xref: /freebsd/share/man/man5/periodic.conf.5 (revision b2d2a78ad80ec68d4a17f5aef97d21686cb1e29b)
1.\"-
2.\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.Dd April 9, 2024
27.Dt PERIODIC.CONF 5
28.Os
29.Sh NAME
30.Nm periodic.conf
31.Nd periodic job configuration information
32.Sh DESCRIPTION
33The file
34.Nm
35contains a description of how daily, weekly and monthly system maintenance
36jobs should run.
37It resides in the
38.Pa /etc/defaults
39directory and parts may be overridden by a file of the same name in
40.Pa /etc ,
41which itself may be overridden by the
42.Pa /etc/periodic.conf.local
43file.
44.Pp
45The
46.Nm
47file
48is actually sourced as a shell script from each of the periodic scripts
49and is intended to simply provide default configuration variables.
50.Pp
51The following variables are used by
52.Xr periodic 8
53itself:
54.Bl -tag -offset 4n -width 2n
55.It Va local_periodic
56.Pq Vt str
57List of directories to search for periodic scripts.
58This list is always prefixed with
59.Pa /etc/periodic ,
60and is only used when an argument to
61.Xr periodic 8
62is not an absolute directory name.
63.It Ao Ar dir Ac Ns Va _output
64.Pq Vt path No or Vt list
65What to do with the output of the scripts executed from
66the directory
67.Ar dir .
68If this variable is set to an absolute path name, output is logged to
69that file, otherwise it is taken as one or more space separated email
70addresses and mailed to those users.
71If this variable is not set or is empty, output is sent to standard output.
72.Pp
73For an unattended machine, suitable values for
74.Va daily_output ,
75.Va weekly_output ,
76and
77.Va monthly_output
78might be
79.Dq Li /var/log/daily.log ,
80.Dq Li /var/log/weekly.log ,
81and
82.Dq Li /var/log/monthly.log
83respectively, as
84.Xr newsyslog 8
85will rotate these files (if they exists) at the appropriate times.
86.It Ao Ar dir Ac Ns Va _show_success
87.It Ao Ar dir Ac Ns Va _show_info
88.It Ao Ar dir Ac Ns Va _show_badconfig
89.Pq Vt bool
90These variables control whether
91.Xr periodic 8
92will mask the output of the executed scripts based on their return code
93(where
94.Ar dir
95is the base directory name in which each script resides).
96If the return code of a script is
97.Sq 0
98and
99.Ao Ar dir Ac Ns Va _show_success
100is set to
101.Dq Li NO ,
102.Xr periodic 8
103will mask the script's output.
104If the return code of a script is
105.Sq 1
106and
107.Ao Ar dir Ac Ns Va _show_info
108is set to
109.Dq Li NO ,
110.Xr periodic 8
111will mask the script's output.
112If the return code of a script is
113.Sq 2
114and
115.Ao Ar dir Ac Ns Va _show_badconfig
116is set to
117.Dq Li NO ,
118.Xr periodic 8
119will mask the script's output.
120If these variables are set to neither
121.Dq Li YES
122nor
123.Dq Li NO ,
124they default to
125.Dq Li YES ,
126.Dq Li YES
127and
128.Dq Li NO
129respectively.
130.Pp
131Refer to the
132.Xr periodic 8
133manual page for how script return codes are interpreted.
134.It Va anticongestion_sleeptime
135.Pq Vt int
136The maximum number of seconds to randomly sleep in order to smooth bursty loads
137on a shared resource, such as a download mirror.
138.El
139.Pp
140The following variables are used by the standard scripts that reside in
141.Pa /etc/periodic/daily :
142.Bl -tag -offset 4n -width 2n
143.It Va daily_clean_disks_enable
144.Pq Vt bool
145Set to
146.Dq Li YES
147if you want to remove all files matching
148.Va daily_clean_disks_files
149daily.
