xref: /freebsd/share/man/man5/periodic.conf.5 (revision f126890ac5386406dadf7c4cfa9566cbb56537c5)
1.\"-
2.\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.Dd December 31, 2023
27.Dt PERIODIC.CONF 5
28.Os
29.Sh NAME
30.Nm periodic.conf
31.Nd periodic job configuration information
32.Sh DESCRIPTION
33The file
34.Nm
35contains a description of how daily, weekly and monthly system maintenance
36jobs should run.
37It resides in the
38.Pa /etc/defaults
39directory and parts may be overridden by a file of the same name in
40.Pa /etc ,
41which itself may be overridden by the
42.Pa /etc/periodic.conf.local
43file.
44.Pp
45The
46.Nm
47file
48is actually sourced as a shell script from each of the periodic scripts
49and is intended to simply provide default configuration variables.
50.Pp
51The following variables are used by
52.Xr periodic 8
53itself:
54.Bl -tag -offset 4n -width 2n
55.It Va local_periodic
56.Pq Vt str
57List of directories to search for periodic scripts.
58This list is always prefixed with
59.Pa /etc/periodic ,
60and is only used when an argument to
61.Xr periodic 8
62is not an absolute directory name.
63.It Ao Ar dir Ac Ns Va _output
64.Pq Vt path No or Vt list
65What to do with the output of the scripts executed from
66the directory
67.Ar dir .
68If this variable is set to an absolute path name, output is logged to
69that file, otherwise it is taken as one or more space separated email
70addresses and mailed to those users.
71If this variable is not set or is empty, output is sent to standard output.
72.Pp
73For an unattended machine, suitable values for
74.Va daily_output ,
75.Va weekly_output ,
76and
77.Va monthly_output
78might be
79.Dq Li /var/log/daily.log ,
80.Dq Li /var/log/weekly.log ,
81and
82.Dq Li /var/log/monthly.log
83respectively, as
84.Xr newsyslog 8
85will rotate these files (if they exists) at the appropriate times.
86.It Ao Ar dir Ac Ns Va _show_success
87.It Ao Ar dir Ac Ns Va _show_info
88.It Ao Ar dir Ac Ns Va _show_badconfig
89.Pq Vt bool
90These variables control whether
91.Xr periodic 8
92will mask the output of the executed scripts based on their return code
93(where
94.Ar dir
95is the base directory name in which each script resides).
96If the return code of a script is
97.Sq 0
98and
99.Ao Ar dir Ac Ns Va _show_success
100is set to
101.Dq Li NO ,
102.Xr periodic 8
103will mask the script's output.
104If the return code of a script is
105.Sq 1
106and
107.Ao Ar dir Ac Ns Va _show_info
108is set to
109.Dq Li NO ,
110.Xr periodic 8
111will mask the script's output.
112If the return code of a script is
113.Sq 2
114and
115.Ao Ar dir Ac Ns Va _show_badconfig
116is set to
117.Dq Li NO ,
118.Xr periodic 8
119will mask the script's output.
120If these variables are set to neither
121.Dq Li YES
122nor
123.Dq Li NO ,
124they default to
125.Dq Li YES ,
126.Dq Li YES
127and
128.Dq Li NO
129respectively.
130.Pp
131Refer to the
132.Xr periodic 8
133manual page for how script return codes are interpreted.
134.It Va anticongestion_sleeptime
135.Pq Vt int
136The maximum number of seconds to randomly sleep in order to smooth bursty loads
137on a shared resource, such as a download mirror.
138.El
139.Pp
140The following variables are used by the standard scripts that reside in
141.Pa /etc/periodic/daily :
142.Bl -tag -offset 4n -width 2n
143.It Va daily_clean_disks_enable
144.Pq Vt bool
145Set to
146.Dq Li YES
147if you want to remove all files matching
148.Va daily_clean_disks_files
149daily.
150.It Va daily_clean_disks_files
151.Pq Vt str
152Set to a list of file names to match.
153Wild cards are permitted.
154.It Va daily_clean_disks_days
155.Pq Vt num
156When
157.Va daily_clean_disks_enable
158is set to
159.Dq Li YES ,
160this must also be set to the number of days old that a file's access
161and modification times must be before it is deleted.
162.It Va daily_clean_disks_verbose
163.Pq Vt bool
164Set to
165.Dq Li YES
166if you want the removed files to be reported in your daily output.
