Index: etc/Makefile =================================================================== --- etc/Makefile (revision 236164) +++ etc/Makefile (working copy) @@ -32,6 +32,7 @@ networks \ newsyslog.conf \ nsswitch.conf \ + periodic.subr \ phones \ profile \ protocols \ Index: etc/defaults/periodic.conf =================================================================== --- etc/defaults/periodic.conf (revision 236164) +++ etc/defaults/periodic.conf (working copy) @@ -148,11 +148,13 @@ daily_queuerun_enable="YES" # Run mail queue daily_submit_queuerun="YES" # Also submit queue -# 800.scrub-zfs -daily_scrub_zfs_enable="NO" -daily_scrub_zfs_pools="" # empty string selects all pools -daily_scrub_zfs_default_threshold="35" # days between scrubs -#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold +# 800.zfs_scrub +daily_scrub_zfs_enable="YES" # Scrub zpools +daily_scrub_zfs_default_threshold="35" # scrub every 5 weeks +daily_scrub_zfs_pools="" # zpools to scrub; + # defaults to all +#daily_scrub_zfs_${poolname}_threshold="35" # pool specific scrub + # threshold # 999.local daily_local="/etc/daily.local" # Local scripts @@ -264,6 +266,9 @@ # 200.accounting monthly_accounting_enable="YES" # Login accounting +monthly_accounting_verbose="NO" # Be verbose when + # reporting login + # accounting info. # 999.local monthly_local="/etc/monthly.local" # Local scripts Index: etc/periodic/weekly/320.whatis =================================================================== --- etc/periodic/weekly/320.whatis (revision 236164) +++ etc/periodic/weekly/320.whatis (working copy) @@ -3,21 +3,15 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$weekly_whatis_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno weekly_whatis_enable; then echo "" echo "Rebuilding whatis database:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ] + if MANPATH=$(/usr/bin/manpath -q) then if [ -z "${MANPATH}" ] then @@ -25,7 +19,6 @@ rc=3 else man_locales=`/usr/bin/manpath -qL` - rc=0 # Build whatis(1) database(s) for original, non-localized # manpages. @@ -43,9 +36,7 @@ fi else rc=3 - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/weekly/999.local =================================================================== --- etc/periodic/weekly/999.local (revision 236164) +++ etc/periodic/weekly/999.local (working copy) @@ -3,15 +3,10 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr rc=0 + for script in $weekly_local do echo '' Index: etc/periodic/weekly/400.status-pkg =================================================================== --- etc/periodic/weekly/400.status-pkg (revision 236164) +++ etc/periodic/weekly/400.status-pkg (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$weekly_status_pkg_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno weekly_status_pkg_enable; then echo "" echo "Check for out of date packages:" @@ -25,9 +20,7 @@ -e 's/^\([^ ]*-[^ ]*\) *? *\(orphaned:.*\)$/ \1 was \2/p' | tee /dev/stderr | wc -l) - [ $rc -gt 1 ] && rc=1;; + [ $rc -gt 1 ] && rc=1 +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/weekly/330.catman =================================================================== --- etc/periodic/weekly/330.catman (revision 236164) +++ etc/periodic/weekly/330.catman (working copy) @@ -3,56 +3,44 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$weekly_catman_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno weekly_catman_enable; then if [ ! -d /usr/share/man/cat1 ] then - echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + err 2 '$weekly_catman_enable is set but /usr/share/man/cat1' \ "doesn't exist" - rc=2 - else - echo "" - echo "Reformatting manual pages:" + fi + echo "" + echo "Reformatting manual pages:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ] + if MANPATH=`/usr/bin/manpath -q` + then + if [ -z "${MANPATH}" ] then - if [ -z "${MANPATH}" ] - then - echo "manpath failed to find any manpath directories" - rc=3 - else - man_locales=`/usr/bin/manpath -qL` - rc=0 + err 3 "manpath failed to find any manpath directories" + else + man_locales=`/usr/bin/manpath -qL` - # Preformat original, non-localized manpages - echo /usr/libexec/catman.local -r "$MANPATH" | - su -fm man || rc=3 + # Preformat original, non-localized manpages + echo /usr/libexec/catman.local -r "$MANPATH" | + su -fm man || rc=3 - # Preformat localized manpages. - if [ -n "$man_locales" ] - then - for i in $man_locales - do - echo /usr/libexec/catman.local -Lr \ - "$MANPATH" | LC_ALL=$i su -fm man || rc=3 - done - fi + # Preformat localized manpages. + if [ -n "$man_locales" ] + then + for i in $man_locales + do + echo /usr/libexec/catman.local -Lr \ + "$MANPATH" | LC_ALL=$i su -fm man || rc=3 + done fi - else - rc=3 fi - fi;; + else + rc=3 + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/weekly/310.locate =================================================================== --- etc/periodic/weekly/310.locate (revision 236164) +++ etc/periodic/weekly/310.locate (working copy) @@ -3,30 +3,23 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$weekly_locate_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno weekly_locate_enable; then echo "" echo "Rebuilding locate database:" locdb=/var/db/locate.database - touch $locdb && rc=0 || rc=3 + touch $locdb || rc=3 chown nobody $locdb || rc=3 chmod 644 $locdb || rc=3 cd / echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3 - chmod 444 $locdb || rc=3;; + chmod 444 $locdb || rc=3 +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/weekly/340.noid =================================================================== --- etc/periodic/weekly/340.noid (revision 236164) +++ etc/periodic/weekly/340.noid (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$weekly_noid_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno weekly_noid_enable; then echo "" echo "Check for files with an unknown user or group:" @@ -21,9 +16,6 @@ \( -nogroup -o -nouser \) -print | sed 's/^/ /' | tee /dev/stderr | wc -l) [ $rc -gt 1 ] && rc=1 - ;; +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/330.news =================================================================== --- etc/periodic/daily/330.news (revision 236164) +++ etc/periodic/daily/330.news (working copy) @@ -6,29 +6,21 @@ # (This is present only for backwards compatibility, usually the news # system handles this on its own). -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_news_expire_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_news_expire_enable; then if [ ! -f /etc/news.expire ] then - echo '$daily_news_expire_enable is set but /etc/news.expire' \ + err 2 '$daily_news_expire_enable is set but /etc/news.expire' \ "doesn't exist" - rc=2 else echo "" echo "Running news.expire:" /etc/news.expire && rc=0 || rc=3 - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/999.local =================================================================== --- etc/periodic/daily/999.local (revision 236164) +++ etc/periodic/daily/999.local (working copy) @@ -6,13 +6,7 @@ # compatibility more than anything else. # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr rc=0 for script in $daily_local Index: etc/periodic/daily/490.status-pkg-changes =================================================================== --- etc/periodic/daily/490.status-pkg-changes (revision 236164) +++ etc/periodic/daily/490.status-pkg-changes (working copy) @@ -3,22 +3,16 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ]; then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_pkg_changes_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_pkg_changes_enable; then if [ ! -f /usr/sbin/pkg_info ]; then - echo '$daily_status_pkg_changes_enable is enabled but' \ + err 2 '$daily_status_pkg_changes_enable is enabled but' \ "/usr/sbin/pkg_info doesn't exist" - rc=2 else bak=/var/backups - rc=0 if [ -f $bak/pkg_info.bak ]; then mv -f $bak/pkg_info.bak $bak/pkg_info.bak2 @@ -33,11 +27,6 @@ | grep '^[-+][^-+]' | sort -k 1.2 fi fi - ;; +fi - *) - rc=0 - ;; -esac - exit $rc Index: etc/periodic/daily/800.scrub-zfs =================================================================== --- etc/periodic/daily/800.scrub-zfs (revision 236164) +++ etc/periodic/daily/800.scrub-zfs (working copy) @@ -3,22 +3,13 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# +. /etc/periodic.subr -newline=" -" # A single newline +newline=$(echo -ne "\n") -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +rc=0 -: ${daily_scrub_zfs_default_threshold=35} - -case "$daily_scrub_zfs_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_scrub_zfs_enable; then echo echo 'Scrubbing of zfs pools:' @@ -26,7 +17,6 @@ daily_scrub_zfs_pools="$(zpool list -H -o name)" fi - rc=0 for pool in ${daily_scrub_zfs_pools}; do # sanity check _status=$(zpool list "${pool}" 2> /dev/null) @@ -88,11 +78,6 @@ echo " consult 'zpool status ${pool}' for the result" done - ;; +fi - *) - rc=0 - ;; -esac - exit $rc Index: etc/periodic/daily/440.status-mailq =================================================================== --- etc/periodic/daily/440.status-mailq (revision 236164) +++ etc/periodic/daily/440.status-mailq (working copy) @@ -3,64 +3,53 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_mailq_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_mailq_enable; then if [ ! -x /usr/bin/mailq ] then - echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + err 2 '$daily_status_mailq_enable is set but /usr/bin/mailq' \ "isn't executable" - rc=2 else echo "" echo "Mail in local queue:" - rc=$(case "$daily_status_mailq_shorten" in - [Yy][Ee][Ss]) + n=$(if checkyesno daily_status_mailq_shorten; then mailq | egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | - awk '$1 >= 1 {print $1, $2}';; - *) - mailq;; - esac | tee /dev/stderr | + awk '$1 >= 1 {print $1, $2}' + else + mailq + fi | tee /dev/stderr | egrep -v '(mqueue is empty|Total requests)' | wc -l) - [ $rc -gt 0 ] && rc=1 || rc=0 + [ $n -gt 0 ] && rc=1 - case "$daily_status_include_submit_mailq" in - [Yy][Ee][Ss]) + if checkyesno daily_status_include_submit_mailq; then if [ -f /etc/mail/submit.cf ] then echo "" echo "Mail in submit queue:" - rc_submit=$(case "$daily_status_mailq_shorten" in - [Yy][Ee][Ss]) + n=$(if checkyesno daily_status_mailq_shorten; then mailq -Ac | egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | - awk '$1 >= 1 {print $1, $2}';; - *) - mailq -Ac;; - esac | tee /dev/stderr | + awk '$1 >= 1 {print $1, $2}' + else + mailq -Ac + fi | tee /dev/stderr | egrep -v '(mqueue is empty|Total requests)' | wc -l) - [ $rc_submit -gt 0 ] && rc=1 - fi;; - esac - fi;; + [ $n -gt 0 ] && rc=1 + fi + fi + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/130.clean-msgs =================================================================== --- etc/periodic/daily/130.clean-msgs (revision 236164) +++ etc/periodic/daily/130.clean-msgs (working copy) @@ -5,21 +5,15 @@ # Remove system messages # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_clean_msgs_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_clean_msgs_enable; then if [ ! -d /var/msgs ] then - echo '$daily_clean_msgs_enable is set but /var/msgs' \ + err 2 '$daily_clean_msgs_enable is set but /var/msgs' \ "doesn't exist" - rc=2 else echo "" echo "Cleaning out old system announcements:" @@ -27,9 +21,7 @@ [ -n "$daily_clean_msgs_days" ] && arg=-${daily_clean_msgs_days#-} || arg= msgs -c $arg && rc=0 || rc=3 - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/100.clean-disks =================================================================== --- etc/periodic/daily/100.clean-disks (revision 236164) +++ etc/periodic/daily/100.clean-disks (working copy) @@ -5,51 +5,40 @@ # Remove garbage files more than $daily_clean_disks_days days old # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_clean_disks_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_clean_disks_enable; then if [ -z "$daily_clean_disks_days" ] then - echo '$daily_clean_disks_enable