NAME

periodic.conf —

periodic job configuration information

DESCRIPTION

The file periodic.conf contains a description of how daily, weekly and monthly system maintenance jobs should run. It resides in the /etc/defaults directory and parts may be overridden by a file of the same name in /etc, which itself may be overridden by the /etc/periodic.conf.local file.

The periodic.conf file is actually sourced as a shell script from each of the periodic scripts and is intended to simply provide default configuration variables.

The following variables are used by periodic(8) itself:

local_periodic: (str) List of directories to search for periodic scripts. This list is always prefixed with /etc/periodic, and is only used when an argument to periodic(8) is not an absolute directory name.
⟨dir⟩_output: (path or list) What to do with the output of the scripts executed from the directory dir. If this variable is set to an absolute path name, output is logged to that file, otherwise it is taken as one or more space separated email addresses and mailed to those users. If this variable is not set or is empty, output is sent to standard output.
For an unattended machine, suitable values for daily_output, weekly_output, and monthly_output might be “/var/log/daily.log”, “/var/log/weekly.log”, and “/var/log/monthly.log” respectively, as newsyslog(8) will rotate these files (if they exists) at the appropriate times.
⟨dir⟩_show_success
⟨dir⟩_show_info
⟨dir⟩_show_badconfig: (bool) These variables control whether periodic(8) will mask the output of the executed scripts based on their return code (where dir is the base directory name in which each script resides). If the return code of a script is ‘0’ and ⟨dir⟩_show_success is set to “NO”, periodic(8) will mask the script's output. If the return code of a script is ‘1’ and ⟨dir⟩_show_info is set to “NO”, periodic(8) will mask the script's output. If the return code of a script is ‘2’ and ⟨dir⟩_show_badconfig is set to “NO”, periodic(8) will mask the script's output. If these variables are set to neither “YES” nor “NO”, they default to “YES”, “YES” and “NO” respectively.
Refer to the periodic(8) manual page for how script return codes are interpreted.
anticongestion_sleeptime: (int) The maximum number of seconds to randomly sleep in order to smooth bursty loads on a shared resource, such as a download mirror.

The following variables are used by the standard scripts that reside in /etc/periodic/daily:

