xref: /freebsd/usr.sbin/periodic/periodic.conf (revision b4af4f93c682e445bf159f0d1ec90b636296c946)
1#!/bin/sh
2#
3# This is defaults/periodic.conf - a file full of useful variables that
4# you can set to change the default behaviour of periodic jobs on your
5# system.  You should not edit this file!  Put any overrides into one of the
6# $periodic_conf_files instead and you will be able to update these defaults
7# later without spamming your local configuration information.
8#
9# The $periodic_conf_files files should only contain values which override
10# values set in this file.  This eases the upgrade path when defaults
11# are changed and new features are added.
12#
13# For a more detailed explanation of all the periodic.conf variables, please
14# refer to the periodic.conf(5) manual page.
15#
16# $FreeBSD$
17#
18
19# What files override these defaults ?
20periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
21
22# periodic script dirs
23local_periodic="/usr/local/etc/periodic"
24
25# Max time to sleep to avoid causing congestion on download servers
26anticongestion_sleeptime=3600
27
28# Daily options
29
30# These options are used by periodic(8) itself to determine what to do
31# with the output of the sub-programs that are run, and where to send
32# that output.  $daily_output might be set to /var/log/daily.log if you
33# wish to log the daily output and have the files rotated by newsyslog(8)
34#
35daily_output="root"					# user or /file
36daily_show_success="YES"				# scripts returning 0
37daily_show_info="YES"					# scripts returning 1
38daily_show_badconfig="NO"				# scripts returning 2
39
40# 100.clean-disks
41daily_clean_disks_enable="NO"				# Delete files daily
42daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
43daily_clean_disks_days=3				# If older than this
44daily_clean_disks_verbose="YES"				# Mention files deleted
45
46# 110.clean-tmps
47daily_clean_tmps_enable="NO"				# Delete stuff daily
48daily_clean_tmps_dirs="/tmp"				# Delete under here
49daily_clean_tmps_days="3"				# If not accessed for
50daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
51daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
52daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
53							# Don't delete these
54daily_clean_tmps_verbose="YES"				# Mention files deleted
55
56# 120.clean-preserve
57daily_clean_preserve_enable="YES"			# Delete files daily
58daily_clean_preserve_days=7				# If not modified for
59daily_clean_preserve_verbose="YES"			# Mention files deleted
60
61# 130.clean-msgs
62daily_clean_msgs_enable="YES"				# Delete msgs daily
63daily_clean_msgs_days=					# If not modified for
64
65# 140.clean-rwho
66daily_clean_rwho_enable="YES"				# Delete rwho daily
67daily_clean_rwho_days=7					# If not modified for
68daily_clean_rwho_verbose="YES"				# Mention files deleted
69
70# 150.clean-hoststat
71daily_clean_hoststat_enable="YES"			# Purge sendmail host
72							# status cache daily
73
74# 200.backup-passwd
75daily_backup_passwd_enable="YES"			# Backup passwd & group
76
77# 210.backup-aliases
78daily_backup_aliases_enable="YES"			# Backup mail aliases
79
80# 221.backup-gpart
81daily_backup_gpart_enable="YES"             		# Backup partition table/boot partition/MBR
82daily_backup_gpart_verbose="NO"             		# Be verbose if new backup differs from the new one
83daily_backup_efi_enable="NO"                		# Backup EFI system partition (ESP)
84
85# 300.calendar
86daily_calendar_enable="NO"				# Run calendar -a
87
88# 310.accounting
89daily_accounting_enable="YES"				# Rotate acct files
90daily_accounting_compress="NO"				# Gzip rotated files
91daily_accounting_flags=-q				# Flags to /usr/sbin/sa
92daily_accounting_save=3					# How many files to save
93
94# 330.news
95daily_news_expire_enable="YES"				# Run news.expire
96
97# 400.status-disks
98daily_status_disks_enable="YES"				# Check disk status
99daily_status_disks_df_flags="-l -h"			# df(1) flags for check
100
101# 401.status-graid
102daily_status_graid_enable="NO"				# Check graid(8)
103
104# 404.status-zfs
105daily_status_zfs_enable="NO"				# Check ZFS
106daily_status_zfs_zpool_list_enable="YES"		# List ZFS pools
107
108# 406.status-gmirror
109daily_status_gmirror_enable="NO"			# Check gmirror(8)
110
111# 407.status-graid3
112daily_status_graid3_enable="NO" 			# Check graid3(8)
113
114# 408.status-gstripe
115daily_status_gstripe_enable="NO"			# Check gstripe(8)
116
117# 409.status-gconcat
118daily_status_gconcat_enable="NO"			# Check gconcat(8)
119
120# 410.status-mfi
121daily_status_mfi_enable="NO"				# Check mfiutil(8)
122
123# 420.status-network
124daily_status_network_enable="YES"			# Check network status
125daily_status_network_usedns="YES"			# DNS lookups are ok
126daily_status_network_netstat_flags="-d"			# netstat(1) flags
127
128# 430.status-uptime
129daily_status_uptime_enable="YES"			# Check system uptime
130
131# 440.status-mailq
132daily_status_mailq_enable="YES"				# Check mail status
133daily_status_mailq_shorten="NO"				# Shorten output
134daily_status_include_submit_mailq="YES"			# Also submit queue
135
136# 450.status-security
137daily_status_security_enable="YES"			# Security check
138# See also "Security options" below for more options
139daily_status_security_inline="NO"			# Run inline ?
