periodic.conf revision 258121
150477Speter#!/bin/sh 240269Srnordier# 3211571Srpaulo# This is defaults/periodic.conf - a file full of useful variables that 4211571Srpaulo# you can set to change the default behaviour of periodic jobs on your 5125537Sru# system. You should not edit this file! Put any overrides into one of the 640326Srnordier# $periodic_conf_files instead and you will be able to update these defaults 780751Sjhb# later without spamming your local configuration information. 880751Sjhb# 948919Srnordier# The $periodic_conf_files files should only contain values which override 10134382Syar# values set in this file. This eases the upgrade path when defaults 1148919Srnordier# are changed and new features are added. 1242480Srnordier# 1342480Srnordier# For a more detailed explanation of all the periodic.conf variables, please 1440541Srnordier# refer to the periodic.conf(5) manual page. 1540541Srnordier# 16104673Sgreen# $FreeBSD: stable/10/etc/defaults/periodic.conf 258121 2013-11-14 09:14:33Z glebius $ 1740269Srnordier# 18104683Sjhb 1940269Srnordier# What files override these defaults ? 20125537Sruperiodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" 21108000Simp 22125537Sru# periodic script dirs 23125537Srulocal_periodic="/usr/local/etc/periodic" 24104635Sphk 25125566Sru 26132870Skan# Daily options 2796327Sjhb 28220337Srdivacky# These options are used by periodic(8) itself to determine what to do 29221177Sjhb# with the output of the sub-programs that are run, and where to send 30107879Sphk# that output. $daily_output might be set to /var/log/daily.log if you 31134382Syar# wish to log the daily output and have the files rotated by newsyslog(8) 32125932Sru# 33125932Srudaily_output="root" # user or /file 34125932Srudaily_show_success="YES" # scripts returning 0 3597860Sphkdaily_show_info="YES" # scripts returning 1 3696306Sobriendaily_show_badconfig="NO" # scripts returning 2 3740269Srnordier 3840269Srnordier# 100.clean-disks 39169732Skandaily_clean_disks_enable="NO" # Delete files daily 40260497Sdimdaily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" 41232263Sdimdaily_clean_disks_days=3 # If older than this 4240269Srnordierdaily_clean_disks_verbose="YES" # Mention files deleted 43260096Sdim 44260096Sdim# 110.clean-tmps 45260497Sdimdaily_clean_tmps_enable="NO" # Delete stuff daily 46279796Sdimdaily_clean_tmps_dirs="/tmp" # Delete under here 47279796Sdimdaily_clean_tmps_days="3" # If not accessed for 48279796Sdimdaily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" 49260096Sdimdaily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" 50260291Sdimdaily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" 5140269Srnordier # Don't delete these 52125537Srudaily_clean_tmps_verbose="YES" # Mention files deleted 53125537Sru 5440269Srnordier# 120.clean-preserve 55125537Srudaily_clean_preserve_enable="YES" # Delete files daily 56125537Srudaily_clean_preserve_days=7 # If not modified for 57109886Sphkdaily_clean_preserve_verbose="YES" # Mention files deleted 58109886Sphk 59109886Sphk# 130.clean-msgs 60125537Srudaily_clean_msgs_enable="YES" # Delete msgs daily 61125537Srudaily_clean_msgs_days= # If not modified for 6240269Srnordier 63281289Sdim# 140.clean-rwho 6440269Srnordierdaily_clean_rwho_enable="YES" # Delete rwho daily 6540269Srnordierdaily_clean_rwho_days=7 # If not modified for 66260291Sdimdaily_clean_rwho_verbose="YES" # Mention files deleted 6740269Srnordier 68125537Sru# 150.clean-hoststat 69125537Srudaily_clean_hoststat_enable="YES" # Purge sendmail host 7096424Speter # status cache daily 71319025Sngie 72319025Sngie# 200.backup-passwd 73125537Srudaily_backup_passwd_enable="YES" # Backup passwd & group 74319025Sngie 75125537Sru# 210.backup-aliases 76319025Sngiedaily_backup_aliases_enable="YES" # Backup mail aliases 7780751Sjhb 78125537Sru# 220.backup-pkgdb 79125537Srudaily_backup_pkgdb_enable="YES" # Backup /var/db/pkg 80125537Srudaily_backup_pkgdb_dir="/var/backups" 8140269Srnordier 8240269Srnordier# 300.calendar 83319025Sngiedaily_calendar_enable="NO" # Run calendar -a 8440269Srnordier 8540269Srnordier# 310.accounting 86281289Sdimdaily_accounting_enable="YES" # Rotate acct files 8740269Srnordierdaily_accounting_compress="NO" # Gzip rotated files 88125537Srudaily_accounting_flags=-q # Flags to /usr/sbin/sa 89260291Sdimdaily_accounting_save=3 # How many files to save 9040269Srnordier 91125537Sru# 330.news 92224131Sdimdaily_news_expire_enable="YES" # Run news.expire 9380751Sjhb 94125564Sru# 400.status-disks 95125564Srudaily_status_disks_enable="YES" # Check disk status 