf/74228 Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
|
149989 |
11-Sep-2005 |
maxim |
A new version of rev. 1.4: postpone a temporary file creation until we realize if ipfw(4) ever used.
PR: bin/85970 Submitted by: Andre Albsmeier MFC after: 3 days
|
149659 |
31-Aug-2005 |
glebius |
Fix braino in last commit. Print nothing if ipfw(4) is not present.
|
149366 |
22-Aug-2005 |
cperciva |
When looking for new lines in diff output, grep for '^[>+]' instead of '^>', in order to catch both normal and unified diffs.
Problem reported by: volker at vwsoft dot com via -stable MFC after: 3 days
|
149320 |
20-Aug-2005 |
glebius |
- Correctly parse output, when logging amount is limited in the rule itself, not in verbose_limit sysctl. [1] - Do check rules, even if verbose_limit is set 0. Rules may have their own log limits.
PR: conf/77929 Submitted by: Andriy Gapon [1] Reviewed by: matteo
|
144343 |
30-Mar-2005 |
ru |
Purge orphan catpages.
PR: conf/35242 Submitted by: Annihilator <annihilator.c@usa.net>
|
142303 |
23-Feb-2005 |
ssouhlal |
Replace "ipfw l", which is now deprecated, with "ipfw list".
Approved by: grehan (mentor)
|
140186 |
13-Jan-2005 |
glebius |
Don't do setuid checks on file systems mounted with noexec option.
Reviewed by: brian, ru MFC after: 1 week
|
140096 |
12-Jan-2005 |
brian |
Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
As there are no tabs in maillog, reduce the expression so that only spaces are used.
Problem raised by: Leif Neland root at internet dot dk
|
140059 |
11-Jan-2005 |
brian |
Oops, the < in arg1=< is optional - treat it as such!
|
140029 |
11-Jan-2005 |
brian |
Adjust the mail reject output so that it gives an abreviated reason for the reject. For example:
Checking for rejected mail hosts: 48 getherbalnow.info (451... resolve) 46 absorb.com (451... resolve) 4 tgmart01.codns.com (553... exist) 3 kali.com.cn (451... resolve) 2 genie.com (451... resolve) 1 zv.qy (553... exist) 1 zd.hinet.hr (553... exist) ....
The bit in parenthesis is the reject code and the last word on the line - enough to give the admin a better chance of seeing real problems (hopefully!).
While I'm here, remove the "<" at the start of rejects coming from "from" addresses without a name@ part.
I had to rewrite the patch given by the submitter as this script has been sed'ified (used to be perl) and I think the reject code is useful....
PR: 17377 Idea from: root at ns dot internet dot dk MFC after: 7 days
|
140028 |
11-Jan-2005 |
brian |
Collapse "fgrep | egrep | sed" down to a single sed.
This also trims extraneous commas from domain names.
MFC after: 7 days
|
139103 |
21-Dec-2004 |
ru |
Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by: core
|
138061 |
24-Nov-2004 |
mlaier |
Teach periodic(8) security output to display information about blocked packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets: > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0 Bytes: 0 States: 0 ] > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578 States: 0 ]
Submitted by: clive (thanks a lot!) MFC after: 2 weeks
|
135591 |
23-Sep-2004 |
jkoshy |
Add a knob 'daily_status_security_diff_flags' controlling the format of the 'diff' output generated during periodic(8) scripts.
Submitted by: keramida (script changes) Reviewed by: keramida (man page changes)
|
129424 |
19-May-2004 |
joe |
Allow the location of the INDEX file to specified to pkg_version. This is particularly convenient on a cluster of machines to prevent having to rebuild the INDEX file on each.
Reviewed by: portmgr
|
128473 |
20-Apr-2004 |
darrenr |
Add script for checking ipv6 blocked packets from PR.
PR: misc/50154 Submitted by: Kimura Fuyuki <fuyuki@hadaly.org>
|
126342 |
28-Feb-2004 |
ache |
Don't remove empty dirs if their names are in $daily_clean_tmps_ignore
|
124080 |
02-Jan-2004 |
gshapiro |
Use hoststat/purgestat instead of sendmail -bh/-bH so the calls can be properly mailwrapper'ed.
