corekeeper-1.5/0000755000000000000000000000000012243540176010375 5ustar corekeeper-1.5/debian/0000755000000000000000000000000012243540421011610 5ustar corekeeper-1.5/debian/corekeeper.dirs0000644000000000000000000000004112243540040014607 0ustar /var/crash /var/cache/corekeeper corekeeper-1.5/debian/corekeeper.install.kfreebsd0000644000000000000000000000015012136147443017114 0ustar debian/limits/corekeeper.conf etc/security/limits.d debian/sysctl-kfreebsd/corekeeper.conf etc/sysctl.d corekeeper-1.5/debian/corekeeper.lintian-overrides0000644000000000000000000000034312243540056017320 0ustar # /var/crash is intentionally world-writable to allow for # centralized core dumps. non-standard-dir-perm # The postrm script checks if systemd is running before # using the systemctl command maintainer-script-calls-systemctl corekeeper-1.5/debian/corekeeper.install.linux0000644000000000000000000000020412136161341016457 0ustar debian/limits/corekeeper.conf etc/security/limits.d debian/sysctl-linux/corekeeper.conf etc/sysctl.d debian/dump usr/lib/corekeeper corekeeper-1.5/debian/limits/0000755000000000000000000000000012047150101013103 5ustar corekeeper-1.5/debian/limits/corekeeper.conf0000644000000000000000000000005412047151277016114 0ustar * soft core unlimited * hard core unlimited corekeeper-1.5/debian/dump0000644000000000000000000000376612136161361012517 0ustar #!/bin/sh # Copyright 2013 Paul Wise # # Permission to use, copy, modify, and/or distribute this software for # any purpose with or without fee is hereby granted, provided that the # above copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND I DISCLAIM ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL I BE LIABLE FOR ANY # SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # corekeeper dump adds some extra privacy on Linux multi-user systems # by putting core files into per-user directories. This is needed # because Linux does not create directories when dumping core files # and it is apparently painful to do that from within Linux. # # Thanks for the security audit go to Kees Cook ! set -e if [ "$(id -u)" != "0" ]; then echo "This script must be run as root" 1>&2 exit 1 fi # Check how many arguments the kernel sent us. if [ $# -eq 2 ] ; then # Awww, old kernel that does not support %d # Cannot set the core file owner safely, use root # See v3.6-6800-g12a2b4b in linux.git for more info uid="$1" core="$2" owner="0" elif [ $# -eq 3 ] ; then # Yay! A kernel that does support %d uid="$2" core="$3" owner="$2" # Set the core file owner safely if [ $1 -eq 2 ] ; then owner="0" fi else # Something is majorly broken. echo "This script should be run with three arguments and a core file on stdin" 1>&2 exit 1 fi # The exclamation marks are shell metacharacters core="$(echo "$core" | tr '!' '-')" umask 0077 mkdir -p "/var/crash/$owner" chown "$owner" "/var/crash/$owner" owner="$owner" core="$core" \ su -s /bin/sh -c '/bin/cat > /var/crash/"$owner"/"$core"' \ "$(getent passwd "$owner" | cut -d: -f1)" corekeeper-1.5/debian/copyright0000644000000000000000000000175412243540051013551 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: corekeeper Upstream-Contact: Paul Wise Source: git://anonscm.debian.org/collab-maint/corekeeper.git Comment: original package by Ben Pfaff has been rewritten Files: * Copyright: 2013 Paul Wise License: ISC Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. . THE SOFTWARE IS PROVIDED "AS IS" AND I DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL I BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. corekeeper-1.5/debian/sysctl-linux/0000755000000000000000000000000012136151110014260 5ustar corekeeper-1.5/debian/sysctl-linux/corekeeper.conf0000644000000000000000000000116612144163773017300 0ustar # Linux support for corekeeper # corekeeper dump adds privacy for multi-user systems. # Only root can see what software crashed for other users. # Non-root users can see that something crashed, no way to fix that. # It requires Linux 3.7-rc1, see v3.6-6800-g12a2b4b in linux.git for info. # If you use it with an earlier kernel then only root can access core dumps. # If you don't want to use it, comment core_pattern below and uncomment this: #kernel.core_pattern = /var/crash/%p-%u-%g-%s-%t-%h-%E.core kernel.core_pattern = |/usr/lib/corekeeper/dump %d %u %p-%u-%g-%s-%t-%h-%E.core kernel.core_uses_pid = 1 fs.suid_dumpable = 2 corekeeper-1.5/debian/corekeeper.postinst.linux0000644000000000000000000000021312136150772016702 0ustar #!