2 .\" Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 .Nd periodic job configuration information
37 contains a description of how daily, weekly and monthly system maintenance
41 directory and parts may be overridden by a file of the same name in
43 which itself may be overridden by the
44 .Pa /etc/periodic.conf.local
50 is actually sourced as a shell script from each of the periodic scripts
51 and is intended to simply provide default configuration variables.
53 The following variables are used by
56 .Bl -tag -offset 4n -width 2n
59 List of directories to search for periodic scripts.
60 This list is always prefixed with
62 and is only used when an argument to
64 is not an absolute directory name.
65 .It Ao Ar dir Ac Ns Va _output
66 .Pq Vt path No or Vt list
67 What to do with the output of the scripts executed from
70 If this variable is set to an absolute path name, output is logged to
71 that file, otherwise it is taken as one or more space separated email
72 addresses and mailed to those users.
73 If this variable is not set or is empty, output is sent to standard output.
75 For an unattended machine, suitable values for
81 .Dq Li /var/log/daily.log ,
82 .Dq Li /var/log/weekly.log ,
84 .Dq Li /var/log/monthly.log
87 will rotate these files (if they exists) at the appropriate times.
88 .It Ao Ar dir Ac Ns Va _show_success
89 .It Ao Ar dir Ac Ns Va _show_info
90 .It Ao Ar dir Ac Ns Va _show_badconfig
92 These variables control whether
94 will mask the output of the executed scripts based on their return code
97 is the base directory name in which each script resides).
98 If the return code of a script is
101 .Ao Ar dir Ac Ns Va _show_success
105 will mask the script's output.
106 If the return code of a script is
109 .Ao Ar dir Ac Ns Va _show_info
113 will mask the script's output.
114 If the return code of a script is
117 .Ao Ar dir Ac Ns Va _show_badconfig
121 will mask the script's output.
122 If these variables are set to neither
135 manual page for how script return codes are interpreted.
136 .It Va anticongestion_sleeptime
138 The maximum number of seconds to randomly sleep in order to smooth bursty loads
139 on a shared resource, such as a download mirror.
142 The following variables are used by the standard scripts that reside in
143 .Pa /etc/periodic/daily :
144 .Bl -tag -offset 4n -width 2n
145 .It Va daily_clean_disks_enable
149 if you want to remove all files matching
150 .Va daily_clean_disks_files
152 .It Va daily_clean_disks_files
154 Set to a list of file names to match.
155 Wild cards are permitted.
156 .It Va daily_clean_disks_days
159 .Va daily_clean_disks_enable
162 this must also be set to the number of days old that a file's access
163 and modification times must be before it is deleted.
164 .It Va daily_clean_disks_verbose
168 if you want the removed files to be reported in your daily output.
169 .It Va daily_clean_tmps_enable
173 if you want to clear temporary directories daily.
174 .It Va daily_clean_tmps_dirs
176 Set to the list of directories to clear if
177 .Va daily_clean_tmps_enable
180 .It Va daily_clean_tmps_days
183 .Va daily_clean_tmps_enable
184 is set, this must also be set to the number of days old that a file's access
185 and modification times must be before it is deleted.
186 .It Va daily_clean_tmps_ignore
188 Set to the list of files that should not be deleted when
189 .Va daily_clean_tmps_enable
192 Wild card characters are permitted.
193 .It Va daily_clean_tmps_verbose
197 if you want the removed files to be reported in your daily output.
198 .It Va daily_clean_preserve_enable
202 if you wish to remove old files from
204 .It Va daily_clean_preserve_days
206 Set to the number of days that files must not have been modified before
208 .It Va daily_clean_preserve_verbose
212 if you want the removed files to be reported in your daily output.
213 .It Va daily_clean_msgs_enable
217 if you wish old system messages to be purged.
