Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PERIODIC.CONF(5)	  FreeBSD File Formats Manual	      PERIODIC.CONF(5)

NAME
     periodic.conf -- periodic job configuration information

DESCRIPTION
     The file periodic.conf contains a description of how daily, weekly	and
     monthly system maintenance	jobs should run.  It resides in	the
     /etc/defaults directory and parts may be overridden by a file of the same
     name in /etc, which itself	may be overridden by the
     /etc/periodic.conf.local file.

     The periodic.conf file is actually	sourced	as a shell script from each of
     the periodic scripts and is intended to simply provide default configura-
     tion variables.

     The following variables are used by periodic(8) itself:

	 local_periodic
	     (str) List	of directories to search for periodic scripts.	This
	     list is always prefixed with /etc/periodic, and is	only used when
	     an	argument to periodic(8)	is not an absolute directory name.

	 <dir>_output
	     (path or list) What to do with the	output of the scripts executed
	     from the directory	dir.  If this variable is set to an absolute
	     path name,	output is logged to that file, otherwise it is taken
	     as	one or more space separated email addresses and	mailed to
	     those users.  If this variable is not set or is empty, output is
	     sent to standard output.

	     For an unattended machine,	suitable values	for daily_output,
	     weekly_output, and	monthly_output might be
	     ``/var/log/daily.log'', ``/var/log/weekly.log'', and
	     ``/var/log/monthly.log'' respectively, as newsyslog(8) will
	     rotate these files	(if they exists) at the	appropriate times.

	 <dir>_show_success

	 <dir>_show_info

	 <dir>_show_badconfig
	     (bool) These variables control whether periodic(8)	will mask the
	     output of the executed scripts based on their return code (where
	     dir is the	base directory name in which each script resides).  If
	     the return	code of	a script is `0'	and <dir>_show_success is set
	     to	``NO'',	periodic(8) will mask the script's output.  If the
	     return code of a script is	`1' and	<dir>_show_info	is set to
	     ``NO'', periodic(8) will mask the script's	output.	 If the	return
	     code of a script is `2' and <dir>_show_badconfig is set to
	     ``NO'', periodic(8) will mask the script's	output.	 If these
	     variables are set to neither ``YES'' nor ``NO'', they default to
	     ``YES'', ``YES'' and ``NO'' respectively.

	     Refer to the periodic(8) manual page for how script return	codes
	     are interpreted.

     The following variables are used by the standard scripts that reside in
     /etc/periodic/daily:

	 daily_clean_disks_enable
	     (bool) Set	to ``YES'' if you want to remove all files matching
	     daily_clean_disks_files daily.

	 daily_clean_disks_files
	     (str) Set to a list of file names to match.  Wild cards are per-
	     mitted.

	 daily_clean_disks_days
	     (num) When	daily_clean_disks_enable is set	to ``YES'', this must
	     also be set to the	number of days old that	a file's access	and
	     modification times	must be	before it is deleted.

	 daily_clean_disks_verbose
	     (bool) Set	to ``YES'' if you want the removed files to be
	     reported in your daily output.

	 daily_clean_tmps_enable
	     (bool) Set	to ``YES'' if you want to clear	temporary directories
	     daily.

	 daily_clean_tmps_dirs
	     (str) Set to the list of directories to clear if
	     daily_clean_tmps_enable is	set to ``YES''.

	 daily_clean_tmps_days
	     (num) When	daily_clean_tmps_enable	is set,	this must also be set
	     to	the number of days old that a file's access and	modification
	     times must	be before it is	deleted.

	 daily_clean_tmps_ignore
	     (str) Set to the list of files that should	not be deleted when
	     daily_clean_tmps_enable is	set to ``YES''.	 Wild card characters
	     are permitted.

	 daily_clean_tmps_verbose
	     (bool) Set	to ``YES'' if you want the removed files to be
	     reported in your daily output.

	 daily_clean_preserve_enable
	     (bool) Set	to ``YES'' if you wish to remove old files from
	     /var/preserve.

	 daily_clean_preserve_days
	     (num) Set to the number of	days that files	must not have been
	     modified before they are deleted.

	 daily_clean_preserve_verbose
	     (bool) Set	to ``YES'' if you want the removed files to be
	     reported in your daily output.

	 daily_clean_msgs_enable
	     (bool) Set	to ``YES'' if you wish old system messages to be
	     purged.

	 daily_clean_msgs_days
	     (num) Set to the number of	days that files	must not have been
	     modified before they are deleted.	If this	variable is left
	     blank, the	msgs(1)	default	is used.

	 daily_clean_rwho_enable
	     (bool) Set	to ``YES'' if you wish old files in /var/who to	be
	     purged.

	 daily_clean_rwho_days
	     (num) Set to the number of	days that files	must not have been
	     modified before they are deleted.

