DragonFlyBSD

Hi,

I synced src/etc/periodic/ with recent changes from FreeBSD. Short summary:

- Display information about blocked counts from pf(4)
 - Make df output more human readable
 - Add login.conf checking to security
 - Fix several bugs and add some enhancements to various script

The patch is available here:

http://leaf.dragonflybsd.org/~matthias/etc_periodic_update.diff

The changes are running on two of my machines and showed no problems
yet. The update for the man page periodic.conf(5) is not included in
the diff, you can find it here:

http://leaf.dragonflybsd.org/~matthias/periodic.conf.5_etc_sec_update.diff

The relevant parts of the FreeBSD commit messages follows:

src/etc/defaults/periodic.conf

Rev 1.45 
    Don't delete files in the X11 socket directories under /tmp (.X11-unix,
    .ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
    daily 100.clean-tmps job.  If you are logged into an X session longer
    than the timeout period (default of 3 days), then this job can delete
    the X11 sockets out from under the session without this fix.

Rev 1.39 
    Add login.conf checking to periodic security scripts.  If the login.conf file
    is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Rev 1.35 + Rev 1.36
    Make df output more consistent:
    Remove -k now that -h is present
    use -l instead of -t nonfs to match smbfs too
    Make df output in periodic mail human readable

Rev 1.33
    Add a reference to the periodic.conf(5) manual page.

Rev 1.31
    Teach periodic(8) security output to display information about blocked
    packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
    periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

Rev 1.30
    Add a knob 'daily_status_security_diff_flags' controlling the
    format of the 'diff' output generated during periodic(8) scripts.

src/etc/periodic/daily/110.clean-tmps

Rev 1.13
    Don't remove empty dirs if their names are in $daily_clean_tmps_ignore

Rev 1.12
    When considering temporary files for deletion, don't examine the mtime
    and atime only, but also the ctime.  Otherwise, files extracted from
    tar or zip archives will immediately be declared stale since they've
    got their mtime reset to the original mtime.

Rev 1.11
    Don't try to remove directories unless we've emptied them first

src/etc/periodic/daily/440.status-mailq

Rev 1.11
    Fix output and exit status when daily_mailq_shorten is set to YES

Rev 1.10
    When there are no interesting information in output, exit with 0.

src/etc/periodic/daily/460.status-mail-rejects

Rev 1.20
    Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
    As there are no tabs in maillog, reduce the expression so that only spaces
    are used.

Rev 1.19
    Oops, the < in arg1=< is optional - treat it as such!

Rev 1.18
    Adjust the mail reject output so that it gives an abreviated reason for the
    reject.

Rev 1.17
    Collapse "fgrep | egrep | sed" down to a single sed.
    This also trims extraneous commas from domain names.

src/etc/periodic/daily/470.status-named

Rev 1.7
    Update the test for failed zone transfers to reflect BIND 9.3.1 semantics
    Simplify the shell scripting a bit, and remove a useless grep | sed

src/etc/periodic/weekly/310.locate

Rev 1.7
    Move to the preferred syntax for nice (-n) instead
    of the depricated one.

src/etc/periodic/security/800.loginfail

Rev 1.8
    Only match on log messages containing fail,invalid,
    bad or illegal. This prevents matching on systems that
    have a name that matches the query.

Rev 1.7
    Use egrep instead of grep

Rev 1.6
    Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs

Rev 1.5
    Add support for bzip2ed log files.

Rev 1.4
    Make it work with POSIX sort (POS arg).
    All old sorts understand -k too.

src/etc/periodic/security/Makefile

Rev 1.6
    Add login.conf checking to periodic security scripts.  If the login.conf file
    is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Rev 1.4
    Teach periodic(8) security output to display information about blocked
    packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
    periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

src/etc/periodic/security/security.functions

Rev 1.5
    When looking for new lines in diff output, grep for '^[>+]' instead of
    '^>', in order to catch both normal and unified diffs.

Rev 1.4
    Add a knob 'daily_status_security_diff_flags' controlling the
    format of the 'diff' output generated during periodic(8) scripts.

Rev 1.3
    Have mktemp(1) construct the temporary file name for us instead
    of providing a template manually.

Add the following new files to the tree:

periodic/security/410.logincheck
Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

periodic/security/520.pfdenied
Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

Changed nawk to awk.