150.It Va daily_clean_disks_files
151.Pq Vt str
152Set to a list of file names to match.
153Wild cards are permitted.
154.It Va daily_clean_disks_days
155.Pq Vt num
156When
157.Va daily_clean_disks_enable
158is set to
159.Dq Li YES ,
160this must also be set to the number of days old that a file's access
161and modification times must be before it is deleted.
162.It Va daily_clean_disks_verbose
163.Pq Vt bool
164Set to
165.Dq Li YES
166if you want the removed files to be reported in your daily output.
167.It Va daily_clean_tmps_enable
168.Pq Vt bool
169Set to
170.Dq Li YES
171if you want to clear temporary directories daily.
172.It Va daily_clean_tmps_dirs
173.Pq Vt str
174Set to the list of directories to clear if
175.Va daily_clean_tmps_enable
176is set to
177.Dq Li YES .
178.It Va daily_clean_tmps_days
179.Pq Vt num
180When
181.Va daily_clean_tmps_enable
182is set, this must also be set to the number of days old that a file's access
183and modification times must be before it is deleted.
184.It Va daily_clean_tmps_ignore
185.Pq Vt str
186Set to the list of files that should not be deleted when
187.Va daily_clean_tmps_enable
188is set to
189.Dq Li YES .
190Wild card characters are permitted.
191.It Va daily_clean_tmps_verbose
192.Pq Vt bool
193Set to
194.Dq Li YES
195if you want the removed files to be reported in your daily output.
196.It Va daily_clean_preserve_enable
197.Pq Vt bool
198Set to
199.Dq Li YES
200if you wish to remove old files from
201.Pa /var/preserve .
202.It Va daily_clean_preserve_days
203.Pq Vt num
204Set to the number of days that files must not have been modified before
205they are deleted.
206.It Va daily_clean_preserve_verbose
207.Pq Vt bool
208Set to
209.Dq Li YES
210if you want the removed files to be reported in your daily output.
211.It Va daily_clean_msgs_enable
212.Pq Vt bool
213Set to
214.Dq Li YES
215if you wish old system messages to be purged.
216.It Va daily_clean_msgs_days
217.Pq Vt num
218Set to the number of days that files must not have been modified before
219they are deleted.
220If this variable is left blank, the
221.Xr msgs 1
222default is used.
223.It Va daily_clean_rwho_enable
224.Pq Vt bool
225Set to
226.Dq Li YES
227if you wish old files in
228.Pa /var/who
229to be purged.
230.It Va daily_clean_rwho_days
231.Pq Vt num
232Set to the number of days that files must not have been modified before
233they are deleted.
234.It Va daily_clean_rwho_verbose
235.Pq Vt bool
236Set to
237.Dq Li YES
238if you want the removed files to be reported in your daily output.
239.It Va daily_clean_hoststat_enable
240.Pq Vt bool
241Set to
242.Dq Li YES
243to run
244.Nm sendmail Fl bH
245to automatically purge stale entries from
246.Xr sendmail 8 Ns 's
247host status cache.
248Files will be deleted using the same criteria as
249.Xr sendmail 8
250would normally use when determining whether to believe the cached information,
251as configured in
252.Pa /etc/mail/sendmail.cf .
253.It Va daily_backup_efi_enable
254.Pq Vt bool
255Set to
256.Dq Li YES
257to create backup of EFI System Partition (ESP).
258.It Va daily_backup_gmirror_enable
259.Pq Vt bool
260Set to
261.Dq Li YES
262to create backup of gmirror information (i.e., output of
263.Nm gmirror Cm list ) ,
264see
265.Xr gmirror 8 .
266.It Va daily_backup_gmirror_verbose
267.Pq Vt bool
268Set to
269.Dq Li YES
270to report a diff between the new backup and the existing backup
271in the daily output.
272.It Va daily_backup_gpart_enable
273.Pq Vt bool
274Set to
275.Dq Li YES
276to create backups of partition tables, and bootcode partition contents.