daily_clean_disks_enable: (bool) Set to “YES” if you want to remove all files matching daily_clean_disks_files daily.
daily_clean_disks_files: (str) Set to a list of file names to match. Wild cards are permitted.
daily_clean_disks_days: (num) When daily_clean_disks_enable is set to “YES”, this must also be set to the number of days old that a file's access and modification times must be before it is deleted.
daily_clean_disks_verbose: (bool) Set to “YES” if you want the removed files to be reported in your daily output.
daily_clean_tmps_enable: (bool) Set to “YES” if you want to clear temporary directories daily.
daily_clean_tmps_dirs: (str) Set to the list of directories to clear if daily_clean_tmps_enable is set to “YES”.
daily_clean_tmps_days: (num) When daily_clean_tmps_enable is set, this must also be set to the number of days old that a file's access and modification times must be before it is deleted.
daily_clean_tmps_ignore: (str) Set to the list of files that should not be deleted when daily_clean_tmps_enable is set to “YES”. Wild card characters are permitted.
daily_clean_tmps_verbose: (bool) Set to “YES” if you want the removed files to be reported in your daily output.
daily_clean_preserve_enable: (bool) Set to “YES” if you wish to remove old files from /var/preserve.
daily_clean_preserve_days: (num) Set to the number of days that files must not have been modified before they are deleted.
daily_clean_preserve_verbose: (bool) Set to “YES” if you want the removed files to be reported in your daily output.
daily_clean_msgs_enable: (bool) Set to “YES” if you wish old system messages to be purged.
daily_clean_msgs_days: (num) Set to the number of days that files must not have been modified before they are deleted. If this variable is left blank, the msgs(1) default is used.
daily_clean_rwho_enable: (bool) Set to “YES” if you wish old files in /var/who to be purged.
daily_clean_rwho_days: (num) Set to the number of days that files must not have been modified before they are deleted.
daily_clean_rwho_verbose: (bool) Set to “YES” if you want the removed files to be reported in your daily output.
daily_clean_hoststat_enable: (bool) Set to “YES” to run sendmail -bH to automatically purge stale entries from sendmail(8)'s host status cache. Files will be deleted using the same criteria as sendmail(8) would normally use when determining whether to believe the cached information, as configured in /etc/mail/sendmail.cf.
daily_backup_efi_enable: (bool) Set to “YES” to create backup of EFI System Partition (ESP).
daily_backup_gmirror_enable: (bool) Set to “YES” to create backup of gmirror information (i.e., output of gmirror list), see gmirror(8).
daily_backup_gmirror_verbose: (bool) Set to “YES” to report a diff between the new backup and the existing backup in the daily output.
daily_backup_gpart_enable: (bool) Set to “YES” to create backups of partition tables, and bootcode partition contents.
daily_backup_gpart_verbose: (bool) Set to “YES” to be verbose if existing backups for kern.geom.conftxt or the partition tables differ from the new backups.
daily_backup_passwd_enable: (bool) Set to “YES” if you want the /etc/master.passwd and /etc/group files backed up and reported on. Reporting consists of checking both files for modifications and running chkgrp(8) on the group file.
daily_backup_aliases_enable: (bool) Set to “YES” if you want the /etc/mail/aliases file backed up and modifications to be displayed in your daily output.
daily_backup_zfs_enable: (bool) Set to “YES” to create backup of the output generated from the zfs-list(8) and zpool-list(8) utilities.
daily_backup_zfs_list_flags: (str) Set to the arguments for the zfs-list(8) utility. The default is standard behavior.
daily_backup_zpool_list_flags: (str) Set to the arguments for the zpool-list(8) utility. The default is -v.
daily_backup_zfs_props_enable: (bool) Set to “YES” to create backup of the output generated from the zfs-get(8) and zpool-get(8) utilities.
daily_backup_zfs_get_flags: (str) Set to the arguments for the zfs-get(8) utility. The default is all.
daily_backup_zpool_get_flags: (str) Set to the arguments for the zpool-get(8) utility. The default is all.
daily_backup_zfs_verbose: (bool) Set to “YES” to report a diff between the new backup and the existing backup in the daily output.
daily_calendar_enable: (bool) Set to “YES” if you want to run calendar -a daily.
daily_accounting_enable: (bool) Set to “YES” if you want to rotate your daily accounting files. No rotations are necessary unless accounting_enable is enabled in rc.conf(5).
daily_accounting_compress: (bool) Set to “YES” if you want your daily accounting files to be compressed using gzip(1).
daily_accounting_save: (num) When daily_accounting_enable is set, this may also be set to the number of daily accounting files that are to be saved. The default is “3”.
daily_accounting_flags: (str) Set to the arguments to pass to the sa(8) utility (in addition to -s) when daily_accounting_enable is set to “YES”. The default is -q.
daily_news_expire_enable: (bool) Set to “YES” if you want to run /etc/news.expire.
daily_status_disks_enable: (bool) Set to “YES” if you want to run df(1) (with the arguments supplied in daily_status_disks_df_flags) and dump -W.
daily_status_disks_df_flags: (str) Set to the arguments for the df(1) utility when daily_status_disks_enable is set to “YES”. The default is -l -h.
daily_status_zfs_enable: (bool) Set to “YES” if you want to run zpool status on your zfs(8) pools.
daily_status_zfs_zpool_list_enable: (bool) Set to “YES” if you want to run zpool list on your zfs(8) pools. Requires daily_status_zfs_enable to be set to YES.
daily_status_gmirror_enable: (bool) Set to “YES” if you want to run gmirror status on your gmirror(8) devices.
daily_status_graid3_enable: (bool) Set to “YES” if you want to run graid3 status on your graid3(8) devices.
daily_status_gstripe_enable: (bool) Set to “YES” if you want to run gstripe status on your gstripe(8) devices.
daily_status_gconcat_enable: (bool) Set to “YES” if you want to run gconcat status on your gconcat(8) devices.
daily_status_mfi_enable: (bool) Set to “YES” if you want to run mfiutil status on your mfi(4) devices.
daily_status_network_enable: (bool) Set to “YES” if you want to run netstat -i.
daily_status_network_netstat_flags: (str) Set to additional arguments for the netstat(1) utility when daily_status_network_enable is set to “YES”. The default is -d -W.
daily_status_network_usedns: (bool) Set to “YES” if you want to run netstat(1) without the -n option (to do DNS lookups).
daily_status_uptime_enable: (bool) Set to “YES” if you want to run uptime(1) (or ruptime(1) if rwhod_enable is set to “YES” in /etc/rc.conf).
daily_status_mailq_enable: (bool) Set to “YES” if you want to run mailq(1).
daily_status_mailq_shorten: (bool) Set to “YES” if you want to shorten the mailq(1) output when daily_status_mailq_enable is set to “YES”.
daily_status_include_submit_mailq: (bool) Set to “YES” if you also want to run mailq(1) on the submit mail queue when daily_status_mailq_enable is set to “YES”. This may not work with MTAs other than sendmail(8).
daily_status_security_enable: (bool) Set to “YES” if you want to run the security check. The security check is another set of periodic(8) scripts. The system defaults are in /etc/periodic/security. Local scripts should be placed in /usr/local/etc/periodic/security. See the periodic(8) manual page for more information.
daily_status_security_inline: (bool) Set to “YES” if you want the security check output inline. The default is to either mail or log the output according to the value of daily_status_security_output.
daily_status_security_output: (str) Where to send the output of the security check if daily_status_security_inline is set to “NO”. This variable behaves in the same way as the *_output variables above, namely it can be set either to one or more email addresses or to an absolute file name.
daily_status_mail_rejects_enable: (bool) Set to “YES” if you want to summarise mail rejections logged to /var/log/maillog for the previous day.
daily_status_mail_rejects_logs: (num) Set to the number of maillog files that should be checked for yesterday's mail rejects.
daily_status_ntpd_enable: (bool) Set to “YES” if you want to enable NTP status check.
daily_status_world_kernel: (bool) Set to “YES” to check the running userland and kernel are in sync.
daily_queuerun_enable: (bool) Set to “YES” if you want to manually run the mail queue at least once a day.
daily_submit_queuerun: (bool) Set to “YES” if you also want to manually run the submit mail queue at least once a day when daily_queuerun_enable is set to “YES”.
daily_scrub_zfs_enable: (bool) Set to “YES” if you want to run a zfs scrub periodically.
daily_scrub_zfs_pools: (str) A space separated list of names of zfs pools to scrub. If the list is empty or not set, all zfs pools are scrubbed.
daily_scrub_zfs_default_threshold: (int) Number of days between a scrub if no pool-specific threshold is set. If not set, the default value is 35, corresponding to 5 weeks.
daily_scrub_zfs_⟨poolname⟩_threshold: (int) The same as daily_scrub_zfs_default_threshold but specific to the pool ⟨poolname⟩.
daily_local: (str) Set to a list of extra scripts that should be run after all other daily scripts. All scripts must be absolute path names.

