From owner-svn-src-head@freebsd.org Sat Aug 11 17:11:11 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71FC610742B1; Sat, 11 Aug 2018 17:11:11 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1505789ABD; Sat, 11 Aug 2018 17:11:11 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E999D1A17A; Sat, 11 Aug 2018 17:11:10 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7BHBA9Q042835; Sat, 11 Aug 2018 17:11:10 GMT (envelope-from brd@FreeBSD.org) Received: (from brd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7BHB9bt042827; Sat, 11 Aug 2018 17:11:09 GMT (envelope-from brd@FreeBSD.org) Message-Id: <201808111711.w7BHB9bt042827@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brd set sender to brd@FreeBSD.org using -f From: Brad Davis Date: Sat, 11 Aug 2018 17:11:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337648 - in head: etc etc/defaults etc/periodic usr.sbin/periodic usr.sbin/periodic/etc usr.sbin/periodic/etc/daily usr.sbin/periodic/etc/monthly usr.sbin/periodic/etc/security usr.sbi... X-SVN-Group: head X-SVN-Commit-Author: brd X-SVN-Commit-Paths: in head: etc etc/defaults etc/periodic usr.sbin/periodic usr.sbin/periodic/etc usr.sbin/periodic/etc/daily usr.sbin/periodic/etc/monthly usr.sbin/periodic/etc/security usr.sbin/periodic/etc/weekly X-SVN-Commit-Revision: 337648 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Aug 2018 17:11:11 -0000 Author: brd Date: Sat Aug 11 17:11:08 2018 New Revision: 337648 URL: https://svnweb.freebsd.org/changeset/base/337648 Log: Move all periodic related config and scripts to usr.sbin/periodic/ This makes pkgbase easier by tagging these as CONFS so they are properly tagged as config files. Approved by: will (mentor) Sponsored by: Essen Hackathon Differential Revision: https://reviews.freebsd.org/D16553 Added: head/usr.sbin/periodic/etc/ - copied from r337647, head/etc/periodic/ head/usr.sbin/periodic/periodic.conf - copied unchanged from r337647, head/etc/defaults/periodic.conf Deleted: head/etc/defaults/periodic.conf head/etc/periodic/ Modified: head/etc/Makefile head/etc/defaults/Makefile head/usr.sbin/periodic/Makefile head/usr.sbin/periodic/etc/Makefile.inc head/usr.sbin/periodic/etc/daily/Makefile head/usr.sbin/periodic/etc/monthly/Makefile head/usr.sbin/periodic/etc/security/Makefile head/usr.sbin/periodic/etc/weekly/Makefile Modified: head/etc/Makefile ============================================================================== --- head/etc/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/etc/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -178,7 +178,6 @@ distribution: .if ${MK_NTP} != "no" ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install .endif - ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install ${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap ${_+_}cd ${.CURDIR}/syslog.d; ${MAKE} install ${_+_}cd ${SRCTOP}/usr.sbin/rmt; ${MAKE} etc-rmt Modified: head/etc/defaults/Makefile ============================================================================== --- head/etc/defaults/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/etc/defaults/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -2,7 +2,7 @@ .include -FILES= devfs.rules periodic.conf +FILES= devfs.rules FILESDIR= /etc/defaults .if ${MK_BLUETOOTH} != "no" Modified: head/usr.sbin/periodic/Makefile ============================================================================== --- head/usr.sbin/periodic/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/usr.sbin/periodic/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -1,6 +1,10 @@ # $FreeBSD$ +FILES= periodic.conf +FILESDIR= /etc/defaults SCRIPTS=periodic.sh MAN= periodic.8 + +SUBDIR= etc .include Modified: head/usr.sbin/periodic/etc/Makefile.inc ============================================================================== --- head/etc/periodic/Makefile.inc Sat Aug 11 16:41:08 2018 (r337647) +++ head/usr.sbin/periodic/etc/Makefile.inc Sat Aug 11 17:11:08 2018 (r337648) @@ -1,5 +1,6 @@ # $FreeBSD$ -BINDIR= /etc/periodic/${.CURDIR:T} +CONFMODE= 755 +CONFDIR= ETC_PERIODIC_${.CURDIR:T:U} +ETC_PERIODIC_${.CURDIR:T:U}= /etc/periodic/${.CURDIR:T} NO_OBJ= -FILESMODE= 755 Modified: head/usr.sbin/periodic/etc/daily/Makefile ============================================================================== --- head/etc/periodic/daily/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/usr.sbin/periodic/etc/daily/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -2,9 +2,9 @@ .include -FILESGROUPS=FILES +CONFGROUPS= CONFS -FILES= 100.clean-disks \ +CONFS= 100.clean-disks \ 110.clean-tmps \ 120.clean-preserve \ 140.clean-rwho \ @@ -27,35 +27,34 @@ FILES= 100.clean-disks \ # NB: keep these sorted by MK_* knobs .if ${MK_ACCT} != "no" -FILESGROUPS+= ACCT +CONFGROUPS+= ACCT ACCT+= 310.accounting -.endif -ACCTDIR= /etc/periodic/daily ACCTMODE= ${BINMODE} ACCTPACKAGE= acct +.endif .if ${MK_CALENDAR} != "no" -FILES+= 300.calendar +CONFS+= 300.calendar .endif .if ${MK_MAIL} != "no" -FILES+= 130.clean-msgs +CONFS+= 130.clean-msgs .endif .if ${MK_NTP} != "no" -FILES+= 480.status-ntpd \ +CONFS+= 480.status-ntpd \ 480.leapfile-ntpd .endif .if ${MK_SENDMAIL} != "no" -FILES+= 150.clean-hoststat \ +CONFS+= 150.clean-hoststat \ 440.status-mailq \ 460.status-mail-rejects \ 500.queuerun .endif .if ${MK_ZFS} != "no" -FILES+= 404.status-zfs \ +CONFS+= 404.status-zfs \ 800.scrub-zfs .endif Modified: head/usr.sbin/periodic/etc/monthly/Makefile ============================================================================== --- head/etc/periodic/monthly/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/usr.sbin/periodic/etc/monthly/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -2,19 +2,19 @@ .include -FILESGROUPS=FILES +CONFGROUPS= CONFS -FILES= 450.status-security \ +CONFS= 450.status-security \ 999.local # NB: keep these sorted by MK_* knobs .if ${MK_UTMPX} != "no" -FILESGROUPS+= ACCT +CONFGROUPS+= ACCT ACCT+= 200.accounting -.endif ACCTDIR= /etc/periodic/monthly ACCTMODE= ${BINMODE} ACCTPACKAGE= acct +.endif .include Modified: head/usr.sbin/periodic/etc/security/Makefile ============================================================================== --- head/etc/periodic/security/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/usr.sbin/periodic/etc/security/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -2,9 +2,9 @@ .include -FILESGROUPS= FILES DATA +CONFGROUPS= CONFS DATA -FILES= 100.chksetuid \ +CONFS= 100.chksetuid \ 110.neggrpperm \ 200.chkmounts \ 300.chkuid0 \ @@ -13,25 +13,26 @@ FILES= 100.chksetuid \ 700.kernelmsg \ 800.loginfail DATA= security.functions +DATAMODE= 444 # NB: keep these sorted by MK_* knobs .if ${MK_IPFILTER} != "no" -FILES+= 510.ipfdenied -FILES+= 610.ipf6denied +CONFS+= 510.ipfdenied +CONFS+= 610.ipf6denied .endif .if ${MK_IPFW} != "no" -FILES+= 500.ipfwdenied \ +CONFS+= 500.ipfwdenied \ 550.ipfwlimit .endif .if ${MK_PF} != "no" -FILES+= 520.pfdenied +CONFS+= 520.pfdenied .endif .if ${MK_INETD} != "no" && ${MK_TCP_WRAPPERS} != "no" -FILES+= 900.tcpwrap +CONFS+= 900.tcpwrap .endif .include Modified: head/usr.sbin/periodic/etc/weekly/Makefile ============================================================================== --- head/etc/periodic/weekly/Makefile Sat Aug 11 16:41:08 2018 (r337647) +++ head/usr.sbin/periodic/etc/weekly/Makefile Sat Aug 11 17:11:08 2018 (r337648) @@ -2,18 +2,18 @@ .include -FILES= 340.noid \ +CONFS= 340.noid \ 450.status-security \ 999.local # NB: keep these sorted by MK_* knobs .if ${MK_LOCATE} != "no" -FILES+= 310.locate +CONFS+= 310.locate .endif .if ${MK_MAN_UTILS} != "no" -FILES+= 320.whatis +CONFS+= 320.whatis .endif .include Copied: head/usr.sbin/periodic/periodic.conf (from r337647, head/etc/defaults/periodic.conf) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/periodic/periodic.conf Sat Aug 11 17:11:08 2018 (r337648, copy of r337647, head/etc/defaults/periodic.conf) @@ -0,0 +1,407 @@ +#!