1#!/bin/sh 2# 3# This is defaults/periodic.conf - a file full of useful variables that 4# you can set to change the default behaviour of periodic jobs on your 5# system. You should not edit this file! Put any overrides into one of the 6# $periodic_conf_files instead and you will be able to update these defaults 7# later without spamming your local configuration information. 8# 9# The $periodic_conf_files files should only contain values which override 10# values set in this file. This eases the upgrade path when defaults 11# are changed and new features are added. 12# 13# For a more detailed explanation of all the periodic.conf variables, please 14# refer to the periodic.conf(5) manual page. 15# 16# 17 18_set_localbase() { 19 _localbase=`/sbin/sysctl -n user.localbase 2> /dev/null` 20 # Set default value of _localbase if not previously set 21 : ${_localbase:="/usr/local"} 22} 23 24# Set _localbase with fallback to /usr/local 25_set_localbase 26 27# What files override these defaults ? 28periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local ${_localbase}/etc/periodic.conf" 29 30# periodic script dirs. _localbase is being set in /usr/sbin/periodic 31local_periodic="${_localbase}/etc/periodic" 32 33# Max time to sleep to avoid causing congestion on download servers 34anticongestion_sleeptime=3600 35 36# Daily options 37 38# These options are used by periodic(8) itself to determine what to do 39# with the output of the sub-programs that are run, and where to send 40# that output. $daily_output might be set to /var/log/daily.log if you 41# wish to log the daily output and have the files rotated by newsyslog(8) 42# 43daily_diff_flags="-b -U 0" # flags for diff output 44daily_output="root" # user or /file 45daily_show_success="YES" # scripts returning 0 46daily_show_info="YES" # scripts returning 1 47daily_show_badconfig="NO" # scripts returning 2 48 49# 100.clean-disks 50daily_clean_disks_enable="NO" # Delete files daily 51daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" 52daily_clean_disks_days=3 # If older than this 53daily_clean_disks_verbose="YES" # Mention files deleted 54 55# 110.clean-tmps 56daily_clean_tmps_enable="NO" # Delete stuff daily 57daily_clean_tmps_dirs="/tmp" # Delete under here 58daily_clean_tmps_days="3" # If not accessed for 59daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" 60daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" 61daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" 62 # Don't delete these 63daily_clean_tmps_verbose="YES" # Mention files deleted 64 65# 120.clean-preserve 66daily_clean_preserve_enable="YES" # Delete files daily 67daily_clean_preserve_days=7 # If not modified for 68daily_clean_preserve_verbose="YES" # Mention files deleted 69 70# 130.clean-msgs 71daily_clean_msgs_enable="YES" # Delete msgs daily 72daily_clean_msgs_days= # If not modified for 73 74# 140.clean-rwho 75daily_clean_rwho_enable="YES" # Delete rwho daily 76daily_clean_rwho_days=7 # If not modified for 77daily_clean_rwho_verbose="YES" # Mention files deleted 78 79# 150.clean-hoststat 80daily_clean_hoststat_enable="YES" # Purge sendmail host 81 # status cache daily 82 83# 200.backup-passwd 84daily_backup_passwd_enable="YES" # Backup passwd & group 85 86# 210.backup-aliases 87daily_backup_aliases_enable="YES" # Backup mail aliases 88 89# 221.backup-gpart 90if [ $(sysctl -n security.jail.jailed) = 0 ]; then 91 # Backup partition table/boot partition/MBR 92 daily_backup_gpart_enable="YES" 93else 94 daily_backup_gpart_enable="NO" 95fi 96daily_backup_gpart_verbose="NO" # Be verbose if new backup differs from the old one 97daily_backup_efi_enable="NO" # Backup EFI system partition (ESP) 98 99# 222.backup-gmirror 100daily_backup_gmirror_enable="NO" # Backup of gmirror info (i.e., output of `gmirror list`) 101daily_backup_gmirror_verbose="NO" # Log diff if new backup differs from the old one 102 103# 223.backup-zfs 104daily_backup_zfs_enable="NO" # Backup output from zpool/zfs list 105daily_backup_zfs_props_enable="NO" # Backup zpool/zfs filesystem properties 106daily_backup_zfs_get_flags="all" # flags passed to `zfs get` 107daily_backup_zfs_list_flags="" # flags passed to `zfs list` 108daily_backup_zpool_get_flags="all" # flags passed to `zpool get` 109daily_backup_zpool_list_flags="-v" # flags passed to `zpool list` 110daily_backup_zfs_verbose="NO" # Report diff between the old and new backups. 