source: pkg/security/vinnie/main/exim4/trunk/debian/exim4-base.cron.daily @ 7377

Revision 7377, 4.0 KB checked in by alanbach-guest, 3 years ago (diff)
  • Added exim4 to Vinnie security
Line 
1#!/bin/sh
2
3if [ -n "$EX4DEBUG" ]; then
4  echo "now debugging $0 $@"
5  set -x
6fi
7
8
9# set this to some other value if you don't want the panic log to be
10# watched by this script, for example when you're using your own log
11# checking mechanisms or don't care.
12
13E4BCD_DAILY_REPORT_TO=""
14E4BCD_DAILY_REPORT_OPTIONS=""
15E4BCD_WATCH_PANICLOG="yes"
16# Number of lines of paniclog quoted in warning email.
17E4BCD_PANICLOG_LINES="10"
18E4BCD_PANICLOG_NOISE=""
19
20# Only do anything if exim4 is actually installed
21if [ ! -x /usr/lib/exim4/exim4 ]; then
22  exit 0
23fi
24
25[ -f /etc/default/exim4 ] && . /etc/default/exim4
26
27SPOOLDIR="$(exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')"
28
29# The log processing code used in this cron script is not very
30# sophisticated. It relies on this cron job being executed earlier than
31# the log rotation job, and will have false results if the log is not
32# rotated exactly once daily in the daily cron processing. Even in the
33# default configuration, it will ignore log entries made between this
34# cron job and the log rotation job.
35
36# Patches for more sophisticated processing are appreciated via the
37# Debian BTS.
38
39E4BCD_MAINLOG_NOISE="^[[:digit:][:space:]:-]\{20\}\(\(Start\|End\) queue run: pid=[[:digit:]]\+\|exim [[:digit:]\.]\+ daemon started: pid=[[:digit:]]\+, .*\)$"
40
41if [ -n "$E4BCD_DAILY_REPORT_TO" ]; then
42  if [ -x "$(command -v eximstats)" ] && [ -x "$(command -v mail)" ]; then
43    if [ "$(< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" | wc -l)" -gt "0" ]; then
44      < /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" \
45                | eximstats $E4BCD_DAILY_REPORT_OPTIONS \
46                | mail $E4BCD_DAILY_REPORT_TO -s"$(hostname --fqdn) Daily e-mail activity report"
47    else
48      echo "no mail activity in this interval" \
49                | mail $E4BCD_DAILY_REPORT_TO -s"$(hostname --fqdn) Daily e-mail activity report"
50    fi
51  else
52    echo "The exim4 cron job is configured to send a daily report, but eximstats"
53    echo "and/or mail cannot be found. Please check and make sure that these two"
54    echo "binaries are available"
55  fi
56fi
57
58log_this() {
59  TEXT="$@"
60  if ! logger -t exim4 -p mail.alert $TEXT; then
61    RET="$?"
62    echo >&2 "ALERT: could not syslog $TEXT, logger return value $RET"
63  fi
64}
65
66if [ "$E4BCD_WATCH_PANICLOG" != "no" ]; then
67  if [ -s "/var/log/exim4/paniclog" ]; then
68    if [ -x "/usr/local/lib/exim4/nonzero_paniclog_hook" ]; then
69      /usr/local/lib/exim4/nonzero_paniclog_hook
70    fi
71    if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
72      log_this "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken"
73      if ! printf "Subject: exim paniclog on %s has non-zero size\nTo: root\n\nexim paniclog /var/log/exim4/paniclog on %s has non-zero size, mail system might be broken. The last ${E4BCD_PANICLOG_LINES} lines are quoted below.\n\n%s\n" \
74      "$(hostname --fqdn)" "$(hostname --fqdn)" \
75      "$(tail -n "${E4BCD_PANICLOG_LINES}" /var/log/exim4/paniclog)" \
76      | exim4 root; then
77        log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
78      fi
79      if [ "$E4BCD_WATCH_PANICLOG" = "once" ]; then
80        logrotate -f /etc/logrotate.d/exim4-paniclog
81      fi
82    fi
83  fi
84fi
85
86# run tidydb as Debian-exim:Debian-exim.
87if [ -x /usr/sbin/exim_tidydb ]; then
88  cd $SPOOLDIR/db || exit 1
89  if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
90    -or -type f -printf '%f\0' | \
91      xargs -0r -n 1 \
92      start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
93      --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
94    # if we reach this, invoking exim_tidydb from start-stop-daemon has
95    # failed, most probably because of libpam-tmpdir being in use
96    # (see #373786 and #376165)
97    find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
98    -or -type f -printf '%f\0' | \
99    su - --shell /bin/bash \
100         --command "xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \
101         Debian-exim
102  fi
103fi
Note: See TracBrowser for help on using the repository browser.