167.It Va daily_clean_tmps_enable
168.Pq Vt bool
169Set to
170.Dq Li YES
171if you want to clear temporary directories daily.
172.It Va daily_clean_tmps_dirs
173.Pq Vt str
174Set to the list of directories to clear if
175.Va daily_clean_tmps_enable
176is set to
177.Dq Li YES .
178.It Va daily_clean_tmps_days
179.Pq Vt num
180When
181.Va daily_clean_tmps_enable
182is set, this must also be set to the number of days old that a file's access
183and modification times must be before it is deleted.
184.It Va daily_clean_tmps_ignore
185.Pq Vt str
186Set to the list of files that should not be deleted when
187.Va daily_clean_tmps_enable
188is set to
189.Dq Li YES .
190Wild card characters are permitted.
191.It Va daily_clean_tmps_verbose
192.Pq Vt bool
193Set to
194.Dq Li YES
195if you want the removed files to be reported in your daily output.
196.It Va daily_clean_preserve_enable
197.Pq Vt bool
198Set to
199.Dq Li YES
200if you wish to remove old files from
201.Pa /var/preserve .
202.It Va daily_clean_preserve_days
203.Pq Vt num
204Set to the number of days that files must not have been modified before
205they are deleted.
206.It Va daily_clean_preserve_verbose
207.Pq Vt bool
208Set to
209.Dq Li YES
210if you want the removed files to be reported in your daily output.
211.It Va daily_clean_msgs_enable
212.Pq Vt bool
213Set to
214.Dq Li YES
215if you wish old system messages to be purged.
216.It Va daily_clean_msgs_days
217.Pq Vt num
218Set to the number of days that files must not have been modified before
219they are deleted.
220If this variable is left blank, the
221.Xr msgs 1
222default is used.
223.It Va daily_clean_rwho_enable
224.Pq Vt bool
225Set to
226.Dq Li YES
227if you wish old files in
228.Pa /var/who
229to be purged.
230.It Va daily_clean_rwho_days
231.Pq Vt num
232Set to the number of days that files must not have been modified before
233they are deleted.
234.It Va daily_clean_rwho_verbose
235.Pq Vt bool
236Set to
237.Dq Li YES
238if you want the removed files to be reported in your daily output.
239.It Va daily_clean_hoststat_enable
240.Pq Vt bool
241Set to
242.Dq Li YES
243to run
244.Nm sendmail Fl bH
245to automatically purge stale entries from
246.Xr sendmail 8 Ns 's
247host status cache.
248Files will be deleted using the same criteria as
249.Xr sendmail 8
250would normally use when determining whether to believe the cached information,
251as configured in
252.Pa /etc/mail/sendmail.cf .
253.It Va daily_backup_efi_enable
254.Pq Vt bool
255Set to
256.Dq Li YES
257to create backup of EFI System Partition (ESP).
258.It Va daily_backup_gmirror_enable
259.Pq Vt bool
260Set to
261.Dq Li YES
262to create backup of gmirror information (i.e., output of
263.Nm gmirror Cm list ) ,
264see
265.Xr gmirror 8 .
266.It Va daily_backup_gmirror_verbose
267.Pq Vt bool
268Set to
269.Dq Li YES
270to report a diff between the new backup and the existing backup
271in the daily output.
272.It Va daily_backup_gpart_enable
273.Pq Vt bool
274Set to
275.Dq Li YES
276to create backups of partition tables, and bootcode partition contents.
277.It Va daily_backup_gpart_verbose
278.Pq Vt bool
279Set to
280.Dq Li YES
281to be verbose if existing backups for kern.geom.conftxt or the partition tables differ
282from the new backups.
283.It Va daily_backup_passwd_enable
284.Pq Vt bool
285Set to
286.Dq Li YES
287if you want the
288.Pa /etc/master.passwd
289and
290.Pa /etc/group
291files backed up and reported on.
292Reporting consists of checking both files for modifications and running
293.Xr chkgrp 8
294on the
295.Pa group
296file.
297.It Va daily_backup_aliases_enable
298.Pq Vt bool
299Set to
300.Dq Li YES
301if you want the
302.Pa /etc/mail/aliases
303file backed up and modifications to be displayed in your daily output.
304.It Va daily_backup_zfs_enable
305.Pq Vt bool
306Set to
307.Dq Li YES
308to create backup of the output generated from the
309.Xr zfs-list 8
310and
311.Xr zpool-list 8
312utilities.
