xref: /freebsd/share/man/man5/periodic.conf.5 (revision 4e579ad047720775ab580b74192c7de8a3386fea)
1.\"-
2.\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.Dd March 9, 2022
27.Dt PERIODIC.CONF 5
28.Os
29.Sh NAME
30.Nm periodic.conf
31.Nd periodic job configuration information
32.Sh DESCRIPTION
33The file
34.Nm
35contains a description of how daily, weekly and monthly system maintenance
36jobs should run.
37It resides in the
38.Pa /etc/defaults
39directory and parts may be overridden by a file of the same name in
40.Pa /etc ,
41which itself may be overridden by the
42.Pa /etc/periodic.conf.local
43file.
44.Pp
45The
46.Nm
47file
48is actually sourced as a shell script from each of the periodic scripts
49and is intended to simply provide default configuration variables.
50.Pp
51The following variables are used by
52.Xr periodic 8
53itself:
54.Bl -tag -offset 4n -width 2n
55.It Va local_periodic
56.Pq Vt str
57List of directories to search for periodic scripts.
58This list is always prefixed with
59.Pa /etc/periodic ,
60and is only used when an argument to
61.Xr periodic 8
62is not an absolute directory name.
63.It Ao Ar dir Ac Ns Va _output
64.Pq Vt path No or Vt list
65What to do with the output of the scripts executed from
66the directory
67.Ar dir .
68If this variable is set to an absolute path name, output is logged to
69that file, otherwise it is taken as one or more space separated email
70addresses and mailed to those users.
71If this variable is not set or is empty, output is sent to standard output.
72.Pp
73For an unattended machine, suitable values for
74.Va daily_output ,
75.Va weekly_output ,
76and
77.Va monthly_output
78might be
79.Dq Li /var/log/daily.log ,
80.Dq Li /var/log/weekly.log ,
81and
82.Dq Li /var/log/monthly.log
83respectively, as
84.Xr newsyslog 8
85will rotate these files (if they exists) at the appropriate times.
86.It Ao Ar dir Ac Ns Va _show_success
87.It Ao Ar dir Ac Ns Va _show_info
88.It Ao Ar dir Ac Ns Va _show_badconfig
89.Pq Vt bool
90These variables control whether
91.Xr periodic 8
92will mask the output of the executed scripts based on their return code
93(where
94.Ar dir
95is the base directory name in which each script resides).
96If the return code of a script is
97.Sq 0
98and
99.Ao Ar dir Ac Ns Va _show_success
100is set to
101.Dq Li NO ,
102.Xr periodic 8
103will mask the script's output.
104If the return code of a script is
105.Sq 1
106and
107.Ao Ar dir Ac Ns Va _show_info
108is set to
109.Dq Li NO ,
110.Xr periodic 8
111will mask the script's output.
112If the return code of a script is
113.Sq 2
114and
115.Ao Ar dir Ac Ns Va _show_badconfig
116is set to
117.Dq Li NO ,
118.Xr periodic 8
119will mask the script's output.
120If these variables are set to neither
121.Dq Li YES
122nor
123.Dq Li NO ,
124they default to
125.Dq Li YES ,
126.Dq Li YES
127and
128.Dq Li NO
129respectively.
130.Pp
131Refer to the
132.Xr periodic 8
133manual page for how script return codes are interpreted.
134.It Va anticongestion_sleeptime
135.Pq Vt int
136The maximum number of seconds to randomly sleep in order to smooth bursty loads
137on a shared resource, such as a download mirror.
138.El
139.Pp
140The following variables are used by the standard scripts that reside in
141.Pa /etc/periodic/daily :
142.Bl -tag -offset 4n -width 2n
143.It Va daily_clean_disks_enable
144.Pq Vt bool
145Set to
146.Dq Li YES
147if you want to remove all files matching
148.Va daily_clean_disks_files
149daily.
150.It Va daily_clean_disks_files
151.Pq Vt str
152Set to a list of file names to match.
153Wild cards are permitted.
154.It Va daily_clean_disks_days
155.Pq Vt num
156When
157.Va daily_clean_disks_enable
158is set to
159.Dq Li YES ,
160this must also be set to the number of days old that a file's access
161and modification times must be before it is deleted.
162.It Va daily_clean_disks_verbose
163.Pq Vt bool
164Set to
165.Dq Li YES
166if you want the removed files to be reported in your daily output.