PR: conf/60676 Submitted by: Colin Percival <cperciva@daemonology.net>, maxim MFC after: 4 days
|
122257 |
07-Nov-2003 |
ru |
Use %e in the date(1) format string to eliminate the sed(1) command.
|
121620 |
27-Oct-2003 |
jesper |
Add status checking of ATA raid to the daily periodic scripts.
|
117088 |
30-Jun-2003 |
mtm |
Have mktemp(1) construct the temporary file name for us instead of providing a template manually.
Submitted by: Lars Eggert <larse@isi.edu>
|
112956 |
01-Apr-2003 |
jhb |
Remove 220.backup-distfile since it has been deleted.
Reported by: mdodd Pointy hat to: jhb
|
112949 |
01-Apr-2003 |
jhb |
Complete removal of 320.rdist by removing its entry from periodic.conf and removing the related 220.backup-distfile script and associatd periodic.conf entry.
Discussed with: obrien
|
112771 |
29-Mar-2003 |
obrien |
320.rdist is OBE as we don't have rdist in the base system any more.
|
112770 |
29-Mar-2003 |
obrien |
This is OBE as we don't have rdist in the base system any longer.
|
108958 |
08-Jan-2003 |
wollman |
Do not do manually what sendmail(8) can do better automatically. Tell sendmail to clean up its own host status cache. The error condition handling could probably be done better.
|
108727 |
05-Jan-2003 |
se |
Add support for bzip2ed log files.
|
107674 |
07-Dec-2002 |
keramida |
Avoid using perl in the periodic & security scripts. This brings the base system one step closer to being totally perl-free.
Approved by: re (jhb)
|
106988 |
16-Nov-2002 |
thomas |
Do not emit a message on stderr when one of the compared files is shorter than the other.
Reviewed by: roberto MFC after: 3 days
|
106987 |
16-Nov-2002 |
thomas |
Remove incorrect output redirection.
Reviewed by: roberto Committed from: EuroBSDCon Amsterdam MFC after: 3 days
|
105938 |
25-Oct-2002 |
thomas |
Add newly-added sripts to FILES.
Reviewed by: roberto
|
105937 |
25-Oct-2002 |
thomas |
Add a new /etc/periodic/security script to check for packets rejected by ipfilter (510.ipfdenied), and a corresponding periodic.conf knob (daily_status_security_ipfdenied_enable).
Reviewed by: roberto Approved by: re@
|
105936 |
25-Oct-2002 |
thomas |
Factor out code across various /etc/periodic/security scripts into a separate file, /etc/periodic/security/security.functions.
Reviewed by: roberto (mentor) Approved by: re@
|
104574 |
06-Oct-2002 |
joerg |
When considering temporary files for deletion, don't examine the mtime and atime only, but also the ctime. Otherwise, files extracted from tar or zip archives will immediately be declared stale since they've got their mtime reset to the original mtime.
Reviewed by: brian MFC after: 1 week
|
103948 |
25-Sep-2002 |
brian |
Add a pkg_version variable so that it's possible to run portsversion instead of pkg_version in periodic/weekly/400.status-pkg.
|
103903 |
24-Sep-2002 |
ache |
Make it work with POSIX sort (POS arg). All old sorts understand -k too.
|
102398 |
25-Aug-2002 |
cjc |
Only create a temporary file if we are actually going to do something in the script. Eliminates a bug where we create a temp file, but don't delete it since the rm(1) is only done if the check is enabled.
PR: bin/40960 Submitted by: frf <frf@xocolatl.com> MFC after: 3 days
|
101723 |
12-Aug-2002 |
schweikh |
o Test and change to the correct directory, /var/spool/.hoststat o Bring if/then style in sync with /etc/rc scripts
PR: conf/41570 Submitted by: Konstantin M Volevatch <cox@rosnet.ru> MFC after: 1 week
|
101281 |
03-Aug-2002 |
gshapiro |
If all file systems are marked nosuid, the line:
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
sets ${MP} to an empty string so the next line:
set ${MP}
actually just dumps all of the shells variables to stdout (and therefore the security report). Fixed by surrounding the code which goes through the mounts with a test for an empty string before using ${MP}.
Reviewed by: brian MFC after: 3 days
|
100316 |
18-Jul-2002 |
ru |
Install scripts via FILES (purposedly not via SCRIPTS that would strip the suffixes).
|
100313 |
18-Jul-2002 |
ru |
s/${INSTALL} -c/${INSTALL} ${COPY}/
|
98972 |
28-Jun-2002 |
brian |
Mention that we're checking kernel log messages, even if there's no output.
