FreeBSD: periodic(8)

Report of an interesting exploration today, in the FreeBSD world.

Running some system administration task on a daily basis is quite easy under
UNIX likes.  In short, cron(8) is your friend.

I found that FreeBSD provides an abstraction over bare-bones cron(8),
exposing endpoints for running jobs on a daily/weekly/monthly basis.
The abstraction is called 'periodic'.  It is very similar to the
/etc/cron.{daily,hourly,monthly,weekly} thing that can be found under
GNU/Linux.

The general idea, on both operating systems, is that the user can save
multiple scripts under the relevant directory in order to have them
periodically executed.  From the software distribution perspective this
approach scales much better than writing onto a crontab.  Individual
packages can in fact 'own' one or more periodic scripts, whereas the
crontab would instead need to be accessed by some post-installation hook.

The FreeBSD periodic(8) manpage is very clear, so there's no need for
a tutorial about it.

I like how the abstraction allows to decide what to do with the output
of the installed scripts.  The exit value will determine if the logged
lines should be discarded or saved, while the periodic(8) configuration
determines if how they are saved: they can either be written on a log
file, or sent via local email.  In the first case the syslog daemon
must be aware of the log file, for it to be rotated.  In the second case
sendmail(8) must be running.

The whole set-up can be easily tested by running `periodic DIRNAME`
where DIRNAME corresponds to a directory under /etc/periodic/ or
/usr/local/etc/periodic.  For example, `periodic daily` will run the
daily tasks immediately.

By default, the comulative output of all scripts in a directory (e.g.
/etc/periodic/daily) will end up in one email, locally delivered to the
root user.

I've noticed how the output produced by the security checks is aggregated
into a separate email, even if it is executed as part of the `periodic
daily` routine.  This is neatly implementd by grouping all the security
scripts in a dedicated directory under /etc/periodic, and by invoking
`periodic security` from script under /etc/periodic/daily/ (it is called
450.status-security).

What a lovely operating system.