xref: /dragonfly/etc/defaults/periodic.conf (revision 52a88097) 
1#!/bin/sh
2#
3# This is defaults/periodic.conf - a file full of useful variables that
4# you can set to change the default behaviour of periodic jobs on your
5# system.  You should not edit this file!  Put any overrides into one of the
6# $periodic_conf_files instead and you will be able to update these defaults
7# later without spamming your local configuration information.
8#
9# The $periodic_conf_files files should only contain values which override
10# values set in this file.  This eases the upgrade path when defaults
11# are changed and new features are added.
12#
13# For a more detailed explanation of all the periodic.conf variables, please
14# refer to the periodic.conf(5) manual page.
15#
16# $FreeBSD: head/etc/defaults/periodic.conf 324738 2017-10-19 03:17:50Z cy $
17#
18
19# What files override these defaults ?
20periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
21
22# periodic script dirs
23local_periodic="/usr/local/etc/periodic"
24
25# Max time to sleep to avoid causing congestion on download servers
26anticongestion_sleeptime=3600
27
28# Daily options
29
30# These options are used by periodic(8) itself to determine what to do
31# with the output of the sub-programs that are run, and where to send
32# that output.  $daily_output might be set to /var/log/daily.log if you
33# wish to log the daily output and have the files rotated by newsyslog(8)
34#
35daily_output="root"					# user or /file
36daily_show_success="YES"				# scripts returning 0
37daily_show_info="YES"					# scripts returning 1
38daily_show_badconfig="NO"				# scripts returning 2
39
40# 100.clean-disks
41daily_clean_disks_enable="NO"				# Delete files daily
42daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
43daily_clean_disks_days=3				# If older than this
44daily_clean_disks_verbose="YES"				# Mention files deleted
45
46# 110.clean-tmps
47daily_clean_tmps_enable="NO"				# Delete stuff daily
48daily_clean_tmps_dirs="/tmp"				# Delete under here
49daily_clean_tmps_days="3"				# If not accessed for
50daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
51daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
52daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
53							# Don't delete these
54daily_clean_tmps_verbose="YES"				# Mention files deleted
55
56# 120.clean-preserve
57daily_clean_preserve_enable="YES"			# Delete files daily
58daily_clean_preserve_days=7				# If not modified for
59daily_clean_preserve_verbose="YES"			# Mention files deleted
60
61# 130.clean-msgs
62daily_clean_msgs_enable="YES"				# Delete msgs daily
63daily_clean_msgs_days=					# If not modified for
64
65# 140.clean-rwho
66daily_clean_rwho_enable="YES"				# Delete rwho daily
67daily_clean_rwho_days=7					# If not modified for
68daily_clean_rwho_verbose="YES"				# Mention files deleted
69
70# 150.clean-hoststat
71daily_clean_hoststat_enable="YES"			# Purge sendmail host
72							# status cache daily
73
74# 160.clean-hammer
75daily_clean_hammer_enable="YES"				# HAMMER maintenance
76daily_clean_hammer_verbose="NO"				# Be verbose
77daily_clean_hammer_pfslist=""				# default: mounted pfs
78
79# 161.clean-hammer2
80daily_clean_hammer2_enable="YES"			# HAMMER2 maintenance
81daily_clean_hammer2_verbose="NO"			# Be verbose
82daily_clean_hammer2_pfslist=""				# default: all mounted
83
84# 200.backup-passwd
85daily_backup_passwd_enable="YES"			# Backup passwd & group
86
87# 210.backup-aliases
88daily_backup_aliases_enable="YES"			# Backup mail aliases
89
90# 220.snapshot-hammer2
91daily_snapshot_hammer2_enable="NO"			# HAMMER2 snapshots
92daily_snapshot_hammer2_tag="daily"			# snapshot tag
93daily_snapshot_hammer2_keep="auto"			# snapshots history
94daily_snapshot_hammer2_dirs="auto"			# directories to snap
95daily_snapshot_hammer2_capacity=90			# space usage threshold
96weekly_snapshot_hammer2_enable="NO"
97weekly_snapshot_hammer2_tag="weekly"
98weekly_snapshot_hammer2_keep="auto"
99weekly_snapshot_hammer2_dirs="auto"
100weekly_snapshot_hammer2_capacity=90
101monthly_snapshot_hammer2_enable="NO"
102monthly_snapshot_hammer2_tag="monthly"
103monthly_snapshot_hammer2_keep="auto"
104monthly_snapshot_hammer2_dirs="auto"
105monthly_snapshot_hammer2_capacity=90
106
107# 300.calendar
108daily_calendar_enable="NO"				# Run calendar -a
109
110# 310.accounting
111daily_accounting_enable="YES"				# Rotate acct files
112daily_accounting_compress="NO"				# Gzip rotated files
113daily_accounting_flags=-q				# Flags to /usr/sbin/sa
114daily_accounting_save=3					# How many files to save
115
116# 330.news
117daily_news_expire_enable="YES"				# Run news.expire
118
119# 400.status-disks
120daily_status_disks_enable="YES"				# Check disk status
121daily_status_disks_df_flags="-l -h"			# df(1) flags for check
122
123# 410.status-mfi
124daily_status_mfi_enable="NO"				# Check mfiutil(8)
125
126# 420.status-network
127daily_status_network_enable="YES"			# Check network status
128daily_status_network_usedns="YES"			# DNS lookups are ok
129daily_status_network_netstat_flags="-d"			# netstat(1) flags
130
131# 430.status-uptime
132daily_status_uptime_enable="YES"			# Check system uptime
133
134# 440.status-mailq
135daily_status_mailq_enable="YES"				# Check mail status
136daily_status_mailq_shorten="NO"				# Shorten output
137daily_status_include_submit_mailq="YES"			# Also submit queue
138
139# 450.status-security
140daily_status_security_enable="YES"			# Security check
141# See also "Security options" below for more options
142daily_status_security_inline="NO"			# Run inline ?
