An introduction to periodic(8)

This post provides an introduction to the periodic(8) utility on FreeBSD.

Background

On FreeBSD the periodic(8) utility is run regularly via /etc/crontab – and it provides a framework where recurring system maintainance tasks can be organized into three categories: daily, weekly, and monthly scripts.

The periodic daily, periodic weekly, and periodic monthly commands execute a category of scripts from the command-line – and this matches how periodic(8) is executed from /etc/crontab as well.

Each category exists as a subdirectory under /etc/periodic/ and each subdirectory contains a collection of shell scripts that are to be executed by periodic(8). By default FreeBSD ships with its own set of scripts but your own scripts can also be added to these directories. The only requirement is that the scripts must be executable.

Last but not least, there is a fourth category of scripts known as security scripts. Similar to other categories, they exist under /etc/periodic/security/ but unlike the other categories, security scripts are run at every interval (daily, weekly, and monthly) and have a separate set of variables that control how their output is logged.

Logging via mail

We can configure periodic(8) through the /etc/periodic.conf file.

We can define variables that control where the output of the daily, weekly, and monthly scripts are sent. By default the output is sent to the root user, but let's change that to a separate user account called periodic (this account would have to be created first):

daily_output="periodic"
weekly_output="periodic"
monthly_output="periodic"

The daily, weekly, and monthly commands run the security scripts via /etc/periodic/(daily|weekly|monthly)/450.status-security but the output of the security scripts is controlled by a separate set of variables that should also be updated:

daily_status_security_output="periodic"
weekly_status_security_output="periodic"
monthly_status_security_output="periodic"

Logging via file

An alternative to mailing output to a specific set of user(s) is to send the output to a file. This can be done by setting the (daily|weekly|monthly)_output variables to an absolute path. This approach avoids sending mail to a user and instead writes the output to a file:

daily_output="/var/log/daily.log"
weekly_output="/var/log/weekly.log"
monthly_output="/var/log/monthly.log"

Similar to how we can redirect the output of the daily, weekly, and monthly scripts to a file, we can also redirect the output of the security scripts to a file:

daily_status_security_output="/var/log/daily-security.log"
weekly_status_security_output="/var/log/weekly-security.log"
monthly_status_security_output="/var/log/monthly-security.log"

Conclusion

We can conclude that the periodic(8) utility is a powerful tool to have in a system administrator's toolbox :)