1.\"- 2.\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org> 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.Dd April 9, 2024 27.Dt PERIODIC.CONF 5 28.Os 29.Sh NAME 30.Nm periodic.conf 31.Nd periodic job configuration information 32.Sh DESCRIPTION 33The file 34.Nm 35contains a description of how daily, weekly and monthly system maintenance 36jobs should run. 37It resides in the 38.Pa /etc/defaults 39directory and parts may be overridden by a file of the same name in 40.Pa /etc , 41which itself may be overridden by the 42.Pa /etc/periodic.conf.local 43file. 44.Pp 45The 46.Nm 47file 48is actually sourced as a shell script from each of the periodic scripts 49and is intended to simply provide default configuration variables. 50.Pp 51The following variables are used by 52.Xr periodic 8 53itself: 54.Bl -tag -offset 4n -width 2n 55.It Va local_periodic 56.Pq Vt str 57List of directories to search for periodic scripts. 58This list is always prefixed with 59.Pa /etc/periodic , 60and is only used when an argument to 61.Xr periodic 8 62is not an absolute directory name. 63.It Ao Ar dir Ac Ns Va _output 64.Pq Vt path No or Vt list 65What to do with the output of the scripts executed from 66the directory 67.Ar dir . 68If this variable is set to an absolute path name, output is logged to 69that file, otherwise it is taken as one or more space separated email 70addresses and mailed to those users. 71If this variable is not set or is empty, output is sent to standard output. 72.Pp 73For an unattended machine, suitable values for 74.Va daily_output , 75.Va weekly_output , 76and 77.Va monthly_output 78might be 79.Dq Li /var/log/daily.log , 80.Dq Li /var/log/weekly.log , 81and 82.Dq Li /var/log/monthly.log 83respectively, as 84.Xr newsyslog 8 85will rotate these files (if they exists) at the appropriate times. 86.It Ao Ar dir Ac Ns Va _show_success 87.It Ao Ar dir Ac Ns Va _show_info 88.It Ao Ar dir Ac Ns Va _show_badconfig 89.Pq Vt bool 90These variables control whether 91.Xr periodic 8 92will mask the output of the executed scripts based on their return code 93(where 94.Ar dir 95is the base directory name in which each script resides). 96If the return code of a script is 97.Sq 0 98and 99.Ao Ar dir Ac Ns Va _show_success 100is set to 101.Dq Li NO , 102.Xr periodic 8 103will mask the script's output. 104If the return code of a script is 105.Sq 1 106and 107.Ao Ar dir Ac Ns Va _show_info 108is set to 109.Dq Li NO , 110.Xr periodic 8 111will mask the script's output. 112If the return code of a script is 113.Sq 2 114and 115.Ao Ar dir Ac Ns Va _show_badconfig 116is set to 117.Dq Li NO , 118.Xr periodic 8 119will mask the script's output. 120If these variables are set to neither 121.Dq Li YES 122nor 123.Dq Li NO , 124they default to 125.Dq Li YES , 126.Dq Li YES 127and 128.Dq Li NO 129respectively. 130.Pp 131Refer to the 132.Xr periodic 8 133manual page for how script return codes are interpreted. 134.It Va anticongestion_sleeptime 135.Pq Vt int 136The maximum number of seconds to randomly sleep in order to smooth bursty loads 137on a shared resource, such as a download mirror. 138.El 139.Pp 140The following variables are used by the standard scripts that reside in 141.Pa /etc/periodic/daily : 142.Bl -tag -offset 4n -width 2n 143.It Va daily_clean_disks_enable 144.Pq Vt bool 145Set to 146.Dq Li YES 147if you want to remove all files matching 148.Va daily_clean_disks_files 149daily. 150.It Va daily_clean_disks_files 151.Pq Vt str 152Set to a list of file names to match. 153Wild cards are permitted. 154.It Va daily_clean_disks_days 155.Pq Vt num 156When 157.Va daily_clean_disks_enable 158is set to 159.Dq Li YES , 160this must also be set to the number of days old that a file's access 161and modification times must be before it is deleted. 