313.It Va daily_backup_zfs_list_flags
314.Pq Vt str
315Set to the arguments for the
316.Xr zfs-list 8
317utility.
318The default is standard behavior.
319.It Va daily_backup_zpool_list_flags
320.Pq Vt str
321Set to the arguments for the
322.Xr zpool-list 8
323utility.
324The default is
325.Fl v .
326.It Va daily_backup_zfs_props_enable
327.Pq Vt bool
328Set to
329.Dq Li YES
330to create backup of the output generated from the
331.Xr zfs-get 8
332and
333.Xr zpool-get 8
334utilities.
335.It Va daily_backup_zfs_get_flags
336.Pq Vt str
337Set to the arguments for the
338.Xr zfs-get 8
339utility.
340The default is
341.Cm all .
342.It Va daily_backup_zpool_get_flags
343.Pq Vt str
344Set to the arguments for the
345.Xr zpool-get 8
346utility.
347The default is
348.Cm all .
349.It Va daily_backup_zfs_verbose
350.Pq Vt bool
351Set to
352.Dq Li YES
353to report a diff between the new backup and the existing backup
354in the daily output.
355.It Va daily_calendar_enable
356.Pq Vt bool
357Set to
358.Dq Li YES
359if you want to run
360.Nm calendar Fl a
361daily.
362.It Va daily_accounting_enable
363.Pq Vt bool
364Set to
365.Dq Li YES
366if you want to rotate your daily process accounting files.
367No rotations are necessary unless
368.Va accounting_enable
369is enabled in
370.Xr rc.conf 5 .
371.It Va daily_accounting_compress
372.Pq Vt bool
373Set to
374.Dq Li YES
375if you want your daily accounting files to be compressed using
376.Xr gzip 1 .
377.It Va daily_accounting_save
378.Pq Vt num
379When
380.Va daily_accounting_enable
381is set, this may also be set to the number of daily accounting files that are
382to be saved.
383The default is
384.Dq Li 3 .
385.It Va daily_accounting_flags
386.Pq Vt str
387Set to the arguments to pass to the
388.Xr sa 8
389utility (in addition to
390.Fl s )
391when
392.Va daily_accounting_enable
393is set to
394.Dq Li YES .
395The default is
396.Fl q .
397.It Va daily_status_disks_enable
398.Pq Vt bool
399Set to
400.Dq Li YES
401if you want to run
402.Xr df 1
403(with the arguments supplied in
404.Va daily_status_disks_df_flags )
405and
406.Nm dump Fl W .
407.It Va daily_status_disks_df_flags
408.Pq Vt str
409Set to the arguments for the
410.Xr df 1
411utility when
412.Va daily_status_disks_enable
413is set to
414.Dq Li YES .
415The default is
416.Fl l Fl h .
417.It Va daily_status_zfs_enable
418.Pq Vt bool
419Set to
420.Dq Li YES
421if you want to run
422.Nm zpool Cm status
423on your
424.Xr zfs 8
425pools.
426.It Va daily_status_zfs_zpool_list_enable
427.Pq Vt bool
428Set to
429.Dq Li YES
430if you want to run
431.Nm zpool Cm list
432on your
433.Xr zfs 8
434pools.
435Requires
436.Va daily_status_zfs_enable
437to be set to
438.Li YES .
439.It Va daily_status_gmirror_enable
440.Pq Vt bool
441Set to
442.Dq Li YES
443if you want to run
444.Nm gmirror Cm status
445on your
446.Xr gmirror 8
447devices.
448.It Va daily_status_graid3_enable
449.Pq Vt bool
450Set to
451.Dq Li YES
452if you want to run
453.Nm graid3 Cm status
454on your
455.Xr graid3 8
456devices.
457.It Va daily_status_gstripe_enable
458.Pq Vt bool
459Set to
460.Dq Li YES
461if you want to run
462.Nm gstripe Cm status
463on your
464.Xr gstripe 8
465devices.
466.It Va daily_status_gconcat_enable
467.Pq Vt bool
468Set to
469.Dq Li YES
470if you want to run
471.Nm gconcat Cm status
472on your
473.Xr gconcat 8
474devices.
475.It Va daily_status_mfi_enable
476.Pq Vt bool
477Set to
478.Dq Li YES
479if you want to run
480.Nm mfiutil Cm status
481on your
482.Xr mfi 4
483devices.