143daily_status_security_output="root"			# user or /file
144
145# 460.status-mail-rejects
146daily_status_mail_rejects_enable="YES"			# Check mail rejects
147daily_status_mail_rejects_logs=3			# How many logs to check
148daily_status_mail_rejects_shorten="NO"			# Shorten output
149
150# 500.queuerun
151daily_queuerun_enable="YES"				# Run mail queue
152daily_submit_queuerun="YES"				# Also submit queue
153
154# 999.local
155daily_local="/etc/daily.local"				# Local scripts
156
157
158# Weekly options
159
160# These options are used by periodic(8) itself to determine what to do
161# with the output of the sub-programs that are run, and where to send
162# that output.  $weekly_output might be set to /var/log/weekly.log if you
163# wish to log the weekly output and have the files rotated by newsyslog(8)
164#
165weekly_output="root"					# user or /file
166weekly_show_success="YES"				# scripts returning 0
167weekly_show_info="YES"					# scripts returning 1
168weekly_show_badconfig="NO"				# scripts returning 2
169
170# 310.locate
171weekly_locate_enable="YES"				# Update locate weekly
172
173# 320.whatis
174weekly_whatis_enable="YES"				# Update whatis weekly
175
176# 340.noid
177weekly_noid_enable="NO"					# Find unowned files
178weekly_noid_dirs="/"					# Look here
179
180# 450.status-security
181weekly_status_security_enable="YES"			# Security check
182# See also "Security options" below for more options
183weekly_status_security_inline="NO"			# Run inline ?
184weekly_status_security_output="root"			# user or /file
185
186# 999.local
187weekly_local="/etc/weekly.local"			# Local scripts
188
189
190# Monthly options
191
192# These options are used by periodic(8) itself to determine what to do
193# with the output of the sub-programs that are run, and where to send
194# that output.  $monthly_output might be set to /var/log/monthly.log if you
195# wish to log the monthly output and have the files rotated by newsyslog(8)
196#
197monthly_output="root"					# user or /file
198monthly_show_success="YES"				# scripts returning 0
199monthly_show_info="YES"					# scripts returning 1
200monthly_show_badconfig="NO"				# scripts returning 2
201
202# 200.accounting
203monthly_accounting_enable="YES"				# Login accounting
204
205# 450.status-security
206monthly_status_security_enable="YES"			# Security check
207# See also "Security options" below for more options
208monthly_status_security_inline="NO"			# Run inline ?
209monthly_status_security_output="root"			# user or /file
210
211# 999.local
212monthly_local="/etc/monthly.local"			# Local scripts
213
214
215# Security options
216
217security_show_success="YES"				# scripts returning 0
218security_show_info="YES"				# scripts returning 1
219security_show_badconfig="NO"				# scripts returning 2
220
221# These options are used by the security periodic(8) scripts spawned in
222# daily and weekly 450.status-security.
223security_status_logdir="/var/log"			# Directory for logs
224security_status_diff_flags="-b -u"			# flags for diff output
225
226# Each of the security_status_*_period options below can have one of the
227# following values:
228# - NO: do not run at all
229# - daily: only run during the daily security status
230# - weekly: only run during the weekly security status
231# - monthly: only run during the monthly security status
232# Note that if periodic security scripts are run from crontab(5) directly,
233# they will be run unless _enable or _period is set to "NO".