The following variables are used by the standard scripts that reside in /etc/periodic/weekly:

weekly_locate_enable: (bool) Set to “YES” if you want to run /usr/libexec/locate.updatedb. This script is run using nice -5 as user “nobody”, and generates the table used by the locate(1) command.
weekly_whatis_enable: (bool) Set to “YES” if you want to run /usr/libexec/makewhatis.local. This script regenerates the database used by the apropos(1) command.
weekly_noid_enable: (bool) Set to “YES” if you want to locate orphaned files on the system. An orphaned file is one with an invalid owner or group.
weekly_noid_dirs: (str) A list of directories under which orphaned files are searched for. This would usually be set to /.
weekly_status_security_enable: (bool) Weekly counterpart of daily_status_security_enable.
weekly_status_security_inline: (bool) Weekly counterpart of daily_status_security_inline.
weekly_status_security_output: (str) Weekly counterpart of daily_status_security_output.
weekly_status_pkg_enable: (bool) Set to “YES” if you want to use pkg-version(8) to list installed packages which are out of date.
pkg_version: (str) When weekly_status_pkg_enable is set to “YES”, this variable specifies the program that is used to determine the out of date packages. If unset, the pkg-version(8) program is used. As an example, this variable might be set to “portversion” if the ports/sysutils/portupgrade port has been installed.
pkg_version_index: (str) This variable specifies the INDEX file from /usr/ports that should be used by pkg-version(8). Because the dependency tree may be substantially different between versions of FreeBSD, there may be more than one INDEX file in /usr/ports.
Note, if the pkg_version variable is set to “portversion”, it will also be necessary to arrange that the correct INDEX file is specified using environment variables and that pkg_version_index is cleared in /etc/periodic.conf (“pkg_version_index=”).
weekly_local: (str) Set to a list of extra scripts that should be run after all other weekly scripts. All scripts must be absolute path names.

