Bug #894

Sync etc/periodic/ with FreeBSD

Added by schmidtm almost 7 years ago. Updated almost 7 years ago.

Status:ClosedStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hi,

I synced src/etc/periodic/ with recent changes from FreeBSD. Short summary:

- Display information about blocked counts from pf(4)
- Make df output more human readable
- Add login.conf checking to security
- Fix several bugs and add some enhancements to various script

The patch is available here:

http://leaf.dragonflybsd.org/~matthias/etc_periodic_update.diff

The changes are running on two of my machines and showed no problems
yet. The update for the man page periodic.conf(5) is not included in
the diff, you can find it here:

http://leaf.dragonflybsd.org/~matthias/periodic.conf.5_etc_sec_update.diff

The relevant parts of the FreeBSD commit messages follows:

src/etc/defaults/periodic.conf

Rev 1.45
Don't delete files in the X11 socket directories under /tmp (.X11-unix,
.ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
daily 100.clean-tmps job. If you are logged into an X session longer
than the timeout period (default of 3 days), then this job can delete
the X11 sockets out from under the session without this fix.

Rev 1.39
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Rev 1.35 + Rev 1.36
Make df output more consistent:
Remove -k now that -h is present
use -l instead of -t nonfs to match smbfs too
Make df output in periodic mail human readable

Rev 1.33
Add a reference to the periodic.conf(5) manual page.

Rev 1.31
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

Rev 1.30
Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.

src/etc/periodic/daily/110.clean-tmps

Rev 1.13
Don't remove empty dirs if their names are in $daily_clean_tmps_ignore

Rev 1.12
When considering temporary files for deletion, don't examine the mtime
and atime only, but also the ctime. Otherwise, files extracted from
tar or zip archives will immediately be declared stale since they've
got their mtime reset to the original mtime.

Rev 1.11
Don't try to remove directories unless we've emptied them first

src/etc/periodic/daily/440.status-mailq

Rev 1.11
Fix output and exit status when daily_mailq_shorten is set to YES

Rev 1.10
When there are no interesting information in output, exit with 0.

src/etc/periodic/daily/460.status-mail-rejects

Rev 1.20
Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
As there are no tabs in maillog, reduce the expression so that only spaces
are used.

Rev 1.19
Oops, the < in arg1=< is optional - treat it as such!

Rev 1.18
Adjust the mail reject output so that it gives an abreviated reason for the
reject.

Rev 1.17
Collapse "fgrep | egrep | sed" down to a single sed.
This also trims extraneous commas from domain names.

src/etc/periodic/daily/470.status-named

Rev 1.7
Update the test for failed zone transfers to reflect BIND 9.3.1 semantics
Simplify the shell scripting a bit, and remove a useless grep | sed

src/etc/periodic/weekly/310.locate

Rev 1.7
Move to the preferred syntax for nice (-n) instead
of the depricated one.

src/etc/periodic/security/800.loginfail

Rev 1.8
Only match on log messages containing fail,invalid,
bad or illegal. This prevents matching on systems that
have a name that matches the query.

Rev 1.7
Use egrep instead of grep

Rev 1.6
Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs

Rev 1.5
Add support for bzip2ed log files.

Rev 1.4
Make it work with POSIX sort (POS arg).
All old sorts understand -k too.

src/etc/periodic/security/Makefile

Rev 1.6
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Rev 1.4
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

src/etc/periodic/security/security.functions

Rev 1.5
When looking for new lines in diff output, grep for '^[>+]' instead of
'^>', in order to catch both normal and unified diffs.

Rev 1.4
Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.

Rev 1.3
Have mktemp(1) construct the temporary file name for us instead
of providing a template manually.

Add the following new files to the tree:

periodic/security/410.logincheck
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

periodic/security/520.pfdenied
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

Changed nawk to awk.

History

#1 Updated by schmidtm almost 7 years ago

Hi,
* Matthias Schmidt wrote:
> Hi,
>
> I synced src/etc/periodic/ with recent changes from FreeBSD. Short summary:
> [...]

If nobody objects I commit the changes in the next days.

Regards,

Matthias

Also available in: Atom PDF