218 .It Va daily_clean_msgs_days
220 Set to the number of days that files must not have been modified before
222 If this variable is left blank, the
225 .It Va daily_clean_rwho_enable
229 if you wish old files in
232 .It Va daily_clean_rwho_days
234 Set to the number of days that files must not have been modified before
236 .It Va daily_clean_rwho_verbose
240 if you want the removed files to be reported in your daily output.
241 .It Va daily_clean_hoststat_enable
247 to automatically purge stale entries from
250 Files will be deleted using the same criteria as
252 would normally use when determining whether to believe the cached information,
254 .Pa /etc/mail/sendmail.cf .
255 .It Va daily_backup_efi_enable
259 to create backup of EFI System Partition (ESP).
260 .It Va daily_backup_gpart_enable
264 to create backups of partition tables, and bootcode partition contents.
265 .It Va daily_backup_gpart_verbose
269 to be verbose if existing backups for kern.geom.conftxt or the partition tables differ
270 from the new backups.
271 .It Va daily_backup_passwd_enable
276 .Pa /etc/master.passwd
279 files backed up and reported on.
280 Reporting consists of checking both files for modifications and running
285 .It Va daily_backup_aliases_enable
290 .Pa /etc/mail/aliases
291 file backed up and modifications to be displayed in your daily output.
292 .It Va daily_backup_zfs_enable
296 to create backup of the output generated from the
301 .It Va daily_backup_zfs_list_flags
303 Set to the arguments for the
306 The default is standard behavior.
307 .It Va daily_backup_zpool_list_flags
309 Set to the arguments for the
314 .It Va daily_backup_zfs_props_enable
318 to create backup of the output generated from the
323 .It Va daily_backup_zfs_get_flags
325 Set to the arguments for the
330 .It Va daily_backup_zpool_get_flags
332 Set to the arguments for the
337 .It Va daily_backup_zfs_verbose
341 to report a diff between the new backup and the existing backup
343 .It Va daily_calendar_enable
350 .It Va daily_accounting_enable
354 if you want to rotate your daily accounting files.
355 No rotations are necessary unless
356 .Va accounting_enable
359 .It Va daily_accounting_compress
363 if you want your daily accounting files to be compressed using
365 .It Va daily_accounting_save
368 .Va daily_accounting_enable
369 is set, this may also be set to the number of daily accounting files that are
373 .It Va daily_accounting_flags
375 Set to the arguments to pass to the
377 utility (in addition to
380 .Va daily_accounting_enable
385 .It Va daily_news_expire_enable
390 .Pa /etc/news.expire .
391 .It Va daily_status_disks_enable
397 (with the arguments supplied in
398 .Va daily_status_disks_df_flags )
401 .It Va daily_status_disks_df_flags
403 Set to the arguments for the
406 .Va daily_status_disks_enable
411 .It Va daily_status_zfs_enable
420 .It Va daily_status_zfs_zpool_list_enable
430 .Va daily_status_zfs_enable
433 .It Va daily_status_gmirror_enable
438 .Nm gmirror Cm status
442 .It Va daily_status_graid3_enable
451 .It Va daily_status_gstripe_enable
456 .Nm gstripe Cm status
460 .It Va daily_status_gconcat_enable
465 .Nm gconcat Cm status
469 .It Va daily_status_mfi_enable
474 .Nm mfiutil Cm status
478 .It Va daily_status_network_enable
484 .It Va daily_status_network_netstat_flags
486 Set to additional arguments for the
489 .Va daily_status_network_enable
494 .It Va daily_status_network_usedns
502 option (to do DNS lookups).
503 .It Va daily_status_uptime_enable
517 .It Va daily_status_mailq_enable
523 .It Va daily_status_mailq_shorten
527 if you want to shorten the
530 .Va daily_status_mailq_enable
533 .It Va daily_status_include_submit_mailq
537 if you also want to run
539 on the submit mail queue when
540 .Va daily_status_mailq_enable
543 This may not work with MTAs other than
545 .It Va daily_status_security_enable
549 if you want to run the security check.
550 The security check is another set of
553 The system defaults are in
554 .Pa /etc/periodic/security .