162.It Va daily_clean_disks_verbose 163.Pq Vt bool 164Set to 165.Dq Li YES 166if you want the removed files to be reported in your daily output. 167.It Va daily_clean_tmps_enable 168.Pq Vt bool 169Set to 170.Dq Li YES 171if you want to clear temporary directories daily. 172.It Va daily_clean_tmps_dirs 173.Pq Vt str 174Set to the list of directories to clear if 175.Va daily_clean_tmps_enable 176is set to 177.Dq Li YES . 178.It Va daily_clean_tmps_days 179.Pq Vt num 180When 181.Va daily_clean_tmps_enable 182is set, this must also be set to the number of days old that a file's access 183and modification times must be before it is deleted. 184.It Va daily_clean_tmps_ignore 185.Pq Vt str 186Set to the list of files that should not be deleted when 187.Va daily_clean_tmps_enable 188is set to 189.Dq Li YES . 190Wild card characters are permitted. 191.It Va daily_clean_tmps_verbose 192.Pq Vt bool 193Set to 194.Dq Li YES 195if you want the removed files to be reported in your daily output. 196.It Va daily_clean_preserve_enable 197.Pq Vt bool 198Set to 199.Dq Li YES 200if you wish to remove old files from 201.Pa /var/preserve . 202.It Va daily_clean_preserve_days 203.Pq Vt num 204Set to the number of days that files must not have been modified before 205they are deleted. 206.It Va daily_clean_preserve_verbose 207.Pq Vt bool 208Set to 209.Dq Li YES 210if you want the removed files to be reported in your daily output. 211.It Va daily_clean_msgs_enable 212.Pq Vt bool 213Set to 214.Dq Li YES 215if you wish old system messages to be purged. 216.It Va daily_clean_msgs_days 217.Pq Vt num 218Set to the number of days that files must not have been modified before 219they are deleted. 220If this variable is left blank, the 221.Xr msgs 1 222default is used. 223.It Va daily_clean_rwho_enable 224.Pq Vt bool 225Set to 226.Dq Li YES 227if you wish old files in 228.Pa /var/who 229to be purged. 230.It Va daily_clean_rwho_days 231.Pq Vt num 232Set to the number of days that files must not have been modified before 233they are deleted. 234.It Va daily_clean_rwho_verbose 235.Pq Vt bool 236Set to 237.Dq Li YES 238if you want the removed files to be reported in your daily output. 239.It Va daily_clean_hoststat_enable 240.Pq Vt bool 241Set to 242.Dq Li YES 243to run 244.Nm sendmail Fl bH 245to automatically purge stale entries from 246.Xr sendmail 8 Ns 's 247host status cache. 248Files will be deleted using the same criteria as 249.Xr sendmail 8 250would normally use when determining whether to believe the cached information, 251as configured in 252.Pa /etc/mail/sendmail.cf . 253.It Va daily_backup_efi_enable 254.Pq Vt bool 255Set to 256.Dq Li YES 257to create backup of EFI System Partition (ESP). 258.It Va daily_backup_gmirror_enable 259.Pq Vt bool 260Set to 261.Dq Li YES 262to create backup of gmirror information (i.e., output of 263.Nm gmirror Cm list ) , 264see 265.Xr gmirror 8 . 266.It Va daily_backup_gmirror_verbose 267.Pq Vt bool 268Set to 269.Dq Li YES 270to report a diff between the new backup and the existing backup 271in the daily output. 272.It Va daily_backup_gpart_enable 273.Pq Vt bool 274Set to 275.Dq Li YES 276to create backups of partition tables, and bootcode partition contents. 277.It Va daily_backup_gpart_verbose 278.Pq Vt bool 279Set to 280.Dq Li YES 281to be verbose if existing backups for kern.geom.conftxt or the partition tables differ 282from the new backups. 283.It Va daily_backup_passwd_enable 284.Pq Vt bool 285Set to 286.Dq Li YES 287if you want the 288.Pa /etc/master.passwd 289and 290.Pa /etc/group 291files backed up and reported on. 292Reporting consists of checking both files for modifications and running 293.Xr chkgrp 8 294on the 295.Pa group 296file. 297.It Va daily_backup_aliases_enable 298.Pq Vt bool 299Set to 300.Dq Li YES 301if you want the 302.Pa /etc/mail/aliases 303file backed up and modifications to be displayed in your daily output. 