is set but' \ + err 2 '$daily_clean_disks_enable is set but' \ '$daily_clean_disks_days is not' - rc=2 elif [ -z "$daily_clean_disks_files" ] then - echo '$daily_clean_disks_enable is set but' \ + err 2 '$daily_clean_disks_enable is set but' \ '$daily_clean_disks_files is not' - rc=2 else - echo "" - echo "Cleaning disks:" + if checkyesno daily_clean_disks_verbose; then + echo "" + echo "Cleaning disks:" + + print=-print + else + print= + fi set -f noglob args="-name "`echo "$daily_clean_disks_files" | sed -e 's/^[ ]*//' \ -e 's/[ ]*$//' \ -e 's/[ ][ ]*/ -o -name /g'` - case "$daily_clean_disks_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac - rc=$(find / \( ! -fstype local -o -fstype rdonly \) -prune -o \ \( $args \) -atime +$daily_clean_disks_days \ -execdir rm -df {} \; $print | tee /dev/stderr | wc -l) - [ -z "$print" ] && rc=0 [ $rc -gt 1 ] && rc=1 set -f glob - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/450.status-security =================================================================== --- etc/periodic/daily/450.status-security (revision 236164) +++ etc/periodic/daily/450.status-security (working copy) @@ -3,39 +3,31 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_security_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_security_enable; then echo "" echo "Security check:" - case "$daily_status_security_inline" in - [Yy][Ee][Ss]) + if checkyesno daily_status_security_inline; then export security_output="";; - *) + else export security_output="${daily_status_security_output}" case "${daily_status_security_output}" in "") rc=3;; /*) echo " (output logged separately)" - rc=0;; + ;; *) echo " (output mailed separately)" - rc=0;; - esac;; - esac + ;; + esac + fi - periodic security || rc=3;; + periodic security || rc=3 +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/140.clean-rwho =================================================================== --- etc/periodic/daily/140.clean-rwho (revision 236164) +++ etc/periodic/daily/140.clean-rwho (working copy) @@ -5,49 +5,37 @@ # Remove stale files in /var/rwho # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_clean_rwho_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_clean_rwho_enable; then if [ -z "$daily_clean_rwho_days" ] then - echo '$daily_clean_rwho_enable is enabled but' \ + err 2 '$daily_clean_rwho_enable is enabled but' \ '$daily_clean_rwho_days is not set' - rc=2 elif [ ! -d /var/rwho ] then - echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + err 2 '$daily_clean_rwho_enable is enabled but /var/rwho' \ "doesn't exist" - rc=2 else - echo "" - echo "Removing stale files from /var/rwho:" + if checkyesno daily_clean_rwho_verbose; then + echo "" + echo "Removing stale files from /var/rwho:" - case "$daily_clean_rwho_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac - + print=-print + else + print= + fi if cd /var/rwho then rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ -delete $print | tee /dev/stderr | wc -l) - [ -z "$print" ] && rc=0 [ $rc -gt 1 ] && rc=1 else rc=3 fi - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/110.clean-tmps =================================================================== --- etc/periodic/daily/110.clean-tmps (revision 236164) +++ etc/periodic/daily/110.clean-tmps (working copy) @@ -6,25 +6,24 @@ # don't end up with excessively old files there. # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_clean_tmps_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_clean_tmps_enable; then if [ -z "$daily_clean_tmps_days" ] then - echo '$daily_clean_tmps_enable is set but' \ + err 2 '$daily_clean_tmps_enable is set but' \ '$daily_clean_tmps_days is not' - rc=2 else - echo "" - echo "Removing old temporary files:" + if checkyesno daily_clean_tmps_verbose; then + echo "" + echo "Removing old temporary files:" + print=-print + else + print= + fi set -f noglob args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days" args="${args} -ctime +$daily_clean_tmps_days" @@ -35,13 +34,6 @@ dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" | sed 's/[ ][ ]*/ ! -name /g'` } - case "$daily_clean_tmps_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac - rc=$(for dir in $daily_clean_tmps_dirs do [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { @@ -49,12 +41,9 @@ find -d . ! -name . -type d $dargs -delete $print } | sed "s,^\\., $dir," done | tee /dev/stderr | wc -l) - [ -z "$print" ] && rc=0 [ $rc -gt 1 ] && rc=1 set -f glob - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/430.status-rwho =================================================================== --- etc/periodic/daily/430.status-rwho (revision 236164) +++ etc/periodic/daily/430.status-rwho (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_rwho_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_rwho_enable; then rwho=$(echo /var/rwho/*) if [ -f "${rwho%% *}" ] then @@ -24,15 +19,13 @@ echo "Local system status:" prog=uptime fi - rc=$($prog | tee /dev/stderr | wc -l) + n=$($prog | tee /dev/stderr | wc -l) if [ $? -eq 0 ] then - [ $rc -gt 1 ] && rc=1 + [ $n -gt 1 ] && rc=1 else rc=3 - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/460.status-mail-rejects =================================================================== --- etc/periodic/daily/460.status-mail-rejects (revision 236164) +++ etc/periodic/daily/460.status-mail-rejects (working copy) @@ -3,36 +3,29 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs +. /etc/periodic.subr + +rc=0 + +if checkyesno daily_status_mail_rejects_shorten; then + shorten='cut -d" " -f2,3' +else + shorten=cat fi -case "$daily_status_mail_rejects_shorten" in -[Yy][Ee][Ss]) shorten='cut -d" " -f2,3';; -*) shorten=cat;; -esac - -case "$daily_status_mail_rejects_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_mail_rejects_enable; then if [ ! -d /etc/mail ] then - echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + err 2 '$daily_status_mail_rejects_enable is set but /etc/mail' \ "doesn't exist" - rc=2 elif [ ! -f /var/log/maillog ] then - echo '$daily_status_mail_rejects_enable is set but ' \ + err 2 '$daily_status_mail_rejects_enable is set but ' \ "/var/log/maillog doesn't exist" - rc=2 elif [ "$daily_status_mail_rejects_logs" -le 0 ] then - echo '$daily_status_mail_rejects_enable is set but ' \ + err 2 '$daily_status_mail_rejects_enable is set but ' \ '$daily_status_mail_rejects_logs is not greater than zero' - rc=2 else echo echo Checking for rejected mail hosts: @@ -65,9 +58,7 @@ :end }' | eval $shorten | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/405.status-ata-raid =================================================================== --- etc/periodic/daily/405.status-ata-raid (revision 236164) +++ etc/periodic/daily/405.status-ata-raid (working copy) @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -case "$daily_status_ata_raid_enable" in - [Yy][Ee][Ss]) - echo - echo 'Checking status of ATA raid partitions:' - - rc=0 - for raid in `find /dev/ -name 'ar[0-9]*' -type c | egrep '[0-9]$' \ - | egrep -v 's[0-9]' | cut -d / -f 3` - do - status=`/sbin/atacontrol status $raid` - echo $status - raid_rc=`echo $status | grep -v READY | wc -l` - [ $rc -eq 0 ] && [ $raid_rc -gt 0 ] && rc=3 - done - ;; - - *) rc=0;; -esac - -exit $rc Index: etc/periodic/daily/300.calendar =================================================================== --- etc/periodic/daily/300.calendar (revision 236164) +++ etc/periodic/daily/300.calendar (working copy) @@ -8,22 +8,15 @@ # or run it from your ~/.profile or ~/.login. # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_calendar_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_calendar_enable; then echo "" echo "Running calendar:" - calendar -a && rc=0 || rc=3;; + calendar -a && rc=0 || rc=3 +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/409.status-gconcat =================================================================== --- etc/periodic/daily/409.status-gconcat (revision 236164) +++ etc/periodic/daily/409.status-gconcat (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_gconcat_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_gconcat_enable; then echo echo 'Checking status of gconcat(8) devices:' @@ -20,15 +15,10 @@ components="$(gconcat status -s | fgrep -v UP)" if [ "${components}" ]; then rc=3 - else - rc=0 fi else rc=2 fi - ;; +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/406.status-gmirror =================================================================== --- etc/periodic/daily/406.status-gmirror (revision 236164) +++ etc/periodic/daily/406.status-gmirror (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_gmirror_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_gmirror_enable; then echo echo 'Checking status of gmirror(8) devices:' @@ -20,15 +15,10 @@ components="$(gmirror status -s | fgrep -v COMPLETE)" if [ "${components}" ]; then rc=3 - else - rc=0 fi else rc=2 fi - ;; +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/500.queuerun =================================================================== --- etc/periodic/daily/500.queuerun (revision 236164) +++ etc/periodic/daily/500.queuerun (working copy) @@ -3,34 +3,22 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_queuerun_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_queuerun_enable; then if [ ! -x /usr/sbin/sendmail ] then - echo '$daily_queuerun_enable is set but /usr/sbin/sendmail' \ + err 2 '$daily_queuerun_enable is set but /usr/sbin/sendmail' \ "isn't executable" - rc=2 - else - /usr/sbin/sendmail -q >/dev/null 2>&1 & - case "$daily_submit_queuerun" in - [Yy][Ee][Ss]) - if [ -f /etc/mail/submit.cf ] - then - /usr/sbin/sendmail -q -Ac >/dev/null 2>&1 & - fi;; - esac - rc=0 - fi;; + fi + /usr/sbin/sendmail -q >/dev/null 2>&1 & + if checkyesno daily_submit_queuerun; then + if [ -f /etc/mail/submit.cf ]; then + /usr/sbin/sendmail -q -Ac >/dev/null 2>&1 & + fi + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/Makefile =================================================================== --- etc/periodic/daily/Makefile (revision 236164) +++ etc/periodic/daily/Makefile (working copy) @@ -9,7 +9,6 @@ 220.backup-pkgdb \ 330.news \ 400.status-disks \ - 405.status-ata-raid \ 406.status-gmirror \ 407.status-graid3 \ 408.status-gstripe \ Index: etc/periodic/daily/420.status-network =================================================================== --- etc/periodic/daily/420.status-network (revision 236164) +++ etc/periodic/daily/420.status-network (working copy) @@ -3,27 +3,20 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_network_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_network_enable; then echo "" echo "Network interface status:" - case "$daily_status_network_usedns" in - [Yy][Ee][Ss]) - netstat -id && rc=0 || rc=3;; - *) - netstat -idn && rc=0 || rc=3;; - esac;; + if checkyesno daily_status_network_usedns; then + netstat_flags="-i" + else + netstat_flags="-in" + fi + netstat $netstat_flags || rc=3 +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/470.status-named =================================================================== --- etc/periodic/daily/470.status-named (revision 236164) +++ etc/periodic/daily/470.status-named (working copy) @@ -3,43 +3,24 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -catmsgs() { - find /var/log -name 'messages.*' -mtime -2 | - sort -t. -r -n -k 2,2 | - while read f - do - case $f in - *.gz) zcat -f $f;; - *.bz2) bzcat -f $f;; - esac - done - [ -f /var/log/messages ] && cat /var/log/messages -} +rc=0 -case "$daily_status_named_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_named_enable; then echo echo 'Checking for denied zone transfers (AXFR and IXFR):' start=`date -v-1d '+%b %e'` - rc=$(catmsgs | + rc=$(catlogs /var/log "messages" | fgrep -E "^$start.*named\[[[:digit:]]+\]: transfer of .*failed .*: REFUSED" | sed -e "s/.*transfer of \'\(.*\)\/IN\' from \(.*\)#[0-9]*: .