2 .\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 .Nd periodic job configuration information
35 contains a description of how daily, weekly and monthly system maintenance
39 directory and parts may be overridden by a file of the same name in
41 which itself may be overridden by the
42 .Pa /etc/periodic.conf.local
48 is actually sourced as a shell script from each of the periodic scripts
49 and is intended to simply provide default configuration variables.
51 The following variables are used by
54 .Bl -tag -offset 4n -width 2n
57 List of directories to search for periodic scripts.
58 This list is always prefixed with
60 and is only used when an argument to
62 is not an absolute directory name.
63 .It Ao Ar dir Ac Ns Va _output
64 .Pq Vt path No or Vt list
65 What to do with the output of the scripts executed from
68 If this variable is set to an absolute path name, output is logged to
69 that file, otherwise it is taken as one or more space separated email
70 addresses and mailed to those users.
71 If this variable is not set or is empty, output is sent to standard output.
73 For an unattended machine, suitable values for
79 .Dq Li /var/log/daily.log ,
80 .Dq Li /var/log/weekly.log ,
82 .Dq Li /var/log/monthly.log
85 will rotate these files (if they exists) at the appropriate times.
86 .It Ao Ar dir Ac Ns Va _show_success
87 .It Ao Ar dir Ac Ns Va _show_info
88 .It Ao Ar dir Ac Ns Va _show_badconfig
90 These variables control whether
92 will mask the output of the executed scripts based on their return code
95 is the base directory name in which each script resides).
96 If the return code of a script is
99 .Ao Ar dir Ac Ns Va _show_success
103 will mask the script's output.
104 If the return code of a script is
107 .Ao Ar dir Ac Ns Va _show_info
111 will mask the script's output.
112 If the return code of a script is
115 .Ao Ar dir Ac Ns Va _show_badconfig
119 will mask the script's output.
120 If these variables are set to neither
133 manual page for how script return codes are interpreted.
134 .It Va anticongestion_sleeptime
136 The maximum number of seconds to randomly sleep in order to smooth bursty loads
137 on a shared resource, such as a download mirror.
140 The following variables are used by the standard scripts that reside in
141 .Pa /etc/periodic/daily :
142 .Bl -tag -offset 4n -width 2n
143 .It Va daily_clean_disks_enable
147 if you want to remove all files matching
148 .Va daily_clean_disks_files
150 .It Va daily_clean_disks_files
152 Set to a list of file names to match.
153 Wild cards are permitted.
154 .It Va daily_clean_disks_days
157 .Va daily_clean_disks_enable
160 this must also be set to the number of days old that a file's access
161 and modification times must be before it is deleted.
162 .It Va daily_clean_disks_verbose
166 if you want the removed files to be reported in your daily output.
167 .It Va daily_clean_tmps_enable
171 if you want to clear temporary directories daily.
172 .It Va daily_clean_tmps_dirs
174 Set to the list of directories to clear if
175 .Va daily_clean_tmps_enable
178 .It Va daily_clean_tmps_days
181 .Va daily_clean_tmps_enable
182 is set, this must also be set to the number of days old that a file's access
183 and modification times must be before it is deleted.
184 .It Va daily_clean_tmps_ignore
186 Set to the list of files that should not be deleted when
187 .Va daily_clean_tmps_enable
190 Wild card characters are permitted.
191 .It Va daily_clean_tmps_verbose
195 if you want the removed files to be reported in your daily output.
196 .It Va daily_clean_preserve_enable
200 if you wish to remove old files from
202 .It Va daily_clean_preserve_days
204 Set to the number of days that files must not have been modified before
206 .It Va daily_clean_preserve_verbose
210 if you want the removed files to be reported in your daily output.
211 .It Va daily_clean_msgs_enable
215 if you wish old system messages to be purged.
216 .It Va daily_clean_msgs_days
218 Set to the number of days that files must not have been modified before
220 If this variable is left blank, the
223 .It Va daily_clean_rwho_enable
227 if you wish old files in
230 .It Va daily_clean_rwho_days
232 Set to the number of days that files must not have been modified before
234 .It Va daily_clean_rwho_verbose
238 if you want the removed files to be reported in your daily output.
