1#!/bin/sh 2# 3# This is defaults/periodic.conf - a file full of useful variables that 4# you can set to change the default behaviour of periodic jobs on your 5# system. You should not edit this file! Put any overrides into one of the 6# $periodic_conf_files instead and you will be able to update these defaults 7# later without spamming your local configuration information. 8# 9# The $periodic_conf_files files should only contain values which override 10# values set in this file. This eases the upgrade path when defaults 11# are changed and new features are added. 12# 13# For a more detailed explanation of all the periodic.conf variables, please 14# refer to the periodic.conf(5) manual page. 15# 16# $FreeBSD$ 17# 18 19# What files override these defaults ? 20periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" 21 22# periodic script dirs 23local_periodic="/usr/local/etc/periodic" 24 25# Max time to sleep to avoid causing congestion on download servers 26anticongestion_sleeptime=3600 27 28# Daily options 29 30# These options are used by periodic(8) itself to determine what to do 31# with the output of the sub-programs that are run, and where to send 32# that output. $daily_output might be set to /var/log/daily.log if you 33# wish to log the daily output and have the files rotated by newsyslog(8) 34# 35daily_output="root" # user or /file 36daily_show_success="YES" # scripts returning 0 37daily_show_info="YES" # scripts returning 1 38daily_show_badconfig="NO" # scripts returning 2 39 40# 100.clean-disks 41daily_clean_disks_enable="NO" # Delete files daily 42daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" 43daily_clean_disks_days=3 # If older than this 44daily_clean_disks_verbose="YES" # Mention files deleted 45 46# 110.clean-tmps 47daily_clean_tmps_enable="NO" # Delete stuff daily 48daily_clean_tmps_dirs="/tmp" # Delete under here 49daily_clean_tmps_days="3" # If not accessed for 50daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" 51daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" 52daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" 53 # Don't delete these 54daily_clean_tmps_verbose="YES" # Mention files deleted 55 56# 120.clean-preserve 57daily_clean_preserve_enable="YES" # Delete files daily 58daily_clean_preserve_days=7 # If not modified for 59daily_clean_preserve_verbose="YES" # Mention files deleted 60 61# 130.clean-msgs 62daily_clean_msgs_enable="YES" # Delete msgs daily 63daily_clean_msgs_days= # If not modified for 64 65# 140.clean-rwho 66daily_clean_rwho_enable="YES" # Delete rwho daily 67daily_clean_rwho_days=7 # If not modified for 68daily_clean_rwho_verbose="YES" # Mention files deleted 69 70# 150.clean-hoststat 71daily_clean_hoststat_enable="YES" # Purge sendmail host 72 # status cache daily 73 74# 200.backup-passwd 75daily_backup_passwd_enable="YES" # Backup passwd & group 76 77# 210.backup-aliases 78daily_backup_aliases_enable="YES" # Backup mail aliases 79 80# 221.backup-gpart 81if [ $(sysctl -n security.jail.jailed) = 0 ]; then 82 # Backup partition table/boot partition/MBR 83 daily_backup_gpart_enable="YES" 84else 85 daily_backup_gpart_enable="NO" 86fi 87daily_backup_gpart_verbose="NO" # Be verbose if new backup differs from the old one 88daily_backup_efi_enable="NO" # Backup EFI system partition (ESP) 89 90# 222.backup-gmirror 91daily_backup_gmirror_enable="NO" # Backup of gmirror info (i.e., output of `gmirror list`) 92daily_backup_gmirror_verbose="NO" # Log diff if new backup differs from the old one 93 94# 223.backup-zfs 95daily_backup_zfs_enable="NO" # Backup output from zpool/zfs list 96daily_backup_zfs_props_enable="NO" # Backup zpool/zfs filesystem properties 97daily_backup_zfs_get_flags="all" # flags passed to `zfs get` 98daily_backup_zfs_list_flags="" # flags passed to `zfs list` 99daily_backup_zpool_get_flags="all" # flags passed to `zpool get` 100daily_backup_zpool_list_flags="-v" # flags passed to `zpool list` 101daily_backup_zfs_verbose="NO" # Report diff between the old and new backups. 