xref: /dragonfly/etc/defaults/periodic.conf (revision 655933d6) 
1#!/bin/sh
2#
3# This is defaults/periodic.conf - a file full of useful variables that
4# you can set to change the default behaviour of periodic jobs on your
5# system.  You should not edit this file!  Put any overrides into one of the
6# $periodic_conf_files instead and you will be able to update these defaults
7# later without spamming your local configuration information.
8#
9# The $periodic_conf_files files should only contain values which override
10# values set in this file.  This eases the upgrade path when defaults
11# are changed and new features are added.
12#
13# For a more detailed explanation of all the periodic.conf variables, please
14# refer to the periodic.conf(5) manual page.
15#
16# $FreeBSD: head/etc/defaults/periodic.conf 324738 2017-10-19 03:17:50Z cy $
17#
18
19# What files override these defaults ?
20periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
21
22# periodic script dirs
23local_periodic="/usr/local/etc/periodic"
24
25# Max time to sleep to avoid causing congestion on download servers
26anticongestion_sleeptime=3600
27
28# Daily options
29
30# These options are used by periodic(8) itself to determine what to do
31# with the output of the sub-programs that are run, and where to send
32# that output.  $daily_output might be set to /var/log/daily.log if you
33# wish to log the daily output and have the files rotated by newsyslog(8)
34#
35daily_output="root"					# user or /file
36daily_show_success="YES"				# scripts returning 0
37daily_show_info="YES"					# scripts returning 1
38daily_show_badconfig="YES"				# scripts returning 2
39
40# 100.clean-disks
41daily_clean_disks_enable="NO"				# Delete files daily
42daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
43daily_clean_disks_days=3				# If older than this
44daily_clean_disks_verbose="YES"				# Mention files deleted
45
46# 110.clean-tmps
47daily_clean_tmps_enable="NO"				# Delete stuff daily
48daily_clean_tmps_dirs="/tmp"				# Delete under here
49daily_clean_tmps_days="3"				# If not accessed for
50daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
51daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
52daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
53							# Don't delete these
54daily_clean_tmps_verbose="YES"				# Mention files deleted
55
56# 120.clean-preserve
57daily_clean_preserve_enable="YES"			# Delete files daily
58daily_clean_preserve_days=7				# If not modified for
59daily_clean_preserve_verbose="YES"			# Mention files deleted
60
61# 130.clean-msgs
62daily_clean_msgs_enable="YES"				# Delete msgs daily
63daily_clean_msgs_days=					# If not modified for
64
65# 140.clean-rwho
66daily_clean_rwho_enable="YES"				# Delete rwho daily
67daily_clean_rwho_days=7					# If not modified for
68daily_clean_rwho_verbose="YES"				# Mention files deleted
69
70# 150.clean-hoststat
71daily_clean_hoststat_enable="YES"			# Purge sendmail host
72							# status cache daily
73
74# 160.clean-hammer
75daily_clean_hammer_enable="YES"				# HAMMER maintenance
76daily_clean_hammer_verbose="NO"				# Be verbose
77daily_clean_hammer_pfslist=""				# default: mounted pfs
78
79# 161.clean-hammer2
80daily_clean_hammer2_enable="YES"			# HAMMER2 maintenance
81daily_clean_hammer2_verbose="NO"			# Be verbose
82daily_clean_hammer2_pfslist=""				# default: all mounted
83
84# 200.backup-passwd
85daily_backup_passwd_enable="YES"			# Backup passwd & group
86
87# 210.backup-aliases
88daily_backup_aliases_enable="YES"			# Backup mail aliases
89
90# 220.snapshot-hammer2
91daily_snapshot_hammer2_enable="NO"			# HAMMER2 snapshots
92daily_snapshot_hammer2_tag="daily"			# snapshot tag
93daily_snapshot_hammer2_keep="auto"			# snapshots history
94daily_snapshot_hammer2_dirs="auto"			# directories to snap
95daily_snapshot_hammer2_capacity=90			# space usage threshold
96weekly_snapshot_hammer2_enable="NO"
97weekly_snapshot_hammer2_tag="weekly"
98weekly_snapshot_hammer2_keep="auto"
99weekly_snapshot_hammer2_dirs="auto"
100weekly_snapshot_hammer2_capacity=90
101monthly_snapshot_hammer2_enable="NO"
102monthly_snapshot_hammer2_tag="monthly"
103monthly_snapshot_hammer2_keep="auto"
104monthly_snapshot_hammer2_dirs="auto"
105monthly_snapshot_hammer2_capacity=90
106
107# 300.calendar
108daily_calendar_enable="NO"				# Run calendar -a
109
110# 310.accounting
111daily_accounting_enable="YES"				# Rotate acct files
112daily_accounting_compress="NO"				# Gzip rotated files
113daily_accounting_flags=-q				# Flags to /usr/sbin/sa
114daily_accounting_save=3					# How many files to save
115
116# 330.news
117daily_news_expire_enable="YES"				# Run news.expire
118
119# 400.status-disks
120daily_status_disks_enable="YES"				# Check disk status
121daily_status_disks_df_flags="-l -h"			# df(1) flags for check
122
123# 410.status-mfi
124daily_status_mfi_enable="NO"				# Check mfiutil(8)
125
126# 420.status-network
127daily_status_network_enable="YES"			# Check network status
128daily_status_network_usedns="YES"			# DNS lookups are ok
129daily_status_network_netstat_flags="-d"			# netstat(1) flags
130
131# 430.status-uptime
132daily_status_uptime_enable="YES"			# Check system uptime
133
134# 440.status-mailq
135daily_status_mailq_enable="YES"				# Check mail status
136daily_status_mailq_shorten="NO"				# Shorten output
137daily_status_include_submit_mailq="YES"			# Also submit queue
138
139# 450.status-security
140daily_status_security_enable="YES"			# Security check
141# See also "Security options" below for more options
142daily_status_security_inline="NO"			# Run inline ?
