aboutsummaryrefslogtreecommitdiff
path: root/etc/periodic
Commit message (Collapse)AuthorAgeFilesLines
* Rather than using both -prune (which requires directory-first tree traversal)Brian Somers2009-06-021-4/+4
| | | | | | | | | | | | | | | and -delete (which implies depth-first traversal), avoid using -delete in favour of -execdir. This has a side-effect of not removing directories that contain files, even if we delete all of those files, but IMHO that's a better option than specifying all possible local filesystem types in this script. PR: 122811 MFC after: 3 weeks Notes: svn path=/head/; revision=193302
* Update this script so that it handles different ruleset failuresBrian Somers2009-05-281-8/+12
| | | | | | | | | | | | | differently. The output now shows the ruleset and shortens to slightly different text (using $daily_status_mail_rejects_shorten), but it should be more descriptive. PR: 35018 Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com MFC after: 3 weeks Notes: svn path=/head/; revision=192970
* Fix typo to install 400.status-pkg, again.Hajimu UMEMOTO2009-01-141-1/+1
| | | | Notes: svn path=/head/; revision=187210
* Sort `mount -p' output by name before checking for any differences.Ed Schouten2008-10-251-1/+1
| | | | | | | | | | | | | | | I noticed on a system at home that restarting named(8) causes the /var/named/dev mount to be moved to the bottom of the mount list, because it gets remounted. When I received the daily security email this morning, I was quite amazed to see that the security report listed the differences, while it was nothing out of the ordinary. If we just throw the `mount -p' output through sort(1), we'll only receive notifications about changes to mounts if something has really changed. Notes: svn path=/head/; revision=184265
* add new build knobs and jigger some existing controls to improveSam Leffler2008-09-214-23/+80
| | | | | | | | | | | control over the result of buildworld and installworld; this especially helps packaging systems such as nanobsd Reviewed by: various (posted to arch) MFC after: 1 month Notes: svn path=/head/; revision=183242
* Improve periodic/security/550.ipfwlimit a bit:Antoine Brodin2008-08-101-6/+3
| | | | | | | | | | | | - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list") PR: conf/126060 [1] MFC after: 1 month Notes: svn path=/head/; revision=181531
* Rev. 1.8 broke matching on lines where the failure mode is at the headMike Makonnen2008-06-301-1/+1
| | | | | | | | | | | of the message, such as: Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1 PR: conf/124569 Submitted by: Taku <taku@tekipaki.jp> Notes: svn path=/head/; revision=180111
* Add a missing ;.Remko Lodder2008-03-251-1/+1
| | | | | | | | | | PR: misc/122069 Submitted by: taku@tekipaki.jp MFC after: 3 days Approved by: imp (mentor, implicit trivial change). Notes: svn path=/head/; revision=177606
* Eliminate xargs in favor of find -exec {} +Dag-Erling Smørgrav2008-02-031-2/+1
| | | | Notes: svn path=/head/; revision=175906
* Rewrite to consume significantly less memory, by using find -s instead ofDag-Erling Smørgrav2008-02-021-16/+11
| | | | | | | | | | | | | | | | find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get. Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might. MFC after: 2 weeks Notes: svn path=/head/; revision=175890
* A new configuration variable, daily_status_mail_rejects_shorten, allowsDiomidis Spinellis2008-01-081-1/+8
| | | | | | | | | | | the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form. MFC after: 1 week Notes: svn path=/head/; revision=175153
* Also check setuid executables on ZFS.Ruslan Ermilov2007-11-231-1/+1
| | | | Notes: svn path=/head/; revision=173873
* o Install 480.status-ntpd.Maxim Konovalov2007-05-141-0/+1
| | | | | | | Pointed out by: Henrik Brix Anders Notes: svn path=/head/; revision=169556
* o Add a script to check ntpd(8) state. Default is off.Maxim Konovalov2007-05-131-0/+28
| | | | | | | | | PR: conf/112604 Submitted by: Oliver Fromme MFC after: 1 month Notes: svn path=/head/; revision=169517
* Add ZFS periodic scripts that monitors status of ZFS pools.Pawel Jakub Dawidek2007-04-062-0/+37
| | | | | | | Submitted by: des Notes: svn path=/head/; revision=168412
* Only match on log messages containing fail,invalid,Remko Lodder2007-02-231-1/+1