484.It Va daily_status_network_enable
485.Pq Vt bool
486Set to
487.Dq Li YES
488if you want to run
489.Nm netstat Fl i .
490.It Va daily_status_network_netstat_flags
491.Pq Vt str
492Set to additional arguments for the
493.Xr netstat 1
494utility when
495.Va daily_status_network_enable
496is set to
497.Dq Li YES .
498The default is
499.Fl d W .
500.It Va daily_status_network_usedns
501.Pq Vt bool
502Set to
503.Dq Li YES
504if you want to run
505.Xr netstat 1
506without the
507.Fl n
508option (to do DNS lookups).
509.It Va daily_status_uptime_enable
510.Pq Vt bool
511Set to
512.Dq Li YES
513if you want to run
514.Xr uptime 1
515(or
516.Xr ruptime 1
517if
518.Va rwhod_enable
519is set to
520.Dq Li YES
521in
522.Pa /etc/rc.conf ) .
523.It Va daily_status_mailq_enable
524.Pq Vt bool
525Set to
526.Dq Li YES
527if you want to run
528.Xr mailq 1 .
529.It Va daily_status_mailq_shorten
530.Pq Vt bool
531Set to
532.Dq Li YES
533if you want to shorten the
534.Xr mailq 1
535output when
536.Va daily_status_mailq_enable
537is set to
538.Dq Li YES .
539.It Va daily_status_include_submit_mailq
540.Pq Vt bool
541Set to
542.Dq Li YES
543if you also want to run
544.Xr mailq 1
545on the submit mail queue when
546.Va daily_status_mailq_enable
547is set to
548.Dq Li YES .
549This may not work with MTAs other than
550.Xr sendmail 8 .
551.It Va daily_status_security_enable
552.Pq Vt bool
553Set to
554.Dq Li YES
555if you want to run the security check.
556The security check is another set of
557.Xr periodic 8
558scripts.
559The system defaults are in
560.Pa /etc/periodic/security .
561Local scripts should be placed in
562.Pa /usr/local/etc/periodic/security .
563See the
564.Xr periodic 8
565manual page for more information.
566.It Va daily_status_security_inline
567.Pq Vt bool
568Set to
569.Dq Li YES
570if you want the security check output inline.
571The default is to either mail or log the output according to the value of
572.Va daily_status_security_output .
573.It Va daily_status_security_output
574.Pq Vt str
575Where to send the output of the security check if
576.Va daily_status_security_inline
577is set to
578.Dq Li NO .
579This variable behaves in the same way as the
580.Va *_output
581variables above, namely it can be set either to one or more email addresses
582or to an absolute file name.
583.It Va daily_status_mail_rejects_enable
584.Pq Vt bool
585Set to
586.Dq Li YES
587if you want to summarise mail rejections logged to
588.Pa /var/log/maillog
589for the previous day.
590.It Va daily_status_mail_rejects_logs
591.Pq Vt num
592Set to the number of maillog files that should be checked
593for yesterday's mail rejects.
594.It Va daily_status_ntpd_enable
595.Pq Vt bool
596Set to
597.Dq Li YES
598if you want to enable NTP status check.
599.It Va daily_status_world_kernel
600.Pq Vt bool
601Set to
602.Dq Li YES
603to check the running userland and kernel are in sync.
604.It Va daily_queuerun_enable
605.Pq Vt bool
606Set to
607.Dq Li YES
608if you want to manually run the mail queue at least once a day.
609.It Va daily_submit_queuerun
610.Pq Vt bool
611Set to
612.Dq Li YES
613if you also want to manually run the submit mail queue at least once a day
614when
615.Va daily_queuerun_enable
616is set to
617.Dq Li YES .
618.It Va daily_scrub_zfs_enable
619.Pq Vt bool
620Set to
621.Dq Li YES
622if you want to run a zfs scrub periodically.
623.It Va daily_scrub_zfs_pools
624.Pq Vt str
625A space separated list of names of zfs pools to scrub.
626If the list is empty or not set, all zfs pools are scrubbed.
627.It Va daily_scrub_zfs_default_threshold
628.Pq Vt int
629Number of days between a scrub if no pool-specific threshold is set.
630If not set, the default value is 35, corresponding to 5 weeks.
631.It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold
632.Pq Vt int
633The same as
634.Va daily_scrub_zfs_default_threshold
635but specific to the pool
636.Ao Ar poolname Ac Ns .