102 103# 300.calendar 104daily_calendar_enable="NO" # Run calendar -a 105 106# 310.accounting 107daily_accounting_enable="YES" # Rotate acct files 108daily_accounting_compress="NO" # Gzip rotated files 109daily_accounting_flags=-q # Flags to /usr/sbin/sa 110daily_accounting_save=3 # How many files to save 111 112# 400.status-disks 113daily_status_disks_enable="YES" # Check disk status 114daily_status_disks_df_flags="-l -h" # df(1) flags for check 115 116# 401.status-graid 117daily_status_graid_enable="NO" # Check graid(8) 118 119# 404.status-zfs 120daily_status_zfs_enable="NO" # Check ZFS 121daily_status_zfs_zpool_list_enable="YES" # List ZFS pools 122 123# 406.status-gmirror 124daily_status_gmirror_enable="NO" # Check gmirror(8) 125 126# 407.status-graid3 127daily_status_graid3_enable="NO" # Check graid3(8) 128 129# 408.status-gstripe 130daily_status_gstripe_enable="NO" # Check gstripe(8) 131 132# 409.status-gconcat 133daily_status_gconcat_enable="NO" # Check gconcat(8) 134 135# 410.status-mfi 136daily_status_mfi_enable="NO" # Check mfiutil(8) 137 138# 420.status-network 139daily_status_network_enable="YES" # Check network status 140daily_status_network_usedns="YES" # DNS lookups are ok 141daily_status_network_netstat_flags="-d -W" # netstat(1) flags 142 143# 430.status-uptime 144daily_status_uptime_enable="YES" # Check system uptime 145 146# 440.status-mailq 147daily_status_mailq_enable="YES" # Check mail status 148daily_status_mailq_shorten="NO" # Shorten output 149daily_status_include_submit_mailq="YES" # Also submit queue 150 151# 450.status-security 152daily_status_security_enable="YES" # Security check 153# See also "Security options" below for more options 154daily_status_security_inline="NO" # Run inline ? 155daily_status_security_output="root" # user or /file 156 157# 460.status-mail-rejects 158daily_status_mail_rejects_enable="YES" # Check mail rejects 159daily_status_mail_rejects_logs=3 # How many logs to check 160daily_status_mail_rejects_shorten="NO" # Shorten output 161 162# 480.leapfile-ntpd 163daily_ntpd_leapfile_enable="YES" # Fetch NTP leapfile 164 165# 480.status-ntpd 166daily_status_ntpd_enable="NO" # Check NTP status 167 168# 500.queuerun 169daily_queuerun_enable="YES" # Run mail queue 170daily_submit_queuerun="YES" # Also submit queue 171 172# 510.status-world-kernel 173daily_status_world_kernel="YES" # Check the running 174 # userland/kernel version 175 176# 800.scrub-zfs 177daily_scrub_zfs_enable="NO" 178daily_scrub_zfs_pools="" # empty string selects all pools 179daily_scrub_zfs_default_threshold="35" # days between scrubs 180#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold 181 182# 999.local 183daily_local="/etc/daily.local" # Local scripts 184 185 186# Weekly options 187 188# These options are used by periodic(8) itself to determine what to do 189# with the output of the sub-programs that are run, and where to send 190# that output. $weekly_output might be set to /var/log/weekly.log if you 191# wish to log the weekly output and have the files rotated by newsyslog(8) 192# 193weekly_output="root" # user or /file 194weekly_show_success="YES" # scripts returning 0 195weekly_show_info="YES" # scripts returning 1 196weekly_show_badconfig="NO" # scripts returning 2 197 198# 310.locate 199weekly_locate_enable="YES" # Update locate weekly 200 201# 320.whatis 202weekly_whatis_enable="YES" # Update whatis weekly 203 204# 340.noid 205weekly_noid_enable="NO" # Find unowned files 206weekly_noid_dirs="/" # Look here 207 208# 450.status-security 209weekly_status_security_enable="YES" # Security check 210# See also "Security options" above for more options 211weekly_status_security_inline="NO" # Run inline ? 212weekly_status_security_output="root" # user or /file 213 214# 999.local 215weekly_local="/etc/weekly.local" # Local scripts 216 217 218# Monthly options 219 220# These options are used by periodic(8) itself to determine what to do 221# with the output of the sub-programs that are run, and where to send 222# that output. $monthly_output might be set to /var/log/monthly.log if you 223# wish to log the monthly output and have the files rotated by newsyslog(8) 224# 225monthly_output="root" # user or /file 226monthly_show_success="YES" # scripts returning 0 227monthly_show_info="YES" # scripts returning 1 228monthly_show_badconfig="NO" # scripts returning 2 229 230# 200.accounting 231monthly_accounting_enable="YES" # Login accounting 232 233# 450.status-security 234monthly_status_security_enable="YES" # Security check 235# See also "Security options" above for more options 236monthly_status_security_inline="NO" # Run inline ? 237monthly_status_security_output="root" # user or /file 238 239# 999.local 240monthly_local="/etc/monthly.local" # Local scripts 241 242 243# Security options 244 245security_show_success="YES" # scripts returning 0 246security_show_info="YES" # scripts returning 1 247security_show_badconfig="NO" # scripts returning 2 248 249# These options are used by the security periodic(8) scripts spawned in 250# daily and weekly 450.status-security. 