Sync etc/periodic/ with FreeBSD
Matthias Schmidt
schmidtm at mathematik.uni-marburg.de
Sun Dec 23 07:32:21 PST 2007
Hi,
I synced src/etc/periodic/ with recent changes from FreeBSD. Short summary:
- Display information about blocked counts from pf(4)
- Make df output more human readable
- Add login.conf checking to security
- Fix several bugs and add some enhancements to various script
The patch is available here:
http://leaf.dragonflybsd.org/~matthias/etc_periodic_update.diff
The changes are running on two of my machines and showed no problems
yet. The update for the man page periodic.conf(5) is not included in
the diff, you can find it here:
http://leaf.dragonflybsd.org/~matthias/periodic.conf.5_etc_sec_update.diff
The relevant parts of the FreeBSD commit messages follows:
src/etc/defaults/periodic.conf
Rev 1.45
Don't delete files in the X11 socket directories under /tmp (.X11-unix,
.ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
daily 100.clean-tmps job. If you are logged into an X session longer
than the timeout period (default of 3 days), then this job can delete
the X11 sockets out from under the session without this fix.
Rev 1.39
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
Rev 1.35 + Rev 1.36
Make df output more consistent:
Remove -k now that -h is present
use -l instead of -t nonfs to match smbfs too
Make df output in periodic mail human readable
Rev 1.33
Add a reference to the periodic.conf(5) manual page.
Rev 1.31
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
Rev 1.30
Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.
src/etc/periodic/daily/110.clean-tmps
Rev 1.13
Don't remove empty dirs if their names are in $daily_clean_tmps_ignore
Rev 1.12
When considering temporary files for deletion, don't examine the mtime
and atime only, but also the ctime. Otherwise, files extracted from
tar or zip archives will immediately be declared stale since they've
got their mtime reset to the original mtime.
Rev 1.11
Don't try to remove directories unless we've emptied them first
src/etc/periodic/daily/440.status-mailq
Rev 1.11
Fix output and exit status when daily_mailq_shorten is set to YES
Rev 1.10
When there are no interesting information in output, exit with 0.
src/etc/periodic/daily/460.status-mail-rejects
Rev 1.20
Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
As there are no tabs in maillog, reduce the expression so that only spaces
are used.
Rev 1.19
Oops, the < in arg1=< is optional - treat it as such!
Rev 1.18
Adjust the mail reject output so that it gives an abreviated reason for the
reject.
Rev 1.17
Collapse "fgrep | egrep | sed" down to a single sed.
This also trims extraneous commas from domain names.
src/etc/periodic/daily/470.status-named
Rev 1.7
Update the test for failed zone transfers to reflect BIND 9.3.1 semantics
Simplify the shell scripting a bit, and remove a useless grep | sed
src/etc/periodic/weekly/310.locate
Rev 1.7
Move to the preferred syntax for nice (-n) instead
of the depricated one.
src/etc/periodic/security/800.loginfail
Rev 1.8
Only match on log messages containing fail,invalid,
bad or illegal. This prevents matching on systems that
have a name that matches the query.
Rev 1.7
Use egrep instead of grep
Rev 1.6
Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs
Rev 1.5
Add support for bzip2ed log files.
Rev 1.4
Make it work with POSIX sort (POS arg).
All old sorts understand -k too.
src/etc/periodic/security/Makefile
Rev 1.6
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
Rev 1.4
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
src/etc/periodic/security/security.functions
Rev 1.5
When looking for new lines in diff output, grep for '^[>+]' instead of
'^>', in order to catch both normal and unified diffs.
Rev 1.4
Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.
Rev 1.3
Have mktemp(1) construct the temporary file name for us instead
of providing a template manually.
Add the following new files to the tree:
periodic/security/410.logincheck
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
periodic/security/520.pfdenied
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).
Changed nawk to awk.
--
Dipl.-Inf. Matthias Schmidt <schmidtm at mathematik.uni-marburg.de>
Dept. of Mathematics and Computer Science, Distributed Systems Group
University of Marburg, Hans-Meerwein-Strasse, 35032 Marburg, Germany
Tel: +49.6421.28 21 591, Fax: +49.6421.28 21 573, Office C4347
More information about the Submit
mailing list