/bin/sh +# +# This is defaults/periodic.conf - a file full of useful variables that +# you can set to change the default behaviour of periodic jobs on your +# system. You should not edit this file! Put any overrides into one of the +# $periodic_conf_files instead and you will be able to update these defaults +# later without spamming your local configuration information. +# +# The $periodic_conf_files files should only contain values which override +# values set in this file. This eases the upgrade path when defaults +# are changed and new features are added. +# +# For a more detailed explanation of all the periodic.conf variables, please +# refer to the periodic.conf(5) manual page. +# +# $FreeBSD$ +# + +# What files override these defaults ? +periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" + +# periodic script dirs +local_periodic="/usr/local/etc/periodic" + +# Max time to sleep to avoid causing congestion on download servers +anticongestion_sleeptime=3600 + +# Daily options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + +# 100.clean-disks +daily_clean_disks_enable="NO" # Delete files daily +daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" +daily_clean_disks_days=3 # If older than this +daily_clean_disks_verbose="YES" # Mention files deleted + +# 110.clean-tmps +daily_clean_tmps_enable="NO" # Delete stuff daily +daily_clean_tmps_dirs="/tmp" # Delete under here +daily_clean_tmps_days="3" # If not accessed for +daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" +daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" +daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" + # Don't delete these +daily_clean_tmps_verbose="YES" # Mention files deleted + +# 120.clean-preserve +daily_clean_preserve_enable="YES" # Delete files daily +daily_clean_preserve_days=7 # If not modified for +daily_clean_preserve_verbose="YES" # Mention files deleted + +# 130.clean-msgs +daily_clean_msgs_enable="YES" # Delete msgs daily +daily_clean_msgs_days= # If not modified for + +# 140.clean-rwho +daily_clean_rwho_enable="YES" # Delete rwho daily +daily_clean_rwho_days=7 # If not modified for +daily_clean_rwho_verbose="YES" # Mention files deleted + +# 150.clean-hoststat +daily_clean_hoststat_enable="YES" # Purge sendmail host + # status cache daily + +# 200.backup-passwd +daily_backup_passwd_enable="YES" # Backup passwd & group + +# 210.backup-aliases +daily_backup_aliases_enable="YES" # Backup mail aliases + +# 300.calendar +daily_calendar_enable="NO" # Run calendar -a + +# 310.accounting +daily_accounting_enable="YES" # Rotate acct files +daily_accounting_compress="NO" # Gzip rotated files +daily_accounting_flags=-q # Flags to /usr/sbin/sa +daily_accounting_save=3 # How many files to save + +# 330.news +daily_news_expire_enable="YES" # Run news.expire + +# 400.status-disks +daily_status_disks_enable="YES" # Check disk status +daily_status_disks_df_flags="-l -h" # df(1) flags for check + +# 401.status-graid +daily_status_graid_enable="NO" # Check graid(8) + +# 404.status-zfs +daily_status_zfs_enable="NO" # Check ZFS +daily_status_zfs_zpool_list_enable="YES" # List ZFS pools + +# 406.status-gmirror +daily_status_gmirror_enable="NO" # Check gmirror(8) + +# 