*/\1 from \2/" | sort -f | uniq -ic | ( - usedns=0 - case "$daily_status_named_usedns" in - '') ;; - [yY][eE][sS]) usedns=1 ;; - esac - + if checkyesno daily_status_named_usedns; then + usedns=1 + else + usedns=0 + fi while read line ;do ipaddr=`echo "$line" | sed -e 's/^.*from //'` if [ $usedns -eq 1 ]; then @@ -54,9 +35,6 @@ done ) | \ tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 - ;; +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/210.backup-aliases =================================================================== --- etc/periodic/daily/210.backup-aliases (revision 236164) +++ etc/periodic/daily/210.backup-aliases (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_backup_aliases_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_backup_aliases_enable; then if [ ! -f /etc/mail/aliases ] then echo '$daily_backup_aliases_enable is enabled but' \ @@ -20,7 +15,6 @@ rc=2 else bak=/var/backups - rc=0 echo "" echo "Backing up mail aliases:" @@ -31,17 +25,14 @@ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi - if ! cmp -s $bak/aliases.bak /etc/mail/aliases + if [ $rc -eq 0 ] && ! cmp -s $bak/aliases.bak /etc/mail/aliases then - [ $rc -lt 1 ] && rc=1 echo "$host aliases diffs:" diff -u $bak/aliases.bak /etc/mail/aliases mv $bak/aliases.bak $bak/aliases.bak2 cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 fi - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/404.status-zfs =================================================================== --- etc/periodic/daily/404.status-zfs (revision 236164) +++ etc/periodic/daily/404.status-zfs (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_zfs_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_zfs_enable; then echo echo 'Checking status of zfs pools:' @@ -35,11 +30,6 @@ else rc=1 fi - ;; +fi - *) - rc=0 - ;; -esac - exit $rc Index: etc/periodic/daily/220.backup-pkgdb =================================================================== --- etc/periodic/daily/220.backup-pkgdb (revision 236164) +++ etc/periodic/daily/220.backup-pkgdb (working copy) @@ -3,18 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr rc=0 -case "$daily_backup_pkgdb_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_backup_pkgdb_enable; then bak="${daily_backup_pkgdb_dir:-/var/backups}" bak_file="${bak}/pkgdb.bak.tbz" @@ -23,10 +16,10 @@ if [ ! -d "$bak" ] then - install -d -o root -g wheel -m 750 $bak || { - echo '$daily_backup_pkgdb_enable is enabled but' \ - "$daily_backup_pkgdb_dir doesn't exist" ; - exit 2 ; } + if ! install -d -o root -g wheel -m 750 $bak; then + err 2 '$daily_backup_pkgdb_enable is enabled but' \ + "$daily_backup_pkgdb_dbdir doesn't exist" ; + fi fi echo '' @@ -45,7 +38,7 @@ mv "${new_bak_file}" "${bak_file}" else rc=3 - fi ;; -esac + fi +fi exit $rc Index: etc/periodic/daily/310.accounting =================================================================== --- etc/periodic/daily/310.accounting (revision 236164) +++ etc/periodic/daily/310.accounting (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_accounting_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_accounting_enable; then if [ ! -f /var/account/acct ] then echo '$daily_accounting_enable is set but /var/account/acct' \ @@ -28,7 +23,6 @@ echo "Rotating accounting logs and gathering statistics:" cd /var/account - rc=0 n=$(( $daily_accounting_save - 1 )) for f in acct.*; do @@ -53,13 +47,10 @@ sa -s $daily_accounting_flags /var/account/acct.merge || rc=3 rm acct.merge - case "$daily_accounting_compress" in - [Yy][Ee][Ss]) - gzip -f acct.0 || rc=3;; - esac - fi;; + if checkyesno daily_accounting_compress; then + gzip -f acct.0 || rc=3 + fi + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/150.clean-hoststat =================================================================== --- etc/periodic/daily/150.clean-hoststat (revision 236164) +++ etc/periodic/daily/150.clean-hoststat (working copy) @@ -5,25 +5,18 @@ # Remove stale persistent host status files # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ]; then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_clean_hoststat_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_clean_hoststat_enable; then if [ -z "$(hoststat 2>&1)" ]; then rc=2 else echo "" echo "Removing stale entries from sendmail host status cache:" - rc=0 purgestat || rc=1 - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/400.status-disks =================================================================== --- etc/periodic/daily/400.status-disks (revision 236164) +++ etc/periodic/daily/400.status-disks (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_disks_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_disks_enable; then echo "" echo "Disk status:" @@ -24,9 +19,7 @@ fi echo "" - dump W || rc=3;; + dump W || rc=3 +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/480.status-ntpd =================================================================== --- etc/periodic/daily/480.status-ntpd (revision 236164) +++ etc/periodic/daily/480.status-ntpd (working copy) @@ -3,18 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr rc=0 -case "$daily_status_ntpd_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_ntpd_enable; then echo "" echo "NTP status:" @@ -22,7 +15,6 @@ if [ -z "$synchronized" ]; then rc=1 fi - ;; -esac +fi exit $rc Index: etc/periodic/daily/407.status-graid3 =================================================================== --- etc/periodic/daily/407.status-graid3 (revision 236164) +++ etc/periodic/daily/407.status-graid3 (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_graid3_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_graid3_enable; then echo echo 'Checking status of graid3(8) devices:' @@ -20,15 +15,10 @@ components="$(graid3 status -s | fgrep -v COMPLETE)" if [ "${components}" ]; then rc=3 - else - rc=0 fi else rc=2 fi - ;; +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/200.backup-passwd =================================================================== --- etc/periodic/daily/200.backup-passwd (revision 236164) +++ etc/periodic/daily/200.backup-passwd (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_backup_passwd_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_backup_passwd_enable; then if [ ! -f /etc/master.passwd ] then echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ @@ -25,7 +20,6 @@ rc=2 else bak=/var/backups - rc=0 echo "" echo "Backup passwd and group files:" @@ -69,9 +63,7 @@ echo "Verifying group file syntax:" chkgrp /etc/group || rc=3 fi - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/408.status-gstripe =================================================================== --- etc/periodic/daily/408.status-gstripe (revision 236164) +++ etc/periodic/daily/408.status-gstripe (working copy) @@ -3,16 +3,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_gstripe_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_gstripe_enable; then echo echo 'Checking status of gstripe(8) devices:' @@ -20,15 +15,10 @@ components="$(gstripe status -s | fgrep -v UP)" if [ "${components}" ]; then rc=3 - else - rc=0 fi else rc=2 fi - ;; +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/daily/120.clean-preserve =================================================================== --- etc/periodic/daily/120.clean-preserve (revision 236164) +++ etc/periodic/daily/120.clean-preserve (working copy) @@ -5,49 +5,37 @@ # Remove stale files in /var/preserve # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_clean_preserve_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_clean_preserve_enable; then if [ -z "$daily_clean_preserve_days" ] then - echo '$daily_clean_preserve_enable is set but' \ + err 2 '$daily_clean_preserve_enable is set but' \ '$daily_clean_preserve_days is not' - rc=2 elif [ ! -d /var/preserve ] then - echo '$daily_clean_preserve_enable is set but /var/preserve' \ + err 2 '$daily_clean_preserve_enable is set but /var/preserve' \ "doesn't exist" - rc=2 else - echo "" - echo "Removing stale files from /var/preserve:" + if checkyesno daily_clean_preserve_verbose; then + echo "" + echo "Removing stale files from /var/preserve:" + print=-print + else + print= + fi if cd /var/preserve then - case "$daily_clean_preserve_verbose" in - [Yy][Ee][Ss]) - print=-print;; - *) - print=;; - esac - rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ -delete $print | tee /dev/stderr | wc -l) - [ -z "$print" ] && rc=0 [ $rc -gt 1 ] && rc=1 else rc=3 fi - fi;; + fi +fi - *) rc=0;; -esac - exit $rc Index: etc/periodic/security/500.ipfwdenied =================================================================== --- etc/periodic/security/500.ipfwdenied (revision 236164) +++ etc/periodic/security/500.ipfwdenied (working copy) @@ -27,27 +27,24 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -case "$daily_status_security_ipfwdenied_enable" in - [Yy][Ee][Ss]) - TMP=`mktemp -t security` - if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then - check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:" +if checkyesno daily_status_security_ipfwdenied_enable; then + if TMP=$(mktemp -t security); then + if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then + check_diff new_only ipfw ${TMP} \ + "${host} ipfw denied packets:" + rc=$? + else + rc=1 + fi + rm -f ${TMP} + else + rc=3 fi - rc=$? - rm -f ${TMP};; - *) rc=0;; -esac +fi exit $rc Index: etc/periodic/security/100.chksetuid =================================================================== --- etc/periodic/security/100.chksetuid (revision 236164) +++ etc/periodic/security/100.chksetuid (working copy) @@ -27,20 +27,12 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -case "$daily_status_security_chksetuid_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_chksetuid_enable; then echo "" echo 'Checking setuid files and devices:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` @@ -49,10 +41,6 @@ \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | check_diff setuid - "${host} setuid diffs:" rc=$? - ;; - *) - rc=0 - ;; -esac +fi exit $rc Index: etc/periodic/security/520.pfdenied =================================================================== --- etc/periodic/security/520.pfdenied (revision 236164) +++ etc/periodic/security/520.pfdenied (working copy) @@ -27,27 +27,32 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -case "$daily_status_security_pfdenied_enable" in - [Yy][Ee][Ss]) - TMP=`mktemp -t security` - if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then - check_diff new_only pf ${TMP} "${host} pf denied packets:" +if checkyesno daily_status_security_pfdenied_enable; then + if TMP=$(mktemp -t security); then + pfctl -sr -v 2>/dev/null | \ + nawk '{ + if (/^block/) { + buf=$0; + getline; + gsub(" +"," ",$0); + print buf$0; + } + }' > ${TMP} + if [ $? -eq 0 ]; then + check_diff new_only pf ${TMP} "${host} pf denied packets:" + rc=$? + else + rc=1 + fi + rm -f ${TMP} + else + rc=3 fi - rc=$? - rm -f ${TMP};; - *) rc=0;; -esac +fi exit $rc Index: etc/periodic/security/300.chkuid0 =================================================================== --- etc/periodic/security/300.chkuid0 (revision 236164) +++ etc/periodic/security/300.chkuid0 (working copy) @@ -27,25 +27,18 @@ # $FreeBSD$ # +. /etc/periodic.subr -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +rc=0 -case "$daily_status_security_chkuid0_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_chkuid0_enable; then echo "" echo 'Checking for uids of 0:' n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd | tee /dev/stderr | sed -e '/^root 0$/d' -e '/^toor 0$/d' | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 +fi -exit "$rc" +exit $rc Index: etc/periodic/security/700.kernelmsg =================================================================== --- etc/periodic/security/700.kernelmsg (revision 236164) +++ etc/periodic/security/700.kernelmsg (working copy) @@ -30,24 +30,15 @@ # Show kernel log messages # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -case "$daily_status_security_kernelmsg_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_kernelmsg_enable; then dmesg 2>/dev/null | check_diff new_only dmesg - "${host} kernel log messages:" - rc=$?;; - *) rc=0;; -esac + rc=$? +fi exit $rc Index: etc/periodic/security/460.chkportsum =================================================================== --- etc/periodic/security/460.chkportsum (revision 236164) +++ etc/periodic/security/460.chkportsum (working copy) @@ -27,42 +27,40 @@ # $FreeBSD$ # -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -echo "" -echo 'Checking for ports with mismatched checksums:' - -case "${daily_status_security_chkportsum_enable}" in - [Yy][Ee][Ss]) - set -f - pkg_info -ga 2>/dev/null | \ - while IFS= read -r line; do - set -- $line - case $1 in +if checkyesno daily_status_security_chkportsum_enable; then + if TMP=$(mktemp -t chkportsum); then + echo "" + echo 'Checking for ports with mismatched checksums:' + set -f + pkg_info -ga 2>/dev/null | \ + while IFS= read -r line; do + set -- $line + case $1 in Information) - case $2 in + case $2 in for) name="${3%%:}" ;; *) name='??' ;; - esac - ;; + esac + ;; Mismatched|'') ;; *) [ -n "${name}" ] && echo "${name}: ${line%% fails the original MD5 checksum}" - ;; - esac - done - ;; - *) - rc=0 - ;; -esac + ;; + esac + done > $TMP + if [ $(wc -l $TMP) -gt 0 ]; then + cat $TMP + rc=1 + fi + rm -f $TMP + else + rc=3 + fi +fi exit $rc Index: etc/periodic/security/410.logincheck =================================================================== --- etc/periodic/security/410.logincheck (revision 236164) +++ etc/periodic/security/410.logincheck (working copy) @@ -27,26 +27,16 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_security_logincheck_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_security_logincheck_enable; then echo "" echo 'Checking login.conf permissions:' - if [ -G /etc/login.conf -a -O /etc/login.conf ]; then - n=0 - else - echo "Bad ownership of /etc/login.conf" - n=1 + if ! [ -G /etc/login.conf -a -O /etc/login.conf ]; then + err 1 "Bad ownership of /etc/login.conf" fi - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac +fi -exit "$rc" +exit $rc Index: etc/periodic/security/800.loginfail =================================================================== --- etc/periodic/security/800.loginfail (revision 236164) +++ etc/periodic/security/800.loginfail (working copy) @@ -30,39 +30,20 @@ # Show login failures # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr LOG="${daily_status_security_logdir}" +rc=0 + yesterday=`date -v-1d "+%b %e "` -catmsgs() { - find ${LOG} -name 'auth.log.*' -mtime -2 | - sort -t. -r -n -k 2,2 | - while read f - do - case $f in - *.gz) zcat -f $f;; - *.bz2) bzcat -f $f;; - esac - done - [ -f ${LOG}/auth.log ] && cat $LOG/auth.log -} - -case "$daily_status_security_loginfail_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_loginfail_enable; then echo "" echo "${host} login failures:" - n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | + n=$(catlogs $LOG auth | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 +fi exit $rc Index: etc/periodic/security/200.chkmounts =================================================================== --- etc/periodic/security/200.chkmounts (revision 236164) +++ etc/periodic/security/200.chkmounts (working copy) @@ -30,33 +30,27 @@ # Show changes in the way filesystems are mounted # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions ignore="${daily_status_security_chkmounts_ignore}" + rc=0 -case "$daily_status_security_chkmounts_enable" in - [Yy][Ee][Ss]) - case "$daily_status_security_noamd" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_chkmounts_enable; then + if checkyesno daily_status_security_noamd; then ignore="${ignore}|^amd:" - esac - [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat - if ! [ -f /etc/fstab ]; then + fi + if [ -n "$ignore" ]; then + cmd="egrep -v ${ignore#|}" + else + cmd=cat + fi + if [ ! -f /etc/fstab ]; then export PATH_FSTAB=/dev/null fi mount -p | sort | ${cmd} | check_diff mount - "${host} changes in mounted filesystems:" - rc=$?;; - *) rc=0;; -esac - -exit "$rc" + rc=$? +fi +exit $rc Index: etc/periodic/security/550.ipfwlimit =================================================================== --- etc/periodic/security/550.ipfwlimit (revision 236164) +++ etc/periodic/security/550.ipfwlimit (working copy) @@ -30,39 +30,33 @@ # Show ipfw rules which have reached the log limit # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr rc=0 -case "$daily_status_security_ipfwlimit_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_ipfwlimit_enable; then IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null` - if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then + if [ $? -ne 0 -o "$IPFW_VERBOSE" -eq 0 ]; then exit 0 fi - TMP=`mktemp -t security` - ipfw -a list | grep " log " | \ - grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ - awk \ - '{if ($6 == "logamount") { - if ($2 > $7) - {print $0}} - }' > ${TMP} + if TMP=`mktemp -t security`; then + ipfw -a list | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk \ + '{if ($6 == "logamount") { + if ($2 > $7) + {print $0}} + }' > ${TMP} - if [ -s "${TMP}" ]; then - rc=1 - echo "" - echo 'ipfw log limit reached:' - cat ${TMP} + if [ -s "${TMP}" ]; then + rc=1 + echo "" + echo 'ipfw log limit reached:' + cat ${TMP} + fi + rm -f ${TMP} + else + rc=3 fi - rm -f ${TMP};; - *) rc=0;; -esac - +fi exit $rc Index: etc/periodic/security/security.functions =================================================================== --- etc/periodic/security/security.functions (revision 236164) +++ etc/periodic/security/security.functions (working copy) @@ -73,6 +73,5 @@ mv ${tmpf} ${LOG}/${label}.today || rc=3 fi - rm -f ${tmpf} - exit ${rc} + return ${rc} } Index: etc/periodic/security/610.ipf6denied =================================================================== --- etc/periodic/security/610.ipf6denied (revision 236164) +++ etc/periodic/security/610.ipf6denied (working copy) @@ -27,27 +27,23 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -case "$daily_status_security_ipf6denied_enable" in - [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` - if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then - check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:" +if checkyesno daily_status_security_ipf6denied_enable; then + if TMP=$(mktemp -t security); then + if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then + check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:" + rc=$? + else + rc=1 + fi + rm -f ${TMP} + else + rc=3 fi - rc=$? - rm -f ${TMP};; - *) rc=0;; -esac +fi exit $rc Index: etc/periodic/security/400.passwdless =================================================================== --- etc/periodic/security/400.passwdless (revision 236164) +++ etc/periodic/security/400.passwdless (working copy) @@ -27,22 +27,16 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -case "$daily_status_security_passwdless_enable" in - [Yy][Ee][Ss]) +rc=0 + +if checkyesno daily_status_security_passwdless_enable; then echo "" echo 'Checking for passwordless accounts:' n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 +fi -exit "$rc" +exit $rc Index: etc/periodic/security/510.ipfdenied =================================================================== --- etc/periodic/security/510.ipfdenied (revision 236164) +++ etc/periodic/security/510.ipfdenied (working copy) @@ -27,27 +27,23 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - +. /etc/periodic.subr . /etc/periodic/security/security.functions rc=0 -case "$daily_status_security_ipfdenied_enable" in - [Yy][Ee][Ss]) - TMP=`mktemp -t security` - if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then - check_diff new_only ipf ${TMP} "${host} ipf denied packets:" +if checkyesno daily_status_security_ipfdenied_enable; then + if TMP=$(mktemp -t security); then + if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then + check_diff new_only ipf ${TMP} "${host} ipf denied packets:" + rc=$? + else + rc=1 + fi + rm -f ${TMP} + else + rc=3 fi - rc=$? - rm -f ${TMP};; - *) rc=0;; -esac +fi exit $rc Index: etc/periodic/security/110.neggrpperm =================================================================== --- etc/periodic/security/110.neggrpperm (revision 236164) +++ etc/periodic/security/110.neggrpperm (working copy) @@ -27,18 +27,11 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr rc=0 -case "$daily_status_security_neggrpperm_enable" in - [Yy][Ee][Ss]) +if checkyesno daily_status_security_neggrpperm_enable; then echo "" echo 'Checking negative group permissions:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` @@ -47,8 +40,7 @@ \( ! -perm +020 -and -perm +002 \) -or \ \( ! -perm +040 -and -perm +004 \) \) \ -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0 - ;; -esac + [ $n -gt 0 ] && rc=1 +fi exit $rc Index: etc/periodic/monthly/999.local =================================================================== --- etc/periodic/monthly/999.local (revision 236164) +++ etc/periodic/monthly/999.local (working copy) @@ -3,15 +3,10 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.conf rc=0 + for script in $monthly_local do echo '' Index: etc/periodic/monthly/200.accounting =================================================================== --- etc/periodic/monthly/200.accounting (revision 236164) +++ etc/periodic/monthly/200.accounting (working copy) @@ -3,20 +3,13 @@ # $FreeBSD$ # -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi +. /etc/periodic.subr -oldmask=$(umask) +rc=0 + umask 066 -case "$monthly_accounting_enable" in - [Yy][Ee][Ss]) +if checkyesno monthly_accounting_enable; then W=/var/log/utx.log - rc=0 remove=NO if [ ! -f $W.0 ] then @@ -29,23 +22,20 @@ remove=YES bzcat $W.0.bz2 > $W.0 || rc=1 else - echo '$monthly_accounting_enable is set but' \ + err 2 '$monthly_accounting_enable is set but' \ "$W.0 doesn't exist" - rc=2 fi fi if [ $rc -eq 0 ] then - echo "" - echo "Doing login accounting:" - + if checkyesno monthly_accounting_verbose; then + echo "" + echo "Doing login accounting:" + fi rc=$(ac -p -w $W.0 | sort -nr -k 2 | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 fi - [ $remove = YES ] && rm -f $W.0;; + [ $remove = YES ] && rm -f $W.0 +fi - *) rc=0;; -esac - -umask $oldmask exit $rc Index: etc/periodic.subr =================================================================== --- etc/periodic.subr (revision 0) +++ etc/periodic.subr (working copy) @@ -0,0 +1,82 @@ +#!/bin/sh +# $FreeBSD$ +# +# Copyright (c) 2012 The FreeBSD Project. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +# periodic.subr +# functions used by periodic(5) scripts +# + +: ${rcvar_manpage:='periodic.conf(5)'} + +if [ -z "${_periodic_subr_loaded}" ]; then + +_periodic_subr_loaded="YES" + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ]; then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +. /etc/rc.subr + +# Cat out a [compressed] set of log(s). +# +# Parameters: +# 1 - log directory. +# 2 - log basename, e.g. auth, messages, etc. +catlogs() { + local _logdir _log_basename rc + + _logdir="$1" + _log_basename="$2" + + if [ ! -d "${_logdir:-}" ]; then + err 3 "log directory specified - ${_logdir} doesn't exist" + elif [ -z "${_log_basename:-}" ]; then + err 3 "you must supply a non-zero length log basename" + fi + + # Cat out the compressed logs. + find "${_logdir}" -name "$log_basename.*" -mtime -2 | + sort -t. -r -n -k 2,2 | + while read f + do + case $f in + *.gz) zcat -f $f;; + *.bz2) bzcat -f $f;; + esac + done + # Cat out the original log. + if [ -f "$_logdir/$_log_basename" ]; then + cat "$_logdir/$_log_basename" + fi +} + +fi # [ -z "${_periodic_subr_loaded}" ] + +_periodic_subr_loaded=: Property changes on: etc/periodic.subr ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property