277.It Va daily_backup_gpart_verbose
278.Pq Vt bool
279Set to
280.Dq Li YES
281to be verbose if existing backups for kern.geom.conftxt or the partition tables differ
282from the new backups.
283.It Va daily_backup_passwd_enable
284.Pq Vt bool
285Set to
286.Dq Li YES
287if you want the
288.Pa /etc/master.passwd
289and
290.Pa /etc/group
291files backed up and reported on.
292Reporting consists of checking both files for modifications and running
293.Xr chkgrp 8
294on the
295.Pa group
296file.
297.It Va daily_backup_aliases_enable
298.Pq Vt bool
299Set to
300.Dq Li YES
301if you want the
302.Pa /etc/mail/aliases
303file backed up and modifications to be displayed in your daily output.
304.It Va daily_backup_zfs_enable
305.Pq Vt bool
306Set to
307.Dq Li YES
308to create backup of the output generated from the
309.Xr zfs-list 8
310and
311.Xr zpool-list 8
312utilities.
313.It Va daily_backup_zfs_list_flags
314.Pq Vt str
315Set to the arguments for the
316.Xr zfs-list 8
317utility.
318The default is standard behavior.
319.It Va daily_backup_zpool_list_flags
320.Pq Vt str
321Set to the arguments for the
322.Xr zpool-list 8
323utility.
324The default is
325.Fl v .
326.It Va daily_backup_zfs_props_enable
327.Pq Vt bool
328Set to
329.Dq Li YES
330to create backup of the output generated from the
331.Xr zfs-get 8
332and
333.Xr zpool-get 8
334utilities.
335.It Va daily_backup_zfs_get_flags
336.Pq Vt str
337Set to the arguments for the
338.Xr zfs-get 8
339utility.
340The default is
341.Cm all .
342.It Va daily_backup_zpool_get_flags
343.Pq Vt str
344Set to the arguments for the
345.Xr zpool-get 8
346utility.
347The default is
348.Cm all .
349.It Va daily_backup_zfs_verbose
350.Pq Vt bool
351Set to
352.Dq Li YES
353to report a diff between the new backup and the existing backup
354in the daily output.
355.It Va daily_calendar_enable
356.Pq Vt bool
357Set to
358.Dq Li YES
359if you want to run
360.Nm calendar Fl a
361daily.
362.It Va daily_accounting_enable
363.Pq Vt bool
364Set to
365.Dq Li YES
366if you want to rotate your daily process accounting files.
367No rotations are necessary unless
368.Va accounting_enable
369is enabled in
370.Xr rc.conf 5 .
371.It Va daily_accounting_compress
372.Pq Vt bool
373Set to
374.Dq Li YES
375if you want your daily accounting files to be compressed using
376.Xr gzip 1 .
377.It Va daily_accounting_save
378.Pq Vt num
379When
380.Va daily_accounting_enable
381is set, this may also be set to the number of daily accounting files that are
382to be saved.
383The default is
384.Dq Li 3 .
385.It Va daily_accounting_flags
386.Pq Vt str
387Set to the arguments to pass to the
388.Xr sa 8
389utility (in addition to
390.Fl s )
391when
392.Va daily_accounting_enable
393is set to
394.Dq Li YES .
395The default is
396.Fl q .
397.It Va daily_status_disks_enable
398.Pq Vt bool
399Set to
400.Dq Li YES
401if you want to run
402.Xr df 1
403(with the arguments supplied in
404.Va daily_status_disks_df_flags )
405and
406.Nm dump Fl W .
407.It Va daily_status_disks_df_flags
408.Pq Vt str
409Set to the arguments for the
410.Xr df 1
411utility when
412.Va daily_status_disks_enable
413is set to
414.Dq Li YES .
415The default is
416.Fl l Fl h .