/bin/sh set -e # Activate the sysctl settings [ $1 != configure ] || sysctl --quiet --load="/etc/sysctl.d/corekeeper.conf" #DEBHELPER# corekeeper-1.5/debian/changelog0000644000000000000000000000521312243540215013464 0ustar corekeeper (1.5) unstable; urgency=low * Print new cores, deleted cores then old cores * Don't use systemctl unless systemd is running as init * Bump debhelper compat to 9 * Fix typo: extra -a in the call to test * Bump Standards-Version, no changes needed -- Paul Wise Thu, 21 Nov 2013 08:28:22 +0800 corekeeper (1.4) unstable; urgency=low * Set core patterns before setuid options (Closes: #708128) -- Paul Wise Sat, 25 May 2013 16:42:16 +0800 corekeeper (1.3) unstable; urgency=low * Fix purging the package (Closes: #706372) -- Paul Wise Mon, 29 Apr 2013 17:47:54 +0800 corekeeper (1.2) unstable; urgency=low * Bump version number higher than the previous package in Debian * Fix a typo in the postinst script -- Paul Wise Thu, 25 Apr 2013 19:30:02 +0800 corekeeper (1.1) unstable; urgency=low [ Ben Pfaff ] * Eliminate dependency on tmpreaper, by deleting stale core files from /var/log/core by hand. (incidentally Closes: #603360) * debian/copyright: Fix punctuation. * Properly implement Lintian override for directory permissions. * Switch from an init script to sysctl (from Paul Wise ). [ Paul Wise ] * Re-upload to Debian (Closes: #695901) * Change the maintainer to me, Ben doesn't have time * Moved the git repository to collab-maint * Use maintscript support from dh_installdeb for maintainer scripts * Package complies with policy 3.9.4 * Use dh --parallel * Add support for kFreeBSD (Closes: #602946) * Use the full path to the executable * Use less commands in the cron job * Hide core filenames for privacy on multi-user systems * Exit the cron job when the package has been removed but not purged * Activate the sysctl settings on package installation and upgrade on Linux * Re-write the package description * The packaging has been completely rewritten, update copyright * Delete all remaining core files and directories on removal and purge * Switch from /var/log/core to the more FHS compliant /var/crash * Do not use shell metacharacters in core filenames * Name the core files *.core to differentiate them from other files in /var/crash like Linux kernel crashdumps. * Move corekeeper-dump to /var/lib since it is only run by the Linux kernel and not by any users or sysadmins. * Do as much as possible to turn off the effects of corekeeper when the package is removed or purged. -- Paul Wise Thu, 25 Apr 2013 17:16:11 +0800 corekeeper (1.0) unstable; urgency=low * Initial Release. -- Ben Pfaff Wed, 10 Nov 2010 10:03:37 -0800 corekeeper-1.5/debian/sysctl-kfreebsd/0000755000000000000000000000000012136151110014706 5ustar corekeeper-1.5/debian/sysctl-kfreebsd/corekeeper.conf0000644000000000000000000000046612144163650017722 0ustar # kFreeBSD support for corekeeper kern.corefile = /var/crash/%P-%U-%H-%N-%I.core kern.sugid_coredump = 1 # the FreeBSD kernel doesn't support: # piping core files to userspace programs # creating missing directories when needed # timestamps, paths and other useful stuff # Unfortunately that means no privacy. corekeeper-1.5/debian/source/0000755000000000000000000000000012047145550013116 5ustar corekeeper-1.5/debian/source/format0000644000000000000000000000001512047145550014325 0ustar 3.0 (native) corekeeper-1.5/debian/control0000644000000000000000000000253412243540152013220 0ustar Source: corekeeper Section: admin Priority: extra Maintainer: Paul Wise Build-Depends: debhelper (>= 9) Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/collab-maint/corekeeper.