304.It Va daily_backup_zfs_enable 305.Pq Vt bool 306Set to 307.Dq Li YES 308to create backup of the output generated from the 309.Xr zfs-list 8 310and 311.Xr zpool-list 8 312utilities. 313.It Va daily_backup_zfs_list_flags 314.Pq Vt str 315Set to the arguments for the 316.Xr zfs-list 8 317utility. 318The default is standard behavior. 319.It Va daily_backup_zpool_list_flags 320.Pq Vt str 321Set to the arguments for the 322.Xr zpool-list 8 323utility. 324The default is 325.Fl v . 326.It Va daily_backup_zfs_props_enable 327.Pq Vt bool 328Set to 329.Dq Li YES 330to create backup of the output generated from the 331.Xr zfs-get 8 332and 333.Xr zpool-get 8 334utilities. 335.It Va daily_backup_zfs_get_flags 336.Pq Vt str 337Set to the arguments for the 338.Xr zfs-get 8 339utility. 340The default is 341.Cm all . 342.It Va daily_backup_zpool_get_flags 343.Pq Vt str 344Set to the arguments for the 345.Xr zpool-get 8 346utility. 347The default is 348.Cm all . 349.It Va daily_backup_zfs_verbose 350.Pq Vt bool 351Set to 352.Dq Li YES 353to report a diff between the new backup and the existing backup 354in the daily output. 355.It Va daily_calendar_enable 356.Pq Vt bool 357Set to 358.Dq Li YES 359if you want to run 360.Nm calendar Fl a 361daily. 362.It Va daily_accounting_enable 363.Pq Vt bool 364Set to 365.Dq Li YES 366if you want to rotate your daily process accounting files. 367No rotations are necessary unless 368.Va accounting_enable 369is enabled in 370.Xr rc.conf 5 . 371.It Va daily_accounting_compress 372.Pq Vt bool 373Set to 374.Dq Li YES 375if you want your daily accounting files to be compressed using 376.Xr gzip 1 . 377.It Va daily_accounting_save 378.Pq Vt num 379When 380.Va daily_accounting_enable 381is set, this may also be set to the number of daily accounting files that are 382to be saved. 383The default is 384.Dq Li 3 . 385.It Va daily_accounting_flags 386.Pq Vt str 387Set to the arguments to pass to the 388.Xr sa 8 389utility (in addition to 390.Fl s ) 391when 392.Va daily_accounting_enable 393is set to 394.Dq Li YES . 395The default is 396.Fl q . 397.It Va daily_status_disks_enable 398.Pq Vt bool 399Set to 400.Dq Li YES 401if you want to run 402.Xr df 1 403(with the arguments supplied in 404.Va daily_status_disks_df_flags ) 405and 406.Nm dump Fl W . 407.It Va daily_status_disks_df_flags 408.Pq Vt str 409Set to the arguments for the 410.Xr df 1 411utility when 412.Va daily_status_disks_enable 413is set to 414.Dq Li YES . 415The default is 416.Fl l Fl h . 417.It Va daily_status_zfs_enable 418.Pq Vt bool 419Set to 420.Dq Li YES 421if you want to run 422.Nm zpool Cm status 423on your 424.Xr zfs 8 425pools. 426.It Va daily_status_zfs_zpool_list_enable 427.Pq Vt bool 428Set to 429.Dq Li YES 430if you want to run 431.Nm zpool Cm list 432on your 433.Xr zfs 8 434pools. 435Requires 436.Va daily_status_zfs_enable 437to be set to 438.Li YES . 439.It Va daily_status_gmirror_enable 440.Pq Vt bool 441Set to 442.Dq Li YES 443if you want to run 444.Nm gmirror Cm status 445on your 446.Xr gmirror 8 447devices. 448.It Va daily_status_graid3_enable 449.Pq Vt bool 450Set to 451.Dq Li YES 452if you want to run 453.Nm graid3 Cm status 454on your 455.Xr graid3 8 456devices. 457.It Va daily_status_gstripe_enable 458.Pq Vt bool 459Set to 460.Dq Li YES 461if you want to run 462.Nm gstripe Cm status 463on your 464.Xr gstripe 8 465devices. 466.It Va daily_status_gconcat_enable 467.Pq Vt bool 468Set to 469.Dq Li YES 470if you want to run 471.Nm gconcat Cm status 472on your 473.Xr gconcat 8 474devices. 475.It Va daily_status_mfi_enable 476.Pq Vt bool 477Set to 478.Dq Li YES 479if you want to run 480.Nm mfiutil Cm status 481on your 482.Xr mfi 4 483devices. 