167.It Va daily_clean_tmps_enable
168.Pq Vt bool
169Set to
170.Dq Li YES
171if you want to clear temporary directories daily.
172.It Va daily_clean_tmps_dirs
173.Pq Vt str
174Set to the list of directories to clear if
175.Va daily_clean_tmps_enable
176is set to
177.Dq Li YES .
178.It Va daily_clean_tmps_days
179.Pq Vt num
180When
181.Va daily_clean_tmps_enable
182is set, this must also be set to the number of days old that a file's access
183and modification times must be before it is deleted.
184.It Va daily_clean_tmps_ignore
185.Pq Vt str
186Set to the list of files that should not be deleted when
187.Va daily_clean_tmps_enable
188is set to
189.Dq Li YES .
190Wild card characters are permitted.
191.It Va daily_clean_tmps_verbose
192.Pq Vt bool
193Set to
194.Dq Li YES
195if you want the removed files to be reported in your daily output.
196.It Va daily_clean_preserve_enable
197.Pq Vt bool
198Set to
199.Dq Li YES
200if you wish to remove old files from
201.Pa /var/preserve .
202.It Va daily_clean_preserve_days
203.Pq Vt num
204Set to the number of days that files must not have been modified before
205they are deleted.
206.It Va daily_clean_preserve_verbose
207.Pq Vt bool
208Set to
209.Dq Li YES
210if you want the removed files to be reported in your daily output.
211.It Va daily_clean_msgs_enable
212.Pq Vt bool
213Set to
214.Dq Li YES
215if you wish old system messages to be purged.
216.It Va daily_clean_msgs_days
217.Pq Vt num
218Set to the number of days that files must not have been modified before
219they are deleted.
220If this variable is left blank, the
221.Xr msgs 1
222default is used.
223.It Va daily_clean_rwho_enable
224.Pq Vt bool
225Set to
226.Dq Li YES
227if you wish old files in
228.Pa /var/who
229to be purged.
230.It Va daily_clean_rwho_days
231.Pq Vt num
232Set to the number of days that files must not have been modified before
233they are deleted.
234.It Va daily_clean_rwho_verbose
235.Pq Vt bool
236Set to
237.Dq Li YES
238if you want the removed files to be reported in your daily output.
239.It Va daily_clean_hoststat_enable
240.Pq Vt bool
241Set to
242.Dq Li YES
243to run
244.Nm sendmail Fl bH
245to automatically purge stale entries from
246.Xr sendmail 8 Ns 's
247host status cache.
248Files will be deleted using the same criteria as
249.Xr sendmail 8
250would normally use when determining whether to believe the cached information,
251as configured in
252.Pa /etc/mail/sendmail.cf .
253.It Va daily_backup_efi_enable
254.Pq Vt bool
255Set to
256.Dq Li YES
257to create backup of EFI System Partition (ESP).
258.It Va daily_backup_gmirror_enable
259.Pq Vt bool
260Set to
261.Dq Li YES
262to create backup of gmirror information (i.e., output of
263.Nm gmirror Cm list ) ,
264see
265.Xr gmirror 8 .
266.It Va daily_backup_gmirror_verbose
267.Pq Vt bool
268Set to
269.Dq Li YES
270to report a diff between the new backup and the existing backup
271in the daily output.
272.It Va daily_backup_gpart_enable
273.Pq Vt bool
274Set to
275.Dq Li YES
276to create backups of partition tables, and bootcode partition contents.
277.It Va daily_backup_gpart_verbose
278.Pq Vt bool
279Set to
280.Dq Li YES
281to be verbose if existing backups for kern.geom.conftxt or the partition tables differ
282from the new backups.
283.It Va daily_backup_passwd_enable
284.Pq Vt bool
285Set to
286.Dq Li YES
287if you want the
288.Pa /etc/master.passwd
289and
290.Pa /etc/group
291files backed up and reported on.
292Reporting consists of checking both files for modifications and running
293.Xr chkgrp 8
294on the
295.Pa group
296file.
297.It Va daily_backup_aliases_enable
298.Pq Vt bool
299Set to
300.Dq Li YES
301if you want the
302.Pa /etc/mail/aliases
303file backed up and modifications to be displayed in your daily output.