PR: 39618 MFC after: 1 week
|
96813 |
17-May-2002 |
brian |
Temporarily change our umask to 066 so that the potential creation of wtmp.0 is done as mode 600.
This ensures that tight permissions set in /etc/newsyslog.conf for wtmp logging aren't ``betrayed''.
Suggested by: lumpy <lumpy@the.whole.net> MFC after: 3 days
|
96812 |
17-May-2002 |
brian |
Change ``dmesg -a'' to ``dmesg''.
The change was introduced in src/etc/security 1.53 almost a year ago in an attempt to see ipfw deny message logs.
However, ipfw deny/reject logs have been displayed since version 1.13 of the same file as a separate ``job'' and have since moved to src/etc/periodic/security/500.ipfwdenied.
MFC after: 3 days
|
96805 |
17-May-2002 |
brian |
Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp}
Problem reported by: lumpy <lumpy@the.whole.net> MFC after: 3 days
|
96804 |
17-May-2002 |
brian |
Return 3 unless $daily_status_security_enable != YES. Returning $? masks security output when ``periodic security'' is successful !
MFC after: 3 days
|
96160 |
07-May-2002 |
brian |
Fix the output when daily_status_mailq_shorten is set to YES
PR: 23766 Mostly submitted by: lambert@ssabsd.csw.net MFC after: 3 days
|
96048 |
05-May-2002 |
cjc |
Remove leading whitespace from the setuid file lists.
Due to the way we run ls(1), through xargs(1), the leading whitespace can change even when the setuid files haven't. To avoid displaying these lines, we currently run diff(1) with the '-w' option. However, this is probably not the ideal way to go; there is a very, very small possibility for diff(1) to miss things is shouldn't. So, with the leading space cleaned, we can revert to the '-b' option which is "safer."
PR: conf/37618 Reviewed by: brian MFC after: 3 days
|
95808 |
30-Apr-2002 |
brian |
Handle .bz2 files created by newsyslog
PR: 37529 Partially submitted by: Peter Hollaubek <fifteen@inext.hu> MFC after: 1 week
|
94342 |
10-Apr-2002 |
gshapiro |
Update mail queue related periodic scripts to account for sendmail 8.12's clientmqueue (submit mail queue).
The new mailq display is only active if both the old daily_status_mailq_enable is set to "YES" and the new daily_status_include_submit_mailq is set to "YES" so people who disabled 440.status-mailq won't have any surprises.
Likewise, the new queue run is only active if both the old daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun is set to "YES" so people who disabled 500.queuerun won't have any surprises.
While I am here, remove the [ ! -d /var/spool/mqueue ] checks from both scripts as the queue directory isn't always /var/spool/mqueue for the main daemon -- it can be set to anything in the sendmail.cf file.
MFC after: 1 week
|
92191 |
12-Mar-2002 |
rwatson |
No need to explicitly check for both cases when using grep -i.
|
92102 |
11-Mar-2002 |
rwatson |
Update login failure checking to check auth.log instead of messages, and teach it to look for more general classes of failures, including SSH login failures. This is similar but not identical to a patch submitted by aeonflux@synapse.subneural.net.
|
91704 |
05-Mar-2002 |
cjc |
Environmental variable was not being passed to a subshell as intended.
PR: bin/35558 Submitted by: Nicolas Rachinsky <list@rachinsky.de>
|
90630 |
13-Feb-2002 |
brian |
Set rc=1 rather than 0 so that setting daily_show_success=YES masks the output of all goes well.
PR: 34825 Submitted by: Valentin Nechayev <netch@netch.kiev.ua> MFC after: 3 weeks
|
87956 |
14-Dec-2001 |
cjc |
Fix a stray character that found its way into a filename.
|
87852 |
14-Dec-2001 |
ru |
Work around the bugfeature of test(1).
PR: bin/32822
|
87514 |
07-Dec-2001 |
cjc |
Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable.