251security_status_logdir="/var/log" # Directory for logs 252security_status_diff_flags="-b -u" # flags for diff output 253 254# Each of the security_status_*_period options below can have one of the 255# following values: 256# - NO: do not run at all 257# - daily: only run during the daily security status 258# - weekly: only run during the weekly security status 259# - monthly: only run during the monthly security status 260# Note that if periodic security scripts are run from crontab(5) directly, 261# they will be run unless _enable or _period is set to "NO". 262 263# 100.chksetuid 264security_status_chksetuid_enable="YES" 265security_status_chksetuid_period="daily" 266 267# 110.neggrpperm 268security_status_neggrpperm_enable="YES" 269security_status_neggrpperm_period="daily" 270 271# 200.chkmounts 272security_status_chkmounts_enable="YES" 273security_status_chkmounts_period="daily" 274#security_status_chkmounts_ignore="^amd:" # Don't check matching 275 # FS types 276security_status_noamd="NO" # Don't check amd mounts 277 278# 300.chkuid0 279security_status_chkuid0_enable="YES" 280security_status_chkuid0_period="daily" 281 282# 400.passwdless 283security_status_passwdless_enable="YES" 284security_status_passwdless_period="daily" 285 286# 410.logincheck 287security_status_logincheck_enable="YES" 288security_status_logincheck_period="daily" 289 290# 500.ipfwdenied 291security_status_ipfwdenied_enable="YES" 292security_status_ipfwdenied_period="daily" 293 294# 510.ipfdenied 295security_status_ipfdenied_enable="YES" 296security_status_ipfdenied_period="daily" 297 298# 520.pfdenied 299security_status_pfdenied_enable="YES" 300security_status_pfdenied_period="daily" 301security_status_pfdenied_additionalanchors="" 302 303# 550.ipfwlimit 304security_status_ipfwlimit_enable="YES" 305security_status_ipfwlimit_period="daily" 306 307# 610.ipf6denied 308security_status_ipf6denied_enable="YES" 309security_status_ipf6denied_period="daily" 310 311# 700.kernelmsg 312security_status_kernelmsg_enable="YES" 313security_status_kernelmsg_period="daily" 314 315# 800.loginfail 316security_status_loginfail_enable="YES" 317security_status_loginfail_period="daily" 318 319# 900.tcpwrap 320security_status_tcpwrap_enable="YES" 321security_status_tcpwrap_period="daily" 322 323 324 325# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* 326# scripts to source defaults/periodic.conf overrides safely. 327 328if [ -z "${source_periodic_confs_defined}" ]; then 329 source_periodic_confs_defined=yes 330 331 # Sleep for a random amount of time in order to mitigate the thundering 332 # herd problem of multiple hosts running periodic simultaneously. 333 # Will not sleep when used interactively. 334 # Will sleep at most once per invocation of periodic 335 anticongestion() { 336 [ -n "$PERIODIC_IS_INTERACTIVE" ] && return 337 if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then 338 rm -f $PERIODIC_ANTICONGESTION_FILE 339 sleep `jot -r 1 0 ${anticongestion_sleeptime}` 340 fi 341 } 342 343 # Compatibility with old daily variable names. 344 # They can be removed in stable/11. 345 security_daily_compat_var() { 346 local var=$1 dailyvar value 347 348 dailyvar=daily_status_security${var#security_status} 349 periodvar=${var%enable}period 350 eval value=\"\$$dailyvar\" 351 [ -z "$value" ] && return 352 echo "Warning: Variable \$$dailyvar is deprecated," \ 353 "use \$$var instead." >&2 354 case "$value" in 355 [Yy][Ee][Ss]) 356 eval $var=YES 357 eval $periodvar=daily 358 ;; 359 *) 360 eval $var=\"$value\" 361 ;; 362 esac 363 } 364 365 check_yesno_period() { 366 local var="$1" periodvar value period 367 368 eval value=\"\$$var\" 369 case "$value" in 370 [Yy][Ee][Ss]) ;; 371 *) return 1 ;; 372 esac 373 374 periodvar=${var%enable}period 375 eval period=\"\$$periodvar\" 376 case "$PERIODIC" in 377 "security daily") 378 case "$period" in 379 [Dd][Aa][Ii][Ll][Yy]) return 0 ;; 380 *) return 1 ;; 381 esac 382 ;; 383 "security weekly") 384 case "$period" in 385 [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; 386 *) return 1 ;; 387 esac 388 ;; 389 "security monthly") 390 case "$period" in 391 [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; 392 *) return 1 ;; 393 esac 394 ;; 395 security) 396 # Run directly from crontab(5). 397 case "$period" in 398 [Nn][Oo]) return 1 ;; 399 *) return 0 ;; 400 esac 401 ;; 402 '') 403 # Script run manually. 404 return 0 405 ;; 406 *) 407 echo "ASSERTION FAILED: Unexpected value for" \ 408 "\$PERIODIC: '$PERIODIC'" >&2 409 exit 127 410 ;; 411 esac 412 } 413 414 source_periodic_confs() { 415 local i sourced_files 416 417 for i in ${periodic_conf_files}; do 418 case ${sourced_files} in 419 *:$i:*) 420 ;; 421 *) 422 sourced_files="${sourced_files}:$i:" 423 [ -r $i ] && . $i 424 ;; 425 esac 426 done 427 } 428fi 429