2 .\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 .Nd periodic job configuration information
37 contains a description of how daily, weekly and monthly system maintenance
41 directory and parts may be overridden by a file of the same name in
43 which itself may be overridden by the
44 .Pa /etc/periodic.conf.local
50 is actually sourced as a shell script from each of the periodic scripts
51 and is intended to simply provide default configuration variables.
53 The following variables are used by
56 .Bl -tag -offset 4n -width 2n
59 List of directories to search for periodic scripts.
60 This list is always prefixed with
62 and is only used when an argument to
64 is not an absolute directory name.
65 .It Ao Ar dir Ac Ns Va _output
66 .Pq Vt path No or Vt list
67 What to do with the output of the scripts executed from
70 If this variable is set to an absolute path name, output is logged to
71 that file, otherwise it is taken as one or more space separated email
72 addresses and mailed to those users.
73 If this variable is not set or is empty, output is sent to standard output.
75 For an unattended machine, suitable values for
81 .Dq Li /var/log/daily.log ,
82 .Dq Li /var/log/weekly.log ,
84 .Dq Li /var/log/monthly.log
87 will rotate these files (if they exists) at the appropriate times.
88 .It Ao Ar dir Ac Ns Va _show_success
89 .It Ao Ar dir Ac Ns Va _show_info
90 .It Ao Ar dir Ac Ns Va _show_badconfig
92 These variables control whether
94 will mask the output of the executed scripts based on their return code
97 is the base directory name in which each script resides).
98 If the return code of a script is
101 .Ao Ar dir Ac Ns Va _show_success
105 will mask the script's output.
106 If the return code of a script is
109 .Ao Ar dir Ac Ns Va _show_info
113 will mask the script's output.
114 If the return code of a script is
117 .Ao Ar dir Ac Ns Va _show_badconfig
121 will mask the script's output.
122 If these variables are set to neither
135 manual page for how script return codes are interpreted.
136 .It Va anticongestion_sleeptime
138 The maximum number of seconds to randomly sleep in order to smooth bursty loads
139 on a shared resource, such as a download mirror.
142 The following variables are used by the standard scripts that reside in
143 .Pa /etc/periodic/daily :
144 .Bl -tag -offset 4n -width 2n
145 .It Va daily_clean_disks_enable
149 if you want to remove all files matching
150 .Va daily_clean_disks_files
152 .It Va daily_clean_disks_files
154 Set to a list of file names to match.
155 Wild cards are permitted.
156 .It Va daily_clean_disks_days
159 .Va daily_clean_disks_enable
162 this must also be set to the number of days old that a file's access
163 and modification times must be before it is deleted.
164 .It Va daily_clean_disks_verbose
168 if you want the removed files to be reported in your daily output.
169 .It Va daily_clean_tmps_enable
173 if you want to clear temporary directories daily.
174 .It Va daily_clean_tmps_dirs
176 Set to the list of directories to clear if
177 .Va daily_clean_tmps_enable
180 .It Va daily_clean_tmps_days
183 .Va daily_clean_tmps_enable
184 is set, this must also be set to the number of days old that a file's access
185 and modification times must be before it is deleted.
186 .It Va daily_clean_tmps_ignore
188 Set to the list of files that should not be deleted when
189 .Va daily_clean_tmps_enable
192 Wild card characters are permitted.
193 .It Va daily_clean_tmps_verbose
197 if you want the removed files to be reported in your daily output.
198 .It Va daily_clean_preserve_enable
202 if you wish to remove old files from
204 .It Va daily_clean_preserve_days
206 Set to the number of days that files must not have been modified before
208 .It Va daily_clean_preserve_verbose
212 if you want the removed files to be reported in your daily output.
213 .It Va daily_clean_msgs_enable
217 if you wish old system messages to be purged.
218 .It Va daily_clean_msgs_days
220 Set to the number of days that files must not have been modified before
222 If this variable is left blank, the
225 .It Va daily_clean_rwho_enable
229 if you wish old files in
232 .It Va daily_clean_rwho_days
234 Set to the number of days that files must not have been modified before
236 .It Va daily_clean_rwho_verbose
240 if you want the removed files to be reported in your daily output.