140daily_status_security_output="root"			# user or /file
141
142# 460.status-mail-rejects
143daily_status_mail_rejects_enable="YES"			# Check mail rejects
144daily_status_mail_rejects_logs=3			# How many logs to check
145daily_status_mail_rejects_shorten="NO"			# Shorten output
146
147# 480.leapfile-ntpd
148daily_ntpd_leapfile_enable="YES"			# Fetch NTP leapfile
149
150# 480.status-ntpd
151daily_status_ntpd_enable="NO"				# Check NTP status
152
153# 500.queuerun
154daily_queuerun_enable="YES"				# Run mail queue
155daily_submit_queuerun="YES"				# Also submit queue
156
157# 510.status-world-kernel
158daily_status_world_kernel="YES"				# Check the running
159							# userland/kernel version
160
161# 800.scrub-zfs
162daily_scrub_zfs_enable="NO"
163daily_scrub_zfs_pools=""			# empty string selects all pools
164daily_scrub_zfs_default_threshold="35"		# days between scrubs
165#daily_scrub_zfs_${poolname}_threshold="35"	# pool specific threshold
166
167# 999.local
168daily_local="/etc/daily.local"				# Local scripts
169
170
171# Weekly options
172
173# These options are used by periodic(8) itself to determine what to do
174# with the output of the sub-programs that are run, and where to send
175# that output.  $weekly_output might be set to /var/log/weekly.log if you
176# wish to log the weekly output and have the files rotated by newsyslog(8)
177#
178weekly_output="root"					# user or /file
179weekly_show_success="YES"				# scripts returning 0
180weekly_show_info="YES"					# scripts returning 1
181weekly_show_badconfig="NO"				# scripts returning 2
182
183# 310.locate
184weekly_locate_enable="YES"				# Update locate weekly
185
186# 320.whatis
187weekly_whatis_enable="YES"				# Update whatis weekly
188
189# 340.noid
190weekly_noid_enable="NO"					# Find unowned files
191weekly_noid_dirs="/"					# Look here
192
193# 450.status-security
194weekly_status_security_enable="YES"			# Security check
195# See also "Security options" above for more options
196weekly_status_security_inline="NO"			# Run inline ?
197weekly_status_security_output="root"			# user or /file
198
199# 999.local
200weekly_local="/etc/weekly.local"			# Local scripts
201
202
203# Monthly options
204
205# These options are used by periodic(8) itself to determine what to do
206# with the output of the sub-programs that are run, and where to send
207# that output.  $monthly_output might be set to /var/log/monthly.log if you
208# wish to log the monthly output and have the files rotated by newsyslog(8)
209#
210monthly_output="root"					# user or /file
211monthly_show_success="YES"				# scripts returning 0
212monthly_show_info="YES"					# scripts returning 1
213monthly_show_badconfig="NO"				# scripts returning 2
214
215# 200.accounting
216monthly_accounting_enable="YES"				# Login accounting
217
218# 450.status-security
219monthly_status_security_enable="YES"			# Security check
220# See also "Security options" above for more options
221monthly_status_security_inline="NO"			# Run inline ?
222monthly_status_security_output="root"			# user or /file
223
224# 999.local
225monthly_local="/etc/monthly.local"			# Local scripts
226
227
228# Security options
229
230security_show_success="YES"				# scripts returning 0
231security_show_info="YES"				# scripts returning 1
232security_show_badconfig="NO"				# scripts returning 2
233
234# These options are used by the security periodic(8) scripts spawned in
235# daily and weekly 450.status-security.
236security_status_logdir="/var/log"			# Directory for logs
237security_status_diff_flags="-b -u"			# flags for diff output
238
239# Each of the security_status_*_period options below can have one of the
240# following values:
241# - NO: do not run at all
242# - daily: only run during the daily security status
243# - weekly: only run during the weekly security status
244# - monthly: only run during the monthly security status
245# Note that if periodic security scripts are run from crontab(5) directly,
246# they will be run unless _enable or _period is set to "NO".