637.It Va daily_local
638.Pq Vt str
639Set to a list of extra scripts that should be run after all other
640daily scripts.
641All scripts must be absolute path names.
642.It Va daily_diff_flags
643.Pq Vt str
644Set to the arguments to pass to the
645.Xr diff 1
646utility when generating differences.
647The default is
648.Fl b
649.Fl U Cm 0 .
650.El
651.Pp
652The following variables are used by the standard scripts that reside in
653.Pa /etc/periodic/weekly :
654.Bl -tag -offset 4n -width 2n
655.It Va weekly_locate_enable
656.Pq Vt bool
657Set to
658.Dq Li YES
659if you want to run
660.Pa /usr/libexec/locate.updatedb .
661This script is run using
662.Nm nice Fl 5
663as user
664.Dq Li nobody ,
665and generates the table used by the
666.Xr locate 1
667command.
668.It Va weekly_whatis_enable
669.Pq Vt bool
670Set to
671.Dq Li YES
672if you want to run
673.Pa /usr/libexec/makewhatis.local .
674This script regenerates the database used by the
675.Xr apropos 1
676command.
677.It Va weekly_noid_enable
678.Pq Vt bool
679Set to
680.Dq Li YES
681if you want to locate orphaned files on the system.
682An orphaned file is one with an invalid owner or group.
683.It Va weekly_noid_dirs
684.Pq Vt str
685A list of directories under which orphaned files are searched for.
686This would usually be set to
687.Pa / .
688.It Va weekly_status_security_enable
689.Pq Vt bool
690Weekly counterpart of
691.Va daily_status_security_enable .
692.It Va weekly_status_security_inline
693.Pq Vt bool
694Weekly counterpart of
695.Va daily_status_security_inline .
696.It Va weekly_status_security_output
697.Pq Vt str
698Weekly counterpart of
699.Va daily_status_security_output .
700.It Va weekly_status_pkg_enable
701.Pq Vt bool
702Set to
703.Dq Li YES
704if you want to use
705.Xr pkg-version 8
706to list installed packages which are out of date.
707.It Va pkg_version
708.Pq Vt str
709When
710.Va weekly_status_pkg_enable
711is set to
712.Dq Li YES ,
713this variable specifies the program that is used to determine the out of
714date packages.
715If unset, the
716.Xr pkg-version 8
717program is used.
718As an example, this variable might be set to
719.Dq Li portversion
720if the
721.Pa ports/sysutils/portupgrade
722port has been installed.
723.It Va pkg_version_index
724.Pq Vt str
725This variable specifies the
726.Pa INDEX
727file from
728.Pa /usr/ports
729that should be used by
730.Xr pkg-version 8 .
731Because the dependency tree may be substantially different between versions of
732.Fx ,
733there may be more than one
734.Pa INDEX
735file in
736.Pa /usr/ports .
737.Pp
738Note, if the
739.Va pkg_version
740variable is set to
741.Dq Li portversion ,
742it will also be necessary to arrange that the correct
743.Pa INDEX
744file is specified
745using environment variables and that
746.Va pkg_version_index
747is cleared in
748.Pa /etc/periodic.conf
749.Pq Dq Li pkg_version_index= .
750.It Va weekly_local
751.Pq Vt str
752Set to a list of extra scripts that should be run after all other
753weekly scripts.
754All scripts must be absolute path names.
755.El
756.Pp
757The following variables are used by the standard scripts that reside in
758.Pa /etc/periodic/monthly :
759.Bl -tag -offset 4n -width 2n
760.It Va monthly_accounting_enable
761.Pq Vt bool
762Set to
763.Dq Li YES
764if you want to do login accounting using the
765.Xr ac 8
766command.
767.It Va monthly_status_security_enable
768.Pq Vt bool
769Monthly counterpart of
770.Va daily_status_security_enable .
771.It Va monthly_status_security_inline
772.Pq Vt bool
773Monthly counterpart of
774.Va daily_status_security_inline .
775.It Va monthly_status_security_output
776.Pq Vt str
777Monthly counterpart of
778.Va daily_status_security_output .
779.It Va monthly_local
780.Pq Vt str
781Set to a list of extra scripts that should be run after all other
782monthly scripts.
783All scripts must be absolute path names.
784.El
785.Pp
786The following variables are used by the standard scripts that reside in
787.Pa /etc/periodic/security .