484.It Va daily_status_network_enable 485.Pq Vt bool 486Set to 487.Dq Li YES 488if you want to run 489.Nm netstat Fl i . 490.It Va daily_status_network_netstat_flags 491.Pq Vt str 492Set to additional arguments for the 493.Xr netstat 1 494utility when 495.Va daily_status_network_enable 496is set to 497.Dq Li YES . 498The default is 499.Fl d W . 500.It Va daily_status_network_usedns 501.Pq Vt bool 502Set to 503.Dq Li YES 504if you want to run 505.Xr netstat 1 506without the 507.Fl n 508option (to do DNS lookups). 509.It Va daily_status_uptime_enable 510.Pq Vt bool 511Set to 512.Dq Li YES 513if you want to run 514.Xr uptime 1 515(or 516.Xr ruptime 1 517if 518.Va rwhod_enable 519is set to 520.Dq Li YES 521in 522.Pa /etc/rc.conf ) . 523.It Va daily_status_mailq_enable 524.Pq Vt bool 525Set to 526.Dq Li YES 527if you want to run 528.Xr mailq 1 . 529.It Va daily_status_mailq_shorten 530.Pq Vt bool 531Set to 532.Dq Li YES 533if you want to shorten the 534.Xr mailq 1 535output when 536.Va daily_status_mailq_enable 537is set to 538.Dq Li YES . 539.It Va daily_status_include_submit_mailq 540.Pq Vt bool 541Set to 542.Dq Li YES 543if you also want to run 544.Xr mailq 1 545on the submit mail queue when 546.Va daily_status_mailq_enable 547is set to 548.Dq Li YES . 549This may not work with MTAs other than 550.Xr sendmail 8 . 551.It Va daily_status_security_enable 552.Pq Vt bool 553Set to 554.Dq Li YES 555if you want to run the security check. 556The security check is another set of 557.Xr periodic 8 558scripts. 559The system defaults are in 560.Pa /etc/periodic/security . 561Local scripts should be placed in 562.Pa /usr/local/etc/periodic/security . 563See the 564.Xr periodic 8 565manual page for more information. 566.It Va daily_status_security_inline 567.Pq Vt bool 568Set to 569.Dq Li YES 570if you want the security check output inline. 571The default is to either mail or log the output according to the value of 572.Va daily_status_security_output . 573.It Va daily_status_security_output 574.Pq Vt str 575Where to send the output of the security check if 576.Va daily_status_security_inline 577is set to 578.Dq Li NO . 579This variable behaves in the same way as the 580.Va *_output 581variables above, namely it can be set either to one or more email addresses 582or to an absolute file name. 583.It Va daily_status_mail_rejects_enable 584.Pq Vt bool 585Set to 586.Dq Li YES 587if you want to summarise mail rejections logged to 588.Pa /var/log/maillog 589for the previous day. 590.It Va daily_status_mail_rejects_logs 591.Pq Vt num 592Set to the number of maillog files that should be checked 593for yesterday's mail rejects. 594.It Va daily_status_ntpd_enable 595.Pq Vt bool 596Set to 597.Dq Li YES 598if you want to enable NTP status check. 599.It Va daily_status_world_kernel 600.Pq Vt bool 601Set to 602.Dq Li YES 603to check the running userland and kernel are in sync. 604.It Va daily_queuerun_enable 605.Pq Vt bool 606Set to 607.Dq Li YES 608if you want to manually run the mail queue at least once a day. 609.It Va daily_submit_queuerun 610.Pq Vt bool 611Set to 612.Dq Li YES 613if you also want to manually run the submit mail queue at least once a day 614when 615.Va daily_queuerun_enable 616is set to 617.Dq Li YES . 618.It Va daily_scrub_zfs_enable 619.Pq Vt bool 620Set to 621.Dq Li YES 622if you want to run a zfs scrub periodically. 623.It Va daily_scrub_zfs_pools 624.Pq Vt str 625A space separated list of names of zfs pools to scrub. 626If the list is empty or not set, all zfs pools are scrubbed. 627.It Va daily_scrub_zfs_default_threshold 628.Pq Vt int 629Number of days between a scrub if no pool-specific threshold is set. 630If not set, the default value is 35, corresponding to 5 weeks. 