	 daily_clean_rwho_verbose
	     (bool) Set	to ``YES'' if you want the removed files to be
	     reported in your daily output.

	 daily_clean_hoststat_enable
	     (bool) Set	to ``YES'' to run sendmail -bH to automatically	purge
	     stale entries from	sendmail(8)'s host status cache.  Files	will
	     be	deleted	using the same criteria	as sendmail(8) would normally
	     use when determining whether to believe the cached	information,
	     as	configured in /etc/mail/sendmail.cf.

	 daily_backup_passwd_enable
	     (bool) Set	to ``YES'' if you want the /etc/master.passwd and
	     /etc/group	files backed up	and reported on.  Reporting consists
	     of	checking both files for	modifications and running chkgrp(8) on
	     the group file.

	 daily_backup_aliases_enable
	     (bool) Set	to ``YES'' if you want the /etc/mail/aliases file
	     backed up and modifications to be displayed in your daily output.

	 daily_calendar_enable
	     (bool) Set	to ``YES'' if you want to run calendar -a daily.

	 daily_accounting_enable
	     (bool) Set	to ``YES'' if you want to rotate your daily accounting
	     files.  No	rotations are necessary	unless accounting_enable is
	     enabled in	rc.conf(5).

	 daily_accounting_compress
	     (bool) Set	to ``YES'' if you want your daily accounting files to
	     be	compressed using gzip(1).

	 daily_accounting_save
	     (num) When	daily_accounting_enable	is set,	this may also be set
	     to	the number of daily accounting files that are to be saved.
	     The default is ``3''.

	 daily_accounting_flags
	     (str) Set to the arguments	to pass	to the sa(8) utility (in addi-
	     tion to -s) when daily_accounting_enable is set to	``YES''.  The
	     default is	-q.

	 daily_news_expire_enable
	     (bool) Set	to ``YES'' if you want to run /etc/news.expire.

	 daily_status_disks_enable
	     (bool) Set	to ``YES'' if you want to run df(1) (with the argu-
	     ments supplied in daily_status_disks_df_flags) and	dump -W.

	 daily_status_disks_df_flags
	     (str) Set to the arguments	for the	df(1) utility when
	     daily_status_disks_enable is set to ``YES''.

	 daily_status_zfs_enable
	     (bool) Set	to ``YES'' if you want to run zpool status on your
	     zfs(8) pools.

	 daily_status_zfs_zpool_list_enable
	     (bool) Set	to ``YES'' if you want to run zpool list on your
	     zfs(8) pools.  Requires daily_status_zfs_enable to	be set to YES.

	 daily_status_gmirror_enable
	     (bool) Set	to ``YES'' if you want to run gmirror status on	your
	     gmirror(8)	devices.

	 daily_status_graid3_enable
	     (bool) Set	to ``YES'' if you want to run graid3 status on your
	     graid3(8) devices.

	 daily_status_gstripe_enable
	     (bool) Set	to ``YES'' if you want to run gstripe status on	your
	     gstripe(8)	devices.

	 daily_status_gconcat_enable
	     (bool) Set	to ``YES'' if you want to run gconcat status on	your
	     gconcat(8)	devices.

	 daily_status_network_enable
	     (bool) Set	to ``YES'' if you want to run netstat -i.

	 daily_status_network_usedns
	     (bool) Set	to ``YES'' if you want to run netstat(1) without the
	     -n	option (to do DNS lookups).

	 daily_status_rwho_enable
	     (bool) Set	to ``YES'' if you want to run uptime(1)	(or ruptime(1)
	     if	rwhod_enable is	set to ``YES'' in /etc/rc.conf).

	 daily_status_mailq_enable
	     (bool) Set	to ``YES'' if you want to run mailq(1).

	 daily_status_mailq_shorten
	     (bool) Set	to ``YES'' if you want to shorten the mailq(1) output
	     when daily_status_mailq_enable is set to ``YES''.

	 daily_status_include_submit_mailq
	     (bool) Set	to ``YES'' if you also want to run mailq(1) on the
	     submit mail queue when daily_status_mailq_enable is set to
	     ``YES''.  This may	not work with MTAs other than sendmail(8).

	 daily_status_security_enable
	     (bool) Set	to ``YES'' if you want to run the security check.  The
	     security check is another set of periodic(8) scripts.  The	system
	     defaults are in /etc/periodic/security.  Local scripts should be
	     placed in /usr/local/etc/periodic/security.  See the periodic(8)
	     manual page for more information.

	 daily_status_security_inline
	     (bool) Set	to ``YES'' if you want the security check output
	     inline.  The default is to	either mail or log the output accord-
	     ing to the	value of daily_status_security_output.

	 daily_status_security_output
	     (str) Where to send the output of the security check if
	     daily_status_security_inline is set to ``NO''.  This variable
	     behaves in	the same way as	the *_output variables above, namely
	     it	can be set either to one or more email addresses or to an
	     absolute file name.