The following variables are used by the standard scripts that reside in /etc/periodic/monthly:

monthly_accounting_enable: (bool) Set to “YES” if you want to do login accounting using the ac(8) command.
monthly_status_security_enable: (bool) Monthly counterpart of daily_status_security_enable.
monthly_status_security_inline: (bool) Monthly counterpart of daily_status_security_inline.
monthly_status_security_output: (str) Monthly counterpart of daily_status_security_output.
monthly_local: (str) Set to a list of extra scripts that should be run after all other monthly scripts. All scripts must be absolute path names.

The following variables are used by the standard scripts that reside in /etc/periodic/security. Those scripts are usually run from daily (daily_status_security_enable), weekly (weekly_status_security_enable), and monthly (monthly_status_security_enable) periodic hooks. The ..._period of each script can be configured as “daily”, “weekly”, “monthly” or “NO”. Note that when periodic security scripts are run from crontab(5), they will be always run unless their ..._enable or ..._period variable is set to “NO”.

security_status_diff_flags: (str) Set to the arguments to pass to the diff(1) utility when generating differences. The default is -b -u.
security_status_chksetuid_enable: (bool) Set to “YES” to compare the modes and modification times of setuid executables with the previous day's values.
security_status_chksetuid_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_chkportsum_enable: (bool) Set to “YES” to verify checksums of all installed packages against the known checksums in /var/db/pkg.
security_status_chkportsum_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_neggrpperm_enable: (bool) Set to “YES” to check for files where the group of a file has less permissions than the world at large. When users are in more than 14 supplemental groups these negative permissions may not be enforced via NFS shares.
security_status_neggrpperm_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_chkmounts_enable: (bool) Set to “YES” to check for changes mounted file systems to the previous day's values.
security_status_chkmounts_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_noamd: (bool) Set to “YES” if you want to ignore amd(8) mounts when comparing against yesterday's file system mounts in the security_status_chkmounts_enable check.
security_status_chkuid0_enable: (bool) Set to “YES” to check /etc/master.passwd for accounts with UID 0.
security_status_chkuid0_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_passwdless_enable: (bool) Set to “YES” to check /etc/master.passwd for accounts with empty passwords.
security_status_passwdless_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_logincheck_enable: (bool) Set to “YES” to check /etc/login.conf ownership, see login.conf(5) for more information.
security_status_logincheck_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_ipfwdenied_enable: (bool) Set to “YES” to show log entries for packets denied by ipfw(8) since yesterday's check.
security_status_ipfwdenied_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_ipfdenied_enable: (bool) Set to “YES” to show log entries for packets denied by ipf(8) since yesterday's check.
security_status_ipfdenied_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_pfdenied_enable: (bool) Set to “YES” to show log entries for packets denied by pf(4) since yesterday's check.
security_status_pfdenied_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_ipfwlimit_enable: (bool) Set to “YES” to display ipfw(8) rules that have reached their verbosity limit.
security_status_ipfwlimit_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_kernelmsg_enable: (bool) Set to “YES” to show new dmesg(8) entries since yesterday's check.
security_status_kernelmsg_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_loginfail_enable: (bool) Set to “YES” to display failed logins from /var/log/messages in the previous day.
security_status_loginfail_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.
security_status_tcpwrap_enable: (bool) Set to “YES” to display connections denied by tcpwrappers (see hosts_access(5)) from /var/log/messages during the previous day.
security_status_tcpwrap_period: (str) Set to either “daily”, “weekly”, “monthly” or “NO”.

FILES

/etc/defaults/periodic.conf: The default configuration file. This file contains all default variables and values.
/etc/periodic.conf: The usual system specific variable override file.
/etc/periodic.conf.local: An additional override file, useful when /etc/periodic.conf is shared or distributed.

HISTORY

The periodic.conf file appeared in FreeBSD 4.1.

AUTHORS

Brian Somers <brian@Awfulhak.org>

NAME

DESCRIPTION

FILES

SEE ALSO

HISTORY

AUTHORS