788Those scripts are usually run from daily
789.Pq Va daily_status_security_enable ,
790weekly
791.Pq Va weekly_status_security_enable ,
792and monthly
793.Pq Va monthly_status_security_enable
794periodic hooks.
795The
796.Va ..._period
797of each script can be configured as
798.Dq daily ,
799.Dq weekly ,
800.Dq monthly
801or
802.Dq NO .
803Note that when periodic security scripts are run from
804.Xr crontab 5 ,
805they will be always run unless their
806.Va ..._enable
807or
808.Va ..._period
809variable is set to
810.Dq NO .
811.Bl -tag -offset 4n -width 2n
812.It Va security_status_diff_flags
813.Pq Vt str
814Set to the arguments to pass to the
815.Xr diff 1
816utility when generating differences.
817The default is
818.Fl b
819.Fl U Cm 0 .
820.It Va security_status_chksetuid_enable
821.Pq Vt bool
822Set to
823.Dq Li YES
824to compare the modes and modification times of setuid executables with
825the previous day's values.
826.It Va security_status_chksetuid_period
827.Pq Vt str
828Set to either
829.Dq Li daily ,
830.Dq Li weekly ,
831.Dq Li monthly
832or
833.Dq Li NO .
834.It Va security_status_chkportsum_enable
835.Pq Vt bool
836Set to
837.Dq Li YES
838to verify checksums of all installed packages against the known checksums in
839.Pa /var/db/pkg .
840.It Va security_status_chkportsum_period
841.Pq Vt str
842Set to either
843.Dq Li daily ,
844.Dq Li weekly ,
845.Dq Li monthly
846or
847.Dq Li NO .
848.It Va security_status_neggrpperm_enable
849.Pq Vt bool
850Set to
851.Dq Li YES
852to check for files where the group of a file has less permissions than
853the world at large.
854When users are in more than 14 supplemental groups these negative
855permissions may not be enforced via NFS shares.
856.It Va security_status_neggrpperm_period
857.Pq Vt str
858Set to either
859.Dq Li daily ,
860.Dq Li weekly ,
861.Dq Li monthly
862or
863.Dq Li NO .
864.It Va security_status_chkmounts_enable
865.Pq Vt bool
866Set to
867.Dq Li YES
868to check for changes mounted file systems to the previous day's values.
869.It Va security_status_chkmounts_period
870.Pq Vt str
871Set to either
872.Dq Li daily ,
873.Dq Li weekly ,
874.Dq Li monthly
875or
876.Dq Li NO .
877.It Va security_status_noamd
878.Pq Vt bool
879Set to
880.Dq Li YES
881if you want to ignore
882.Xr amd 8
883mounts when comparing against yesterday's file system mounts in the
884.Va security_status_chkmounts_enable
885check.
886.It Va security_status_chkuid0_enable
887.Pq Vt bool
888Set to
889.Dq Li YES
890to check
891.Pa /etc/master.passwd
892for accounts with UID 0.
893.It Va security_status_chkuid0_period
894.Pq Vt str
895Set to either
896.Dq Li daily ,
897.Dq Li weekly ,
898.Dq Li monthly
899or
900.Dq Li NO .
901.It Va security_status_passwdless_enable
902.Pq Vt bool
903Set to
904.Dq Li YES
905to check
906.Pa /etc/master.passwd
907for accounts with empty passwords.
908.It Va security_status_passwdless_period
909.Pq Vt str
910Set to either
911.Dq Li daily ,
912.Dq Li weekly ,
913.Dq Li monthly
914or
915.Dq Li NO .
916.It Va security_status_logincheck_enable
917.Pq Vt bool
918Set to
919.Dq Li YES
920to check
921.Pa /etc/login.conf
922ownership, see
923.Xr login.conf 5
924for more information.
925.It Va security_status_logincheck_period
926.Pq Vt str
927Set to either
928.Dq Li daily ,
929.Dq Li weekly ,
930.Dq Li monthly
931or
932.Dq Li NO .
933.It Va security_status_ipfwdenied_enable
934.Pq Vt bool
935Set to
936.Dq Li YES
937to show log entries for packets denied by
938.Xr ipfw 8
939since yesterday's check.
940.It Va security_status_ipfwdenied_period
941.Pq Vt str
942Set to either
943.Dq Li daily ,
944.Dq Li weekly ,
945.Dq Li monthly
946or
947.Dq Li NO .