417.It Va daily_status_zfs_enable
418.Pq Vt bool
419Set to
420.Dq Li YES
421if you want to run
422.Nm zpool Cm status
423on your
424.Xr zfs 8
425pools.
426.It Va daily_status_zfs_zpool_list_enable
427.Pq Vt bool
428Set to
429.Dq Li YES
430if you want to run
431.Nm zpool Cm list
432on your
433.Xr zfs 8
434pools.
435Requires
436.Va daily_status_zfs_enable
437to be set to
438.Li YES .
439.It Va daily_status_gmirror_enable
440.Pq Vt bool
441Set to
442.Dq Li YES
443if you want to run
444.Nm gmirror Cm status
445on your
446.Xr gmirror 8
447devices.
448.It Va daily_status_graid3_enable
449.Pq Vt bool
450Set to
451.Dq Li YES
452if you want to run
453.Nm graid3 Cm status
454on your
455.Xr graid3 8
456devices.
457.It Va daily_status_gstripe_enable
458.Pq Vt bool
459Set to
460.Dq Li YES
461if you want to run
462.Nm gstripe Cm status
463on your
464.Xr gstripe 8
465devices.
466.It Va daily_status_gconcat_enable
467.Pq Vt bool
468Set to
469.Dq Li YES
470if you want to run
471.Nm gconcat Cm status
472on your
473.Xr gconcat 8
474devices.
475.It Va daily_status_mfi_enable
476.Pq Vt bool
477Set to
478.Dq Li YES
479if you want to run
480.Nm mfiutil Cm status
481on your
482.Xr mfi 4
483devices.
484.It Va daily_status_network_enable
485.Pq Vt bool
486Set to
487.Dq Li YES
488if you want to run
489.Nm netstat Fl i .
490.It Va daily_status_network_netstat_flags
491.Pq Vt str
492Set to additional arguments for the
493.Xr netstat 1
494utility when
495.Va daily_status_network_enable
496is set to
497.Dq Li YES .
498The default is
499.Fl d W .
500.It Va daily_status_network_usedns
501.Pq Vt bool
502Set to
503.Dq Li YES
504if you want to run
505.Xr netstat 1
506without the
507.Fl n
508option (to do DNS lookups).
509.It Va daily_status_uptime_enable
510.Pq Vt bool
511Set to
512.Dq Li YES
513if you want to run
514.Xr uptime 1
515(or
516.Xr ruptime 1
517if
518.Va rwhod_enable
519is set to
520.Dq Li YES
521in
522.Pa /etc/rc.conf ) .
523.It Va daily_status_mailq_enable
524.Pq Vt bool
525Set to
526.Dq Li YES
527if you want to run
528.Xr mailq 1 .
529.It Va daily_status_mailq_shorten
530.Pq Vt bool
531Set to
532.Dq Li YES
533if you want to shorten the
534.Xr mailq 1
535output when
536.Va daily_status_mailq_enable
537is set to
538.Dq Li YES .
539.It Va daily_status_include_submit_mailq
540.Pq Vt bool
541Set to
542.Dq Li YES
543if you also want to run
544.Xr mailq 1
545on the submit mail queue when
546.Va daily_status_mailq_enable
547is set to
548.Dq Li YES .
549This may not work with MTAs other than
550.Xr sendmail 8 .
551.It Va daily_status_security_enable
552.Pq Vt bool
553Set to
554.Dq Li YES
555if you want to run the security check.
556The security check is another set of
557.Xr periodic 8
558scripts.
559The system defaults are in
560.Pa /etc/periodic/security .
561Local scripts should be placed in
562.Pa /usr/local/etc/periodic/security .
563See the
564.Xr periodic 8
565manual page for more information.
566.It Va daily_status_security_inline
567.Pq Vt bool
568Set to
569.Dq Li YES
570if you want the security check output inline.
571The default is to either mail or log the output according to the value of
572.Va daily_status_security_output .
