xref: /freebsd/usr.sbin/periodic/periodic.conf (revision 22cf89c938886d14f5796fc49f9f020c23ea8eaf)
1#!/bin/sh
2#
3# This is defaults/periodic.conf - a file full of useful variables that
4# you can set to change the default behaviour of periodic jobs on your
5# system.  You should not edit this file!  Put any overrides into one of the
6# $periodic_conf_files instead and you will be able to update these defaults
7# later without spamming your local configuration information.
8#
9# The $periodic_conf_files files should only contain values which override
10# values set in this file.  This eases the upgrade path when defaults
11# are changed and new features are added.
12#
13# For a more detailed explanation of all the periodic.conf variables, please
14# refer to the periodic.conf(5) manual page.
15#
16#
17
18# What files override these defaults ?
19periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local ${_localbase}/etc/periodic.conf"
20
21# periodic script dirs. _localbase is being set in /usr/sbin/periodic
22local_periodic="${_localbase}/etc/periodic"
23
24# Max time to sleep to avoid causing congestion on download servers
25anticongestion_sleeptime=3600
26
27# Daily options
28
29# These options are used by periodic(8) itself to determine what to do
30# with the output of the sub-programs that are run, and where to send
31# that output.  $daily_output might be set to /var/log/daily.log if you
32# wish to log the daily output and have the files rotated by newsyslog(8)
33#
34daily_output="root"					# user or /file
35daily_show_success="YES"				# scripts returning 0
36daily_show_info="YES"					# scripts returning 1
37daily_show_badconfig="NO"				# scripts returning 2
38
39# 100.clean-disks
40daily_clean_disks_enable="NO"				# Delete files daily
41daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
42daily_clean_disks_days=3				# If older than this
43daily_clean_disks_verbose="YES"				# Mention files deleted
44
45# 110.clean-tmps
46daily_clean_tmps_enable="NO"				# Delete stuff daily
47daily_clean_tmps_dirs="/tmp"				# Delete under here
48daily_clean_tmps_days="3"				# If not accessed for
49daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
50daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
51daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
52							# Don't delete these
53daily_clean_tmps_verbose="YES"				# Mention files deleted
54
55# 120.clean-preserve
56daily_clean_preserve_enable="YES"			# Delete files daily
57daily_clean_preserve_days=7				# If not modified for
58daily_clean_preserve_verbose="YES"			# Mention files deleted
59
60# 130.clean-msgs
61daily_clean_msgs_enable="YES"				# Delete msgs daily
62daily_clean_msgs_days=					# If not modified for
63
64# 140.clean-rwho
65daily_clean_rwho_enable="YES"				# Delete rwho daily
66daily_clean_rwho_days=7					# If not modified for
67daily_clean_rwho_verbose="YES"				# Mention files deleted
68
69# 150.clean-hoststat
70daily_clean_hoststat_enable="YES"			# Purge sendmail host
71							# status cache daily
72
73# 200.backup-passwd
74daily_backup_passwd_enable="YES"			# Backup passwd & group
75
76# 210.backup-aliases
77daily_backup_aliases_enable="YES"			# Backup mail aliases
78
79# 221.backup-gpart
80if [ $(sysctl -n security.jail.jailed) = 0 ]; then
81        # Backup partition table/boot partition/MBR
82        daily_backup_gpart_enable="YES"
83else
84        daily_backup_gpart_enable="NO"
85fi
86daily_backup_gpart_verbose="NO"             		# Be verbose if new backup differs from the old one
87daily_backup_efi_enable="NO"                		# Backup EFI system partition (ESP)
88
89# 222.backup-gmirror
90daily_backup_gmirror_enable="NO"			# Backup of gmirror info (i.e., output of `gmirror list`)
91daily_backup_gmirror_verbose="NO"			# Log diff if new backup differs from the old one
92
93# 223.backup-zfs
94daily_backup_zfs_enable="NO"				# Backup output from zpool/zfs list
95daily_backup_zfs_props_enable="NO"			# Backup zpool/zfs filesystem properties
96daily_backup_zfs_get_flags="all"			# flags passed to `zfs get`
97daily_backup_zfs_list_flags=""				# flags passed to `zfs list`
98daily_backup_zpool_get_flags="all"			# flags passed to `zpool get`
99daily_backup_zpool_list_flags="-v"			# flags passed to `zpool list`
100daily_backup_zfs_verbose="NO"				# Report diff between the old and new backups.
