# Automatic file scan?



## giorgiob (Dec 9, 2019)

I am using a raspberry-pi running FreeBSD 12.0 as a file server. I have attached two external USB disks to it.
Every morning (between 5 and 6 'o clock) I notice a lot of activity from the disks. I cannot explain this since
I cannot remember configuring any program that should run periodically.

My question is: is there any automatic service that runs every night that might explain the disk activity? Maybe
some default file scanner or something like that? I have searched the internet for "FreeBSD automatic file scan"
or "FreeBSD automatic file check" but I cannot find anything relevant.


----------



## Deleted member 30996 (Dec 9, 2019)

giorgiob said:


> My question is: is there any automatic service that runs every night that might explain the disk activity? Maybe
> some default file scanner or something like that? I have searched the internet for "FreeBSD automatic file scan" or "FreeBSD automatic file check" but I cannot find anything relevant.



I get a lot of CPU activity on my desktops at 3am when `cron` and security/rkhunter run nightly for my root security report.


----------



## SirDice (Dec 10, 2019)

giorgiob said:


> My question is: is there any automatic service that runs every night that might explain the disk activity?


There are a bunch of them actually. Look in /etc/periodic/daily/. These typically kickoff at 03:00h at night. See periodic(8).


----------



## ralphbsz (Dec 10, 2019)

Some candidates include ZFS doing a scrub (I don't think that's turned on by default), or updatedb/locate (which I think is by default weekly, not daily, but I'm not sure).


----------



## giorgiob (Jan 2, 2020)

Thanks a lot for the answers. I have disabled

    weekly_locate
    security_status_chksetuid

and a few other tasks that seem to scan all mounted filesystems. Since my servers are not reachable from the internet and I am the only user, I guess that should be OK.


----------



## giorgiob (Jan 2, 2020)

Trihexagonal said:


> I get a lot of CPU activity on my desktops at 3am when `cron` and security/rkhunter run nightly for my root security report.


Thanks for the hint.
I have looked for `rkhunter` on my system but I cannot find it. I can find port security/rkhunter but no installed executable. I guess this port / package is not installed by default?


----------



## Sevendogsbsd (Jan 2, 2020)

No ports or packages are installed by default. After installation of the OS, it is up to the user to install any other software needed.  The core (base) OS is separate from what is installed via ports or packages.

Forgot to add: pick one or the other: ports OR packages, not both or you will have issues. Personally, I would use packages because they are very easy.


----------



## Deleted member 30996 (Jan 2, 2020)

giorgiob said:


> I have looked for `rkhunter` on my system but I cannot find it. I can find port security/rkhunter but no installed executable.



Once you have it installed you can update your /etc/periodic.conf to have it run nightly and will tell you how to set it up in the closing screen of the build.

If you update certain ports it might show a warning that a file has changed and nothing to freak out about. It usually means you need to update the database by running `# rkhunter --propupd`.


----------