143daily_status_security_output="root"			# user or /file
144
145# 460.status-mail-rejects
146daily_status_mail_rejects_enable="YES"			# Check mail rejects
147daily_status_mail_rejects_logs=3			# How many logs to check
148daily_status_mail_rejects_shorten="NO"			# Shorten output
149
150# 500.queuerun
151daily_queuerun_enable="YES"				# Run mail queue
152daily_submit_queuerun="YES"				# Also submit queue
153
154# 510.status-world-kernel
155daily_status_world_kernel="YES"				# Check the running
156							# userland/kernel version
157# 999.local
158daily_local="/etc/daily.local"				# Local scripts
159
160
161# Weekly options
162
163# These options are used by periodic(8) itself to determine what to do
164# with the output of the sub-programs that are run, and where to send
165# that output.  $weekly_output might be set to /var/log/weekly.log if you
166# wish to log the weekly output and have the files rotated by newsyslog(8)
167#
168weekly_output="root"					# user or /file
169weekly_show_success="YES"				# scripts returning 0
170weekly_show_info="YES"					# scripts returning 1
171weekly_show_badconfig="YES"				# scripts returning 2
172
173# 310.locate
174weekly_locate_enable="YES"				# Update locate weekly
175
176# 320.whatis
177weekly_whatis_enable="YES"				# Update whatis weekly
178
179# 340.noid
180weekly_noid_enable="NO"					# Find unowned files
181weekly_noid_dirs="/"					# Look here
182
183# 450.status-security
184weekly_status_security_enable="YES"			# Security check
185# See also "Security options" below for more options
186weekly_status_security_inline="NO"			# Run inline ?
187weekly_status_security_output="root"			# user or /file
188
189# 999.local
190weekly_local="/etc/weekly.local"			# Local scripts
191
192
193# Monthly options
194
195# These options are used by periodic(8) itself to determine what to do
196# with the output of the sub-programs that are run, and where to send
197# that output.  $monthly_output might be set to /var/log/monthly.log if you
198# wish to log the monthly output and have the files rotated by newsyslog(8)
199#
200monthly_output="root"					# user or /file
201monthly_show_success="YES"				# scripts returning 0
202monthly_show_info="YES"					# scripts returning 1
203monthly_show_badconfig="YES"				# scripts returning 2
204
205# 200.accounting
206monthly_accounting_enable="YES"				# Login accounting
207
208# 450.status-security
209monthly_status_security_enable="YES"			# Security check
210# See also "Security options" below for more options
211monthly_status_security_inline="NO"			# Run inline ?
212monthly_status_security_output="root"			# user or /file
213
214# 999.local
215monthly_local="/etc/monthly.local"			# Local scripts
216
217
218# Security options
219
220security_show_success="YES"				# scripts returning 0
221security_show_info="YES"				# scripts returning 1
222security_show_badconfig="YES"				# scripts returning 2
223
224# These options are used by the security periodic(8) scripts spawned in
225# daily and weekly 450.status-security.
226security_status_logdir="/var/log"			# Directory for logs
227security_status_diff_flags="-b -u"			# flags for diff output
228
229# Each of the security_status_*_period options below can have one of the
230# following values:
231# - NO: do not run at all
232# - daily: only run during the daily security status
233# - weekly: only run during the weekly security status
234# - monthly: only run during the monthly security status
235# Note that if periodic security scripts are run from crontab(5) directly,
236# they will be run unless _enable or _period is set to "NO".