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/corekeeper.git Package: corekeeper Architecture: kfreebsd-any linux-any Pre-Depends: ${misc:Pre-Depends} Depends: lsb-base (>= 3.2-14) [kfreebsd-any], procps [linux-any], ${misc:Depends} Description: enable core files and report crashes to the sysadmin corekeeper enables core files, reports crashes to the sysadmin and deletes old core files after 7 days. . Core file dumping is enabled for all users, to restrict that, please remove or edit the config file at /etc/security/limits.d/corekeeper.conf . On Linux core files are written to private per-userid dirs in /var/crash. Linux 3.6 and earlier have an issue that means all core files are written to the directory for root. If your system is running Linux 3.6 or earlier and is single-user (or you don't care about the privacy of core file names), you can avoid this issue by editing /etc/sysctl.d/corekeeper.conf. . On kFreeBSD files are written to /var/crash, kernel limitations prevent core files from being written to private per-userid dirs. . To fully remove this package it needs to be purged and the system rebooted. corekeeper-1.5/debian/rules0000755000000000000000000000052312243110315012663 0ustar #!/usr/bin/make -f # -*- makefile -*- #export DH_VERBOSE=1 %: dh $@ --parallel script=debian/corekeeper/usr/lib/corekeeper/dump override_dh_fixperms: dh_fixperms chmod 1777 debian/corekeeper/var/crash if [ -e $(script) ] ; then chmod 0755 $(script) ; fi override_dh_installinit: dh_installinit --update-rcd-params='start 30 S .' corekeeper-1.5/debian/compat0000644000000000000000000000000212243540101013001 0ustar 9 corekeeper-1.5/debian/corekeeper.postrm0000644000000000000000000000132712243540130015202 0ustar #!/bin/sh set -e # Delete leftover core files when removing/purging [ $1 != purge -a $1 != remove ] || [ ! -d /var/crash ] || find /var/crash -name '*.core' -delete [ $1 != purge -a $1 != remove ] || [ ! -d /var/cache/corekeeper ] || find /var/cache/corekeeper -type f -delete # Turn off core dumps after remove/purge # Only after purge will they be fully turned off if [ $1 = purge -o $1 = remove ] ; then if [ -x /bin/systemctl -a -d /run/systemd/system/ ] ; then systemctl restart systemd-sysctl.service elif [ -x /etc/init.d/procps ] ; then invoke-rc.d procps reload elif [ -x /lib/freebsd/sysctl ] ; then /lib/freebsd/sysctl kern.sugid_coredump=0 /lib/freebsd/sysctl kern.corefile=%N.core fi fi #DEBHELPER# corekeeper-1.5/debian/corekeeper.cron.daily0000755000000000000000000000131412243540040015717 0ustar #!/bin/sh # In corekeeper, this is the only file outside /etc on all arches. # So this is the only file available to detect a purged package. if [ ! -e /usr/share/lintian/overrides/corekeeper ] ; then exit 0 fi cd /var/cache/corekeeper/ find /var/crash -name '*.core' \( \( -mtime +7 -delete -fprint /dev/stderr \) -o \( -print \) \) > next 2> deleted sort current current next | uniq -u > new sort deleted deleted new new next | uniq -u > old if [ -s new ] ; then echo 'New core file(s):' echo cat new echo fi if [ -s deleted ] ; then echo 'Deleted core file(s):' echo sort deleted echo fi if [ -s old ] ; then echo 'Old core file(s):' echo cat old echo fi rm -f deleted old new mv -f next current corekeeper-1.5/debian/corekeeper.init.kfreebsd0000644000000000000000000000227612136167663016432 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: corekeeper # Required-Start: $local_fs # Required-Stop: # Default-Start: S # Default-Stop: # Short-Description: enable core files and report crashes to the sysadmin # Description: This script simply enables sysctl values for corekeeper on kFreeBSD # because procps and freebsd-utils do not do this. ### END INIT INFO # Author: Paul Wise PATH=/sbin:/bin [ -x /lib/freebsd/sysctl ] || exit 0 [ -s /etc/sysctl.d/corekeeper.conf ] || exit 0 . /lib/init/vars.sh . /lib/lsb/init-functions if [ "$VERBOSE" != no ] ; then QUIET=-q fi case "$1" in start|restart|force-reload|reload) [ "$VERBOSE" != no ] && log_action_begin_msg "Applying corekeeper sysctl settings" STATUS=0 sed /etc/sysctl.d/corekeeper.conf -e "s/\( \|\t\)*//g" -e "/^#/d" -e "/^$/d" \ | (while read i ; do /lib/freebsd/sysctl $QUIET ${i} >/dev/null || STATUS=$? ; done) [ "$VERBOSE" != no ] && log_action_end_msg $STATUS ;; stop) /lib/freebsd/sysctl kern.sugid_coredump=0 /lib/freebsd/sysctl kern.corefile=%N.core ;; status) ;; *) echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac corekeeper-1.5/debian/corekeeper.maintscript.linux0000644000000000000000000000006312100120206017333 0ustar rm_conffile /etc/init.d/corekeeper 1.1~ corekeeper