101
102# 300.calendar
103daily_calendar_enable="NO"				# Run calendar -a
104
105# 310.accounting
106daily_accounting_enable="YES"				# Rotate acct files
107daily_accounting_compress="NO"				# Gzip rotated files
108daily_accounting_flags=-q				# Flags to /usr/sbin/sa
109daily_accounting_save=3					# How many files to save
110
111# 400.status-disks
112daily_status_disks_enable="YES"				# Check disk status
113daily_status_disks_df_flags="-l -h"			# df(1) flags for check
114
115# 401.status-graid
116daily_status_graid_enable="NO"				# Check graid(8)
117
118# 404.status-zfs
119daily_status_zfs_enable="NO"				# Check ZFS
120daily_status_zfs_zpool_list_enable="YES"		# List ZFS pools
121
122# 406.status-gmirror
123daily_status_gmirror_enable="NO"			# Check gmirror(8)
124
125# 407.status-graid3
126daily_status_graid3_enable="NO" 			# Check graid3(8)
127
128# 408.status-gstripe
129daily_status_gstripe_enable="NO"			# Check gstripe(8)
130
131# 409.status-gconcat
132daily_status_gconcat_enable="NO"			# Check gconcat(8)
133
134# 410.status-mfi
135daily_status_mfi_enable="NO"				# Check mfiutil(8)
136
137# 420.status-network
138daily_status_network_enable="YES"			# Check network status
139daily_status_network_usedns="YES"			# DNS lookups are ok
140daily_status_network_netstat_flags="-d -W"		# netstat(1) flags
141
142# 430.status-uptime
143daily_status_uptime_enable="YES"			# Check system uptime
144
145# 440.status-mailq
146daily_status_mailq_enable="YES"				# Check mail status
147daily_status_mailq_shorten="NO"				# Shorten output
148daily_status_include_submit_mailq="YES"			# Also submit queue
149
150# 450.status-security
151daily_status_security_enable="YES"			# Security check
152# See also "Security options" below for more options
153daily_status_security_inline="NO"			# Run inline ?
154daily_status_security_output="root"			# user or /file
155
156# 460.status-mail-rejects
157daily_status_mail_rejects_enable="YES"			# Check mail rejects
158daily_status_mail_rejects_logs=3			# How many logs to check
159daily_status_mail_rejects_shorten="NO"			# Shorten output
160
161# 480.leapfile-ntpd
162daily_ntpd_leapfile_enable="YES"			# Fetch NTP leapfile
163
164# 480.status-ntpd
165daily_status_ntpd_enable="NO"				# Check NTP status
166
167# 500.queuerun
168daily_queuerun_enable="YES"				# Run mail queue
169daily_submit_queuerun="YES"				# Also submit queue
170
171# 510.status-world-kernel
172daily_status_world_kernel="YES"				# Check the running
173							# userland/kernel version
174
175# 800.scrub-zfs
176daily_scrub_zfs_enable="NO"
177daily_scrub_zfs_pools=""			# empty string selects all pools
178daily_scrub_zfs_default_threshold="35"		# days between scrubs
179#daily_scrub_zfs_${poolname}_threshold="35"	# pool specific threshold
180
181# 999.local
182daily_local="/etc/daily.local"				# Local scripts
183
184
185# Weekly options
186
187# These options are used by periodic(8) itself to determine what to do
188# with the output of the sub-programs that are run, and where to send
189# that output.  $weekly_output might be set to /var/log/weekly.log if you
190# wish to log the weekly output and have the files rotated by newsyslog(8)
191#
192weekly_output="root"					# user or /file
193weekly_show_success="YES"				# scripts returning 0
194weekly_show_info="YES"					# scripts returning 1
195weekly_show_badconfig="NO"				# scripts returning 2
196
197# 310.locate
198weekly_locate_enable="YES"				# Update locate weekly
199
200# 320.whatis
201weekly_whatis_enable="YES"				# Update whatis weekly
202
203# 340.noid
204weekly_noid_enable="NO"					# Find unowned files
205weekly_noid_dirs="/"					# Look here
206
207# 450.status-security
208weekly_status_security_enable="YES"			# Security check
209# See also "Security options" above for more options
210weekly_status_security_inline="NO"			# Run inline ?
211weekly_status_security_output="root"			# user or /file
212
213# 999.local
214weekly_local="/etc/weekly.local"			# Local scripts
215
216
217# Monthly options
218
219# These options are used by periodic(8) itself to determine what to do
220# with the output of the sub-programs that are run, and where to send
221# that output.  $monthly_output might be set to /var/log/monthly.log if you
222# wish to log the monthly output and have the files rotated by newsyslog(8)
223#
224monthly_output="root"					# user or /file
225monthly_show_success="YES"				# scripts returning 0
226monthly_show_info="YES"					# scripts returning 1
227monthly_show_badconfig="NO"				# scripts returning 2
228
229# 200.accounting
230monthly_accounting_enable="YES"				# Login accounting
231
232# 450.status-security
233monthly_status_security_enable="YES"			# Security check
234# See also "Security options" above for more options
235monthly_status_security_inline="NO"			# Run inline ?
236monthly_status_security_output="root"			# user or /file
237
238# 999.local
239monthly_local="/etc/monthly.local"			# Local scripts
240
241
242# Security options
243
244security_show_success="YES"				# scripts returning 0
245security_show_info="YES"				# scripts returning 1
246security_show_badconfig="NO"				# scripts returning 2
247
248# These options are used by the security periodic(8) scripts spawned in
249# daily and weekly 450.status-security.
250security_status_logdir="/var/log"			# Directory for logs
251security_status_diff_flags="-b -u"			# flags for diff output
252
253# Each of the security_status_*_period options below can have one of the
254# following values:
255# - NO: do not run at all
256# - daily: only run during the daily security status
257# - weekly: only run during the weekly security status
258# - monthly: only run during the monthly security status
259# Note that if periodic security scripts are run from crontab(5) directly,
260# they will be run unless _enable or _period is set to "NO".
