mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 23:48:09 +01:00
174 lines
4.1 KiB
Bash
174 lines
4.1 KiB
Bash
#!/bin/sh -
|
|
#
|
|
# @(#)daily 5.12 (Berkeley) 5/24/91
|
|
#
|
|
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
|
host=`hostname -s`
|
|
echo "Subject: $host daily run output"
|
|
bak=/var/backups
|
|
|
|
echo ""
|
|
echo "Removing scratch and junk files:"
|
|
if [ -d /var/preserve ]; then
|
|
cd /var/preserve && {
|
|
find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
|
|
fi
|
|
|
|
if [ -d /var/rwho ] ; then
|
|
cd /var/rwho && {
|
|
find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
|
|
fi
|
|
|
|
cd /tmp
|
|
|
|
# This is a security hole, never use 'find' on a public directory
|
|
# with -exec rm -f as root. This can be exploited to delete any file
|
|
# on the system.
|
|
#
|
|
#find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
|
|
# \( -name '[#,]*' -o -name '.#*' -o -name a.out -o -name '*.core' \
|
|
# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
|
|
# -a -atime +3 -exec rm -f -- {} \;
|
|
#
|
|
#
|
|
# The same security hole. Purge the temp directories from unused stuff.
|
|
# Note that we must not accidentally clean the X11 lock files.
|
|
#
|
|
# Use at your own risk, but for a long-living system, this might come
|
|
# more useful than the boot-time cleaning of /tmp. If /var/tmp and
|
|
# /tmp are symlinked together, only one of the below will actually
|
|
# run.
|
|
#
|
|
# if [ -d /tmp ]; then
|
|
# cd /tmp && {
|
|
# find . -type f -atime +3 -ctime +3 ! -name '.X*-lock' -exec rm -f -- {} \;
|
|
# find -d . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
|
|
# >/dev/null 2>&1; }
|
|
# fi
|
|
#
|
|
# if [ -d /var/tmp ]; then
|
|
# cd /var/tmp && {
|
|
# find . ! -name . -atime +7 -ctime +3 -exec rm -f -- {} \;
|
|
# find -d . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
|
|
# >/dev/null 2>&1; }
|
|
# fi
|
|
#
|
|
#
|
|
|
|
# remove system messages older than 21 days
|
|
msgs -c
|
|
|
|
if [ -f /etc/news.expire ]; then
|
|
/etc/news.expire
|
|
fi
|
|
|
|
if [ -f /var/account/acct ] ; then
|
|
echo ""
|
|
echo "Gathering accounting statistics:"
|
|
cd /var/account
|
|
if [ -f acct.2 ] ; then mv -f acct.2 acct.3 ; fi
|
|
if [ -f acct.1 ] ; then mv -f acct.1 acct.2 ; fi
|
|
if [ -f acct.0 ] ; then mv -f acct.0 acct.1 ; fi
|
|
cp -pf acct acct.0
|
|
sa -s > /dev/null
|
|
fi
|
|
|
|
echo ""
|
|
echo "Backup passwd and group files:"
|
|
if [ ! -f $bak/master.passwd.bak ] ; then
|
|
echo "no $bak/master.passwd.bak"
|
|
cp -p /etc/master.passwd $bak/master.passwd.bak
|
|
fi
|
|
if cmp -s $bak/master.passwd.bak /etc/master.passwd; then :; else
|
|
echo "$host passwd diffs:"
|
|
diff $bak/master.passwd.bak /etc/master.passwd |\
|
|
sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
|
|
mv $bak/master.passwd.bak $bak/master.passwd.bak2
|
|
cp -p /etc/master.passwd $bak/master.passwd.bak
|
|
fi
|
|
if [ ! -f $bak/group.bak ] ; then
|
|
echo "no $bak/group.bak"
|
|
cp -p /etc/group $bak/group.bak
|
|
fi
|
|
if cmp -s $bak/group.bak /etc/group; then :; else
|
|
echo "$host group diffs:"
|
|
diff $bak/group.bak /etc/group
|
|
mv $bak/group.bak $bak/group.bak2
|
|
cp -p /etc/group $bak/group.bak
|
|
fi
|
|
if [ ! -f $bak/aliases.bak ] ; then
|
|
echo "no $bak/aliases.bak"
|
|
cp -p /etc/aliases $bak/aliases.bak
|
|
fi
|
|
if cmp -s $bak/aliases.bak /etc/aliases; then :; else
|
|
echo "$host aliases diffs:"
|
|
diff $bak/aliases.bak /etc/aliases
|
|
mv $bak/aliases.bak $bak/aliases.bak2
|
|
cp -p /etc/aliases $bak/aliases.bak
|
|
fi
|
|
if [ -f /etc/Distfile ]; then
|
|
if cmp -s $bak/Distfile.bak /etc/Distfile; then :; else
|
|
mv $bak/Distfile.bak $bak/Distfile.bak2
|
|
cp /etc/Distfile $bak/Distfile.bak
|
|
fi
|
|
fi
|
|
|
|
|
|
# `calendar -a' needs to die. Why? Because it's a bad idea, particular
|
|
# with networked home directories, but also in general. If you want the
|
|
# output of `calendar' mailed to you, set up a cron job to do it,
|
|
# or run it from your ~/.profile or ~/.login.
|
|
#
|
|
# echo ""
|
|
# echo "Running calendar:"
|
|
# calendar -a
|
|
|
|
|
|
if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ]; then
|
|
echo ""
|
|
echo "Cleaning up UUCP:"
|
|
echo /etc/uuclean.daily | su daemon
|
|
fi
|
|
|
|
echo ""
|
|
echo ""
|
|
echo "Checking subsystem status:"
|
|
echo ""
|
|
echo "disks:"
|
|
df -k -t local
|
|
echo ""
|
|
dump W
|
|
echo ""
|
|
|
|
|
|
echo ""
|
|
echo "mail:"
|
|
mailq
|
|
|
|
if [ -d /var/spool/uucp ]; then
|
|
echo ""
|
|
echo "uucp:"
|
|
uustat -a
|
|
fi
|
|
|
|
echo ""
|
|
echo "network:"
|
|
netstat -i
|
|
echo ""
|
|
if [ -d /var/rwho ] ; then
|
|
ruptime
|
|
fi
|
|
|
|
echo ""
|
|
if [ -f /etc/Distfile ]; then
|
|
echo "Running rdist:"
|
|
rdist -f /etc/Distfile
|
|
fi
|
|
|
|
if [ -f /etc/daily.local ]; then
|
|
echo "Running daily.local:"
|
|
sh /etc/daily.local
|
|
fi
|
|
|
|
sh /etc/security 2>&1 | sendmail root
|