Reviewed by: ru Approved by: ru
|
87030 |
28-Nov-2001 |
silby |
Make sure the security check output includes a To: line in the same way the daily run output does.
|
86668 |
20-Nov-2001 |
brian |
Handle wtmp.0 being compressed
PR: 32113 Submitted by: Yar Tikhiy <yar@comp.chem.msu.su> MFC after: 1 week
|
86344 |
14-Nov-2001 |
cjc |
After further discussion on -CURRENT, some people (jhb) do not like the idea of not masking passwords on comments in case the administrator comments out an entry without clearing the password. Instead completely ignore comments (since they have no security impact) when doing the diff of the old and new passwd file.
Suggested by: rwatson
|
86257 |
11-Nov-2001 |
cjc |
No need to hide stuff in the $FreeBSD$ tag or in other comments like,
Backup passwd and group files: 1c1 < # $FreeBSD:(password):09:07 peter Exp $ --- > # $FreeBSD:(password):27:16 ache Exp $
MFC after: 1 week
|
84253 |
01-Oct-2001 |
kris |
UUCP removal Phase III.
|
83240 |
09-Sep-2001 |
kris |
Run the uustat command as the uucp user, not as root.
|
80368 |
26-Jul-2001 |
brian |
Remove $daily_status_named_logs and figure out which /var/log/messages* files to look an (in the same way that /etc/security does).
Don't single-quote $start, reducing it to an empty string.
MFC after: 3 days
|
79956 |
19-Jul-2001 |
brian |
Don't try to remove directories unless we've emptied them first
Submitted by: NIIMI Satoshi <sa2c@and.or.jp> PR: 28355 MFC after: 1 week
|
78111 |
11-Jun-2001 |
tobez |
Recognize and support new output which pkg_version(1) might produce.
PR: 27707 Approved by: bmah, markm
|
77592 |
01-Jun-2001 |
dougb |
Small adjustment to whitespace in output
|
77575 |
01-Jun-2001 |
ru |
Remove vestiges of MFS.
|
77517 |
31-May-2001 |
dougb |
Truly limit the path to local filesystems.
|
77496 |
30-May-2001 |
brian |
Default daily_accounting_flags to -q. I thought this was a typo in the originally submitted patch (oops!).
Also check for an empty $daily_accounting_save.
Submitted by: Udo Schweigert <Udo.Schweigert@cert.siemens.de>
|
77492 |
30-May-2001 |
brian |
Add $daily_accounting_save and $daily_accounting_flags
Submitted by: Udo Schweigert <Udo.Schweigert@cert.siemens.de> MFC after: 2 weeks
|
76463 |
11-May-2001 |
dirk |
Add 470.status-named.
Reminded by: gshapiro
|
76107 |
28-Apr-2001 |
joe |
Remind the user that they need to check CPAN manually for updates to perl5 modules installed by hand.
|
75961 |
25-Apr-2001 |
ru |
Fixed typo.
PR: bin/26836 Submitted by: Matthew Seaman <matthew.seaman@tornadogroup.com>
|
75809 |
21-Apr-2001 |
dirk |
Check for denied zone transfers (AXFR and IXFR).
|
74776 |
25-Mar-2001 |
brian |
Identify obsolete ports
|
73349 |
02-Mar-2001 |
ru |
setlocale(3) has been fixed to match POSIX standard: LC_ALL takes precedence over other LC_* envariables.
|
72687 |
19-Feb-2001 |
ache |
Add 500.queuerun
|
72677 |
19-Feb-2001 |
peter |
Move the sendmail -q from cron to periodic, as suggested by a few people. This has the benefit of adding a random start time element as daily processing takes a different amount of time on different machines.
|
71834 |
30-Jan-2001 |
brian |
Allow the output of /etc/security to be logged or mailed to different users in line with ${daily,weekly,monthly}_output using a new $daily_status_security_output variable.
PR: 24643
|
70602 |
02-Jan-2001 |
brian |
Cope with ports that have multiple versions *and* have embedded ``-''s in their name.
|
70600 |
02-Jan-2001 |
brian |
Understand ``multiple versions'' lines emitted from pkg_version.
|
70323 |
24-Dec-2000 |
brian |
Handle multiple words in $daily_clean_disks_files
PR: 23805 Submitted mostly by: Norbert Papke <npapke@telus.net>
|
67849 |
29-Oct-2000 |
dougb |
Finish the job of conditionalizing UUCP by preventing files in /etc/uucp from being installed, and make rmail conditional on neither of NO_SENDMAIL and NOUUCP.