239 .It Va daily_clean_hoststat_enable
245 to automatically purge stale entries from
248 Files will be deleted using the same criteria as
250 would normally use when determining whether to believe the cached information,
252 .Pa /etc/mail/sendmail.cf .
253 .It Va daily_backup_efi_enable
257 to create backup of EFI System Partition (ESP).
258 .It Va daily_backup_gmirror_enable
262 to create backup of gmirror information (i.e., output of
263 .Nm gmirror Cm list ) ,
266 .It Va daily_backup_gmirror_verbose
270 to report a diff between the new backup and the existing backup
272 .It Va daily_backup_gpart_enable
276 to create backups of partition tables, and bootcode partition contents.
277 .It Va daily_backup_gpart_verbose
281 to be verbose if existing backups for kern.geom.conftxt or the partition tables differ
282 from the new backups.
283 .It Va daily_backup_passwd_enable
288 .Pa /etc/master.passwd
291 files backed up and reported on.
292 Reporting consists of checking both files for modifications and running
297 .It Va daily_backup_aliases_enable
302 .Pa /etc/mail/aliases
303 file backed up and modifications to be displayed in your daily output.
304 .It Va daily_backup_zfs_enable
308 to create backup of the output generated from the
313 .It Va daily_backup_zfs_list_flags
315 Set to the arguments for the
318 The default is standard behavior.
319 .It Va daily_backup_zpool_list_flags
321 Set to the arguments for the
326 .It Va daily_backup_zfs_props_enable
330 to create backup of the output generated from the
335 .It Va daily_backup_zfs_get_flags
337 Set to the arguments for the
342 .It Va daily_backup_zpool_get_flags
344 Set to the arguments for the
349 .It Va daily_backup_zfs_verbose
353 to report a diff between the new backup and the existing backup
355 .It Va daily_calendar_enable
362 .It Va daily_accounting_enable
366 if you want to rotate your daily process accounting files.
367 No rotations are necessary unless
368 .Va accounting_enable
371 .It Va daily_accounting_compress
375 if you want your daily accounting files to be compressed using
377 .It Va daily_accounting_save
380 .Va daily_accounting_enable
381 is set, this may also be set to the number of daily accounting files that are
385 .It Va daily_accounting_flags
387 Set to the arguments to pass to the
389 utility (in addition to
392 .Va daily_accounting_enable
397 .It Va daily_status_disks_enable
403 (with the arguments supplied in
404 .Va daily_status_disks_df_flags )
407 .It Va daily_status_disks_df_flags
409 Set to the arguments for the
412 .Va daily_status_disks_enable
417 .It Va daily_status_zfs_enable
426 .It Va daily_status_zfs_zpool_list_enable
436 .Va daily_status_zfs_enable
439 .It Va daily_status_gmirror_enable
444 .Nm gmirror Cm status
448 .It Va daily_status_graid3_enable
457 .It Va daily_status_gstripe_enable
462 .Nm gstripe Cm status
466 .It Va daily_status_gconcat_enable
471 .Nm gconcat Cm status
475 .It Va daily_status_mfi_enable
480 .Nm mfiutil Cm status
484 .It Va daily_status_network_enable
490 .It Va daily_status_network_netstat_flags
492 Set to additional arguments for the
495 .Va daily_status_network_enable
500 .It Va daily_status_network_usedns
508 option (to do DNS lookups).
509 .It Va daily_status_uptime_enable
523 .It Va daily_status_mailq_enable
529 .It Va daily_status_mailq_shorten
533 if you want to shorten the
536 .Va daily_status_mailq_enable
539 .It Va daily_status_include_submit_mailq
543 if you also want to run
545 on the submit mail queue when
546 .Va daily_status_mailq_enable
549 This may not work with MTAs other than
551 .It Va daily_status_security_enable
555 if you want to run the security check.
556 The security check is another set of
559 The system defaults are in
560 .Pa /etc/periodic/security .
561 Local scripts should be placed in
562 .Pa /usr/local/etc/periodic/security .
