[Midnightbsd-cvs] src [11800] trunk/etc/defaults/periodic.conf: update periodic config options
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Jul 11 20:20:28 EDT 2018
Revision: 11800
http://svnweb.midnightbsd.org/src/?rev=11800
Author: laffer1
Date: 2018-07-11 20:20:27 -0400 (Wed, 11 Jul 2018)
Log Message:
-----------
update periodic config options
Modified Paths:
--------------
trunk/etc/defaults/periodic.conf
Modified: trunk/etc/defaults/periodic.conf
===================================================================
--- trunk/etc/defaults/periodic.conf 2018-07-12 00:12:39 UTC (rev 11799)
+++ trunk/etc/defaults/periodic.conf 2018-07-12 00:20:27 UTC (rev 11800)
@@ -48,6 +48,7 @@
daily_clean_tmps_days="3" # If not accessed for
daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
+daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
# Don't delete these
daily_clean_tmps_verbose="YES" # Mention files deleted
@@ -75,6 +76,10 @@
# 210.backup-aliases
daily_backup_aliases_enable="YES" # Backup mail aliases
+# 220.backup-pkgdb
+daily_backup_pkgdb_enable="YES" # Backup /var/db/mport
+daily_backup_pkgdb_dir="/var/backups"
+
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
@@ -89,15 +94,15 @@
# 400.status-disks
daily_status_disks_enable="YES" # Check disk status
-daily_status_disks_df_flags="-l -h" # df(1) flags for check
+daily_status_disks_df_flags="-l -h" # df(1) flags for check
+# 401.status-graid
+daily_status_graid_enable="NO" # Check graid(8)
+
# 404.status-zfs
daily_status_zfs_enable="NO" # Check ZFS
daily_status_zfs_zpool_list_enable="YES" # List ZFS pools
-# 405.status-ata_raid
-daily_status_ata_raid_enable="NO" # Check ATA raid status
-
# 406.status-gmirror
daily_status_gmirror_enable="NO" # Check gmirror(8)
@@ -113,6 +118,7 @@
# 420.status-network
daily_status_network_enable="YES" # Check network status
daily_status_network_usedns="YES" # DNS lookups are ok
+daily_status_network_netstat_flags="-d" # netstat(1) flags
# 430.status-rwho
daily_status_rwho_enable="YES" # Check system status
@@ -124,7 +130,9 @@
# 450.status-security
daily_status_security_enable="YES" # Security check
-# See "Security options" below for more options
+# See also "Security options" below for more options
+daily_status_security_inline="NO" # Run inline ?
+daily_status_security_output="root" # user or /file
# 460.status-mail-rejects
daily_status_mail_rejects_enable="YES" # Check mail rejects
@@ -131,14 +139,14 @@
daily_status_mail_rejects_logs=3 # How many logs to check
daily_status_mail_rejects_shorten="NO" # Shorten output
-# 470.status-named
-daily_status_named_enable="YES"
-daily_status_named_usedns="YES" # DNS lookups are ok
-
# 500.queuerun
daily_queuerun_enable="YES" # Run mail queue
daily_submit_queuerun="YES" # Also submit queue
+# 510.status-world-kernel
+daily_status_world_kernel="YES" # Check the running
+ # userland/kernel version
+
# 800.scrub-zfs
daily_scrub_zfs_enable="NO"
daily_scrub_zfs_pools="" # empty string selects all pools
@@ -149,61 +157,6 @@
daily_local="/etc/daily.local" # Local scripts
-# Security options
-
-# These options are used by the security periodic(8) scripts spawned in
-# 450.status-security above.
-daily_status_security_inline="NO" # Run inline ?
-daily_status_security_output="root" # user or /file
-daily_status_security_noamd="NO" # Don't check amd mounts
-daily_status_security_logdir="/var/log" # Directory for logs
-daily_status_security_diff_flags="-b -u" # flags for diff output
-
-# 100.chksetuid
-daily_status_security_chksetuid_enable="YES"
-
-# 110.neggrpperm
-daily_status_security_neggrpperm_enable="YES"
-
-# 200.chkmounts
-daily_status_security_chkmounts_enable="YES"
-#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching
- # FS types
-
-# 300.chkuid0
-daily_status_security_chkuid0_enable="YES"
-
-# 400.passwdless
-daily_status_security_passwdless_enable="YES"
-
-# 410.logincheck
-daily_status_security_logincheck_enable="YES"
-
-# 500.ipfwdenied
-daily_status_security_ipfwdenied_enable="YES"
-
-# 510.ipfdenied
-daily_status_security_ipfdenied_enable="YES"
-
-# 520.pfdenied
-daily_status_security_pfdenied_enable="YES"
-
-# 550.ipfwlimit
-daily_status_security_ipfwlimit_enable="YES"
-
-# 610.ipf6denied
-daily_status_security_ipf6denied_enable="YES"
-
-# 700.kernelmsg
-daily_status_security_kernelmsg_enable="YES"
-
-# 800.loginfail
-daily_status_security_loginfail_enable="YES"
-
-# 900.tcpwrap
-daily_status_security_tcpwrap_enable="YES"
-
-
# Weekly options
# These options are used by periodic(8) itself to determine what to do
@@ -232,10 +185,11 @@
# 350.msearch
weekly_msearch_enable="NO" # Update msearch weekly
-# 400.status-pkg
-weekly_status_pkg_enable="NO" # Find out-of-date pkgs
-pkg_version=pkg_version # Use this program
-pkg_version_index=/usr/mports/INDEX-3 # Use this index file
+# 450.status-security
+weekly_status_security_enable="YES" # Security check
+# See also "Security options" above for more options
+weekly_status_security_inline="NO" # Run inline ?