573.It Va daily_status_security_output
574.Pq Vt str
575Where to send the output of the security check if
576.Va daily_status_security_inline
577is set to
578.Dq Li NO .
579This variable behaves in the same way as the
580.Va *_output
581variables above, namely it can be set either to one or more email addresses
582or to an absolute file name.
583.It Va daily_status_mail_rejects_enable
584.Pq Vt bool
585Set to
586.Dq Li YES
587if you want to summarise mail rejections logged to
588.Pa /var/log/maillog
589for the previous day.
590.It Va daily_status_mail_rejects_logs
591.Pq Vt num
592Set to the number of maillog files that should be checked
593for yesterday's mail rejects.
594.It Va daily_status_ntpd_enable
595.Pq Vt bool
596Set to
597.Dq Li YES
598if you want to enable NTP status check.
599.It Va daily_status_world_kernel
600.Pq Vt bool
601Set to
602.Dq Li YES
603to check the running userland and kernel are in sync.
604.It Va daily_queuerun_enable
605.Pq Vt bool
606Set to
607.Dq Li YES
608if you want to manually run the mail queue at least once a day.
609.It Va daily_submit_queuerun
610.Pq Vt bool
611Set to
612.Dq Li YES
613if you also want to manually run the submit mail queue at least once a day
614when
615.Va daily_queuerun_enable
616is set to
617.Dq Li YES .
618.It Va daily_scrub_zfs_enable
619.Pq Vt bool
620Set to
621.Dq Li YES
622if you want to run a zfs scrub periodically.
623.It Va daily_scrub_zfs_pools
624.Pq Vt str
625A space separated list of names of zfs pools to scrub.
626If the list is empty or not set, all zfs pools are scrubbed.
627.It Va daily_scrub_zfs_default_threshold
628.Pq Vt int
629Number of days between a scrub if no pool-specific threshold is set.
630If not set, the default value is 35, corresponding to 5 weeks.
631.It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold
632.Pq Vt int
633The same as
634.Va daily_scrub_zfs_default_threshold
635but specific to the pool
636.Ao Ar poolname Ac Ns .
637.It Va daily_trim_zfs_enable
638.Pq Vt bool
639Set to
640.Dq Li YES
641if you want to run a zfs trim daily.
642.It Va daily_trim_zfs_pools
643.Pq Vt str
644A space separated list of names of zfs pools to trim.
645If the list is empty or not set, all zfs pools are trimmed.
646.It Va daily_local
647.Pq Vt str
648Set to a list of extra scripts that should be run after all other
649daily scripts.
650All scripts must be absolute path names.
651.It Va daily_diff_flags
652.Pq Vt str
653Set to the arguments to pass to the
654.Xr diff 1
655utility when generating differences.
656The default is
657.Fl b
658.Fl U Cm 0 .
659.El
660.Pp
661The following variables are used by the standard scripts that reside in
662.Pa /etc/periodic/weekly :
663.Bl -tag -offset 4n -width 2n
664.It Va weekly_locate_enable
665.Pq Vt bool
666Set to
667.Dq Li YES
668if you want to run
669.Pa /usr/libexec/locate.updatedb .
670This script is run using
671.Nm nice Fl 5
672as user
673.Dq Li nobody ,
674and generates the table used by the
675.Xr locate 1
676command.
677.It Va weekly_whatis_enable
678.Pq Vt bool
679Set to
680.Dq Li YES
681if you want to run
682.Pa /usr/libexec/makewhatis.local .
683This script regenerates the database used by the
684.Xr apropos 1
685command.
686.It Va weekly_noid_enable
687.Pq Vt bool
688Set to
689.Dq Li YES
690if you want to locate orphaned files on the system.
691An orphaned file is one with an invalid owner or group.
692.It Va weekly_noid_dirs
693.Pq Vt str
694A list of directories under which orphaned files are searched for.
695This would usually be set to
696.Pa / .