PR: bin/21321 Submitted by: Me
|
66561 |
02-Oct-2000 |
brian |
Case is irrelevant when sorting mail redirects
PR: 21600 Submitted by: David Wolfskill <dhw@whistle.com>
|
66218 |
22-Sep-2000 |
brian |
Remove a forgotten line
Submitted by: Philipp Mergenthaler <un1i@rz.uni-karlsruhe.de>
|
65843 |
14-Sep-2000 |
brian |
Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted by periodic(8). Output may be masked based on variable values in periodic.conf.
It's also now possible to email periodic output to arbitrary addresses, or to send it to a log file, examples of which can be found in newsyslog.conf.
The upshot of it all should be no discernable changes to the default behaviour of periodic(8).
PR: 21250
|
65084 |
25-Aug-2000 |
brian |
Correct variable spelling
PR: 20841
|
64618 |
13-Aug-2000 |
gshapiro |
Complete migration of aliases file to /etc/mail/aliases. The maintainers of share/examples/diskless/README.TEMPLATING and mergemaster have been contacted so those may be updated as well.
|
64485 |
10-Aug-2000 |
brian |
Correct dodgy wild card expansion
PR: 20514
|
62636 |
05-Jul-2000 |
sheldonh |
Introduce a new option, daily_status_disks_df_flags, which specifies the command-line arguments to be used for the call to df(1) when daily_status_disks_enable is set to YES.
The name of the new variable was chosen by the maintainer of our periodic hierarchy, Brian Somers.
PR: 19631
|
62274 |
30-Jun-2000 |
brian |
Add $daily_status_mail_rejects_logs, defaulting to 3 to control how many /var/log/maillog* files to check
PR: 19587
|
62273 |
30-Jun-2000 |
brian |
Correct two variable names
Mostly submitted by: howardjp@wam.umd.edu PR: 19567
|
62212 |
28-Jun-2000 |
joe |
Added 400.status-pkg.
Forgotten by: brian
|
62155 |
27-Jun-2000 |
brian |
Add weekly_status_pkg_enable (defaults to NO)
|
62054 |
25-Jun-2000 |
brian |
Allow compressed acct files
PR: 19483 Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
|
62005 |
23-Jun-2000 |
brian |
daily_status_network_enable -> daily_status_network_usedns
Submitted by: Alexander Leidinger <Alexander@leidinger.net>
|
61981 |
23-Jun-2000 |
brian |
Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf. The only change in the default functionality should be that the output reports are slightly more verbose WRT files deleted.
Not objected to by: freebsd-arch
|
61458 |
09-Jun-2000 |
brian |
Use $clear_daily_* from rc.conf to decide what should be deleted
Reviewed by: The silence of -committers
|
61410 |
08-Jun-2000 |
brian |
Clean /tmp and /var/tmp if $clear_tmp_enable is set to YES in rc.conf Clean /compat/linux/tmp if $linux_enable is also set to YES in rc.conf
|
56697 |
27-Jan-2000 |
obrien |
Revert to rev 1.3 since the sed'ing is wrong. Revisit this after 4.0-RELEASE.
|
56308 |
20-Jan-2000 |
obrien |
Update the sed action to match the change to "diff -u". Otherwise the encrypted password of any account who's information changed was shown in the daily email to root.
Submitted by: jhb
|
55196 |
28-Dec-1999 |
obrien |
Use the *much* more readable unified diff format.
|
53619 |
23-Nov-1999 |
ache |
Use manpath -L for man locales
|
52855 |
04-Nov-1999 |
ghelmer |
"make install" did not install 150.clean-hoststat.
PR: bin/12497
|
51173 |
11-Sep-1999 |
ache |
localize it
Submitted by: "Alexey Zelkin" <phantom@crimea.edu>
|
50472 |
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
48084 |
21-Jun-1999 |
sheldonh |
Update the locate database even if user nobody can't stat root's home directory.