111 112# 300.calendar 113daily_calendar_enable="NO" # Run calendar -a 114 115# 310.accounting 116daily_accounting_enable="YES" # Rotate acct files 117daily_accounting_compress="NO" # Gzip rotated files 118daily_accounting_flags=-q # Flags to /usr/sbin/sa 119daily_accounting_save=3 # How many files to save 120 121# 400.status-disks 122daily_status_disks_enable="YES" # Check disk status 123daily_status_disks_df_flags="-l -h" # df(1) flags for check 124 125# 401.status-graid 126daily_status_graid_enable="NO" # Check graid(8) 127 128# 404.status-zfs 129daily_status_zfs_enable="NO" # Check ZFS 130daily_status_zfs_zpool_list_enable="YES" # List ZFS pools 131 132# 406.status-gmirror 133daily_status_gmirror_enable="NO" # Check gmirror(8) 134 135# 407.status-graid3 136daily_status_graid3_enable="NO" # Check graid3(8) 137 138# 408.status-gstripe 139daily_status_gstripe_enable="NO" # Check gstripe(8) 140 141# 409.status-gconcat 142daily_status_gconcat_enable="NO" # Check gconcat(8) 143 144# 410.status-mfi 145daily_status_mfi_enable="NO" # Check mfiutil(8) 146 147# 420.status-network 148daily_status_network_enable="YES" # Check network status 149daily_status_network_usedns="YES" # DNS lookups are ok 150daily_status_network_netstat_flags="-d -W" # netstat(1) flags 151 152# 430.status-uptime 153daily_status_uptime_enable="YES" # Check system uptime 154 155# 440.status-mailq 156daily_status_mailq_enable="YES" # Check mail status 157daily_status_mailq_shorten="NO" # Shorten output 158daily_status_include_submit_mailq="YES" # Also submit queue 159 160# 450.status-security 161daily_status_security_enable="YES" # Security check 162# See also "Security options" below for more options 163daily_status_security_inline="NO" # Run inline ? 164daily_status_security_output="root" # user or /file 165 166# 460.status-mail-rejects 167daily_status_mail_rejects_enable="YES" # Check mail rejects 168daily_status_mail_rejects_logs=3 # How many logs to check 169daily_status_mail_rejects_shorten="NO" # Shorten output 170 171# 480.leapfile-ntpd 172daily_ntpd_leapfile_enable="YES" # Fetch NTP leapfile 173 174# 480.status-ntpd 175daily_status_ntpd_enable="NO" # Check NTP status 176 177# 500.queuerun 178daily_queuerun_enable="YES" # Run mail queue 179daily_submit_queuerun="YES" # Also submit queue 180 181# 510.status-world-kernel 182daily_status_world_kernel="YES" # Check the running 183 # userland/kernel version 184 185# 800.scrub-zfs 186daily_scrub_zfs_enable="NO" 187daily_scrub_zfs_pools="" # empty string selects all pools 188daily_scrub_zfs_default_threshold="35" # days between scrubs 189#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold 190 191# 801.trim-zfs 192daily_trim_zfs_enable="NO" 193daily_trim_zfs_pools="" # empty string selects all pools 194daily_trim_zfs_flags="" # zpool-trim(8) flags 195 196# 999.local 197daily_local="/etc/daily.local" # Local scripts 198 199 200# Weekly options 201 202# These options are used by periodic(8) itself to determine what to do 203# with the output of the sub-programs that are run, and where to send 204# that output. $weekly_output might be set to /var/log/weekly.log if you 205# wish to log the weekly output and have the files rotated by newsyslog(8) 206# 207weekly_output="root" # user or /file 208weekly_show_success="YES" # scripts returning 0 209weekly_show_info="YES" # scripts returning 1 210weekly_show_badconfig="NO" # scripts returning 2 211 212# 310.locate 213weekly_locate_enable="YES" # Update locate weekly 214 215# 320.whatis 216weekly_whatis_enable="YES" # Update whatis weekly 217 218# 340.noid 219weekly_noid_enable="NO" # Find unowned files 220weekly_noid_dirs="/" # Look here 221 222# 450.status-security 223weekly_status_security_enable="YES" # Security check 224# See also "Security options" above for more options 225weekly_status_security_inline="NO" # Run inline ? 226weekly_status_security_output="root" # user or /file 227 228# 999.local 229weekly_local="/etc/weekly.local" # Local scripts 230 231 232# Monthly options 233 234# These options are used by periodic(8) itself to determine what to do 235# with the output of the sub-programs that are run, and where to send 236# that output. $monthly_output might be set to /var/log/monthly.log if you 237# wish to log the monthly output and have the files rotated by newsyslog(8) 238# 239monthly_output="root" # user or /file 240monthly_show_success="YES" # scripts returning 0 241monthly_show_info="YES" # scripts returning 1 242monthly_show_badconfig="NO" # scripts returning 2 243 244# 200.accounting 245monthly_accounting_enable="YES" # Login accounting 246 247# 450.status-security 248monthly_status_security_enable="YES" # Security check 249# See also "Security options" above for more options 250monthly_status_security_inline="NO" # Run inline ? 