1#!/bin/sh 2# 3# This is defaults/periodic.conf - a file full of useful variables that 4# you can set to change the default behaviour of periodic jobs on your 5# system. You should not edit this file! Put any overrides into one of the 6# $periodic_conf_files instead and you will be able to update these defaults 7# later without spamming your local configuration information. 8# 9# The $periodic_conf_files files should only contain values which override 10# values set in this file. This eases the upgrade path when defaults 11# are changed and new features are added. 12# 13# For a more detailed explanation of all the periodic.conf variables, please 14# refer to the periodic.conf(5) manual page. 15# 16# $FreeBSD: head/etc/defaults/periodic.conf 324738 2017-10-19 03:17:50Z cy $ 17# 18 19# What files override these defaults ? 20periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" 21 22# periodic script dirs 23local_periodic="/usr/local/etc/periodic" 24 25# Max time to sleep to avoid causing congestion on download servers 26anticongestion_sleeptime=3600 27 28# Daily options 29 30# These options are used by periodic(8) itself to determine what to do 31# with the output of the sub-programs that are run, and where to send 32# that output. $daily_output might be set to /var/log/daily.log if you 33# wish to log the daily output and have the files rotated by newsyslog(8) 34# 35daily_output="root" # user or /file 36daily_show_success="YES" # scripts returning 0 37daily_show_info="YES" # scripts returning 1 38daily_show_badconfig="NO" # scripts returning 2 39 40# 100.clean-disks 41daily_clean_disks_enable="NO" # Delete files daily 42daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" 43daily_clean_disks_days=3 # If older than this 44daily_clean_disks_verbose="YES" # Mention files deleted 45 46# 110.clean-tmps 47daily_clean_tmps_enable="NO" # Delete stuff daily 48daily_clean_tmps_dirs="/tmp" # Delete under here 49daily_clean_tmps_days="3" # If not accessed for 50daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" 51daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" 52daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" 53 # Don't delete these 54daily_clean_tmps_verbose="YES" # Mention files deleted 55 56# 120.clean-preserve 57daily_clean_preserve_enable="YES" # Delete files daily 58daily_clean_preserve_days=7 # If not modified for 59daily_clean_preserve_verbose="YES" # Mention files deleted 60 61# 130.clean-msgs 62daily_clean_msgs_enable="YES" # Delete msgs daily 63daily_clean_msgs_days= # If not modified for 64 65# 140.clean-rwho 66daily_clean_rwho_enable="YES" # Delete rwho daily 67daily_clean_rwho_days=7 # If not modified for 68daily_clean_rwho_verbose="YES" # Mention files deleted 69 70# 150.clean-hoststat 71daily_clean_hoststat_enable="YES" # Purge sendmail host 72 # status cache daily 73 74# 160.clean-hammer 75daily_clean_hammer_enable="YES" # HAMMER maintenance 76daily_clean_hammer_verbose="NO" # Be verbose 77daily_clean_hammer_pfslist="" # default: mounted pfs 78 79# 161.clean-hammer2 80daily_clean_hammer2_enable="YES" # HAMMER2 maintenance 81daily_clean_hammer2_verbose="NO" # Be verbose 82daily_clean_hammer2_pfslist="" # default: all mounted 83 84# 200.backup-passwd 85daily_backup_passwd_enable="YES" # Backup passwd & group 86 87# 210.backup-aliases 88daily_backup_aliases_enable="YES" # Backup mail aliases 89 90# 220.snapshot-hammer2 91daily_snapshot_hammer2_enable="NO" # HAMMER2 snapshots 92daily_snapshot_hammer2_tag="daily" # snapshot tag 93daily_snapshot_hammer2_keep="auto" # snapshots history 94daily_snapshot_hammer2_dirs="auto" # directories to snap 95daily_snapshot_hammer2_capacity=90 # space usage threshold 96weekly_snapshot_hammer2_enable="NO" 97weekly_snapshot_hammer2_tag="weekly" 98weekly_snapshot_hammer2_keep="auto" 99weekly_snapshot_hammer2_dirs="auto" 100weekly_snapshot_hammer2_capacity=90 101monthly_snapshot_hammer2_enable="NO" 102monthly_snapshot_hammer2_tag="monthly" 103monthly_snapshot_hammer2_keep="auto" 104monthly_snapshot_hammer2_dirs="auto" 105monthly_snapshot_hammer2_capacity=90 106 107# 300.calendar 108daily_calendar_enable="NO" # Run calendar -a 109 110# 310.accounting 111daily_accounting_enable="YES" # Rotate acct files 112daily_accounting_compress="NO" # Gzip rotated files 113daily_accounting_flags=-q # Flags to /usr/sbin/sa 114daily_accounting_save=3 # How many files to save 115 116# 330.news 117daily_news_expire_enable="YES" # Run news.expire 118 119# 400.status-disks 120daily_status_disks_enable="YES" # Check disk status 121daily_status_disks_df_flags="-l -h" # df(1) flags for check 122 123# 410.status-mfi 124daily_status_mfi_enable="NO" # Check mfiutil(8) 125 126# 420.status-network 127daily_status_network_enable="YES" # Check network status 128daily_status_network_usedns="YES" # DNS lookups are ok 129daily_status_network_netstat_flags="-d" # netstat(1) flags 130 131# 430.status-uptime 132daily_status_uptime_enable="YES" # Check system uptime 133 134# 440.status-mailq 135daily_status_mailq_enable="YES" # Check mail status 136daily_status_mailq_shorten="NO" # Shorten output 137daily_status_include_submit_mailq="YES" # Also submit queue 138 139# 450.status-security 140daily_status_security_enable="YES" # Security check 141# See also "Security options" below for more options 142daily_status_security_inline="NO" # Run inline ? 143daily_status_security_output="root" # user or /file 144 145# 460.status-mail-rejects 146daily_status_mail_rejects_enable="YES" # Check mail rejects 147daily_status_mail_rejects_logs=3 # How many logs to check 148daily_status_mail_rejects_shorten="NO" # Shorten output 149 150# 500.queuerun 151daily_queuerun_enable="YES" # Run mail queue 152daily_submit_queuerun="YES" # Also submit queue 153 154# 999.local 155daily_local="/etc/daily.local" # Local scripts 156 157 158# Weekly options 159 160# These options are used by periodic(8) itself to determine what to do 161# with the output of the sub-programs that are run, and where to send 162# that output. $weekly_output might be set to /var/log/weekly.log if you 163# wish to log the weekly output and have the files rotated by newsyslog(8) 164# 165weekly_output="root" # user or /file 166weekly_show_success="YES" # scripts returning 0 167weekly_show_info="YES" # scripts returning 1 168weekly_show_badconfig="NO" # scripts returning 2 169 170# 310.locate 171weekly_locate_enable="YES" # Update locate weekly 172 173# 320.whatis 174weekly_whatis_enable="YES" # Update whatis weekly 175 176# 340.noid 177weekly_noid_enable="NO" # Find unowned files 178weekly_noid_dirs="/" # Look here 179 180# 450.status-security 181weekly_status_security_enable="YES" # Security check 182# See also "Security options" below for more options 183weekly_status_security_inline="NO" # Run inline ? 184weekly_status_security_output="root" # user or /file 185 186# 999.local 187weekly_local="/etc/weekly.local" # Local scripts 188 189 190# Monthly options 191 192# These options are used by periodic(8) itself to determine what to do 193# with the output of the sub-programs that are run, and where to send 194# that output. $monthly_output might be set to /var/log/monthly.log if you 195# wish to log the monthly output and have the files rotated by newsyslog(8) 196# 197monthly_output="root" # user or /file 198monthly_show_success="YES" # scripts returning 0 199monthly_show_info="YES" # scripts returning 1 200monthly_show_badconfig="NO" # scripts returning 2 201 202# 200.accounting 203monthly_accounting_enable="YES" # Login accounting 204 205# 450.status-security 206monthly_status_security_enable="YES" # Security check 207# See also "Security options" below for more options 208monthly_status_security_inline="NO" # Run inline ? 209monthly_status_security_output="root" # user or /file 210 211# 999.local 212monthly_local="/etc/monthly.local" # Local scripts 213 214 215# Security options 216 217security_show_success="YES" # scripts returning 0 218security_show_info="YES" # scripts returning 1 219security_show_badconfig="NO" # scripts returning 2 220 221# These options are used by the security periodic(8) scripts spawned in 222# daily and weekly 450.status-security. 223security_status_logdir="/var/log" # Directory for logs 224security_status_diff_flags="-b -u" # flags for diff output 225 226# Each of the security_status_*_period options below can have one of the 227# following values: 228# - NO: do not run at all 229# - daily: only run during the daily security status 230# - weekly: only run during the weekly security status 231# - monthly: only run during the monthly security status 232# Note that if periodic security scripts are run from crontab(5) directly, 233# they will be run unless _enable or _period is set to "NO". 