241 .It Va daily_clean_hoststat_enable
247 to automatically purge stale entries from
250 Files will be deleted using the same criteria as
252 would normally use when determining whether to believe the cached information,
254 .Pa /etc/mail/sendmail.cf .
255 .It Va daily_backup_efi_enable
259 to create backup of EFI System Partition (ESP).
260 .It Va daily_backup_gmirror_enable
264 to create backup of gmirror information (i.e., output of
265 .Nm gmirror Cm list ) ,
268 .It Va daily_backup_gmirror_verbose
272 to report a diff between the new backup and the existing backup
274 .It Va daily_backup_gpart_enable
278 to create backups of partition tables, and bootcode partition contents.
279 .It Va daily_backup_gpart_verbose
283 to be verbose if existing backups for kern.geom.conftxt or the partition tables differ
284 from the new backups.
285 .It Va daily_backup_passwd_enable
290 .Pa /etc/master.passwd
293 files backed up and reported on.
294 Reporting consists of checking both files for modifications and running
299 .It Va daily_backup_aliases_enable
304 .Pa /etc/mail/aliases
305 file backed up and modifications to be displayed in your daily output.
306 .It Va daily_backup_zfs_enable
310 to create backup of the output generated from the
315 .It Va daily_backup_zfs_list_flags
317 Set to the arguments for the
320 The default is standard behavior.
321 .It Va daily_backup_zpool_list_flags
323 Set to the arguments for the
328 .It Va daily_backup_zfs_props_enable
332 to create backup of the output generated from the
337 .It Va daily_backup_zfs_get_flags
339 Set to the arguments for the
344 .It Va daily_backup_zpool_get_flags
346 Set to the arguments for the
351 .It Va daily_backup_zfs_verbose
355 to report a diff between the new backup and the existing backup
357 .It Va daily_calendar_enable
364 .It Va daily_accounting_enable
368 if you want to rotate your daily process accounting files.
369 No rotations are necessary unless
370 .Va accounting_enable
373 .It Va daily_accounting_compress
377 if you want your daily accounting files to be compressed using
379 .It Va daily_accounting_save
382 .Va daily_accounting_enable
383 is set, this may also be set to the number of daily accounting files that are
387 .It Va daily_accounting_flags
389 Set to the arguments to pass to the
391 utility (in addition to
394 .Va daily_accounting_enable
399 .It Va daily_status_disks_enable
405 (with the arguments supplied in
406 .Va daily_status_disks_df_flags )
409 .It Va daily_status_disks_df_flags
411 Set to the arguments for the
414 .Va daily_status_disks_enable
419 .It Va daily_status_zfs_enable
428 .It Va daily_status_zfs_zpool_list_enable
438 .Va daily_status_zfs_enable
441 .It Va daily_status_gmirror_enable
446 .Nm gmirror Cm status
450 .It Va daily_status_graid3_enable
459 .It Va daily_status_gstripe_enable
464 .Nm gstripe Cm status
468 .It Va daily_status_gconcat_enable
473 .Nm gconcat Cm status
477 .It Va daily_status_mfi_enable
482 .Nm mfiutil Cm status
486 .It Va daily_status_network_enable
492 .It Va daily_status_network_netstat_flags
494 Set to additional arguments for the
497 .Va daily_status_network_enable
502 .It Va daily_status_network_usedns
510 option (to do DNS lookups).
511 .It Va daily_status_uptime_enable
525 .It Va daily_status_mailq_enable
531 .It Va daily_status_mailq_shorten
535 if you want to shorten the
538 .Va daily_status_mailq_enable
541 .It Va daily_status_include_submit_mailq
545 if you also want to run
547 on the submit mail queue when
548 .Va daily_status_mailq_enable
551 This may not work with MTAs other than
553 .It Va daily_status_security_enable
557 if you want to run the security check.
558 The security check is another set of
561 The system defaults are in
562 .Pa /etc/periodic/security .