555 Local scripts should be placed in
556 .Pa /usr/local/etc/periodic/security .
559 manual page for more information.
560 .It Va daily_status_security_inline
564 if you want the security check output inline.
565 The default is to either mail or log the output according to the value of
566 .Va daily_status_security_output .
567 .It Va daily_status_security_output
569 Where to send the output of the security check if
570 .Va daily_status_security_inline
573 This variable behaves in the same way as the
575 variables above, namely it can be set either to one or more email addresses
576 or to an absolute file name.
577 .It Va daily_status_mail_rejects_enable
581 if you want to summarise mail rejections logged to
583 for the previous day.
584 .It Va daily_status_mail_rejects_logs
586 Set to the number of maillog files that should be checked
587 for yesterday's mail rejects.
588 .It Va daily_status_ntpd_enable
592 if you want to enable NTP status check.
593 .It Va daily_status_world_kernel
597 to check the running userland and kernel are in sync.
598 .It Va daily_queuerun_enable
602 if you want to manually run the mail queue at least once a day.
603 .It Va daily_submit_queuerun
607 if you also want to manually run the submit mail queue at least once a day
609 .Va daily_queuerun_enable
612 .It Va daily_scrub_zfs_enable
616 if you want to run a zfs scrub periodically.
617 .It Va daily_scrub_zfs_pools
619 A space separated list of names of zfs pools to scrub.
620 If the list is empty or not set, all zfs pools are scrubbed.
621 .It Va daily_scrub_zfs_default_threshold
623 Number of days between a scrub if no pool-specific threshold is set.
624 If not set, the default value is 35, corresponding to 5 weeks.
625 .It Va daily_scrub_zfs_ Ns Ao Ar poolname Ac Ns Va _threshold
628 .Va daily_scrub_zfs_default_threshold
629 but specific to the pool
630 .Ao Ar poolname Ac Ns .
633 Set to a list of extra scripts that should be run after all other
635 All scripts must be absolute path names.
638 The following variables are used by the standard scripts that reside in
639 .Pa /etc/periodic/weekly :
640 .Bl -tag -offset 4n -width 2n
641 .It Va weekly_locate_enable
646 .Pa /usr/libexec/locate.updatedb .
647 This script is run using
651 and generates the table used by the
654 .It Va weekly_whatis_enable
659 .Pa /usr/libexec/makewhatis.local .
660 This script regenerates the database used by the
663 .It Va weekly_noid_enable
667 if you want to locate orphaned files on the system.
668 An orphaned file is one with an invalid owner or group.
669 .It Va weekly_noid_dirs
671 A list of directories under which orphaned files are searched for.
672 This would usually be set to
674 .It Va weekly_status_security_enable
676 Weekly counterpart of
677 .Va daily_status_security_enable .
678 .It Va weekly_status_security_inline
680 Weekly counterpart of
681 .Va daily_status_security_inline .
682 .It Va weekly_status_security_output
684 Weekly counterpart of
685 .Va daily_status_security_output .
686 .It Va weekly_status_pkg_enable
692 to list installed packages which are out of date.
696 .Va weekly_status_pkg_enable
699 this variable specifies the program that is used to determine the out of
704 As an example, this variable might be set to
707 .Pa ports/sysutils/portupgrade
708 port has been installed.
709 .It Va pkg_version_index
711 This variable specifies the
715 that should be used by
717 Because the dependency tree may be substantially different between versions of
719 there may be more than one
728 it will also be necessary to arrange that the correct
731 using environment variables and that
732 .Va pkg_version_index
734 .Pa /etc/periodic.conf
735 .Pq Dq Li pkg_version_index= .
738 Set to a list of extra scripts that should be run after all other
740 All scripts must be absolute path names.
743 The following variables are used by the standard scripts that reside in
744 .Pa /etc/periodic/monthly :
745 .Bl -tag -offset 4n -width 2n
746 .It Va monthly_accounting_enable
750 if you want to do login accounting using the
753 .It Va monthly_status_security_enable
755 Monthly counterpart of
756 .Va daily_status_security_enable .