| | | | | | | | | | | | | bad or illegal. This prevents matching on systems that have a name that matches the query. PR: conf/107560 Submitted by: Christian Laursen <cfsl at pil dot dk> MFC after: 3 days Approved by: imp (mentor) Notes: svn path=/head/; revision=166928
* Move to the preferred syntax for nice (-n) insteadRemko Lodder2007-02-231-1/+1
| | | | | | | | | | | of the depricated one. PR: conf/108611 Submitted by: TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp> Approved by: imp (mentor) Notes: svn path=/head/; revision=166912
* Use egrep instead of grep so that reporting of login failures (brokenJohn Polstra2007-02-051-1/+1
| | | | | | | | by revision 1.6) works again. This fix is already in RELENG_6, but was never committed to HEAD. Notes: svn path=/head/; revision=166519
* The kvm_mkdb(8) is long dead.Ruslan Ermilov2006-08-292-51/+1
| | | | Notes: svn path=/head/; revision=161708
* Add login.conf checking to periodic security scripts. If the login.conf fileTom Rhodes2006-08-252-0/+53
| | | | | | | | | is not UID/GID 0, limits will be ignored and a strange error sent to auth.log. Head nod: ru, rwatson Notes: svn path=/head/; revision=161602
* o Add missed $start variable in the grep statement back.Maxim Konovalov2006-06-111-1/+1
| | | | | | | | | PR: conf/96658 Submitted by: James Snow MFC after: 1 week Notes: svn path=/head/; revision=159525
* Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.Max Laier2006-05-123-118/+0
| | | | | | | | Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw scripts as well. Notes: svn path=/head/; revision=158497
* Fix output and exit status when daily_mailq_shorten is set to YESMatteo Riondato2006-03-081-6/+8
| | | | | | | | PR: conf/93472 MFC after: 3 Notes: svn path=/head/; revision=156435
* Enhance loginfail: it will catch sshd, proftpd and su errors, as well as ↵Matteo Riondato2006-03-051-1/+1
| | | | | | | | | | | | other programs PR: conf/70973 Submitted by: Ryan Sommers" <ryans@gamersimpact.com> Approved by: philip (mentor) MFC after: 3 days Notes: svn path=/head/; revision=156312
* Add periodic scripts that check the status of graid3(8), gstripe(8)Christian Brueffer2006-03-024-0/+105
| | | | | | | | | and gconcat(8) devices, respectively. Approved by: rwatson (mentor) Notes: svn path=/head/; revision=156215
* When there are no interesting information in output, exit with 0.Matteo Riondato2006-02-071-3/+3
| | | | | | | | | | PR: conf/92299 Submitted by: Petr Rehor <prehor@gmail.com> Approved by: philip (mentor) MFC after: 3 days Notes: svn path=/head/; revision=155422
* o Add 406.status-gmirror, sort.Maxim Konovalov2006-01-211-1/+2
| | | | | | | Submitted by: brueffer Notes: svn path=/head/; revision=154652
* Add a daily script to show the status of gmirror(8) devices.Garrett Wollman2006-01-131-0/+34
| | | | Notes: svn path=/head/; revision=154304
* Update the test for failed zone transfers to reflect BIND 9.3.1 semanticsDoug Barton2005-11-221-10/+8
| | | | | | | | | | | | | Simplify the shell scripting a bit, and remove a useless grep | sed The problem was pointed out by the PR, and I used part of the solution suggested there, but the semantics changed again for 9.2.x -> 9.3.x. PR: conf/74228 Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com> Notes: svn path=/head/; revision=152697
* A new version of rev. 1.4: postpone a temporary file creationMaxim Konovalov2005-09-111-1/+1
| | | | | | | | | | | until we realize if ipfw(4) ever used. PR: bin/85970 Submitted by: Andre Albsmeier MFC after: 3 days Notes: svn path=/head/; revision=149989
* Fix braino in last commit. Print nothing if ipfw(4) is not present.Gleb Smirnoff2005-08-311-2/+2
| | | | Notes: svn path=/head/; revision=149659
* When looking for new lines in diff output, grep for '^[>+]' instead ofColin Percival2005-08-221-1/+1
| | | | | | | | | | '^>', in order to catch both normal and unified diffs. Problem reported by: volker at vwsoft dot com via -stable MFC after: 3 days Notes: svn path=/head/; revision=149366
* - Correctly parse output, when logging amount is limited in theGleb Smirnoff2005-08-201-7/+15
| | | | | | | | | | | | | rule itself, not in verbose_limit sysctl. [1] - Do check rules, even if verbose_limit is set 0. Rules may have their own log limits. PR: conf/77929 Submitted by: Andriy Gapon [1] Reviewed by: matteo Notes: svn path=/head/; revision=149320
* Purge orphan catpages.Ruslan Ermilov2005-03-301-2/+2
| | | | | | | | PR: conf/35242 Submitted by: Annihilator <annihilator.c@usa.net> Notes: svn path=/head/; revision=144343