563 Local scripts should be placed in
564 .Pa /usr/local/etc/periodic/security .
567 manual page for more information.
568 .It Va daily_status_security_inline
572 if you want the security check output inline.
573 The default is to either mail or log the output according to the value of
574 .Va daily_status_security_output .
575 .It Va daily_status_security_output
577 Where to send the output of the security check if
578 .Va daily_status_security_inline
581 This variable behaves in the same way as the
583 variables above, namely it can be set either to one or more email addresses
584 or to an absolute file name.
585 .It Va daily_status_mail_rejects_enable
589 if you want to summarise mail rejections logged to
591 for the previous day.
592 .It Va daily_status_mail_rejects_logs
594 Set to the number of maillog files that should be checked
595 for yesterday's mail rejects.
596 .It Va daily_status_ntpd_enable
600 if you want to enable NTP status check.
601 .It Va daily_status_world_kernel
605 to check the running userland and kernel are in sync.
606 .It Va daily_queuerun_enable
610 if you want to manually run the mail queue at least once a day.
611 .It Va daily_submit_queuerun
615 if you also want to manually run the submit mail queue at least once a day
617 .Va daily_queuerun_enable
620 .It Va daily_scrub_zfs_enable
624 if you want to run a zfs scrub periodically.
625 .It Va daily_scrub_zfs_pools
627 A space separated list of names of zfs pools to scrub.
628 If the list is empty or not set, all zfs pools are scrubbed.
629 .It Va daily_scrub_zfs_default_threshold
631 Number of days between a scrub if no pool-specific threshold is set.
632 If not set, the default value is 35, corresponding to 5 weeks.
633 .It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold
636 .Va daily_scrub_zfs_default_threshold
637 but specific to the pool
638 .Ao Ar poolname Ac Ns .
641 Set to a list of extra scripts that should be run after all other
643 All scripts must be absolute path names.
646 The following variables are used by the standard scripts that reside in
647 .Pa /etc/periodic/weekly :
648 .Bl -tag -offset 4n -width 2n
649 .It Va weekly_locate_enable
654 .Pa /usr/libexec/locate.updatedb .
655 This script is run using
659 and generates the table used by the
662 .It Va weekly_whatis_enable
667 .Pa /usr/libexec/makewhatis.local .
668 This script regenerates the database used by the
671 .It Va weekly_noid_enable
675 if you want to locate orphaned files on the system.
676 An orphaned file is one with an invalid owner or group.
677 .It Va weekly_noid_dirs
679 A list of directories under which orphaned files are searched for.
680 This would usually be set to
682 .It Va weekly_status_security_enable
684 Weekly counterpart of
685 .Va daily_status_security_enable .
686 .It Va weekly_status_security_inline
688 Weekly counterpart of
689 .Va daily_status_security_inline .
690 .It Va weekly_status_security_output
692 Weekly counterpart of
693 .Va daily_status_security_output .
694 .It Va weekly_status_pkg_enable
700 to list installed packages which are out of date.
704 .Va weekly_status_pkg_enable
707 this variable specifies the program that is used to determine the out of
712 As an example, this variable might be set to
715 .Pa ports/sysutils/portupgrade
716 port has been installed.
717 .It Va pkg_version_index
719 This variable specifies the
723 that should be used by
725 Because the dependency tree may be substantially different between versions of
727 there may be more than one
736 it will also be necessary to arrange that the correct
739 using environment variables and that
740 .Va pkg_version_index
742 .Pa /etc/periodic.conf
743 .Pq Dq Li pkg_version_index= .
746 Set to a list of extra scripts that should be run after all other
748 All scripts must be absolute path names.
751 The following variables are used by the standard scripts that reside in
752 .Pa /etc/periodic/monthly :
753 .Bl -tag -offset 4n -width 2n
754 .It Va monthly_accounting_enable
758 if you want to do login accounting using the
761 .It Va monthly_status_security_enable
763 Monthly counterpart of
764 .Va daily_status_security_enable .
765 .It Va monthly_status_security_inline
767 Monthly counterpart of
768 .Va daily_status_security_inline .