304.It Va daily_backup_zfs_enable
305.Pq Vt bool
306Set to
307.Dq Li YES
308to create backup of the output generated from the
309.Xr zfs-list 8
310and
311.Xr zpool-list 8
312utilities.
313.It Va daily_backup_zfs_list_flags
314.Pq Vt str
315Set to the arguments for the
316.Xr zfs-list 8
317utility.
318The default is standard behavior.
319.It Va daily_backup_zpool_list_flags
320.Pq Vt str
321Set to the arguments for the
322.Xr zpool-list 8
323utility.
324The default is
325.Fl v .
326.It Va daily_backup_zfs_props_enable
327.Pq Vt bool
328Set to
329.Dq Li YES
330to create backup of the output generated from the
331.Xr zfs-get 8
332and
333.Xr zpool-get 8
334utilities.
335.It Va daily_backup_zfs_get_flags
336.Pq Vt str
337Set to the arguments for the
338.Xr zfs-get 8
339utility.
340The default is
341.Cm all .
342.It Va daily_backup_zpool_get_flags
343.Pq Vt str
344Set to the arguments for the
345.Xr zpool-get 8
346utility.
347The default is
348.Cm all .
349.It Va daily_backup_zfs_verbose
350.Pq Vt bool
351Set to
352.Dq Li YES
353to report a diff between the new backup and the existing backup
354in the daily output.
355.It Va daily_calendar_enable
356.Pq Vt bool
357Set to
358.Dq Li YES
359if you want to run
360.Nm calendar Fl a
361daily.
362.It Va daily_accounting_enable
363.Pq Vt bool
364Set to
365.Dq Li YES
366if you want to rotate your daily process accounting files.
367No rotations are necessary unless
368.Va accounting_enable
369is enabled in
370.Xr rc.conf 5 .
371.It Va daily_accounting_compress
372.Pq Vt bool
373Set to
374.Dq Li YES
375if you want your daily accounting files to be compressed using
376.Xr gzip 1 .
377.It Va daily_accounting_save
378.Pq Vt num
379When
380.Va daily_accounting_enable
381is set, this may also be set to the number of daily accounting files that are
382to be saved.
383The default is
384.Dq Li 3 .
385.It Va daily_accounting_flags
386.Pq Vt str
387Set to the arguments to pass to the
388.Xr sa 8
389utility (in addition to
390.Fl s )
391when
392.Va daily_accounting_enable
393is set to
394.Dq Li YES .
395The default is
396.Fl q .
397.It Va daily_status_disks_enable
398.Pq Vt bool
399Set to
400.Dq Li YES
401if you want to run
402.Xr df 1
403(with the arguments supplied in
404.Va daily_status_disks_df_flags )
405and
406.Nm dump Fl W .
407.It Va daily_status_disks_df_flags
408.Pq Vt str
409Set to the arguments for the
410.Xr df 1
411utility when
412.Va daily_status_disks_enable
413is set to
414.Dq Li YES .
415The default is
416.Fl l Fl h .
417.It Va daily_status_zfs_enable
418.Pq Vt bool
419Set to
420.Dq Li YES
421if you want to run
422.Nm zpool Cm status
423on your
424.Xr zfs 8
425pools.
426.It Va daily_status_zfs_zpool_list_enable
427.Pq Vt bool
428Set to
429.Dq Li YES
430if you want to run
431.Nm zpool Cm list
432on your
433.Xr zfs 8
434pools.
435Requires
436.Va daily_status_zfs_enable
437to be set to
438.Li YES .
439.It Va daily_status_gmirror_enable
440.Pq Vt bool
441Set to
442.Dq Li YES
443if you want to run
444.Nm gmirror Cm status
445on your
446.Xr gmirror 8
447devices.
448.It Va daily_status_graid3_enable
449.Pq Vt bool
450Set to
451.Dq Li YES
452if you want to run
453.Nm graid3 Cm status
454on your
455.Xr graid3 8
456devices.
457.It Va daily_status_gstripe_enable
458.Pq Vt bool
459Set to
460.Dq Li YES
461if you want to run
462.Nm gstripe Cm status
463on your
464.Xr gstripe 8
465devices.
466.It Va daily_status_gconcat_enable
467.Pq Vt bool
468Set to
469.Dq Li YES
470if you want to run
471.Nm gconcat Cm status
472on your
473.Xr gconcat 8
474devices.