407.status-graid3 +daily_status_graid3_enable="NO" # Check graid3(8) + +# 408.status-gstripe +daily_status_gstripe_enable="NO" # Check gstripe(8) + +# 409.status-gconcat +daily_status_gconcat_enable="NO" # Check gconcat(8) + +# 410.status-mfi +daily_status_mfi_enable="NO" # Check mfiutil(8) + +# 420.status-network +daily_status_network_enable="YES" # Check network status +daily_status_network_usedns="YES" # DNS lookups are ok +daily_status_network_netstat_flags="-d" # netstat(1) flags + +# 430.status-uptime +daily_status_uptime_enable="YES" # Check system uptime + +# 440.status-mailq +daily_status_mailq_enable="YES" # Check mail status +daily_status_mailq_shorten="NO" # Shorten output +daily_status_include_submit_mailq="YES" # Also submit queue + +# 450.status-security +daily_status_security_enable="YES" # Security check +# See also "Security options" below for more options +daily_status_security_inline="NO" # Run inline ? +daily_status_security_output="root" # user or /file + +# 460.status-mail-rejects +daily_status_mail_rejects_enable="YES" # Check mail rejects +daily_status_mail_rejects_logs=3 # How many logs to check +daily_status_mail_rejects_shorten="NO" # Shorten output + +# 480.leapfile-ntpd +daily_ntpd_leapfile_enable="YES" # Fetch NTP leapfile + +# 480.status-ntpd +daily_status_ntpd_enable="NO" # Check NTP status + +# 500.queuerun +daily_queuerun_enable="YES" # Run mail queue +daily_submit_queuerun="YES" # Also submit queue + +# 510.status-world-kernel +daily_status_world_kernel="YES" # Check the running + # userland/kernel version + +# 800.scrub-zfs +daily_scrub_zfs_enable="NO" +daily_scrub_zfs_pools="" # empty string selects all pools +daily_scrub_zfs_default_threshold="35" # days between scrubs +#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold + +# 999.local +daily_local="/etc/daily.local" # Local scripts + + +# Weekly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + +# 310.locate +weekly_locate_enable="YES" # Update locate weekly + +# 320.whatis +weekly_whatis_enable="YES" # Update whatis weekly + +# 340.noid +weekly_noid_enable="NO" # Find unowned files +weekly_noid_dirs="/" # Look here + +# 450.status-security +weekly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +weekly_status_security_inline="NO" # Run inline ? +weekly_status_security_output="root" # user or /file + +# 999.local +weekly_local="/etc/weekly.local" # Local scripts + + +# Monthly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + +# 200.accounting +monthly_accounting_enable="YES" # Login accounting + +# 450.status-security +monthly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +monthly_status_security_inline="NO" # Run inline ? +monthly_status_security_output="root" # user or /file + +# 999.local +monthly_local="/etc/monthly.local" # Local scripts + + +# Security options + +security_show_success="YES" # scripts returning 0 +security_show_info="YES" # scripts returning 1 +security_show_badconfig="NO" # scripts returning 2 + +# These options are used by the security periodic(8) scripts spawned in +# daily and weekly 450.status-security. +security_status_logdir="/var/log" # Directory for logs +security_status_diff_flags="-b -u" # flags for diff output + +# Each of the security_status_*_period options below can have one of the +# following values: +# - NO: do not run at all +# - daily: only run during the daily security status +# - weekly: only run during the weekly security status +# - monthly: only run during the monthly security status +# Note that if periodic security scripts are run from crontab(5) directly, +# they will be run unless _enable or _period is set to "NO". + +# 100.chksetuid +security_status_chksetuid_enable="YES" +security_status_chksetuid_period="daily" + +# 