565 manual page for more information.
566 .It Va daily_status_security_inline
570 if you want the security check output inline.
571 The default is to either mail or log the output according to the value of
572 .Va daily_status_security_output .
573 .It Va daily_status_security_output
575 Where to send the output of the security check if
576 .Va daily_status_security_inline
579 This variable behaves in the same way as the
581 variables above, namely it can be set either to one or more email addresses
582 or to an absolute file name.
583 .It Va daily_status_mail_rejects_enable
587 if you want to summarise mail rejections logged to
589 for the previous day.
590 .It Va daily_status_mail_rejects_logs
592 Set to the number of maillog files that should be checked
593 for yesterday's mail rejects.
594 .It Va daily_status_ntpd_enable
598 if you want to enable NTP status check.
599 .It Va daily_status_world_kernel
603 to check the running userland and kernel are in sync.
604 .It Va daily_queuerun_enable
608 if you want to manually run the mail queue at least once a day.
609 .It Va daily_submit_queuerun
613 if you also want to manually run the submit mail queue at least once a day
615 .Va daily_queuerun_enable
618 .It Va daily_scrub_zfs_enable
622 if you want to run a zfs scrub periodically.
623 .It Va daily_scrub_zfs_pools
625 A space separated list of names of zfs pools to scrub.
626 If the list is empty or not set, all zfs pools are scrubbed.
627 .It Va daily_scrub_zfs_default_threshold
629 Number of days between a scrub if no pool-specific threshold is set.
630 If not set, the default value is 35, corresponding to 5 weeks.
631 .It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold
634 .Va daily_scrub_zfs_default_threshold
635 but specific to the pool
636 .Ao Ar poolname Ac Ns .
639 Set to a list of extra scripts that should be run after all other
641 All scripts must be absolute path names.
642 .It Va daily_diff_flags
644 Set to the arguments to pass to the
646 utility when generating differences.
652 The following variables are used by the standard scripts that reside in
653 .Pa /etc/periodic/weekly :
654 .Bl -tag -offset 4n -width 2n
655 .It Va weekly_locate_enable
660 .Pa /usr/libexec/locate.updatedb .
661 This script is run using
665 and generates the table used by the
668 .It Va weekly_whatis_enable
673 .Pa /usr/libexec/makewhatis.local .
674 This script regenerates the database used by the
677 .It Va weekly_noid_enable
681 if you want to locate orphaned files on the system.
682 An orphaned file is one with an invalid owner or group.
683 .It Va weekly_noid_dirs
685 A list of directories under which orphaned files are searched for.
686 This would usually be set to
688 .It Va weekly_status_security_enable
690 Weekly counterpart of
691 .Va daily_status_security_enable .
692 .It Va weekly_status_security_inline
694 Weekly counterpart of
695 .Va daily_status_security_inline .
696 .It Va weekly_status_security_output
698 Weekly counterpart of
699 .Va daily_status_security_output .
700 .It Va weekly_status_pkg_enable
706 to list installed packages which are out of date.
710 .Va weekly_status_pkg_enable
713 this variable specifies the program that is used to determine the out of
718 As an example, this variable might be set to
721 .Pa ports/sysutils/portupgrade
722 port has been installed.
723 .It Va pkg_version_index
725 This variable specifies the
729 that should be used by
731 Because the dependency tree may be substantially different between versions of
733 there may be more than one
742 it will also be necessary to arrange that the correct
745 using environment variables and that
746 .Va pkg_version_index
748 .Pa /etc/periodic.conf
749 .Pq Dq Li pkg_version_index= .
752 Set to a list of extra scripts that should be run after all other
754 All scripts must be absolute path names.
757 The following variables are used by the standard scripts that reside in
758 .Pa /etc/periodic/monthly :
759 .Bl -tag -offset 4n -width 2n
760 .It Va monthly_accounting_enable
764 if you want to do login accounting using the
767 .It Va monthly_status_security_enable
769 Monthly counterpart of
770 .Va daily_status_security_enable .