697.It Va weekly_status_security_enable
698.Pq Vt bool
699Weekly counterpart of
700.Va daily_status_security_enable .
701.It Va weekly_status_security_inline
702.Pq Vt bool
703Weekly counterpart of
704.Va daily_status_security_inline .
705.It Va weekly_status_security_output
706.Pq Vt str
707Weekly counterpart of
708.Va daily_status_security_output .
709.It Va weekly_status_pkg_enable
710.Pq Vt bool
711Set to
712.Dq Li YES
713if you want to use
714.Xr pkg-version 8
715to list installed packages which are out of date.
716.It Va pkg_version
717.Pq Vt str
718When
719.Va weekly_status_pkg_enable
720is set to
721.Dq Li YES ,
722this variable specifies the program that is used to determine the out of
723date packages.
724If unset, the
725.Xr pkg-version 8
726program is used.
727As an example, this variable might be set to
728.Dq Li portversion
729if the
730.Pa ports/sysutils/portupgrade
731port has been installed.
732.It Va pkg_version_index
733.Pq Vt str
734This variable specifies the
735.Pa INDEX
736file from
737.Pa /usr/ports
738that should be used by
739.Xr pkg-version 8 .
740Because the dependency tree may be substantially different between versions of
741.Fx ,
742there may be more than one
743.Pa INDEX
744file in
745.Pa /usr/ports .
746.Pp
747Note, if the
748.Va pkg_version
749variable is set to
750.Dq Li portversion ,
751it will also be necessary to arrange that the correct
752.Pa INDEX
753file is specified
754using environment variables and that
755.Va pkg_version_index
756is cleared in
757.Pa /etc/periodic.conf
758.Pq Dq Li pkg_version_index= .
759.It Va weekly_local
760.Pq Vt str
761Set to a list of extra scripts that should be run after all other
762weekly scripts.
763All scripts must be absolute path names.
764.El
765.Pp
766The following variables are used by the standard scripts that reside in
767.Pa /etc/periodic/monthly :
768.Bl -tag -offset 4n -width 2n
769.It Va monthly_accounting_enable
770.Pq Vt bool
771Set to
772.Dq Li YES
773if you want to do login accounting using the
774.Xr ac 8
775command.
776.It Va monthly_status_security_enable
777.Pq Vt bool
778Monthly counterpart of
779.Va daily_status_security_enable .
780.It Va monthly_status_security_inline
781.Pq Vt bool
782Monthly counterpart of
783.Va daily_status_security_inline .
784.It Va monthly_status_security_output
785.Pq Vt str
786Monthly counterpart of
787.Va daily_status_security_output .
788.It Va monthly_local
789.Pq Vt str
790Set to a list of extra scripts that should be run after all other
791monthly scripts.
792All scripts must be absolute path names.
793.El
794.Pp
795The following variables are used by the standard scripts that reside in
796.Pa /etc/periodic/security .
797Those scripts are usually run from daily
798.Pq Va daily_status_security_enable ,
799weekly
800.Pq Va weekly_status_security_enable ,
801and monthly
802.Pq Va monthly_status_security_enable
803periodic hooks.
804The
805.Va ..._period
806of each script can be configured as
807.Dq daily ,
808.Dq weekly ,
809.Dq monthly
810or
811.Dq NO .
812Note that when periodic security scripts are run from
813.Xr crontab 5 ,
814they will be always run unless their
815.Va ..._enable
816or
817.Va ..._period
818variable is set to
819.Dq NO .
820.Bl -tag -offset 4n -width 2n
821.It Va security_status_diff_flags
822.Pq Vt str
823Set to the arguments to pass to the
824.Xr diff 1
825utility when generating differences.
826The default is
827.Fl b
828.Fl U Cm 0 .
829.It Va security_status_chksetuid_enable
830.Pq Vt bool
831Set to
832.Dq Li YES
833to compare the modes and modification times of setuid executables with
834the previous day's values.