631.It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold 632.Pq Vt int 633The same as 634.Va daily_scrub_zfs_default_threshold 635but specific to the pool 636.Ao Ar poolname Ac Ns . 637.It Va daily_trim_zfs_enable 638.Pq Vt bool 639Set to 640.Dq Li YES 641if you want to run a zfs trim daily. 642.It Va daily_trim_zfs_pools 643.Pq Vt str 644A space separated list of names of zfs pools to trim. 645If the list is empty or not set, all zfs pools are trimmed. 646.It Va daily_local 647.Pq Vt str 648Set to a list of extra scripts that should be run after all other 649daily scripts. 650All scripts must be absolute path names. 651.It Va daily_diff_flags 652.Pq Vt str 653Set to the arguments to pass to the 654.Xr diff 1 655utility when generating differences. 656The default is 657.Fl b 658.Fl U Cm 0 . 659.El 660.Pp 661The following variables are used by the standard scripts that reside in 662.Pa /etc/periodic/weekly : 663.Bl -tag -offset 4n -width 2n 664.It Va weekly_locate_enable 665.Pq Vt bool 666Set to 667.Dq Li YES 668if you want to run 669.Pa /usr/libexec/locate.updatedb . 670This script is run using 671.Nm nice Fl 5 672as user 673.Dq Li nobody , 674and generates the table used by the 675.Xr locate 1 676command. 677.It Va weekly_whatis_enable 678.Pq Vt bool 679Set to 680.Dq Li YES 681if you want to run 682.Pa /usr/libexec/makewhatis.local . 683This script regenerates the database used by the 684.Xr apropos 1 685command. 686.It Va weekly_noid_enable 687.Pq Vt bool 688Set to 689.Dq Li YES 690if you want to locate orphaned files on the system. 691An orphaned file is one with an invalid owner or group. 692.It Va weekly_noid_dirs 693.Pq Vt str 694A list of directories under which orphaned files are searched for. 695This would usually be set to 696.Pa / . 697.It Va weekly_status_security_enable 698.Pq Vt bool 699Weekly counterpart of 700.Va daily_status_security_enable . 701.It Va weekly_status_security_inline 702.Pq Vt bool 703Weekly counterpart of 704.Va daily_status_security_inline . 705.It Va weekly_status_security_output 706.Pq Vt str 707Weekly counterpart of 708.Va daily_status_security_output . 709.It Va weekly_status_pkg_enable 710.Pq Vt bool 711Set to 712.Dq Li YES 713if you want to use 714.Xr pkg-version 8 715to list installed packages which are out of date. 716.It Va pkg_version 717.Pq Vt str 718When 719.Va weekly_status_pkg_enable 720is set to 721.Dq Li YES , 722this variable specifies the program that is used to determine the out of 723date packages. 724If unset, the 725.Xr pkg-version 8 726program is used. 727As an example, this variable might be set to 728.Dq Li portversion 729if the 730.Pa ports/sysutils/portupgrade 731port has been installed. 732.It Va pkg_version_index 733.Pq Vt str 734This variable specifies the 735.Pa INDEX 736file from 737.Pa /usr/ports 738that should be used by 739.Xr pkg-version 8 . 740Because the dependency tree may be substantially different between versions of 741.Fx , 742there may be more than one 743.Pa INDEX 744file in 745.Pa /usr/ports . 746.Pp 747Note, if the 748.Va pkg_version 749variable is set to 750.Dq Li portversion , 751it will also be necessary to arrange that the correct 752.Pa INDEX 753file is specified 754using environment variables and that 755.Va pkg_version_index 756is cleared in 757.Pa /etc/periodic.conf 758.Pq Dq Li pkg_version_index= . 759.It Va weekly_local 760.Pq Vt str 761Set to a list of extra scripts that should be run after all other 762weekly scripts. 763All scripts must be absolute path names. 764.El 765.Pp 766The following variables are used by the standard scripts that reside in 767.Pa /etc/periodic/monthly : 768.Bl -tag -offset 4n -width 2n 769.It Va monthly_accounting_enable 770.Pq Vt bool 771Set to 772.Dq Li YES 773if you want to do login accounting using the 774.Xr ac 8 775command. 