475.It Va daily_status_mfi_enable
476.Pq Vt bool
477Set to
478.Dq Li YES
479if you want to run
480.Nm mfiutil Cm status
481on your
482.Xr mfi 4
483devices.
484.It Va daily_status_network_enable
485.Pq Vt bool
486Set to
487.Dq Li YES
488if you want to run
489.Nm netstat Fl i .
490.It Va daily_status_network_netstat_flags
491.Pq Vt str
492Set to additional arguments for the
493.Xr netstat 1
494utility when
495.Va daily_status_network_enable
496is set to
497.Dq Li YES .
498The default is
499.Fl d W .
500.It Va daily_status_network_usedns
501.Pq Vt bool
502Set to
503.Dq Li YES
504if you want to run
505.Xr netstat 1
506without the
507.Fl n
508option (to do DNS lookups).
509.It Va daily_status_uptime_enable
510.Pq Vt bool
511Set to
512.Dq Li YES
513if you want to run
514.Xr uptime 1
515(or
516.Xr ruptime 1
517if
518.Va rwhod_enable
519is set to
520.Dq Li YES
521in
522.Pa /etc/rc.conf ) .
523.It Va daily_status_mailq_enable
524.Pq Vt bool
525Set to
526.Dq Li YES
527if you want to run
528.Xr mailq 1 .
529.It Va daily_status_mailq_shorten
530.Pq Vt bool
531Set to
532.Dq Li YES
533if you want to shorten the
534.Xr mailq 1
535output when
536.Va daily_status_mailq_enable
537is set to
538.Dq Li YES .
539.It Va daily_status_include_submit_mailq
540.Pq Vt bool
541Set to
542.Dq Li YES
543if you also want to run
544.Xr mailq 1
545on the submit mail queue when
546.Va daily_status_mailq_enable
547is set to
548.Dq Li YES .
549This may not work with MTAs other than
550.Xr sendmail 8 .
551.It Va daily_status_security_enable
552.Pq Vt bool
553Set to
554.Dq Li YES
555if you want to run the security check.
556The security check is another set of
557.Xr periodic 8
558scripts.
559The system defaults are in
560.Pa /etc/periodic/security .
561Local scripts should be placed in
562.Pa /usr/local/etc/periodic/security .
563See the
564.Xr periodic 8
565manual page for more information.
566.It Va daily_status_security_inline
567.Pq Vt bool
568Set to
569.Dq Li YES
570if you want the security check output inline.
571The default is to either mail or log the output according to the value of
572.Va daily_status_security_output .
573.It Va daily_status_security_output
574.Pq Vt str
575Where to send the output of the security check if
576.Va daily_status_security_inline
577is set to
578.Dq Li NO .
579This variable behaves in the same way as the
580.Va *_output
581variables above, namely it can be set either to one or more email addresses
582or to an absolute file name.
583.It Va daily_status_mail_rejects_enable
584.Pq Vt bool
585Set to
586.Dq Li YES
587if you want to summarise mail rejections logged to
588.Pa /var/log/maillog
589for the previous day.
590.It Va daily_status_mail_rejects_logs
591.Pq Vt num
592Set to the number of maillog files that should be checked
593for yesterday's mail rejects.
594.It Va daily_status_ntpd_enable
595.Pq Vt bool
596Set to
597.Dq Li YES
598if you want to enable NTP status check.
599.It Va daily_status_world_kernel
600.Pq Vt bool
601Set to
602.Dq Li YES
603to check the running userland and kernel are in sync.
604.It Va daily_queuerun_enable
605.Pq Vt bool
606Set to
607.Dq Li YES
608if you want to manually run the mail queue at least once a day.
609.It Va daily_submit_queuerun
610.Pq Vt bool
611Set to
612.Dq Li YES
613if you also want to manually run the submit mail queue at least once a day
614when
615.Va daily_queuerun_enable
616is set to
617.Dq Li YES .
618.It Va daily_scrub_zfs_enable
619.Pq Vt bool
620Set to
621.Dq Li YES
622if you want to run a zfs scrub periodically.
623.It Va daily_scrub_zfs_pools
624.Pq Vt str
625A space separated list of names of zfs pools to scrub.
626If the list is empty or not set, all zfs pools are scrubbed.
627.It Va daily_scrub_zfs_default_threshold
628.Pq Vt int
629Number of days between a scrub if no pool-specific threshold is set.