96125537Srudaily_status_disks_df_flags="-l -h" # df(1) flags for check 97125537Sru 98125537Sru# 401.status-graid 99125537Srudaily_status_graid_enable="NO" # Check graid(8) 10040404Srnordier 101125537Sru# 404.status-zfs 102125537Srudaily_status_zfs_enable="NO" # Check ZFS 103125537Srudaily_status_zfs_zpool_list_enable="YES" # List ZFS pools 104125537Sru 105125537Sru# 406.status-gmirror 106125537Srudaily_status_gmirror_enable="NO" # Check gmirror(8) 10740326Srnordier 108211677Simp# 407.status-graid3 109125581Srudaily_status_graid3_enable="NO" # Check graid3(8) 110125556Sru 111116864Speter# 408.status-gstripe 112116864Speterdaily_status_gstripe_enable="NO" # Check gstripe(8) 113116864Speter 114116864Speter# 409.status-gconcat 115125537Srudaily_status_gconcat_enable="NO" # Check gconcat(8) 116232263Sdim 117232263Sdim# 420.status-network 118232263Sdimdaily_status_network_enable="YES" # Check network status 119232263Sdimdaily_status_network_usedns="YES" # DNS lookups are ok 120 121# 430.status-rwho 122daily_status_rwho_enable="YES" # Check system status 123 124# 440.status-mailq 125daily_status_mailq_enable="YES" # Check mail status 126daily_status_mailq_shorten="NO" # Shorten output 127daily_status_include_submit_mailq="YES" # Also submit queue 128 129# 450.status-security 130daily_status_security_enable="YES" # Security check 131# See also "Security options" below for more options 132daily_status_security_inline="NO" # Run inline ? 133daily_status_security_output="root" # user or /file 134 135# 460.status-mail-rejects 136daily_status_mail_rejects_enable="YES" # Check mail rejects 137daily_status_mail_rejects_logs=3 # How many logs to check 138daily_status_mail_rejects_shorten="NO" # Shorten output 139 140# 480.status-ntpd 141daily_status_ntpd_enable="NO" # Check NTP status 142 143# 490.status-pkg-changes 144daily_status_pkg_changes_enable="NO" # Show package changes 145pkg_info="pkg_info" # Use this program 146 147# 500.queuerun 148daily_queuerun_enable="YES" # Run mail queue 149daily_submit_queuerun="YES" # Also submit queue 150 151# 800.scrub-zfs 152daily_scrub_zfs_enable="NO" 153daily_scrub_zfs_pools="" # empty string selects all pools 154daily_scrub_zfs_default_threshold="35" # days between scrubs 155#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold 156 157# 999.local 158daily_local="/etc/daily.local" # Local scripts 159 160 161# Weekly options 162 163# These options are used by periodic(8) itself to determine what to do 164# with the output of the sub-programs that are run, and where to send 165# that output. $weekly_output might be set to /var/log/weekly.log if you 166# wish to log the weekly output and have the files rotated by newsyslog(8) 167# 168weekly_output="root" # user or /file 169weekly_show_success="YES" # scripts returning 0 170weekly_show_info="YES" # scripts returning 1 171weekly_show_badconfig="NO" # scripts returning 2 172 173# 310.locate 174weekly_locate_enable="YES" # Update locate weekly 175 176# 320.whatis 177weekly_whatis_enable="YES" # Update whatis weekly 178 179# 330.catman 180weekly_catman_enable="NO" # Preformat man pages 181 182# 340.noid 183weekly_noid_enable="NO" # Find unowned files 184weekly_noid_dirs="/" # Look here 185 186# 400.status-pkg 187weekly_status_pkg_enable="NO" # Find out-of-date pkgs 188pkg_version=pkg_version # Use this program 189pkg_version_index=/usr/ports/INDEX-10 # Use this index file 190 191# 450.status-security 192weekly_status_security_enable="YES" # Security check 193# See also "Security options" above for more options 194weekly_status_security_inline="NO" # Run inline ? 195weekly_status_security_output="root" # user or /file 196 197# 999.local 198weekly_local="/etc/weekly.local" # Local scripts 199 200 201# Monthly options 202 203# These options are used by periodic(8) itself to determine what to do 204# with the output of the sub-programs that are run, and where to send 205# that output. $monthly_output might be set to /var/log/monthly.log if you 206# wish to log the monthly output and have the files rotated by newsyslog(8) 207# 208monthly_output="root" # user or /file 209monthly_show_success="YES" # scripts returning 0 210monthly_show_info="YES" # scripts returning 1 211monthly_show_badconfig="NO" # scripts returning 2 212 213# 200.accounting 214monthly_accounting_enable="YES" # Login accounting 215 216# 450.status-security 217monthly_status_security_enable="YES" # Security check 218# See also "Security options" above for more options 219monthly_status_security_inline="NO" # Run inline ? 