261
262# 100.chksetuid
263security_status_chksetuid_enable="YES"
264security_status_chksetuid_period="daily"
265
266# 110.neggrpperm
267security_status_neggrpperm_enable="YES"
268security_status_neggrpperm_period="daily"
269
270# 200.chkmounts
271security_status_chkmounts_enable="YES"
272security_status_chkmounts_period="daily"
273#security_status_chkmounts_ignore="^amd:"		# Don't check matching
274							# FS types
275security_status_noamd="NO"				# Don't check amd mounts
276
277# 300.chkuid0
278security_status_chkuid0_enable="YES"
279security_status_chkuid0_period="daily"
280
281# 400.passwdless
282security_status_passwdless_enable="YES"
283security_status_passwdless_period="daily"
284
285# 410.logincheck
286security_status_logincheck_enable="YES"
287security_status_logincheck_period="daily"
288
289# 500.ipfwdenied
290security_status_ipfwdenied_enable="YES"
291security_status_ipfwdenied_period="daily"
292
293# 510.ipfdenied
294security_status_ipfdenied_enable="YES"
295security_status_ipfdenied_period="daily"
296
297# 520.pfdenied
298security_status_pfdenied_enable="YES"
299security_status_pfdenied_period="daily"
300security_status_pfdenied_additionalanchors=""
301
302# 550.ipfwlimit
303security_status_ipfwlimit_enable="YES"
304security_status_ipfwlimit_period="daily"
305
306# 610.ipf6denied
307security_status_ipf6denied_enable="YES"
308security_status_ipf6denied_period="daily"
309
310# 700.kernelmsg
311security_status_kernelmsg_enable="YES"
312security_status_kernelmsg_period="daily"
313
314# 800.loginfail
315security_status_loginfail_enable="YES"
316security_status_loginfail_period="daily"
317
318# 900.tcpwrap
319security_status_tcpwrap_enable="YES"
320security_status_tcpwrap_period="daily"
321
322
323
324# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
325# scripts to source defaults/periodic.conf overrides safely.
326
327if [ -z "${source_periodic_confs_defined}" ]; then
328        source_periodic_confs_defined=yes
329
330	# Sleep for a random amount of time in order to mitigate the thundering
331	# herd problem of multiple hosts running periodic simultaneously.
332	# Will not sleep when used interactively.
333	# Will sleep at most once per invocation of periodic
334	anticongestion() {
335		[ -n "$PERIODIC_IS_INTERACTIVE" ] && return
336		if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
337			rm -f $PERIODIC_ANTICONGESTION_FILE
338			sleep `jot -r 1 0 ${anticongestion_sleeptime}`
339		fi
340	}
341
342	# Compatibility with old daily variable names.
343	# They can be removed in stable/11.
344	security_daily_compat_var() {
345		local var=$1 dailyvar value
346
347		dailyvar=daily_status_security${var#security_status}
348		periodvar=${var%enable}period
349		eval value=\"\$$dailyvar\"
350		[ -z "$value" ] && return
351		echo "Warning: Variable \$$dailyvar is deprecated," \
352		    "use \$$var instead." >&2
353		case "$value" in
354		[Yy][Ee][Ss])
355			eval $var=YES
356			eval $periodvar=daily
357			;;
358		*)
359			eval $var=\"$value\"
360			;;
361		esac
362	}
363
364	check_yesno_period() {
365		local var="$1" periodvar value period
366
367		eval value=\"\$$var\"
368		case "$value" in
369		[Yy][Ee][Ss]) ;;
370		*) return 1 ;;
371		esac
372
373		periodvar=${var%enable}period
374		eval period=\"\$$periodvar\"
375		case "$PERIODIC" in
376		"security daily")
377			case "$period" in
378			[Dd][Aa][Ii][Ll][Yy]) return 0 ;;
379			*) return 1 ;;
380			esac
381			;;
382		"security weekly")
383			case "$period" in
384			[Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
385			*) return 1 ;;
386			esac
387			;;
388		"security monthly")
389			case "$period" in
390			[Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
391			*) return 1 ;;
392			esac
393			;;
394		security)
395			# Run directly from crontab(5).
396			case "$period" in
397			[Nn][Oo]) return 1 ;;
398			*) return 0 ;;
399			esac
400			;;
401                '')
402                        # Script run manually.
403                        return 0
404                        ;;
405		*)
406			echo "ASSERTION FAILED: Unexpected value for" \
407			    "\$PERIODIC: '$PERIODIC'" >&2
408			exit 127
409			;;
410		esac
411	}
412
413        source_periodic_confs() {
414                local i sourced_files
415
416                for i in ${periodic_conf_files}; do
417                        case ${sourced_files} in
418                        *:$i:*)
419                                ;;
420                        *)
421                                sourced_files="${sourced_files}:$i:"
422                                [ -r $i ] && . $i
423                                ;;
424                        esac
425                done
426        }
427fi
428