630If not set, the default value is 35, corresponding to 5 weeks.
631.It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold
632.Pq Vt int
633The same as
634.Va daily_scrub_zfs_default_threshold
635but specific to the pool
636.Ao Ar poolname Ac Ns .
637.It Va daily_local
638.Pq Vt str
639Set to a list of extra scripts that should be run after all other
640daily scripts.
641All scripts must be absolute path names.
642.El
643.Pp
644The following variables are used by the standard scripts that reside in
645.Pa /etc/periodic/weekly :
646.Bl -tag -offset 4n -width 2n
647.It Va weekly_locate_enable
648.Pq Vt bool
649Set to
650.Dq Li YES
651if you want to run
652.Pa /usr/libexec/locate.updatedb .
653This script is run using
654.Nm nice Fl 5
655as user
656.Dq Li nobody ,
657and generates the table used by the
658.Xr locate 1
659command.
660.It Va weekly_whatis_enable
661.Pq Vt bool
662Set to
663.Dq Li YES
664if you want to run
665.Pa /usr/libexec/makewhatis.local .
666This script regenerates the database used by the
667.Xr apropos 1
668command.
669.It Va weekly_noid_enable
670.Pq Vt bool
671Set to
672.Dq Li YES
673if you want to locate orphaned files on the system.
674An orphaned file is one with an invalid owner or group.
675.It Va weekly_noid_dirs
676.Pq Vt str
677A list of directories under which orphaned files are searched for.
678This would usually be set to
679.Pa / .
680.It Va weekly_status_security_enable
681.Pq Vt bool
682Weekly counterpart of
683.Va daily_status_security_enable .
684.It Va weekly_status_security_inline
685.Pq Vt bool
686Weekly counterpart of
687.Va daily_status_security_inline .
688.It Va weekly_status_security_output
689.Pq Vt str
690Weekly counterpart of
691.Va daily_status_security_output .
692.It Va weekly_status_pkg_enable
693.Pq Vt bool
694Set to
695.Dq Li YES
696if you want to use
697.Xr pkg-version 8
698to list installed packages which are out of date.
699.It Va pkg_version
700.Pq Vt str
701When
702.Va weekly_status_pkg_enable
703is set to
704.Dq Li YES ,
705this variable specifies the program that is used to determine the out of
706date packages.
707If unset, the
708.Xr pkg-version 8
709program is used.
710As an example, this variable might be set to
711.Dq Li portversion
712if the
713.Pa ports/sysutils/portupgrade
714port has been installed.
715.It Va pkg_version_index
716.Pq Vt str
717This variable specifies the
718.Pa INDEX
719file from
720.Pa /usr/ports
721that should be used by
722.Xr pkg-version 8 .
723Because the dependency tree may be substantially different between versions of
724.Fx ,
725there may be more than one
726.Pa INDEX
727file in
728.Pa /usr/ports .
729.Pp
730Note, if the
731.Va pkg_version
732variable is set to
733.Dq Li portversion ,
734it will also be necessary to arrange that the correct
735.Pa INDEX
736file is specified
737using environment variables and that
738.Va pkg_version_index
739is cleared in
740.Pa /etc/periodic.conf
741.Pq Dq Li pkg_version_index= .
742.It Va weekly_local
743.Pq Vt str
744Set to a list of extra scripts that should be run after all other
745weekly scripts.
746All scripts must be absolute path names.
747.El
748.Pp
749The following variables are used by the standard scripts that reside in
750.Pa /etc/periodic/monthly :
751.Bl -tag -offset 4n -width 2n
752.It Va monthly_accounting_enable
753.Pq Vt bool
754Set to
755.Dq Li YES
756if you want to do login accounting using the
757.Xr ac 8
758command.
759.It Va monthly_status_security_enable
760.Pq Vt bool
761Monthly counterpart of
762.Va daily_status_security_enable .
763.It Va monthly_status_security_inline
764.Pq Vt bool
765Monthly counterpart of
766.Va daily_status_security_inline .
767.It Va monthly_status_security_output
768.Pq Vt str
769Monthly counterpart of
770.Va daily_status_security_output .
771.It Va monthly_local
772.Pq Vt str
773Set to a list of extra scripts that should be run after all other
774monthly scripts.
775All scripts must be absolute path names.
776.El
777.Pp
778The following variables are used by the standard scripts that reside in
779.Pa /etc/periodic/security .