	 daily_status_mail_rejects_enable
	     (bool) Set	to ``YES'' if you want to summarise mail rejections
	     logged to /var/log/maillog	for the	previous day.

	 daily_status_mail_rejects_logs
	     (num) Set to the number of	maillog	files that should be checked
	     for yesterday's mail rejects.

	 daily_status_named_enable
	     (bool) Set	to ``YES'' if you want to summarise denied zone	trans-
	     fers (AXFR	and IXFR) for the previous day.

	 daily_status_named_usedns
	     (bool) Set	to ``YES'' if you want to enable reverse DNS lookups.

	 daily_status_ntpd
	     (bool) Set	to ``YES'' if you want to enable NTP status check.

	 daily_queuerun_enable
	     (bool) Set	to ``YES'' if you want to manually run the mail	queue
	     at	least once a day.

	 daily_submit_queuerun
	     (bool) Set	to ``YES'' if you also want to manually	run the	submit
	     mail queue	at least once a	day when daily_queuerun_enable is set
	     to	``YES''.

	 daily_scrub_zfs_enable
	     (bool) Set	to ``YES'' if you want to run a	zfs scrub periodi-
	     cally.

	 daily_scrub_zfs_pools
	     (str) A space separated list of names of zfs pools	to scrub.  If
	     the list is empty or not set, all zfs pools are scrubbed.

	 daily_scrub_zfs_default_threshold
	     (int) Number of days between a scrub if no	pool-specific thresh-
	     old is set.  If not set, the default value	is 35, corresponding
	     to	5 weeks.

	 daily_scrub_zfs_<poolname>_threshold
	     (int) The same as daily_scrub_zfs_default_threshold but specific
	     to	the pool <poolname>.

	 daily_local
	     (str) Set to a list of extra scripts that should be run after all
	     other daily scripts.  All scripts must be absolute	path names.

     The following variables are used by the standard scripts that reside in
     /etc/periodic/weekly:

	 weekly_locate_enable
	     (bool) Set	to ``YES'' if you want to run
	     /usr/libexec/locate.updatedb.  This script	is run using nice -5
	     as	user ``nobody'', and generates the table used by the locate(1)
	     command.

	 weekly_whatis_enable
	     (bool) Set	to ``YES'' if you want to run
	     /usr/libexec/makewhatis.local.  This script regenerates the data-
	     base used by the apropos(1) command.

	 weekly_catman_enable
	     (bool) Set	to ``YES'' if you want to run
	     /usr/libexec/catman.local.	 This script processes all out of date
	     manual pages, speeding up the man(1) command at the expense of
	     disk space.

	 weekly_noid_enable
	     (bool) Set	to ``YES'' if you want to locate orphaned files	on the
	     system.  An orphaned file is one with an invalid owner or group.

	 weekly_noid_dirs
	     (str) A list of directories under which orphaned files are
	     searched for.  This would usually be set to /.

	 weekly_status_security_enable
	     (bool) Weekly counterpart of daily_status_securiy_enable.

	 weekly_status_security_inline
	     (bool) Weekly counterpart of daily_status_securiy_inline.

	 weekly_status_security_output
	     (str) Weekly counterpart of daily_status_securiy_output.

	 weekly_status_pkg_enable
	     (bool) Set	to ``YES'' if you want to use pkg_version(1) to	list
	     installed packages	which are out of date.

	 pkg_version
	     (str) When	weekly_status_pkg_enable is set	to ``YES'', this vari-
	     able specifies the	program	that is	used to	determine the out of
	     date packages.  If	unset, the pkg_version(1) program is used.  As
	     an	example, this variable might be	set to ``portversion'' if the
	     ports/sysutils/portupgrade	port has been installed.

	 pkg_version_index
	     (str) This	variable specifies the INDEX file from /usr/ports that
	     should be used by pkg_version(1).	Because	the dependency tree
	     may be substantially different between versions of	FreeBSD, there
	     may be more than one INDEX	file in	/usr/ports.

	     Note, if the pkg_version variable is set to ``portversion'', it
	     will also be necessary to arrange that the	correct	INDEX file is
	     specified using environment variables and that pkg_version_index
	     is	cleared	in /etc/periodic.conf (``pkg_version_index='').

	 weekly_local
	     (str) Set to a list of extra scripts that should be run after all
	     other weekly scripts.  All	scripts	must be	absolute path names.

     The following variables are used by the standard scripts that reside in
     /etc/periodic/monthly:

	 monthly_accounting_enable
	     (bool) Set	to ``YES'' if you want to do login accounting using
	     the ac(8) command.

	 monthly_status_security_enable
	     (bool) Monthly counterpart	of daily_status_securiy_enable.

	 monthly_status_security_inline
	     (bool) Monthly counterpart	of daily_status_securiy_inline.

	 monthly_status_security_output
	     (str) Monthly counterpart of daily_status_securiy_output.

	 monthly_local
	     (str) Set to a list of extra scripts that should be run after all
	     other monthly scripts.  All scripts must be absolute path names.