776.It Va monthly_status_security_enable 777.Pq Vt bool 778Monthly counterpart of 779.Va daily_status_security_enable . 780.It Va monthly_status_security_inline 781.Pq Vt bool 782Monthly counterpart of 783.Va daily_status_security_inline . 784.It Va monthly_status_security_output 785.Pq Vt str 786Monthly counterpart of 787.Va daily_status_security_output . 788.It Va monthly_local 789.Pq Vt str 790Set to a list of extra scripts that should be run after all other 791monthly scripts. 792All scripts must be absolute path names. 793.El 794.Pp 795The following variables are used by the standard scripts that reside in 796.Pa /etc/periodic/security . 797Those scripts are usually run from daily 798.Pq Va daily_status_security_enable , 799weekly 800.Pq Va weekly_status_security_enable , 801and monthly 802.Pq Va monthly_status_security_enable 803periodic hooks. 804The 805.Va ..._period 806of each script can be configured as 807.Dq daily , 808.Dq weekly , 809.Dq monthly 810or 811.Dq NO . 812Note that when periodic security scripts are run from 813.Xr crontab 5 , 814they will be always run unless their 815.Va ..._enable 816or 817.Va ..._period 818variable is set to 819.Dq NO . 820.Bl -tag -offset 4n -width 2n 821.It Va security_status_diff_flags 822.Pq Vt str 823Set to the arguments to pass to the 824.Xr diff 1 825utility when generating differences. 826The default is 827.Fl b 828.Fl U Cm 0 . 829.It Va security_status_chksetuid_enable 830.Pq Vt bool 831Set to 832.Dq Li YES 833to compare the modes and modification times of setuid executables with 834the previous day's values. 835.It Va security_status_chksetuid_period 836.Pq Vt str 837Set to either 838.Dq Li daily , 839.Dq Li weekly , 840.Dq Li monthly 841or 842.Dq Li NO . 843.It Va security_status_chkportsum_enable 844.Pq Vt bool 845Set to 846.Dq Li YES 847to verify checksums of all installed packages against the known checksums in 848.Pa /var/db/pkg . 849.It Va security_status_chkportsum_period 850.Pq Vt str 851Set to either 852.Dq Li daily , 853.Dq Li weekly , 854.Dq Li monthly 855or 856.Dq Li NO . 857.It Va security_status_neggrpperm_enable 858.Pq Vt bool 859Set to 860.Dq Li YES 861to check for files where the group of a file has less permissions than 862the world at large. 863When users are in more than 14 supplemental groups these negative 864permissions may not be enforced via NFS shares. 865.It Va security_status_neggrpperm_period 866.Pq Vt str 867Set to either 868.Dq Li daily , 869.Dq Li weekly , 870.Dq Li monthly 871or 872.Dq Li NO . 873.It Va security_status_chkmounts_enable 874.Pq Vt bool 875Set to 876.Dq Li YES 877to check for changes mounted file systems to the previous day's values. 878.It Va security_status_chkmounts_period 879.Pq Vt str 880Set to either 881.Dq Li daily , 882.Dq Li weekly , 883.Dq Li monthly 884or 885.Dq Li NO . 886.It Va security_status_noamd 887.Pq Vt bool 888Set to 889.Dq Li YES 890if you want to ignore 891.Xr amd 8 892mounts when comparing against yesterday's file system mounts in the 893.Va security_status_chkmounts_enable 894check. 895.It Va security_status_chkuid0_enable 896.Pq Vt bool 897Set to 898.Dq Li YES 899to check 900.Pa /etc/master.passwd 901for accounts with UID 0. 902.It Va security_status_chkuid0_period 903.Pq Vt str 904Set to either 905.Dq Li daily , 906.Dq Li weekly , 907.Dq Li monthly 908or 909.Dq Li NO . 910.It Va security_status_passwdless_enable 911.Pq Vt bool 912Set to 913.Dq Li YES 914to check 915.Pa /etc/master.passwd 916for accounts with empty passwords. 917.It Va security_status_passwdless_period 918.Pq Vt str 919Set to either 920.Dq Li daily , 921.Dq Li weekly , 922.Dq Li monthly 923or 924.Dq Li NO . 