780Those scripts are usually run from daily
781.Pq Va daily_status_security_enable ,
782weekly
783.Pq Va weekly_status_security_enable ,
784and monthly
785.Pq Va monthly_status_security_enable
786periodic hooks.
787The
788.Va ..._period
789of each script can be configured as
790.Dq daily ,
791.Dq weekly ,
792.Dq monthly
793or
794.Dq NO .
795Note that when periodic security scripts are run from
796.Xr crontab 5 ,
797they will be always run unless their
798.Va ..._enable
799or
800.Va ..._period
801variable is set to
802.Dq NO .
803.Bl -tag -offset 4n -width 2n
804.It Va security_status_diff_flags
805.Pq Vt str
806Set to the arguments to pass to the
807.Xr diff 1
808utility when generating differences.
809The default is
810.Fl b u .
811.It Va security_status_chksetuid_enable
812.Pq Vt bool
813Set to
814.Dq Li YES
815to compare the modes and modification times of setuid executables with
816the previous day's values.
817.It Va security_status_chksetuid_period
818.Pq Vt str
819Set to either
820.Dq Li daily ,
821.Dq Li weekly ,
822.Dq Li monthly
823or
824.Dq Li NO .
825.It Va security_status_chkportsum_enable
826.Pq Vt bool
827Set to
828.Dq Li YES
829to verify checksums of all installed packages against the known checksums in
830.Pa /var/db/pkg .
831.It Va security_status_chkportsum_period
832.Pq Vt str
833Set to either
834.Dq Li daily ,
835.Dq Li weekly ,
836.Dq Li monthly
837or
838.Dq Li NO .
839.It Va security_status_neggrpperm_enable
840.Pq Vt bool
841Set to
842.Dq Li YES
843to check for files where the group of a file has less permissions than
844the world at large.
845When users are in more than 14 supplemental groups these negative
846permissions may not be enforced via NFS shares.
847.It Va security_status_neggrpperm_period
848.Pq Vt str
849Set to either
850.Dq Li daily ,
851.Dq Li weekly ,
852.Dq Li monthly
853or
854.Dq Li NO .
855.It Va security_status_chkmounts_enable
856.Pq Vt bool
857Set to
858.Dq Li YES
859to check for changes mounted file systems to the previous day's values.
860.It Va security_status_chkmounts_period
861.Pq Vt str
862Set to either
863.Dq Li daily ,
864.Dq Li weekly ,
865.Dq Li monthly
866or
867.Dq Li NO .
868.It Va security_status_noamd
869.Pq Vt bool
870Set to
871.Dq Li YES
872if you want to ignore
873.Xr amd 8
874mounts when comparing against yesterday's file system mounts in the
875.Va security_status_chkmounts_enable
876check.
877.It Va security_status_chkuid0_enable
878.Pq Vt bool
879Set to
880.Dq Li YES
881to check
882.Pa /etc/master.passwd
883for accounts with UID 0.
884.It Va security_status_chkuid0_period
885.Pq Vt str
886Set to either
887.Dq Li daily ,
888.Dq Li weekly ,
889.Dq Li monthly
890or
891.Dq Li NO .
892.It Va security_status_passwdless_enable
893.Pq Vt bool
894Set to
895.Dq Li YES
896to check
897.Pa /etc/master.passwd
898for accounts with empty passwords.
899.It Va security_status_passwdless_period
900.Pq Vt str
901Set to either
902.Dq Li daily ,
903.Dq Li weekly ,
904.Dq Li monthly
905or
906.Dq Li NO .
907.It Va security_status_logincheck_enable
908.Pq Vt bool
909Set to
910.Dq Li YES
911to check
912.Pa /etc/login.conf
913ownership, see
914.Xr login.conf 5
915for more information.
916.It Va security_status_logincheck_period
917.Pq Vt str
918Set to either
919.Dq Li daily ,
920.Dq Li weekly ,
921.Dq Li monthly
922or
923.Dq Li NO .
924.It Va security_status_ipfwdenied_enable
925.Pq Vt bool
926Set to
927.Dq Li YES
928to show log entries for packets denied by
929.Xr ipfw 8
930since yesterday's check.
931.It Va security_status_ipfwdenied_period
932.Pq Vt str
933Set to either
934.Dq Li daily ,
935.Dq Li weekly ,
936.Dq Li monthly
937or
938.Dq Li NO .