PR: 10700 Submitted by: Sergey Korsak <skif@1plus1.net>
|
47861 |
10-Jun-1999 |
brian |
Don't delete quota files when clean-tmps is enabled.
|
45154 |
30-Mar-1999 |
wollman |
Remove remaining traces of the prototype...
|
45153 |
30-Mar-1999 |
wollman |
Clean up persistent host status from sendmail(8) (if so configured). I had accumulated years' worth of junk files; now others won't have to.
|
44926 |
21-Mar-1999 |
joerg |
Finally remove the ancient `-exec rm -f {} ;' cruft that used to be used to cleanup old files, and replace it by -delete which has been present in our find(1) for ages now.
|
43358 |
28-Jan-1999 |
wollman |
Now that newsyslog is capable of doing this at a specific time, let it rotate /var/log/wtmp again, and update monthly/200.accounting to take this into account. (Some sites might want to change the parameters of the rotation; it's easier to do this when it's all centralized in newsyslog.conf.)
|
42242 |
01-Jan-1999 |
billf |
UUCP Cleanup should be done by the UUCP user.
PR: bin/7749 Submitted by: Ruslan Ermilov <ru@ucb.crimea.ua>
|
39996 |
06-Oct-1998 |
joerg |
Avoid the ``ruptime: no hosts in /var/rwho.'' message by not calling rwho iff /var/rwho is empty. Call `uptime' instead. This doesn't belong under `network' right away, but at least reports the same informaton about the local system. rwhod is not turned on by default (for good reason), and i've already seen too many of the above messages...
|
39495 |
19-Sep-1998 |
obrien |
Remove useless `BINOWN=root' now that it is the default.
|
36495 |
31-May-1998 |
bde |
Fixed double slashes in a pathname.
Fixed some style bugs. Ensure no creation of an obj directory so that we don't need to chdir before installing.
|
36333 |
24-May-1998 |
des |
Add a chkgrp run after backing up the passwd and group files.
Suggested-by: Andreas Klemm
|
35257 |
17-Apr-1998 |
des |
Changed /usr/sbin/mailq to /usr/bin/mailq
|
33186 |
09-Feb-1998 |
danny |
PR: 1708, 5448 Reviewed by: Alex Nash, Steve Price Enhance wtmp monthly handling
|
33185 |
09-Feb-1998 |
wosch |
Count _all_ rejects, not made by check_mail and check_relay only. There can be private rules which produce rejects. Pointed out by: áÎÄÒÅÊ þÅÒÎÏ×
|
33120 |
05-Feb-1998 |
wosch |
Count hosts and sort by score.
|
33119 |
05-Feb-1998 |
wosch |
Replace sed(1) with perl(1). The 4.4BSD sed programm is 200 times slower than perl or SunOS 5.5.1 sed.
|
32784 |
26-Jan-1998 |
brian |
Remove ``start='' used when testing :-(
|
32709 |
23-Jan-1998 |
brian |
Just list one of each domain that was rejected (although only by Scheck_relay or Scheck_mail). Suggested by: ache
|
32615 |
18-Jan-1998 |
wosch |
Add an example for busy mail servers, commented out.
|
32601 |
18-Jan-1998 |
ache |
Do not run by default. Can grow your root mailbox up to 2Mb per day since SPAMmers like to retry often
|
32379 |
09-Jan-1998 |
steve |
Use manpath(1) to determine the value of ${MANPATH} instead of using one of two hard-coded values.
PR: 5365 Submitted by: Ruslan Shevchenko <rssh@cam.grad.kiev.ua>
|
32154 |
01-Jan-1998 |
bde |
Don't test for executability of /usr/sbin/sysctl [before execing plain sysctl]. We already assumed that many standard commands exist, and sysctl is not special.
|
31344 |
22-Nov-1997 |
brian |
Check for rejected mail Not commented on by: freebsd-hackers
|
30881 |
01-Nov-1997 |
wosch |
Check for files belongs to an unknown user or unknown group. Do not run by default.
|
30880 |
01-Nov-1997 |
wosch |
Delete unused code.
|
29305 |
11-Sep-1997 |
ache |
Fix typo in my prev. commit
|
29011 |
01-Sep-1997 |
ache |
Do not remove /var/tmp/vi.recover
|
28377 |
18-Aug-1997 |
pst |
Remove 100.clean-src
|
28320 |
17-Aug-1997 |
pst |
Cosmetic changes. Submitted by: Philippe Charnier <charnier@xp11.frmug.org>
|
28319 |
17-Aug-1997 |
pst |
This was disabled, but it doesn't even make sense to leave it in as an example, it's totally bogus.
|
28264 |
16-Aug-1997 |
pst |
This commit was generated by cvs2svn to compensate for changes in r28263, which included commits to RCS files with non-trunk default branches.
|