251monthly_status_security_output="root" # user or /file 252 253# 999.local 254monthly_local="/etc/monthly.local" # Local scripts 255 256 257# Security options 258 259security_show_success="YES" # scripts returning 0 260security_show_info="YES" # scripts returning 1 261security_show_badconfig="NO" # scripts returning 2 262 263# These options are used by the security periodic(8) scripts spawned in 264# daily and weekly 450.status-security. 265security_status_logdir="/var/log" # Directory for logs 266security_status_diff_flags="-b -U 0" # flags for diff output 267 268# Each of the security_status_*_period options below can have one of the 269# following values: 270# - NO: do not run at all 271# - daily: only run during the daily security status 272# - weekly: only run during the weekly security status 273# - monthly: only run during the monthly security status 274# Note that if periodic security scripts are run from crontab(5) directly, 275# they will be run unless _enable or _period is set to "NO". 276 277# 100.chksetuid 278security_status_chksetuid_enable="YES" 279security_status_chksetuid_period="daily" 280 281# 110.neggrpperm 282security_status_neggrpperm_enable="YES" 283security_status_neggrpperm_period="daily" 284 285# 200.chkmounts 286security_status_chkmounts_enable="YES" 287security_status_chkmounts_period="daily" 288#security_status_chkmounts_ignore="^amd:" # Don't check matching 289 # FS types 290security_status_noamd="NO" # Don't check amd mounts 291 292# 300.chkuid0 293security_status_chkuid0_enable="YES" 294security_status_chkuid0_period="daily" 295 296# 400.passwdless 297security_status_passwdless_enable="YES" 298security_status_passwdless_period="daily" 299 300# 410.logincheck 301security_status_logincheck_enable="YES" 302security_status_logincheck_period="daily" 303 304# 500.ipfwdenied 305security_status_ipfwdenied_enable="YES" 306security_status_ipfwdenied_period="daily" 307 308# 510.ipfdenied 309security_status_ipfdenied_enable="YES" 310security_status_ipfdenied_period="daily" 311 312# 520.pfdenied 313security_status_pfdenied_enable="YES" 314security_status_pfdenied_period="daily" 315security_status_pfdenied_additionalanchors="" 316 317# 550.ipfwlimit 318security_status_ipfwlimit_enable="YES" 319security_status_ipfwlimit_period="daily" 320 321# 610.ipf6denied 322security_status_ipf6denied_enable="YES" 323security_status_ipf6denied_period="daily" 324 325# 700.kernelmsg 326security_status_kernelmsg_enable="YES" 327security_status_kernelmsg_period="daily" 328 329# 800.loginfail 330security_status_loginfail_enable="YES" 331security_status_loginfail_period="daily" 332 333# 900.tcpwrap 334security_status_tcpwrap_enable="YES" 335security_status_tcpwrap_period="daily" 336 337 338 339# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* 340# scripts to source defaults/periodic.conf overrides safely. 341 342if [ -z "${source_periodic_confs_defined}" ]; then 343 source_periodic_confs_defined=yes 344 345 # Sleep for a random amount of time in order to mitigate the thundering 346 # herd problem of multiple hosts running periodic simultaneously. 347 # Will not sleep when used interactively. 348 # Will sleep at most once per invocation of periodic 349 anticongestion() { 350 [ -n "$PERIODIC_IS_INTERACTIVE" ] && return 351 if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then 352 rm -f $PERIODIC_ANTICONGESTION_FILE 353 sleep `jot -r 1 0 ${anticongestion_sleeptime}` 354 fi 355 } 356 357 check_yesno_period() { 358 local var="$1" periodvar value period 359 360 eval value=\"\$$var\" 361 case "$value" in 362 [Yy][Ee][Ss]) ;; 363 *) return 1 ;; 364 esac 365 366 periodvar=${var%enable}period 367 eval period=\"\$$periodvar\" 368 case "$PERIODIC" in 369 "security daily") 370 case "$period" in 371 [Dd][Aa][Ii][Ll][Yy]) return 0 ;; 372 *) return 1 ;; 373 esac 374 ;; 375 "security weekly") 376 case "$period" in 377 [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; 378 *) return 1 ;; 379 esac 380 ;; 381 "security monthly") 382 case "$period" in 383 [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; 384 *) return 1 ;; 385 esac 386 ;; 387 security) 388 # Run directly from crontab(5). 389 case "$period" in 390 [Nn][Oo]) return 1 ;; 391 *) return 0 ;; 392 esac 393 ;; 394 '') 395 # Script run manually. 396 return 0 397 ;; 398 *) 399 echo "ASSERTION FAILED: Unexpected value for" \ 400 "\$PERIODIC: '$PERIODIC'" >&2 401 exit 127 402 ;; 403 esac 404 } 405 406 source_periodic_confs() { 407 local i sourced_files 408 409 for i in ${periodic_conf_files}; do 410 case ${sourced_files} in 411 *:$i:*) 412 ;; 413 *) 414 sourced_files="${sourced_files}:$i:" 415 [ -r $i ] && . $i 416 ;; 417 esac 418 done 419 } 420fi 421