234 235# 100.chksetuid 236security_status_chksetuid_enable="YES" 237security_status_chksetuid_period="daily" 238 239# 110.neggrpperm 240security_status_neggrpperm_enable="YES" 241security_status_neggrpperm_period="daily" 242 243# 200.chkmounts 244security_status_chkmounts_enable="YES" 245security_status_chkmounts_period="daily" 246#security_status_chkmounts_ignore="^mfs:" # Don't check matching 247 # FS types 248security_status_nomfs="NO" # Don't check mfs mounts 249 250# 300.chkuid0 251security_status_chkuid0_enable="YES" 252security_status_chkuid0_period="daily" 253 254# 400.passwdless 255security_status_passwdless_enable="YES" 256security_status_passwdless_period="daily" 257 258# 410.logincheck 259security_status_logincheck_enable="YES" 260security_status_logincheck_period="daily" 261 262# 500.ipfwdenied 263security_status_ipfwdenied_enable="YES" 264security_status_ipfwdenied_period="daily" 265 266# 520.pfdenied 267security_status_pfdenied_enable="YES" 268security_status_pfdenied_period="daily" 269 270# 550.ipfwlimit 271security_status_ipfwlimit_enable="YES" 272security_status_ipfwlimit_period="daily" 273 274# 600.ip6fwdenied 275security_status_ip6fwdenied_enable="YES" 276security_status_ip6fwdenied_period="daily" 277 278# 650.ip6fwlimit 279security_status_ip6fwlimit_enable="YES" 280security_status_ip6fwlimit_period="daily" 281 282# 700.kernelmsg 283security_status_kernelmsg_enable="YES" 284security_status_kernelmsg_period="daily" 285 286# 800.loginfail 287security_status_loginfail_enable="YES" 288security_status_loginfail_period="daily" 289 290# 900.tcpwrap 291security_status_tcpwrap_enable="YES" 292security_status_tcpwrap_period="daily" 293 294 295 296# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* 297# scripts to source defaults/periodic.conf overrides safely. 298 299if [ -z "${source_periodic_confs_defined}" ]; then 300 source_periodic_confs_defined=yes 301 source_periodic_confs() { 302 local i sourced_files 303 304 for i in ${periodic_conf_files}; do 305 case ${sourced_files} in 306 *:$i:*) 307 ;; 308 *) 309 sourced_files="${sourced_files}:$i:" 310 [ -r $i ] && . $i 311 ;; 312 esac 313 done 314 } 315 316 # Sleep for a random amount of time in order to mitigate the thundering 317 # herd problem of multiple hosts running periodic simultaneously. 318 # Will not sleep when used interactively. 319 # Will sleep at most once per invocation of periodic 320 anticongestion() { 321 [ -n "$PERIODIC_IS_INTERACTIVE" ] && return 322 if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then 323 rm -f $PERIODIC_ANTICONGESTION_FILE 324 sleep `jot -r 1 0 ${anticongestion_sleeptime}` 325 fi 326 } 327 328 # Compatibility with old daily variable names. 329 # They can be removed in stable/11. 330 security_daily_compat_var() { 331 local var=$1 dailyvar value 332 333 dailyvar=daily_status_security${var#security_status} 334 periodvar=${var%enable}period 335 eval value=\"\$$dailyvar\" 336 [ -z "$value" ] && return 337 echo "Warning: Variable \$$dailyvar is deprecated," \ 338 "use \$$var instead." >&2 339 case "$value" in 340 [Yy][Ee][Ss]) 341 eval $var=YES 342 eval $periodvar=daily 343 ;; 344 *) 345 eval $var=\"$value\" 346 ;; 347 esac 348 } 349 350 check_yesno_period() { 351 local var="$1" periodvar value period 352 353 eval value=\"\$$var\" 354 case "$value" in 355 [Yy][Ee][Ss]) ;; 356 *) return 1 ;; 357 esac 358 359 periodvar=${var%enable}period 360 eval period=\"\$$periodvar\" 361 case "$PERIODIC" in 362 "security daily") 363 case "$period" in 364 [Dd][Aa][Ii][Ll][Yy]) return 0 ;; 365 *) return 1 ;; 366 esac 367 ;; 368 "security weekly") 369 case "$period" in 370 [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; 371 *) return 1 ;; 372 esac 373 ;; 374 "security monthly") 375 case "$period" in 376 [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; 377 *) return 1 ;; 378 esac 379 ;; 380 security) 381 # Run directly from crontab(5). 382 case "$period" in 383 [Nn][Oo]) return 1 ;; 384 *) return 0 ;; 385 esac 386 ;; 387 '') 388 # Script run manually. 389 return 0 390 ;; 391 *) 392 echo "ASSERTION FAILED: Unexpected value for" \ 393 "\$PERIODIC: '$PERIODIC'" >&2 394 exit 127 395 ;; 396 esac 397 } 398fi 399