Hi, I synced src/etc/periodic/ with recent changes from FreeBSD. Short summary:
- Display information about blocked counts from pf(4) - Make df output more human readable - Add login.conf checking to security - Fix several bugs and add some enhancements to various script The patch is available here: http://leaf.dragonflybsd.org/~matthias/etc_periodic_update.diff The changes are running on two of my machines and showed no problems yet. The update for the man page periodic.conf(5) is not included in the diff, you can find it here: http://leaf.dragonflybsd.org/~matthias/periodic.conf.5_etc_sec_update.diff The relevant parts of the FreeBSD commit messages follows: src/etc/defaults/periodic.conf Rev 1.45 Don't delete files in the X11 socket directories under /tmp (.X11-unix, .ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the daily 100.clean-tmps job. If you are logged into an X session longer than the timeout period (default of 3 days), then this job can delete the X11 sockets out from under the session without this fix. Rev 1.39 Add login.conf checking to periodic security scripts. If the login.conf file is not UID/GID 0, limits will be ignored and a strange error sent to auth.log. Rev 1.35 + Rev 1.36 Make df output more consistent: Remove -k now that -h is present use -l instead of -t nonfs to match smbfs too Make df output in periodic mail human readable Rev 1.33 Add a reference to the periodic.conf(5) manual page. Rev 1.31 Teach periodic(8) security output to display information about blocked packet counts by pf(4). This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions. Rev 1.30 Add a knob 'daily_status_security_diff_flags' controlling the format of the 'diff' output generated during periodic(8) scripts. src/etc/periodic/daily/110.clean-tmps Rev 1.13 Don't remove empty dirs if their names are in $daily_clean_tmps_ignore Rev 1.12 When considering temporary files for deletion, don't examine the mtime and atime only, but also the ctime. Otherwise, files extracted from tar or zip archives will immediately be declared stale since they've got their mtime reset to the original mtime. Rev 1.11 Don't try to remove directories unless we've emptied them first src/etc/periodic/daily/440.status-mailq Rev 1.11 Fix output and exit status when daily_mailq_shorten is set to YES Rev 1.10 When there are no interesting information in output, exit with 0. src/etc/periodic/daily/460.status-mail-rejects Rev 1.20 Sed doesn't grok '[ \t]' -- it doesn't expand the \t :( As there are no tabs in maillog, reduce the expression so that only spaces are used. Rev 1.19 Oops, the < in arg1=< is optional - treat it as such! Rev 1.18 Adjust the mail reject output so that it gives an abreviated reason for the reject. Rev 1.17 Collapse "fgrep | egrep | sed" down to a single sed. This also trims extraneous commas from domain names. src/etc/periodic/daily/470.status-named Rev 1.7 Update the test for failed zone transfers to reflect BIND 9.3.1 semantics Simplify the shell scripting a bit, and remove a useless grep | sed src/etc/periodic/weekly/310.locate Rev 1.7 Move to the preferred syntax for nice (-n) instead of the depricated one. src/etc/periodic/security/800.loginfail Rev 1.8 Only match on log messages containing fail,invalid, bad or illegal. This prevents matching on systems that have a name that matches the query. Rev 1.7 Use egrep instead of grep Rev 1.6 Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs Rev 1.5 Add support for bzip2ed log files. Rev 1.4 Make it work with POSIX sort (POS arg). All old sorts understand -k too. src/etc/periodic/security/Makefile Rev 1.6 Add login.conf checking to periodic security scripts. If the login.conf file is not UID/GID 0, limits will be ignored and a strange error sent to auth.log. Rev 1.4 Teach periodic(8) security output to display information about blocked packet counts by pf(4). This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions. src/etc/periodic/security/security.functions Rev 1.5 When looking for new lines in diff output, grep for '^[>+]' instead of '^>', in order to catch both normal and unified diffs. Rev 1.4 Add a knob 'daily_status_security_diff_flags' controlling the format of the 'diff' output generated during periodic(8) scripts. Rev 1.3 Have mktemp(1) construct the temporary file name for us instead of providing a template manually. Add the following new files to the tree: periodic/security/410.logincheck Add login.conf checking to periodic security scripts. If the login.conf file is not UID/GID 0, limits will be ignored and a strange error sent to auth.log. periodic/security/520.pfdenied Teach periodic(8) security output to display information about blocked packet counts by pf(4). Changed nawk to awk. -- Dipl.-Inf. Matthias Schmidt <[EMAIL PROTECTED]> Dept. of Mathematics and Computer Science, Distributed Systems Group University of Marburg, Hans-Meerwein-Strasse, 35032 Marburg, Germany Tel: +49.6421.28 21 591, Fax: +49.6421.28 21 573, Office C4347