835.It Va security_status_chksetuid_period
836.Pq Vt str
837Set to either
838.Dq Li daily ,
839.Dq Li weekly ,
840.Dq Li monthly
841or
842.Dq Li NO .
843.It Va security_status_chkportsum_enable
844.Pq Vt bool
845Set to
846.Dq Li YES
847to verify checksums of all installed packages against the known checksums in
848.Pa /var/db/pkg .
849.It Va security_status_chkportsum_period
850.Pq Vt str
851Set to either
852.Dq Li daily ,
853.Dq Li weekly ,
854.Dq Li monthly
855or
856.Dq Li NO .
857.It Va security_status_neggrpperm_enable
858.Pq Vt bool
859Set to
860.Dq Li YES
861to check for files where the group of a file has less permissions than
862the world at large.
863When users are in more than 14 supplemental groups these negative
864permissions may not be enforced via NFS shares.
865.It Va security_status_neggrpperm_period
866.Pq Vt str
867Set to either
868.Dq Li daily ,
869.Dq Li weekly ,
870.Dq Li monthly
871or
872.Dq Li NO .
873.It Va security_status_chkmounts_enable
874.Pq Vt bool
875Set to
876.Dq Li YES
877to check for changes mounted file systems to the previous day's values.
878.It Va security_status_chkmounts_period
879.Pq Vt str
880Set to either
881.Dq Li daily ,
882.Dq Li weekly ,
883.Dq Li monthly
884or
885.Dq Li NO .
886.It Va security_status_noamd
887.Pq Vt bool
888Set to
889.Dq Li YES
890if you want to ignore
891.Xr amd 8
892mounts when comparing against yesterday's file system mounts in the
893.Va security_status_chkmounts_enable
894check.
895.It Va security_status_chkuid0_enable
896.Pq Vt bool
897Set to
898.Dq Li YES
899to check
900.Pa /etc/master.passwd
901for accounts with UID 0.
902.It Va security_status_chkuid0_period
903.Pq Vt str
904Set to either
905.Dq Li daily ,
906.Dq Li weekly ,
907.Dq Li monthly
908or
909.Dq Li NO .
910.It Va security_status_passwdless_enable
911.Pq Vt bool
912Set to
913.Dq Li YES
914to check
915.Pa /etc/master.passwd
916for accounts with empty passwords.
917.It Va security_status_passwdless_period
918.Pq Vt str
919Set to either
920.Dq Li daily ,
921.Dq Li weekly ,
922.Dq Li monthly
923or
924.Dq Li NO .
925.It Va security_status_logincheck_enable
926.Pq Vt bool
927Set to
928.Dq Li YES
929to check
930.Pa /etc/login.conf
931ownership, see
932.Xr login.conf 5
933for more information.
934.It Va security_status_logincheck_period
935.Pq Vt str
936Set to either
937.Dq Li daily ,
938.Dq Li weekly ,
939.Dq Li monthly
940or
941.Dq Li NO .
942.It Va security_status_ipfwdenied_enable
943.Pq Vt bool
944Set to
945.Dq Li YES
946to show log entries for packets denied by
947.Xr ipfw 8
948since yesterday's check.
949.It Va security_status_ipfwdenied_period
950.Pq Vt str
951Set to either
952.Dq Li daily ,
953.Dq Li weekly ,
954.Dq Li monthly
955or
956.Dq Li NO .
957.It Va security_status_ipfdenied_enable
958.Pq Vt bool
959Set to
960.Dq Li YES
961to show log entries for packets denied by
962.Xr ipf 8
963since yesterday's check.
964.It Va security_status_ipfdenied_period
965.Pq Vt str
966Set to either
967.Dq Li daily ,
968.Dq Li weekly ,
969.Dq Li monthly
970or
971.Dq Li NO .