110.neggrpperm +security_status_neggrpperm_enable="YES" +security_status_neggrpperm_period="daily" + +# 200.chkmounts +security_status_chkmounts_enable="YES" +security_status_chkmounts_period="daily" +#security_status_chkmounts_ignore="^amd:" # Don't check matching + # FS types +security_status_noamd="NO" # Don't check amd mounts + +# 300.chkuid0 +security_status_chkuid0_enable="YES" +security_status_chkuid0_period="daily" + +# 400.passwdless +security_status_passwdless_enable="YES" +security_status_passwdless_period="daily" + +# 410.logincheck +security_status_logincheck_enable="YES" +security_status_logincheck_period="daily" + +# 500.ipfwdenied +security_status_ipfwdenied_enable="YES" +security_status_ipfwdenied_period="daily" + +# 510.ipfdenied +security_status_ipfdenied_enable="YES" +security_status_ipfdenied_period="daily" + +# 520.pfdenied +security_status_pfdenied_enable="YES" +security_status_pfdenied_period="daily" + +# 550.ipfwlimit +security_status_ipfwlimit_enable="YES" +security_status_ipfwlimit_period="daily" + +# 610.ipf6denied +security_status_ipf6denied_enable="YES" +security_status_ipf6denied_period="daily" + +# 700.kernelmsg +security_status_kernelmsg_enable="YES" +security_status_kernelmsg_period="daily" + +# 800.loginfail +security_status_loginfail_enable="YES" +security_status_loginfail_period="daily" + +# 900.tcpwrap +security_status_tcpwrap_enable="YES" +security_status_tcpwrap_period="daily" + + + +# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* +# scripts to source defaults/periodic.conf overrides safely. + +if [ -z "${source_periodic_confs_defined}" ]; then + source_periodic_confs_defined=yes + + # Sleep for a random amount of time in order to mitigate the thundering + # herd problem of multiple hosts running periodic simultaneously. + # Will not sleep when used interactively. + # Will sleep at most once per invocation of periodic + anticongestion() { + [ -n "$PERIODIC_IS_INTERACTIVE" ] && return + if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then + rm -f $PERIODIC_ANTICONGESTION_FILE + sleep `jot -r 1 0 ${anticongestion_sleeptime}` + fi + } + + # Compatibility with old daily variable names. + # They can be removed in stable/11. + security_daily_compat_var() { + local var=$1 dailyvar value + + dailyvar=daily_status_security${var#security_status} + periodvar=${var%enable}period + eval value=\"\$$dailyvar\" + [ -z "$value" ] && return + echo "Warning: Variable \$$dailyvar is deprecated," \ + "use \$$var instead." >&2 + case "$value" in + [Yy][Ee][Ss]) + eval $var=YES + eval $periodvar=daily + ;; + *) + eval $var=\"$value\" + ;; + esac + } + + check_yesno_period() { + local var="$1" periodvar value period + + eval value=\"\$$var\" + case "$value" in + [Yy][Ee][Ss]) ;; + *) return 1 ;; + esac + + periodvar=${var%enable}period + eval period=\"\$$periodvar\" + case "$PERIODIC" in + "security daily") + case "$period" in + [Dd][Aa][Ii][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + "security weekly") + case "$period" in + [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + "security monthly") + case "$period" in + [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + security) + # Run directly from crontab(5). + case "$period" in + [Nn][Oo]) return 1 ;; + *) return 0 ;; + esac + ;; + '') + # Script run manually. + return 0 + ;; + *) + echo "ASSERTION FAILED: Unexpected value for" \ + "\$PERIODIC: '$PERIODIC'" >&2 + exit 127 + ;; + esac + } + + source_periodic_confs() { + local i sourced_files + + for i in ${periodic_conf_files}; do + case ${sourced_files} in + *:$i:*) + ;; + *) + sourced_files="${sourced_files}:$i:" + [ -r $i ] && . $i + ;; + esac + done + } +fi