771 .It Va monthly_status_security_inline
773 Monthly counterpart of
774 .Va daily_status_security_inline .
775 .It Va monthly_status_security_output
777 Monthly counterpart of
778 .Va daily_status_security_output .
781 Set to a list of extra scripts that should be run after all other
783 All scripts must be absolute path names.
786 The following variables are used by the standard scripts that reside in
787 .Pa /etc/periodic/security .
788 Those scripts are usually run from daily
789 .Pq Va daily_status_security_enable ,
791 .Pq Va weekly_status_security_enable ,
793 .Pq Va monthly_status_security_enable
797 of each script can be configured as
803 Note that when periodic security scripts are run from
805 they will be always run unless their
811 .Bl -tag -offset 4n -width 2n
812 .It Va security_status_diff_flags
814 Set to the arguments to pass to the
816 utility when generating differences.
820 .It Va security_status_chksetuid_enable
824 to compare the modes and modification times of setuid executables with
825 the previous day's values.
826 .It Va security_status_chksetuid_period
834 .It Va security_status_chkportsum_enable
838 to verify checksums of all installed packages against the known checksums in
840 .It Va security_status_chkportsum_period
848 .It Va security_status_neggrpperm_enable
852 to check for files where the group of a file has less permissions than
854 When users are in more than 14 supplemental groups these negative
855 permissions may not be enforced via NFS shares.
856 .It Va security_status_neggrpperm_period
864 .It Va security_status_chkmounts_enable
868 to check for changes mounted file systems to the previous day's values.
869 .It Va security_status_chkmounts_period
877 .It Va security_status_noamd
881 if you want to ignore
883 mounts when comparing against yesterday's file system mounts in the
884 .Va security_status_chkmounts_enable
886 .It Va security_status_chkuid0_enable
891 .Pa /etc/master.passwd
892 for accounts with UID 0.
893 .It Va security_status_chkuid0_period
901 .It Va security_status_passwdless_enable
906 .Pa /etc/master.passwd
907 for accounts with empty passwords.
908 .It Va security_status_passwdless_period
916 .It Va security_status_logincheck_enable
924 for more information.
925 .It Va security_status_logincheck_period
933 .It Va security_status_ipfwdenied_enable
937 to show log entries for packets denied by
939 since yesterday's check.
940 .It Va security_status_ipfwdenied_period
948 .It Va security_status_ipfdenied_enable
952 to show log entries for packets denied by
954 since yesterday's check.
955 .It Va security_status_ipfdenied_period
963 .It Va security_status_pfdenied_enable
967 to show log entries for packets denied by
969 since yesterday's check.
970 .It Va security_status_pfdenied_additionalanchors
972 Space-separated list of additional anchors whose denied packets log entries to
974 The main ruleset (i.e., the empty-string anchor) and any
976 anchors, if present, are always shown.
977 .It Va security_status_pfdenied_period
985 .It Va security_status_ipfwlimit_enable
991 rules that have reached their verbosity limit.
992 .It Va security_status_ipfwlimit_period
1000 .It Va security_status_kernelmsg_enable
1006 entries since yesterday's check.
1007 .It Va security_status_kernelmsg_period
1015 .It Va security_status_loginfail_enable
1019 to display failed logins from
1020 .Pa /var/log/messages
1021 in the previous day.
1022 .It Va security_status_loginfail_period
1030 .It Va security_status_tcpwrap_enable
1034 to display connections denied by tcpwrappers (see
1035 .Xr hosts_access 5 )
1037 .Pa /var/log/messages
1038 during the previous day.
1039 .It Va security_status_tcpwrap_period
1049 .Bl -tag -width ".Pa /etc/defaults/periodic.conf"
1050 .It Pa /etc/defaults/periodic.conf
1051 The default configuration file.
1052 This file contains all default variables and values.
1053 .It Pa /etc/periodic.conf
1054 The usual system specific variable override file.
1055 .It Pa /etc/periodic.conf.local
1056 An additional override file, useful when
1057 .Pa /etc/periodic.conf
1058 is shared or distributed.
1086 .An Brian Somers Aq Mt brian@Awfulhak.org