972.It Va security_status_pfdenied_enable
973.Pq Vt bool
974Set to
975.Dq Li YES
976to show log entries for packets denied by
977.Xr pf 4
978since yesterday's check.
979.It Va security_status_pfdenied_additionalanchors
980.Pq Vt str
981Space-separated list of additional anchors whose denied packets log entries to
982show.
983The main ruleset (i.e., the empty-string anchor) and any
984.Xr blacklistd 8
985anchors, if present, are always shown.
986.It Va security_status_pfdenied_period
987.Pq Vt str
988Set to either
989.Dq Li daily ,
990.Dq Li weekly ,
991.Dq Li monthly
992or
993.Dq Li NO .
994.It Va security_status_ipfwlimit_enable
995.Pq Vt bool
996Set to
997.Dq Li YES
998to display
999.Xr ipfw 8
1000rules that have reached their verbosity limit.
1001.It Va security_status_ipfwlimit_period
1002.Pq Vt str
1003Set to either
1004.Dq Li daily ,
1005.Dq Li weekly ,
1006.Dq Li monthly
1007or
1008.Dq Li NO .
1009.It Va security_status_kernelmsg_enable
1010.Pq Vt bool
1011Set to
1012.Dq Li YES
1013to show new
1014.Xr dmesg 8
1015entries since yesterday's check.
1016.It Va security_status_kernelmsg_period
1017.Pq Vt str
1018Set to either
1019.Dq Li daily ,
1020.Dq Li weekly ,
1021.Dq Li monthly
1022or
1023.Dq Li NO .
1024.It Va security_status_loginfail_enable
1025.Pq Vt bool
1026Set to
1027.Dq Li YES
1028to display failed logins from
1029.Pa /var/log/messages
1030in the previous day.
1031.It Va security_status_loginfail_period
1032.Pq Vt str
1033Set to either
1034.Dq Li daily ,
1035.Dq Li weekly ,
1036.Dq Li monthly
1037or
1038.Dq Li NO .
1039.It Va security_status_tcpwrap_enable
1040.Pq Vt bool
1041Set to
1042.Dq Li YES
1043to display connections denied by tcpwrappers (see
1044.Xr hosts_access 5 )
1045from
1046.Pa /var/log/messages
1047during the previous day.
1048.It Va security_status_tcpwrap_period
1049.Pq Vt str
1050Set to either
1051.Dq Li daily ,
1052.Dq Li weekly ,
1053.Dq Li monthly
1054or
1055.Dq Li NO .
1056.El
1057.Sh FILES
1058.Bl -tag -width ".Pa /etc/defaults/periodic.conf"
1059.It Pa /etc/defaults/periodic.conf
1060The default configuration file.
1061This file contains all default variables and values.
1062.It Pa /etc/periodic.conf
1063The usual system specific variable override file.
1064.It Pa /etc/periodic.conf.local
1065An additional override file, useful when
1066.Pa /etc/periodic.conf
1067is shared or distributed.
1068.El
1069.Sh SEE ALSO
1070.Xr apropos 1 ,
1071.Xr calendar 1 ,
1072.Xr df 1 ,
1073.Xr diff 1 ,
1074.Xr gzip 1 ,
1075.Xr locate 1 ,
1076.Xr man 1 ,
1077.Xr msgs 1 ,
1078.Xr netstat 1 ,
1079.Xr nice 1 ,
1080.Xr login.conf 5 ,
1081.Xr rc.conf 5 ,
1082.Xr ac 8 ,
1083.Xr chkgrp 8 ,
1084.Xr dump 8 ,
1085.Xr newsyslog 8 ,
1086.Xr periodic 8 ,
1087.Xr pkg-version 8 ,
1088.Xr sendmail 8
1089.Sh HISTORY
1090The
1091.Nm
1092file appeared in
1093.Fx 4.1 .
1094.Sh AUTHORS
1095.An Brian Somers Aq Mt brian@Awfulhak.org
1096