948.It Va security_status_ipfdenied_enable
949.Pq Vt bool
950Set to
951.Dq Li YES
952to show log entries for packets denied by
953.Xr ipf 8
954since yesterday's check.
955.It Va security_status_ipfdenied_period
956.Pq Vt str
957Set to either
958.Dq Li daily ,
959.Dq Li weekly ,
960.Dq Li monthly
961or
962.Dq Li NO .
963.It Va security_status_pfdenied_enable
964.Pq Vt bool
965Set to
966.Dq Li YES
967to show log entries for packets denied by
968.Xr pf 4
969since yesterday's check.
970.It Va security_status_pfdenied_additionalanchors
971.Pq Vt str
972Space-separated list of additional anchors whose denied packets log entries to
973show.
974The main ruleset (i.e., the empty-string anchor) and any
975.Xr blacklistd 8
976anchors, if present, are always shown.
977.It Va security_status_pfdenied_period
978.Pq Vt str
979Set to either
980.Dq Li daily ,
981.Dq Li weekly ,
982.Dq Li monthly
983or
984.Dq Li NO .
985.It Va security_status_ipfwlimit_enable
986.Pq Vt bool
987Set to
988.Dq Li YES
989to display
990.Xr ipfw 8
991rules that have reached their verbosity limit.
992.It Va security_status_ipfwlimit_period
993.Pq Vt str
994Set to either
995.Dq Li daily ,
996.Dq Li weekly ,
997.Dq Li monthly
998or
999.Dq Li NO .
1000.It Va security_status_kernelmsg_enable
1001.Pq Vt bool
1002Set to
1003.Dq Li YES
1004to show new
1005.Xr dmesg 8
1006entries since yesterday's check.
1007.It Va security_status_kernelmsg_period
1008.Pq Vt str
1009Set to either
1010.Dq Li daily ,
1011.Dq Li weekly ,
1012.Dq Li monthly
1013or
1014.Dq Li NO .
1015.It Va security_status_loginfail_enable
1016.Pq Vt bool
1017Set to
1018.Dq Li YES
1019to display failed logins from
1020.Pa /var/log/messages
1021in the previous day.
1022.It Va security_status_loginfail_period
1023.Pq Vt str
1024Set to either
1025.Dq Li daily ,
1026.Dq Li weekly ,
1027.Dq Li monthly
1028or
1029.Dq Li NO .
1030.It Va security_status_tcpwrap_enable
1031.Pq Vt bool
1032Set to
1033.Dq Li YES
1034to display connections denied by tcpwrappers (see
1035.Xr hosts_access 5 )
1036from
1037.Pa /var/log/messages
1038during the previous day.
1039.It Va security_status_tcpwrap_period
1040.Pq Vt str
1041Set to either
1042.Dq Li daily ,
1043.Dq Li weekly ,
1044.Dq Li monthly
1045or
1046.Dq Li NO .
1047.El
1048.Sh FILES
1049.Bl -tag -width ".Pa /etc/defaults/periodic.conf"
1050.It Pa /etc/defaults/periodic.conf
1051The default configuration file.
1052This file contains all default variables and values.
1053.It Pa /etc/periodic.conf
1054The usual system specific variable override file.
1055.It Pa /etc/periodic.conf.local
1056An additional override file, useful when
1057.Pa /etc/periodic.conf
1058is shared or distributed.
1059.El
1060.Sh SEE ALSO
1061.Xr apropos 1 ,
1062.Xr calendar 1 ,
1063.Xr df 1 ,
1064.Xr diff 1 ,
1065.Xr gzip 1 ,
1066.Xr locate 1 ,
1067.Xr man 1 ,
1068.Xr msgs 1 ,
1069.Xr netstat 1 ,
1070.Xr nice 1 ,
1071.Xr login.conf 5 ,
1072.Xr rc.conf 5 ,
1073.Xr ac 8 ,
1074.Xr chkgrp 8 ,
1075.Xr dump 8 ,
1076.Xr newsyslog 8 ,
1077.Xr periodic 8 ,
1078.Xr pkg-version 8 ,
1079.Xr sendmail 8
1080.Sh HISTORY
1081The
1082.Nm
1083file appeared in
1084.Fx 4.1 .
1085.Sh AUTHORS
1086.An Brian Somers Aq Mt brian@Awfulhak.org
1087