939.It Va security_status_ipfdenied_enable
940.Pq Vt bool
941Set to
942.Dq Li YES
943to show log entries for packets denied by
944.Xr ipf 8
945since yesterday's check.
946.It Va security_status_ipfdenied_period
947.Pq Vt str
948Set to either
949.Dq Li daily ,
950.Dq Li weekly ,
951.Dq Li monthly
952or
953.Dq Li NO .
954.It Va security_status_pfdenied_enable
955.Pq Vt bool
956Set to
957.Dq Li YES
958to show log entries for packets denied by
959.Xr pf 4
960since yesterday's check.
961.It Va security_status_pfdenied_additionalanchors
962.Pq Vt str
963Space-separated list of additional anchors whose denied packets log entries to
964show.
965The main ruleset (i.e., the empty-string anchor) and any
966.Xr blacklistd 8
967anchors, if present, are always shown.
968.It Va security_status_pfdenied_period
969.Pq Vt str
970Set to either
971.Dq Li daily ,
972.Dq Li weekly ,
973.Dq Li monthly
974or
975.Dq Li NO .
976.It Va security_status_ipfwlimit_enable
977.Pq Vt bool
978Set to
979.Dq Li YES
980to display
981.Xr ipfw 8
982rules that have reached their verbosity limit.
983.It Va security_status_ipfwlimit_period
984.Pq Vt str
985Set to either
986.Dq Li daily ,
987.Dq Li weekly ,
988.Dq Li monthly
989or
990.Dq Li NO .
991.It Va security_status_kernelmsg_enable
992.Pq Vt bool
993Set to
994.Dq Li YES
995to show new
996.Xr dmesg 8
997entries since yesterday's check.
998.It Va security_status_kernelmsg_period
999.Pq Vt str
1000Set to either
1001.Dq Li daily ,
1002.Dq Li weekly ,
1003.Dq Li monthly
1004or
1005.Dq Li NO .
1006.It Va security_status_loginfail_enable
1007.Pq Vt bool
1008Set to
1009.Dq Li YES
1010to display failed logins from
1011.Pa /var/log/messages
1012in the previous day.
1013.It Va security_status_loginfail_period
1014.Pq Vt str
1015Set to either
1016.Dq Li daily ,
1017.Dq Li weekly ,
1018.Dq Li monthly
1019or
1020.Dq Li NO .
1021.It Va security_status_tcpwrap_enable
1022.Pq Vt bool
1023Set to
1024.Dq Li YES
1025to display connections denied by tcpwrappers (see
1026.Xr hosts_access 5 )
1027from
1028.Pa /var/log/messages
1029during the previous day.
1030.It Va security_status_tcpwrap_period
1031.Pq Vt str
1032Set to either
1033.Dq Li daily ,
1034.Dq Li weekly ,
1035.Dq Li monthly
1036or
1037.Dq Li NO .
1038.El
1039.Sh FILES
1040.Bl -tag -width ".Pa /etc/defaults/periodic.conf"
1041.It Pa /etc/defaults/periodic.conf
1042The default configuration file.
1043This file contains all default variables and values.
1044.It Pa /etc/periodic.conf
1045The usual system specific variable override file.
1046.It Pa /etc/periodic.conf.local
1047An additional override file, useful when
1048.Pa /etc/periodic.conf
1049is shared or distributed.
1050.El
1051.Sh SEE ALSO
1052.Xr apropos 1 ,
1053.Xr calendar 1 ,
1054.Xr df 1 ,
1055.Xr diff 1 ,
1056.Xr gzip 1 ,
1057.Xr locate 1 ,
1058.Xr man 1 ,
1059.Xr msgs 1 ,
1060.Xr netstat 1 ,
1061.Xr nice 1 ,
1062.Xr login.conf 5 ,
1063.Xr rc.conf 5 ,
1064.Xr ac 8 ,
1065.Xr chkgrp 8 ,
1066.Xr dump 8 ,
1067.Xr newsyslog 8 ,
1068.Xr periodic 8 ,
1069.Xr pkg-version 8 ,
1070.Xr sendmail 8
1071.Sh HISTORY
1072The
1073.Nm
1074file appeared in
1075.Fx 4.1 .
1076.Sh AUTHORS
1077.An Brian Somers Aq Mt brian@Awfulhak.org
1078