925.It Va security_status_logincheck_enable 926.Pq Vt bool 927Set to 928.Dq Li YES 929to check 930.Pa /etc/login.conf 931ownership, see 932.Xr login.conf 5 933for more information. 934.It Va security_status_logincheck_period 935.Pq Vt str 936Set to either 937.Dq Li daily , 938.Dq Li weekly , 939.Dq Li monthly 940or 941.Dq Li NO . 942.It Va security_status_ipfwdenied_enable 943.Pq Vt bool 944Set to 945.Dq Li YES 946to show log entries for packets denied by 947.Xr ipfw 8 948since yesterday's check. 949.It Va security_status_ipfwdenied_period 950.Pq Vt str 951Set to either 952.Dq Li daily , 953.Dq Li weekly , 954.Dq Li monthly 955or 956.Dq Li NO . 957.It Va security_status_ipfdenied_enable 958.Pq Vt bool 959Set to 960.Dq Li YES 961to show log entries for packets denied by 962.Xr ipf 8 963since yesterday's check. 964.It Va security_status_ipfdenied_period 965.Pq Vt str 966Set to either 967.Dq Li daily , 968.Dq Li weekly , 969.Dq Li monthly 970or 971.Dq Li NO . 972.It Va security_status_pfdenied_enable 973.Pq Vt bool 974Set to 975.Dq Li YES 976to show log entries for packets denied by 977.Xr pf 4 978since yesterday's check. 979.It Va security_status_pfdenied_additionalanchors 980.Pq Vt str 981Space-separated list of additional anchors whose denied packets log entries to 982show. 983The main ruleset (i.e., the empty-string anchor) and any 984.Xr blacklistd 8 985anchors, if present, are always shown. 986.It Va security_status_pfdenied_period 987.Pq Vt str 988Set to either 989.Dq Li daily , 990.Dq Li weekly , 991.Dq Li monthly 992or 993.Dq Li NO . 994.It Va security_status_ipfwlimit_enable 995.Pq Vt bool 996Set to 997.Dq Li YES 998to display 999.Xr ipfw 8 1000rules that have reached their verbosity limit. 1001.It Va security_status_ipfwlimit_period 1002.Pq Vt str 1003Set to either 1004.Dq Li daily , 1005.Dq Li weekly , 1006.Dq Li monthly 1007or 1008.Dq Li NO . 1009.It Va security_status_kernelmsg_enable 1010.Pq Vt bool 1011Set to 1012.Dq Li YES 1013to show new 1014.Xr dmesg 8 1015entries since yesterday's check. 1016.It Va security_status_kernelmsg_period 1017.Pq Vt str 1018Set to either 1019.Dq Li daily , 1020.Dq Li weekly , 1021.Dq Li monthly 1022or 1023.Dq Li NO . 1024.It Va security_status_loginfail_enable 1025.Pq Vt bool 1026Set to 1027.Dq Li YES 1028to display failed logins from 1029.Pa /var/log/messages 1030in the previous day. 1031.It Va security_status_loginfail_period 1032.Pq Vt str 1033Set to either 1034.Dq Li daily , 1035.Dq Li weekly , 1036.Dq Li monthly 1037or 1038.Dq Li NO . 1039.It Va security_status_tcpwrap_enable 1040.Pq Vt bool 1041Set to 1042.Dq Li YES 1043to display connections denied by tcpwrappers (see 1044.Xr hosts_access 5 ) 1045from 1046.Pa /var/log/messages 1047during the previous day. 1048.It Va security_status_tcpwrap_period 1049.Pq Vt str 1050Set to either 1051.Dq Li daily , 1052.Dq Li weekly , 1053.Dq Li monthly 1054or 1055.Dq Li NO . 1056.El 1057.Sh FILES 1058.Bl -tag -width ".Pa /etc/defaults/periodic.conf" 1059.It Pa /etc/defaults/periodic.conf 1060The default configuration file. 1061This file contains all default variables and values. 1062.It Pa /etc/periodic.conf 1063The usual system specific variable override file. 1064.It Pa /etc/periodic.conf.local 1065An additional override file, useful when 1066.Pa /etc/periodic.conf 1067is shared or distributed. 1068.El 1069.Sh SEE ALSO 1070.Xr apropos 1 , 1071.Xr calendar 1 , 1072.Xr df 1 , 1073.Xr diff 1 , 1074.Xr gzip 1 , 1075.Xr locate 1 , 1076.Xr man 1 , 1077.Xr msgs 1 , 1078.Xr netstat 1 , 1079.Xr nice 1 , 1080.Xr login.conf 5 , 1081.Xr rc.conf 5 , 1082.Xr ac 8 , 1083.Xr chkgrp 8 , 1084.Xr dump 8 , 1085.Xr newsyslog 8 , 1086.Xr periodic 8 , 1087.Xr pkg-version 8 , 1088.Xr sendmail 8 1089.Sh HISTORY 1090The 1091.Nm 1092file appeared in 1093.Fx 4.1 . 1094.Sh AUTHORS 1095.An Brian Somers Aq Mt brian@Awfulhak.org 1096