* Replace "ipfw l", which is now deprecated, with "ipfw list".Suleiman Souhlal2005-02-232-2/+2
| | | | | | | Approved by: grehan (mentor) Notes: svn path=/head/; revision=142303
* Don't do setuid checks on file systems mounted with noexec option.Gleb Smirnoff2005-01-131-1/+1
| | | | | | | | Reviewed by: brian, ru MFC after: 1 week Notes: svn path=/head/; revision=140186
* Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(Brian Somers2005-01-121-1/+1
| | | | | | | | | | As there are no tabs in maillog, reduce the expression so that only spaces are used. Problem raised by: Leif Neland root at internet dot dk Notes: svn path=/head/; revision=140096
* Oops, the < in arg1=< is optional - treat it as such!Brian Somers2005-01-111-1/+1
| | | | Notes: svn path=/head/; revision=140059
* Adjust the mail reject output so that it gives an abreviated reason for theBrian Somers2005-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reject. For example: Checking for rejected mail hosts: 48 getherbalnow.info (451... resolve) 46 absorb.com (451... resolve) 4 tgmart01.codns.com (553... exist) 3 kali.com.cn (451... resolve) 2 genie.com (451... resolve) 1 zv.qy (553... exist) 1 zd.hinet.hr (553... exist) .... The bit in parenthesis is the reject code and the last word on the line - enough to give the admin a better chance of seeing real problems (hopefully!). While I'm here, remove the "<" at the start of rejects coming from "from" addresses without a name@ part. I had to rewrite the patch given by the submitter as this script has been sed'ified (used to be perl) and I think the reject code is useful.... PR: 17377 Idea from: root at ns dot internet dot dk MFC after: 7 days Notes: svn path=/head/; revision=140029
* Collapse "fgrep | egrep | sed" down to a single sed.Brian Somers2005-01-111-3/+1
| | | | | | | | | This also trims extraneous commas from domain names. MFC after: 7 days Notes: svn path=/head/; revision=140028
* Start the dreaded NOFOO -> NO_FOO conversion.Ruslan Ermilov2004-12-211-1/+1
| | | | | | | OK'ed by: core Notes: svn path=/head/; revision=139103
* Teach periodic(8) security output to display information about blockedMax Laier2004-11-242-0/+54
| | | | | | | | | | | | | | | | | | | | | packet counts by pf(4). This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions. The output will look like this (line wrapped): pf denied packets: > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0 Bytes: 0 States: 0 ] > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578 States: 0 ] Submitted by: clive (thanks a lot!) MFC after: 2 weeks Notes: svn path=/head/; revision=138061
* Add a knob 'daily_status_security_diff_flags' controlling theJoseph Koshy2004-09-231-1/+2
| | | | | | | | | | format of the 'diff' output generated during periodic(8) scripts. Submitted by: keramida (script changes) Reviewed by: keramida (man page changes) Notes: svn path=/head/; revision=135591
* Allow the location of the INDEX file to specified to pkg_version.Josef Karthauser2004-05-191-1/+1
| | | | | | | | | | This is particularly convenient on a cluster of machines to prevent having to rebuild the INDEX file on each. Reviewed by: portmgr Notes: svn path=/head/; revision=129424
* Add script for checking ipv6 blocked packets from PR.Darren Reed2004-04-201-0/+53
| | | | | | | | PR: misc/50154 Submitted by: Kimura Fuyuki <fuyuki@hadaly.org> Notes: svn path=/head/; revision=128473
* Don't remove empty dirs if their names are in $daily_clean_tmps_ignoreAndrey A. Chernov2004-02-281-3/+6
| | | | Notes: svn path=/head/; revision=126342
* Use hoststat/purgestat instead of sendmail -bh/-bH so the calls canGregory Neil Shapiro2004-01-021-3/+3
| | | | | | | | | | | be properly mailwrapper'ed. PR: conf/60676 Submitted by: Colin Percival <cperciva@daemonology.net>, maxim MFC after: 4 days Notes: svn path=/head/; revision=124080
* Use %e in the date(1) format string to eliminate the sed(1) command.Ruslan Ermilov2003-11-072-2/+2
| | | | Notes: svn path=/head/; revision=122257
* Add status checking of ATA raid to the daily periodic scripts.Jesper Skriver2003-10-272-0/+34
| | | | Notes: svn path=/head/; revision=121620
* Have mktemp(1) construct the temporary file name for us insteadMike Makonnen2003-06-306-6/+6
| | | | | | | | | of providing a template manually. Submitted by: Lars Eggert <larse@isi.edu> Notes: svn path=/head/; revision=117088
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 16:40:37 +0000