237
238# 100.chksetuid
239security_status_chksetuid_enable="YES"
240security_status_chksetuid_period="daily"
241
242# 110.neggrpperm
243security_status_neggrpperm_enable="YES"
244security_status_neggrpperm_period="daily"
245
246# 200.chkmounts
247security_status_chkmounts_enable="YES"
248security_status_chkmounts_period="daily"
249#security_status_chkmounts_ignore="^mfs:"		# Don't check matching
250							# FS types
251security_status_nomfs="NO"				# Don't check mfs mounts
252
253# 300.chkuid0
254security_status_chkuid0_enable="YES"
255security_status_chkuid0_period="daily"
256
257# 400.passwdless
258security_status_passwdless_enable="YES"
259security_status_passwdless_period="daily"
260
261# 410.logincheck
262security_status_logincheck_enable="YES"
263security_status_logincheck_period="daily"
264
265# 500.ipfwdenied
266security_status_ipfwdenied_enable="YES"
267security_status_ipfwdenied_period="daily"
268
269# 520.pfdenied
270security_status_pfdenied_enable="YES"
271security_status_pfdenied_period="daily"
272
273# 550.ipfwlimit
274security_status_ipfwlimit_enable="YES"
275security_status_ipfwlimit_period="daily"
276
277# 600.ip6fwdenied
278security_status_ip6fwdenied_enable="YES"
279security_status_ip6fwdenied_period="daily"
280
281# 650.ip6fwlimit
282security_status_ip6fwlimit_enable="YES"
283security_status_ip6fwlimit_period="daily"
284
285# 700.kernelmsg
286security_status_kernelmsg_enable="YES"
287security_status_kernelmsg_period="daily"
288
289# 800.loginfail
290security_status_loginfail_enable="YES"
291security_status_loginfail_period="daily"
292
293# 900.tcpwrap
294security_status_tcpwrap_enable="YES"
295security_status_tcpwrap_period="daily"
296
297
298
299# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
300# scripts to source defaults/periodic.conf overrides safely.
301
302if [ -z "${source_periodic_confs_defined}" ]; then
303	source_periodic_confs_defined=yes
304	source_periodic_confs() {
305		local i sourced_files
306
307		for i in ${periodic_conf_files}; do
308			case ${sourced_files} in
309			*:$i:*)
310				;;
311			*)
312				sourced_files="${sourced_files}:$i:"
313				[ -r $i ] && . $i
314				;;
315			esac
316		done
317	}
318
319	# Sleep for a random amount of time in order to mitigate the thundering
320	# herd problem of multiple hosts running periodic simultaneously.
321	# Will not sleep when used interactively.
322	# Will sleep at most once per invocation of periodic
323	anticongestion() {
324		[ -n "$PERIODIC_IS_INTERACTIVE" ] && return
325		if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
326			rm -f $PERIODIC_ANTICONGESTION_FILE
327			sleep `jot -r 1 0 ${anticongestion_sleeptime}`
328		fi
329	}
330
331	# Compatibility with old daily variable names.
332	# They can be removed in stable/11.
333	security_daily_compat_var() {
334		local var=$1 dailyvar value
335
336		dailyvar=daily_status_security${var#security_status}
337		periodvar=${var%enable}period
338		eval value=\"\$$dailyvar\"
339		[ -z "$value" ] && return
340		echo "Warning: Variable \$$dailyvar is deprecated," \
341		    "use \$$var instead." >&2
342		case "$value" in
343		[Yy][Ee][Ss])
344			eval $var=YES
345			eval $periodvar=daily
346			;;
347		*)
348			eval $var=\"$value\"
349			;;
350		esac
351	}
352
353	check_yesno_period() {
354		local var="$1" periodvar value period
355
356		eval value=\"\$$var\"
357		case "$value" in
358		[Yy][Ee][Ss]) ;;
359		*) return 1 ;;
360		esac
361
362		periodvar=${var%enable}period
363		eval period=\"\$$periodvar\"
364		case "$PERIODIC" in
365		"security daily")
366			case "$period" in
367			[Dd][Aa][Ii][Ll][Yy]) return 0 ;;
368			*) return 1 ;;
369			esac
370			;;
371		"security weekly")
372			case "$period" in
373			[Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
374			*) return 1 ;;
375			esac
376			;;
377		"security monthly")
378			case "$period" in
379			[Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
380			*) return 1 ;;
381			esac
382			;;
383		security)
384			# Run directly from crontab(5).
385			case "$period" in
386			[Nn][Oo]) return 1 ;;
387			*) return 0 ;;
388			esac
389			;;
390		'')
391			# Script run manually.
392			return 0
393			;;
394		*)
395			echo "ASSERTION FAILED: Unexpected value for" \
396			    "\$PERIODIC: '$PERIODIC'" >&2
397			exit 127
398			;;
399		esac
400	}
401fi
402