757 .It Va monthly_status_security_inline
759 Monthly counterpart of
760 .Va daily_status_security_inline .
761 .It Va monthly_status_security_output
763 Monthly counterpart of
764 .Va daily_status_security_output .
767 Set to a list of extra scripts that should be run after all other
769 All scripts must be absolute path names.
772 The following variables are used by the standard scripts that reside in
773 .Pa /etc/periodic/security .
774 Those scripts are usually run from daily
775 .Pq Va daily_status_security_enable ,
777 .Pq Va weekly_status_security_enable ,
779 .Pq Va monthly_status_security_enable
783 of each script can be configured as
789 Note that when periodic security scripts are run from
791 they will be always run unless their
797 .Bl -tag -offset 4n -width 2n
798 .It Va security_status_diff_flags
800 Set to the arguments to pass to the
802 utility when generating differences.
805 .It Va security_status_chksetuid_enable
809 to compare the modes and modification times of setuid executables with
810 the previous day's values.
811 .It Va security_status_chksetuid_period
819 .It Va security_status_chkportsum_enable
823 to verify checksums of all installed packages against the known checksums in
825 .It Va security_status_chkportsum_period
833 .It Va security_status_neggrpperm_enable
837 to check for files where the group of a file has less permissions than
839 When users are in more than 14 supplemental groups these negative
840 permissions may not be enforced via NFS shares.
841 .It Va security_status_neggrpperm_period
849 .It Va security_status_chkmounts_enable
853 to check for changes mounted file systems to the previous day's values.
854 .It Va security_status_chkmounts_period
862 .It Va security_status_noamd
866 if you want to ignore
868 mounts when comparing against yesterday's file system mounts in the
869 .Va security_status_chkmounts_enable
871 .It Va security_status_chkuid0_enable
876 .Pa /etc/master.passwd
877 for accounts with UID 0.
878 .It Va security_status_chkuid0_period
886 .It Va security_status_passwdless_enable
891 .Pa /etc/master.passwd
892 for accounts with empty passwords.
893 .It Va security_status_passwdless_period
901 .It Va security_status_logincheck_enable
909 for more information.
910 .It Va security_status_logincheck_period
918 .It Va security_status_ipfwdenied_enable
922 to show log entries for packets denied by
924 since yesterday's check.
925 .It Va security_status_ipfwdenied_period
933 .It Va security_status_ipfdenied_enable
937 to show log entries for packets denied by
939 since yesterday's check.
940 .It Va security_status_ipfdenied_period
948 .It Va security_status_pfdenied_enable
952 to show log entries for packets denied by
954 since yesterday's check.
955 .It Va security_status_pfdenied_period
963 .It Va security_status_ipfwlimit_enable
969 rules that have reached their verbosity limit.
970 .It Va security_status_ipfwlimit_period
978 .It Va security_status_kernelmsg_enable
984 entries since yesterday's check.
985 .It Va security_status_kernelmsg_period
993 .It Va security_status_loginfail_enable
997 to display failed logins from
998 .Pa /var/log/messages
1000 .It Va security_status_loginfail_period
1008 .It Va security_status_tcpwrap_enable
1012 to display connections denied by tcpwrappers (see
1013 .Xr hosts_access 5 )
1015 .Pa /var/log/messages
1016 during the previous day.
1017 .It Va security_status_tcpwrap_period
1027 .Bl -tag -width ".Pa /etc/defaults/periodic.conf"
1028 .It Pa /etc/defaults/periodic.conf
1029 The default configuration file.
1030 This file contains all default variables and values.
1031 .It Pa /etc/periodic.conf
1032 The usual system specific variable override file.
1033 .It Pa /etc/periodic.conf.local
1034 An additional override file, useful when
1035 .Pa /etc/periodic.conf
1036 is shared or distributed.
1064 .An Brian Somers Aq Mt brian@Awfulhak.org