Sync etc/periodic/ with FreeBSD

Matthias Schmidt schmidtm at mathematik.uni-marburg.de
Sun Dec 23 07:32:21 PST 2007


Hi,

I synced src/etc/periodic/ with recent changes from FreeBSD.  Short summary:

 - Display information about blocked counts from pf(4)
 - Make df output more human readable
 - Add login.conf checking to security
 - Fix several bugs and add some enhancements to various script

The patch is available here:

http://leaf.dragonflybsd.org/~matthias/etc_periodic_update.diff

The changes are running on two of my machines and showed no problems
yet.  The update for the man page periodic.conf(5) is not included in
the diff, you can find it here:

http://leaf.dragonflybsd.org/~matthias/periodic.conf.5_etc_sec_update.diff

The relevant parts of the FreeBSD commit messages follows:

src/etc/defaults/periodic.conf

	Rev 1.45 
	Don't delete files in the X11 socket directories under /tmp (.X11-unix,
	.ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
	daily 100.clean-tmps job.  If you are logged into an X session longer
	than the timeout period (default of 3 days), then this job can delete
	the X11 sockets out from under the session without this fix.

	Rev 1.39 
	Add login.conf checking to periodic security scripts.  If the login.conf file
	is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

	Rev 1.35 + Rev 1.36
	Make df output more consistent:
	Remove -k now that -h is present
	use -l instead of -t nonfs to match smbfs too
	Make df output in periodic mail human readable

	Rev 1.33
	Add a reference to the periodic.conf(5) manual page.

	Rev 1.31
	Teach periodic(8) security output to display information about blocked
	packet counts by pf(4).

	This adds a ``daily_status_security_pfdenied_enable'' variable to
	periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

	Rev 1.30
	Add a knob 'daily_status_security_diff_flags' controlling the
	format of the 'diff' output generated during periodic(8) scripts.

src/etc/periodic/daily/110.clean-tmps

	Rev 1.13
	Don't remove empty dirs if their names are in $daily_clean_tmps_ignore

	Rev 1.12
	When considering temporary files for deletion, don't examine the mtime
	and atime only, but also the ctime.  Otherwise, files extracted from
	tar or zip archives will immediately be declared stale since they've
	got their mtime reset to the original mtime.

	Rev 1.11
	Don't try to remove directories unless we've emptied them first

src/etc/periodic/daily/440.status-mailq

	Rev 1.11
	Fix output and exit status when daily_mailq_shorten is set to YES

	Rev 1.10
	When there are no interesting information in output, exit with 0.

src/etc/periodic/daily/460.status-mail-rejects

	Rev 1.20
	Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
	As there are no tabs in maillog, reduce the expression so that only spaces
	are used.

	Rev 1.19
	Oops, the < in arg1=< is optional - treat it as such!

	Rev 1.18
	Adjust the mail reject output so that it gives an abreviated reason for the
	reject.

	Rev 1.17
	Collapse "fgrep | egrep | sed" down to a single sed.
	This also trims extraneous commas from domain names.

src/etc/periodic/daily/470.status-named

	Rev 1.7
	Update the test for failed zone transfers to reflect BIND 9.3.1 semantics
	Simplify the shell scripting a bit, and remove a useless grep | sed

src/etc/periodic/weekly/310.locate

	Rev 1.7
	Move to the preferred syntax for nice (-n) instead
	of the depricated one.

src/etc/periodic/security/800.loginfail

	Rev 1.8
	Only match on log messages containing fail,invalid,
	bad or illegal. This prevents matching on systems that
	have a name that matches the query.

	Rev 1.7
	Use egrep instead of grep

	Rev 1.6
	Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs

	Rev 1.5
	Add support for bzip2ed log files.

	Rev 1.4
	Make it work with POSIX sort (POS arg).
	All old sorts understand -k too.

src/etc/periodic/security/Makefile

	Rev 1.6
	Add login.conf checking to periodic security scripts.  If the login.conf file
	is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

	Rev 1.4
	Teach periodic(8) security output to display information about blocked
	packet counts by pf(4).

	This adds a ``daily_status_security_pfdenied_enable'' variable to
	periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

src/etc/periodic/security/security.functions

	Rev 1.5
	When looking for new lines in diff output, grep for '^[>+]' instead of
	'^>', in order to catch both normal and unified diffs.

	Rev 1.4
	Add a knob 'daily_status_security_diff_flags' controlling the
	format of the 'diff' output generated during periodic(8) scripts.

	Rev 1.3
	Have mktemp(1) construct the temporary file name for us instead
	of providing a template manually.

Add the following new files to the tree:

periodic/security/410.logincheck
	Add login.conf checking to periodic security scripts.  If the login.conf file
	is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.


periodic/security/520.pfdenied
	Teach periodic(8) security output to display information about blocked
	packet counts by pf(4).

	Changed nawk to awk.


-- 
Dipl.-Inf. Matthias Schmidt <schmidtm at mathematik.uni-marburg.de>
Dept. of Mathematics and Computer Science, Distributed Systems Group
University of Marburg, Hans-Meerwein-Strasse, 35032 Marburg, Germany
Tel: +49.6421.28 21 591, Fax: +49.6421.28 21 573, Office C4347





More information about the Submit mailing list