769 .It Va monthly_status_security_output
771 Monthly counterpart of
772 .Va daily_status_security_output .
775 Set to a list of extra scripts that should be run after all other
777 All scripts must be absolute path names.
780 The following variables are used by the standard scripts that reside in
781 .Pa /etc/periodic/security .
782 Those scripts are usually run from daily
783 .Pq Va daily_status_security_enable ,
785 .Pq Va weekly_status_security_enable ,
787 .Pq Va monthly_status_security_enable
791 of each script can be configured as
797 Note that when periodic security scripts are run from
799 they will be always run unless their
805 .Bl -tag -offset 4n -width 2n
806 .It Va security_status_diff_flags
808 Set to the arguments to pass to the
810 utility when generating differences.
813 .It Va security_status_chksetuid_enable
817 to compare the modes and modification times of setuid executables with
818 the previous day's values.
819 .It Va security_status_chksetuid_period
827 .It Va security_status_chkportsum_enable
831 to verify checksums of all installed packages against the known checksums in
833 .It Va security_status_chkportsum_period
841 .It Va security_status_neggrpperm_enable
845 to check for files where the group of a file has less permissions than
847 When users are in more than 14 supplemental groups these negative
848 permissions may not be enforced via NFS shares.
849 .It Va security_status_neggrpperm_period
857 .It Va security_status_chkmounts_enable
861 to check for changes mounted file systems to the previous day's values.
862 .It Va security_status_chkmounts_period
870 .It Va security_status_noamd
874 if you want to ignore
876 mounts when comparing against yesterday's file system mounts in the
877 .Va security_status_chkmounts_enable
879 .It Va security_status_chkuid0_enable
884 .Pa /etc/master.passwd
885 for accounts with UID 0.
886 .It Va security_status_chkuid0_period
894 .It Va security_status_passwdless_enable
899 .Pa /etc/master.passwd
900 for accounts with empty passwords.
901 .It Va security_status_passwdless_period
909 .It Va security_status_logincheck_enable
917 for more information.
918 .It Va security_status_logincheck_period
926 .It Va security_status_ipfwdenied_enable
930 to show log entries for packets denied by
932 since yesterday's check.
933 .It Va security_status_ipfwdenied_period
941 .It Va security_status_ipfdenied_enable
945 to show log entries for packets denied by
947 since yesterday's check.
948 .It Va security_status_ipfdenied_period
956 .It Va security_status_pfdenied_enable
960 to show log entries for packets denied by
962 since yesterday's check.
963 .It Va security_status_pfdenied_additionalanchors
965 Space-separated list of additional anchors whose denied packets log entries to
967 The main ruleset (i.e., the empty-string anchor) and any
969 anchors, if present, are always shown.
970 .It Va security_status_pfdenied_period
978 .It Va security_status_ipfwlimit_enable
984 rules that have reached their verbosity limit.
985 .It Va security_status_ipfwlimit_period
993 .It Va security_status_kernelmsg_enable
999 entries since yesterday's check.
1000 .It Va security_status_kernelmsg_period
1008 .It Va security_status_loginfail_enable
1012 to display failed logins from
1013 .Pa /var/log/messages
1014 in the previous day.
1015 .It Va security_status_loginfail_period
1023 .It Va security_status_tcpwrap_enable
1027 to display connections denied by tcpwrappers (see
1028 .Xr hosts_access 5 )
1030 .Pa /var/log/messages
1031 during the previous day.
1032 .It Va security_status_tcpwrap_period
1042 .Bl -tag -width ".Pa /etc/defaults/periodic.conf"
1043 .It Pa /etc/defaults/periodic.conf
1044 The default configuration file.
1045 This file contains all default variables and values.
1046 .It Pa /etc/periodic.conf
1047 The usual system specific variable override file.
1048 .It Pa /etc/periodic.conf.local
1049 An additional override file, useful when
1050 .Pa /etc/periodic.conf
1051 is shared or distributed.
1079 .An Brian Somers Aq Mt brian@Awfulhak.org