     The following variables are used by the standard scripts that reside in
     /etc/periodic/security.  Those scripts are	usually	run from daily
     (daily_status_security_enable), weekly (weekly_status_security_enable),
     and monthly (monthly_status_security_enable) periodic hooks.  The
     ..._period	of each	script can be configured as ``daily'', ``weekly'',
     ``monthly'' or ``NO''.  Note that when periodic security scripts are run
     from crontab(5), they will	be always run unless their ..._enable or
     ..._period	variable is set	to ``''.

	 security_status_diff_flags
	     (str) Set to the arguments	to pass	to the diff(1) utility when
	     generating	differences.  The default is -b	-u.

	 security_status_chksetuid_enable
	     (bool) Set	to ``YES'' to compare the modes	and modification times
	     of	setuid executables with	the previous day's values.

	 security_status_chksetuid_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_chkportsum_enable
	     (bool) Set	to ``YES'' to verify checksums of all installed	pack-
	     ages against the known checksums in /var/db/pkg.

	 security_status_chkportsum_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_neggrpperm_enable
	     (bool) Set	to ``YES'' to check for	files where the	group of a
	     file has less permissions than the	world at large.	 When users
	     are in more than 14 supplemental groups these negative permis-
	     sions may not be enforced via NFS shares.

	 security_status_neggrpperm_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_chkmounts_enable
	     (bool) Set	to ``YES'' to check for	changes	mounted	file systems
	     to	the previous day's values.

	 security_status_chkmounts_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_noamd
	     (bool) Set	to ``YES'' if you want to ignore amd(8)	mounts when
	     comparing against yesterday's file	system mounts in the
	     security_status_chkmounts_enable check.

	 security_status_chkuid0_enable
	     (bool) Set	to ``YES'' to check /etc/master.passwd for accounts
	     with UID 0.

	 security_status_chkuid0_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_passwdless_enable
	     (bool) Set	to ``YES'' to check /etc/master.passwd for accounts
	     with empty	passwords.

	 security_status_passwdless_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_logincheck_enable
	     (bool) Set	to ``YES'' to check /etc/login.conf ownership, see
	     login.conf(5) for more information.

	 security_status_logincheck_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_ipfwdenied_enable
	     (bool) Set	to ``YES'' to show log entries for packets denied by
	     ipfw(8) since yesterday's check.

	 security_status_ipfwdenied_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_ipfdenied_enable
	     (bool) Set	to ``YES'' to show log entries for packets denied by
	     ipf(8) since yesterday's check.

	 security_status_ipfdenied_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_pfdenied_enable
	     (bool) Set	to ``YES'' to show log entries for packets denied by
	     pf(4) since yesterday's check.

	 security_status_pfdenied_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_ipfwlimit_enable
	     (bool) Set	to ``YES'' to display ipfw(8) rules that have reached
	     their verbosity limit.

	 security_status_ipfwlimit_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_kernelmsg_enable
	     (bool) Set	to ``YES'' to show new dmesg(8)	entries	since yester-
	     day's check.

	 security_status_kernelmsg_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_loginfail_enable
	     (bool) Set	to ``YES'' to display failed logins from
	     /var/log/messages in the previous day.

	 security_status_loginfail_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

	 security_status_tcpwrap_enable
	     (bool) Set	to ``YES'' to display connections denied by tcpwrap-
	     pers (see hosts_access(5))	from /var/log/messages during the pre-
	     vious day.

	 security_status_tcpwrap_period
	     (str) Set to either ``daily'', ``weekly'',	``monthly'' or ``NO''.

FILES
     /etc/defaults/periodic.conf  The default configuration file.  This	file
				  contains all default variables and values.

     /etc/periodic.conf		  The usual system specific variable override
				  file.

     /etc/periodic.conf.local	  An additional	override file, useful when
				  /etc/periodic.conf is	shared or distributed.

SEE ALSO
     apropos(1), calendar(1), df(1), diff(1), gzip(1), locate(1), man(1),
     msgs(1), netstat(1), nice(1), pkg_version(1), login.conf(5), rc.conf(5),
     ac(8), chkgrp(8), dump(8),	newsyslog(8), periodic(8), sendmail(8)

HISTORY
     The periodic.conf file appeared in	FreeBSD	4.1.

AUTHORS
     Brian Somers <brian@Awfulhak.org>

FreeBSD	10.1			 May 30, 2012			  FreeBSD 10.1

NAME | DESCRIPTION | FILES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=periodic.conf&manpath=FreeBSD+10.0-RELEASE>

home | help