+weekly_status_security_output="root" # user or /file
# 999.local
weekly_local="/etc/weekly.local" # Local scripts
@@ -256,16 +210,175 @@
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
+# 450.status-security
+monthly_status_security_enable="YES" # Security check
+# See also "Security options" above for more options
+monthly_status_security_inline="NO" # Run inline ?
+monthly_status_security_output="root" # user or /file
+
# 999.local
monthly_local="/etc/monthly.local" # Local scripts
+# Security options
+
+security_show_success="YES" # scripts returning 0
+security_show_info="YES" # scripts returning 1
+security_show_badconfig="NO" # scripts returning 2
+
+# These options are used by the security periodic(8) scripts spawned in
+# daily and weekly 450.status-security.
+security_status_logdir="/var/log" # Directory for logs
+security_status_diff_flags="-b -u" # flags for diff output
+
+# Each of the security_status_*_period options below can have one of the
+# following values:
+# - NO: do not run at all
+# - daily: only run during the daily security status
+# - weekly: only run during the weekly security status
+# - monthly: only run during the monthly security status
+# Note that if periodic security scripts are run from crontab(5) directly,
+# they will be run unless _enable or _period is set to "NO".
+
+# 100.chksetuid
+security_status_chksetuid_enable="YES"
+security_status_chksetuid_period="daily"
+
+# 110.neggrpperm
+security_status_neggrpperm_enable="YES"
+security_status_neggrpperm_period="daily"
+
+# 200.chkmounts
+security_status_chkmounts_enable="YES"
+security_status_chkmounts_period="daily"
+#security_status_chkmounts_ignore="^amd:" # Don't check matching
+ # FS types
+security_status_noamd="NO" # Don't check amd mounts
+
+# 300.chkuid0
+security_status_chkuid0_enable="YES"
+security_status_chkuid0_period="daily"
+
+# 400.passwdless
+security_status_passwdless_enable="YES"
+security_status_passwdless_period="daily"
+
+# 410.logincheck
+security_status_logincheck_enable="YES"
+security_status_logincheck_period="daily"
+
+# 500.ipfwdenied
+security_status_ipfwdenied_enable="YES"
+security_status_ipfwdenied_period="daily"
+
+# 510.ipfdenied
+security_status_ipfdenied_enable="YES"
+security_status_ipfdenied_period="daily"
+
+# 520.pfdenied
+security_status_pfdenied_enable="YES"
+security_status_pfdenied_period="daily"
+
+# 550.ipfwlimit
+security_status_ipfwlimit_enable="YES"
+security_status_ipfwlimit_period="daily"
+
+# 610.ipf6denied
+security_status_ipf6denied_enable="YES"
+security_status_ipf6denied_period="daily"
+
+# 700.kernelmsg
+security_status_kernelmsg_enable="YES"
+security_status_kernelmsg_period="daily"
+
+# 800.loginfail
+security_status_loginfail_enable="YES"
+security_status_loginfail_period="daily"
+
+# 900.tcpwrap
+security_status_tcpwrap_enable="YES"
+security_status_tcpwrap_period="daily"
+
+
+
# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
# scripts to source defaults/periodic.conf overrides safely.
if [ -z "${source_periodic_confs_defined}" ]; then
source_periodic_confs_defined=yes
- source_periodic_confs () {
+
+ # Compatibility with old daily variable names.
+ # They can be removed in stable/11.
+ security_daily_compat_var() {
+ local var=$1 dailyvar value
+
+ dailyvar=daily_status_security${var#security_status}
+ periodvar=${var%enable}period
+ eval value=\"\$$dailyvar\"
+ [ -z "$value" ] && return
+ echo "Warning: Variable \$$dailyvar is deprecated," \
+ "use \$$var instead." >&2
+ case "$value" in
+ [Yy][Ee][Ss])
+ eval $var=YES
+ eval $periodvar=daily
+ ;;
+ *)
+ eval $var=\"$value\"
+ ;;
+ esac
+ }
+
+ check_yesno_period() {
+ local var="$1" periodvar value period
+
+ eval value=\"\$$var\"
+ case "$value" in
+ [Yy][Ee][Ss]) ;;
+ *) return 1 ;;
+ esac
+
+ periodvar=${var%enable}period
+ eval period=\"\$$periodvar\"
+ case "$PERIODIC" in
+ "security daily")
+ case "$period" in
+ [Dd][Aa][Ii][Ll][Yy]) return 0 ;;
+ *) return 1 ;;
+ esac
+ ;;
+ "security weekly")
+ case "$period" in
+ [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
+ *) return 1 ;;
+ esac
+ ;;
+ "security monthly")
+ case "$period" in
+ [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
+ *) return 1 ;;
+ esac
+ ;;
+ security)
+ # Run directly from crontab(5).
+ case "$period" in
+ [Nn][Oo]) return 1 ;;
+ *) return 0 ;;
+ esac
+ ;;
+ '')
+ # Script run manually.
+ return 0
+ ;;
+ *)
+ echo "ASSERTION FAILED: Unexpected value for" \
+ "\$PERIODIC: '$PERIODIC'" >&2
+ exit 127
+ ;;
+ esac
+ }
+
+ source_periodic_confs() {
local i sourced_files
for i in ${periodic_conf_files}; do
More information about the Midnightbsd-cvs
mailing list