220monthly_status_security_output="root" # user or /file 221 222# 999.local 223monthly_local="/etc/monthly.local" # Local scripts 224 225 226# Security options 227 228# These options are used by the security periodic(8) scripts spawned in 229# daily and weekly 450.status-security. 230security_status_logdir="/var/log" # Directory for logs 231security_status_diff_flags="-b -u" # flags for diff output 232 233# Each of the security_status_*_period options below can have one of the 234# following values: 235# - NO: do not run at all 236# - daily: only run during the daily security status 237# - weekly: only run during the weekly security status 238# - monthly: only run during the monthly security status 239# Note that if periodic security scripts are run from crontab(5) directly, 240# they will be run unless _enable or _period is set to "NO". 241 242# 100.chksetuid 243security_status_chksetuid_enable="YES" 244security_status_chksetuid_period="daily" 245 246# 110.neggrpperm 247security_status_neggrpperm_enable="YES" 248security_status_neggrpperm_period="daily" 249 250# 200.chkmounts 251security_status_chkmounts_enable="YES" 252security_status_chkmounts_period="daily" 253#security_status_chkmounts_ignore="^amd:" # Don't check matching 254 # FS types 255security_status_noamd="NO" # Don't check amd mounts 256 257# 300.chkuid0 258security_status_chkuid0_enable="YES" 259security_status_chkuid0_period="daily" 260 261# 400.passwdless 262security_status_passwdless_enable="YES" 263security_status_passwdless_period="daily" 264 265# 410.logincheck 266security_status_logincheck_enable="YES" 267security_status_logincheck_period="daily" 268 269# 460.chkportsum 270security_status_chkportsum_enable="NO" # Check ports w/ wrong checksum 271security_status_chkportsum_period="daily" 272 273# 500.ipfwdenied 274security_status_ipfwdenied_enable="YES" 275security_status_ipfwdenied_period="daily" 276 277# 510.ipfdenied 278security_status_ipfdenied_enable="YES" 279security_status_ipfdenied_period="daily" 280 281# 520.pfdenied 282security_status_pfdenied_enable="YES" 283security_status_pfdenied_period="daily" 284 285# 550.ipfwlimit 286security_status_ipfwlimit_enable="YES" 287security_status_ipfwlimit_period="daily" 288 289# 610.ipf6denied 290security_status_ipf6denied_enable="YES" 291security_status_ipf6denied_period="daily" 292 293# 700.kernelmsg 294security_status_kernelmsg_enable="YES" 295security_status_kernelmsg_period="daily" 296 297# 800.loginfail 298security_status_loginfail_enable="YES" 299security_status_loginfail_period="daily" 300 301# 900.tcpwrap 302security_status_tcpwrap_enable="YES" 303security_status_tcpwrap_period="daily" 304 305 306 307# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* 308# scripts to source defaults/periodic.conf overrides safely. 309 310if [ -z "${source_periodic_confs_defined}" ]; then 311 source_periodic_confs_defined=yes 312 313 # Compatibility with old daily variable names. 314 # They can be removed in stable/11. 315 security_daily_compat_var() { 316 local var=$1 dailyvar value 317 318 dailyvar=daily_status_security${var#security_status} 319 periodvar=${var%enable}period 320 eval value=\"\$$dailyvar\" 321 [ -z "$value" ] && return 322 echo "Warning: Variable \$$dailyvar is deprecated," \ 323 "use \$$var instead." >&2 324 case "$value" in 325 [Yy][Ee][Ss]) 326 $var=YES 327 $periodvar=daily 328 ;; 329 *) 330 eval $var=\"$value\" 331 ;; 332 esac 333 } 334 335 check_yesno_period() { 336 local var="$1" periodvar value period 337 338 eval value=\"\$$var\" 339 case "$value" in 340 [Yy][Ee][Ss]) ;; 341 *) return 1 ;; 342 esac 343 344 periodvar=${var%enable}period 345 eval period=\"\$$periodvar\" 346 case "$PERIODIC" in 347 "security daily") 348 case "$period" in 349 [Dd][Aa][Ii][Ll][Yy]) return 0 ;; 350 *) return 1 ;; 351 esac 352 ;; 353 "security weekly") 354 case "$period" in 355 [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; 356 *) return 1 ;; 357 esac 358 ;; 359 "security monthly") 360 case "$period" in 361 [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; 362 *) return 1 ;; 363 esac 364 ;; 365 security) 366 # Run directly from crontab(5). 367 case "$period" in 368 [Nn][Oo]) return 1 ;; 369 *) return 0 ;; 370 esac 371 ;; 372 *) 373 echo "ASSERTION FAILED: Unexpected value for " \ 374 "\$PERIODIC: '$PERIODIC'" >&2 375 exit 127 376 ;; 377 esac 378 } 379 380 source_periodic_confs() { 381 local i sourced_files 382 383 for i in ${periodic_conf_files}; do 384 case ${sourced_files} in 385 *:$i:*) 386 ;; 387 *) 388 sourced_files="${sourced_files}:$i:" 389 [ -r $i ] && . $i 390 ;; 391 esac 392 done 393 } 394fi 395