Sunday, April 12, 2015

Configuring the FreeBSD Periodic Subsystem

As mentioned in the post about the daily periodic script there are some scripts that run daily to clean up various legacy subsystems. Some system administrators may not wish to run these scripts and view them as unnecessary. FreeBSD provides an easy way to modify the behaviour of the periodic subsystem through a simple configuration file.

From the earlier post, it was noted that the system announcements and rwho sub-system are somewhat legacy and probably not used (or even enabled) on modern installations. Particularly on servers that are not intended for end-user login. 

The syntax of the file is very simple and follows the same structure as /etc/rc.conf on FreeBSD. Lines that begin with a pound/hash symbol (#) are treated as comments. Blank lines are ignored. All other lines follow the variable=value syntax. The /etc/periodic.conf file should contain only overrides of the default values found in /etc/defaults/periodic.conf.


# Local configuration for periodic sub-system.
# This file overrides /etc/defaults/periodic.conf
# for more information: man periodic.conf

# disable archaic system messages cleanup since it is not in-use

# disable rwho database cleanup since the rwho daemon isn't running

# enable daily cleanup of /tmp

The above example of a customized periodic.conf file makes three changes to the defaults:

  • disables the section in the daily output entitled, "Cleaning out old system announcements:"
  • disables the section in the daily output entitled, "Removing stale files from /var/rwho:"
  • enables a section "Removing old temporary files:"
The first two were mentioned in the earlier post as being legacy and probably not in-use. The server is not intended for end-user login and the administrator does not make use of the system announcements sub-system (part of the mail subsystem) and so there will not be any system announcements to clean. The rwho daemon (rwhod) is not enables so there will not be any entries in /var/rwho. Thus on this particular system, it should be safe to disable these two daily scripts.

The third change is to enable cleanup of /tmp. This is probably not needed on a system without end-user access because only applications, scripts, and the system administrator should ever be using the /tmp filesystem. It is possible that some application or script may not behave properly and could leave files in /tmp when they are no longer needed. The system administrator might similarly forget to clean-up. Thus the periodic script has been enabled to keep things tidy.

The daily tmp cleanup script will, by default, remove any files found in /tmp that are more than 3 days old. This period can be adjusted by setting the daily_clean_tmps_days variable in /etc/periodic.conf


In the default state, FreeBSD's periodic sub-system is pretty well self maintaining and does a reasonable job at trying to keep the system clean as well as providing backups of key system files and providing the system administrator with daily reports. Although adjustments may not be needed in many circumstances, a system administrator will find value in understanding how to make changes to this sub-system when the need arises.

Sunday, April 5, 2015

FreeBSD Weekly and Monthly Maintenance Reports

This post will cover both the weekly and the monthly periodic reports because these are both short and they are primarily automated system maintenance activities.

Weekly Run Output

Rebuilding locate database:

Rebuilding whatis database:

You may notice there are only two entries in the weekly run and they are both blank. As with the other periodic report sections that are usually blank, if you see something in the output section, you need to figure out what broke and try to fix it.

The locate command is used to find publicly accessible files by their name. This could be used by a system administrator to figure out where a specific executable is stored. Different UNIX and UNIX-like operating systems may put the same command in different places. In the case of FreeBSD you may even find the same command in multiple location depending on how it was installed.

The whatis command provides a short summary of the function or purpose of an executable on the system. It does this by extracting the short description from the man pages. You won't get any output from whatis without an appropriate man page.

Monthly Run Output

Doing login accounting:
total                               92.11
a_user                              89.75
root                                 2.36

The monthly periodic output is a report of the number of hours spent on the system per-user. Back in the days of shared systems with connection billing, this was one way that the bills were calculated. It may still be used today but probably very rarely.

It does, however, make a nice simple monthly check to see if someone may be using your system without your permission. If you see user accounts that shouldn't be active or unusually large numbers associated with a specific user it could be time to do a little investigating.


There is quite a bit of legacy reporting and maintenance activities going on in the periodic jobs that FreeBSD includes as part of the base installation. Much of this is probably not used very often and could be disabled. This decision should be left up to the system administrators and/or the corporate security and build policy if such exists in the organization.

It is worthwhile for system administrators to understand the periodic subsystem. Up to this point we have looked at the defaults. There are configuration options that can be made to disable some of these defaults and to enable additional actions that are not enabled in the base installation.