247
248# 100.chksetuid
249security_status_chksetuid_enable="YES"
250security_status_chksetuid_period="daily"
251
252# 110.neggrpperm
253security_status_neggrpperm_enable="YES"
254security_status_neggrpperm_period="daily"
255
256# 200.chkmounts
257security_status_chkmounts_enable="YES"
258security_status_chkmounts_period="daily"
259#security_status_chkmounts_ignore="^amd:"		# Don't check matching
260							# FS types
261security_status_noamd="NO"				# Don't check amd mounts
262
263# 300.chkuid0
264security_status_chkuid0_enable="YES"
265security_status_chkuid0_period="daily"
266
267# 400.passwdless
268security_status_passwdless_enable="YES"
269security_status_passwdless_period="daily"
270
271# 410.logincheck
272security_status_logincheck_enable="YES"
273security_status_logincheck_period="daily"
274
275# 500.ipfwdenied
276security_status_ipfwdenied_enable="YES"
277security_status_ipfwdenied_period="daily"
278
279# 510.ipfdenied
280security_status_ipfdenied_enable="YES"
281security_status_ipfdenied_period="daily"
282
283# 520.pfdenied
284security_status_pfdenied_enable="YES"
285security_status_pfdenied_period="daily"
286
287# 550.ipfwlimit
288security_status_ipfwlimit_enable="YES"
289security_status_ipfwlimit_period="daily"
290
291# 610.ipf6denied
292security_status_ipf6denied_enable="YES"
293security_status_ipf6denied_period="daily"
294
295# 700.kernelmsg
296security_status_kernelmsg_enable="YES"
297security_status_kernelmsg_period="daily"
298
299# 800.loginfail
300security_status_loginfail_enable="YES"
301security_status_loginfail_period="daily"
302
303# 900.tcpwrap
304security_status_tcpwrap_enable="YES"
305security_status_tcpwrap_period="daily"
306
307
308
309# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
310# scripts to source defaults/periodic.conf overrides safely.
311
312if [ -z "${source_periodic_confs_defined}" ]; then
313        source_periodic_confs_defined=yes
314
315	# Sleep for a random amount of time in order to mitigate the thundering
316	# herd problem of multiple hosts running periodic simultaneously.
317	# Will not sleep when used interactively.
318	# Will sleep at most once per invocation of periodic
319	anticongestion() {
320		[ -n "$PERIODIC_IS_INTERACTIVE" ] && return
321		if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
322			rm -f $PERIODIC_ANTICONGESTION_FILE
323			sleep `jot -r 1 0 ${anticongestion_sleeptime}`
324		fi
325	}
326
327	# Compatibility with old daily variable names.
328	# They can be removed in stable/11.
329	security_daily_compat_var() {
330		local var=$1 dailyvar value
331
332		dailyvar=daily_status_security${var#security_status}
333		periodvar=${var%enable}period
334		eval value=\"\$$dailyvar\"
335		[ -z "$value" ] && return
336		echo "Warning: Variable \$$dailyvar is deprecated," \
337		    "use \$$var instead." >&2
338		case "$value" in
339		[Yy][Ee][Ss])
340			eval $var=YES
341			eval $periodvar=daily
342			;;
343		*)
344			eval $var=\"$value\"
345			;;
346		esac
347	}
348
349	check_yesno_period() {
350		local var="$1" periodvar value period
351
352		eval value=\"\$$var\"
353		case "$value" in
354		[Yy][Ee][Ss]) ;;
355		*) return 1 ;;
356		esac
357
358		periodvar=${var%enable}period
359		eval period=\"\$$periodvar\"
360		case "$PERIODIC" in
361		"security daily")
362			case "$period" in
363			[Dd][Aa][Ii][Ll][Yy]) return 0 ;;
364			*) return 1 ;;
365			esac
366			;;
367		"security weekly")
368			case "$period" in
369			[Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
370			*) return 1 ;;
371			esac
372			;;
373		"security monthly")
374			case "$period" in
375			[Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
376			*) return 1 ;;
377			esac
378			;;
379		security)
380			# Run directly from crontab(5).
381			case "$period" in
382			[Nn][Oo]) return 1 ;;
383			*) return 0 ;;
384			esac
385			;;
386                '')
387                        # Script run manually.
388                        return 0
389                        ;;
390		*)
391			echo "ASSERTION FAILED: Unexpected value for" \
392			    "\$PERIODIC: '$PERIODIC'" >&2
393			exit 127
394			;;
395		esac
396	}
397
398        source_periodic_confs() {
399                local i sourced_files
400
401                for i in ${periodic_conf_files}; do
402                        case ${sourced_files} in
403                        *:$i:*)
404                                ;;
405                        *)
406                                sourced_files="${sourced_files}:$i:"
407                                [ -r $i ] && . $i
408                                ;;
409                        esac
410                done
411        }
412fi
413