234
235# 100.chksetuid
236security_status_chksetuid_enable="YES"
237security_status_chksetuid_period="daily"
238
239# 110.neggrpperm
240security_status_neggrpperm_enable="YES"
241security_status_neggrpperm_period="daily"
242
243# 200.chkmounts
244security_status_chkmounts_enable="YES"
245security_status_chkmounts_period="daily"
246#security_status_chkmounts_ignore="^mfs:"		# Don't check matching
247							# FS types
248security_status_nomfs="NO"				# Don't check mfs mounts
249
250# 300.chkuid0
251security_status_chkuid0_enable="YES"
252security_status_chkuid0_period="daily"
253
254# 400.passwdless
255security_status_passwdless_enable="YES"
256security_status_passwdless_period="daily"
257
258# 410.logincheck
259security_status_logincheck_enable="YES"
260security_status_logincheck_period="daily"
261
262# 500.ipfwdenied
263security_status_ipfwdenied_enable="YES"
264security_status_ipfwdenied_period="daily"
265
266# 520.pfdenied
267security_status_pfdenied_enable="YES"
268security_status_pfdenied_period="daily"
269
270# 550.ipfwlimit
271security_status_ipfwlimit_enable="YES"
272security_status_ipfwlimit_period="daily"
273
274# 600.ip6fwdenied
275security_status_ip6fwdenied_enable="YES"
276security_status_ip6fwdenied_period="daily"
277
278# 650.ip6fwlimit
279security_status_ip6fwlimit_enable="YES"
280security_status_ip6fwlimit_period="daily"
281
282# 700.kernelmsg
283security_status_kernelmsg_enable="YES"
284security_status_kernelmsg_period="daily"
285
286# 800.loginfail
287security_status_loginfail_enable="YES"
288security_status_loginfail_period="daily"
289
290# 900.tcpwrap
291security_status_tcpwrap_enable="YES"
292security_status_tcpwrap_period="daily"
293
294
295
296# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
297# scripts to source defaults/periodic.conf overrides safely.
298
299if [ -z "${source_periodic_confs_defined}" ]; then
300	source_periodic_confs_defined=yes
301	source_periodic_confs() {
302		local i sourced_files
303
304		for i in ${periodic_conf_files}; do
305			case ${sourced_files} in
306			*:$i:*)
307				;;
308			*)
309				sourced_files="${sourced_files}:$i:"
310				[ -r $i ] && . $i
311				;;
312			esac
313		done
314	}
315
316	# Sleep for a random amount of time in order to mitigate the thundering
317	# herd problem of multiple hosts running periodic simultaneously.
318	# Will not sleep when used interactively.
319	# Will sleep at most once per invocation of periodic
320	anticongestion() {
321		[ -n "$PERIODIC_IS_INTERACTIVE" ] && return
322		if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
323			rm -f $PERIODIC_ANTICONGESTION_FILE
324			sleep `jot -r 1 0 ${anticongestion_sleeptime}`
325		fi
326	}
327
328	# Compatibility with old daily variable names.
329	# They can be removed in stable/11.
330	security_daily_compat_var() {
331		local var=$1 dailyvar value
332
333		dailyvar=daily_status_security${var#security_status}
334		periodvar=${var%enable}period
335		eval value=\"\$$dailyvar\"
336		[ -z "$value" ] && return
337		echo "Warning: Variable \$$dailyvar is deprecated," \
338		    "use \$$var instead." >&2
339		case "$value" in
340		[Yy][Ee][Ss])
341			eval $var=YES
342			eval $periodvar=daily
343			;;
344		*)
345			eval $var=\"$value\"
346			;;
347		esac
348	}
349
350	check_yesno_period() {
351		local var="$1" periodvar value period
352
353		eval value=\"\$$var\"
354		case "$value" in
355		[Yy][Ee][Ss]) ;;
356		*) return 1 ;;
357		esac
358
359		periodvar=${var%enable}period
360		eval period=\"\$$periodvar\"
361		case "$PERIODIC" in
362		"security daily")
363			case "$period" in
364			[Dd][Aa][Ii][Ll][Yy]) return 0 ;;
365			*) return 1 ;;
366			esac
367			;;
368		"security weekly")
369			case "$period" in
370			[Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
371			*) return 1 ;;
372			esac
373			;;
374		"security monthly")
375			case "$period" in
376			[Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
377			*) return 1 ;;
378			esac
379			;;
380		security)
381			# Run directly from crontab(5).
382			case "$period" in
383			[Nn][Oo]) return 1 ;;
384			*) return 0 ;;
385			esac
386			;;
387		'')
388			# Script run manually.
389			return 0
390			;;
391		*)
392			echo "ASSERTION FAILED: Unexpected value for" \
393			    "\$PERIODIC: '$PERIODIC'" >&2
394			exit 127
395			;;
396		esac
397	}
398fi
399