-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathemergency_residue_cleanup.sh
125 lines (97 loc) · 4.02 KB
/
emergency_residue_cleanup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/bash
####################################################################
### This script runs in the background of a residue free session ###
### If ResidueFree unexpectedly exits, this runs an emergency ###
### cleanup process. Not a perfect cleanup process, but eliminates #
### residue. SHOULD NOT RUN UNDER MOST TO ALL CIRCUMSTANCES ###
####################################################################
# Kill this cleanup script if expected signal recieved from ResidueFree.sh
disarm()
{
#echo "signal exiting"
exit 0
}
KEEP_DIR=$2
MODE=$3
OUTPUT=$4
ENVFILE=$5
JOURNAL_STORAGE=$6
PULSE_CONF="/home/$SUDO_USER/.config/pulse/client.conf"
UPDATEDB_CONF="/etc/updatedb.conf"
MAINTAIN="False"
ZIP="False"
DIRS=("bin" "boot" "cdrom" "etc" "home" "lib" "lib64" "lost+found" "media" "opt" "root" "run" "sbin" \
"srv" "sys" "tmp" "usr" "var")
cleanup()
{
/bin/echo "EMERGENCY CLEANUP. /etc/fstab, /etc/updatedb.conf, and pulse config file may not revert properly."
#Stop and remove container (in case docker run fails)
/usr/bin/docker stop residue >/dev/null 2>&1
/usr/bin/docker rm residue >/dev/null 2>&1
#If user specified files to preserve, copy them to "residue files" folder on Desktop. Keep owners, remove timestamps
if [ "$(/bin/ls -A $KEEP_DIR)" ]; then
/bin/mkdir /home/$SUDO_USER/Desktop/residue\ files 2>/dev/null;
/bin/cp -r --backup=numbered --preserve=ownership --no-preserve=timestamps \
$KEEP_DIR/* /home/$SUDO_USER/Desktop/residue\ files
fi
#If privacy mode, remount original FS remove cache contents, overwrite with junk, and delete cache.
if [ $MODE == "PRIVACY" ] ; then
/bin/umount -lf $OUTPUT 2>/dev/null #Unmount ecryptfs
/bin/umount -lf $OUTPUT 2>/dev/null #Unmount tmpfs
/bin/rm -rf $OUTPUT 2>/dev/null #Remove everything
#If forensic mode, change owner to user and remove execute bit on all files
else
/bin/umount -lf $OUTPUT 2>/dev/null
/bin/chown -R $SUDO_UID:$SUDO_GID $OUTPUT
/usr/bin/find $OUTPUT -type f -exec /bin/chmod -x {} \;
#Remove subdirectories w/o written files, unless -m used
if [ $MAINTAIN == "FALSE" ] ; then
for dir in ${DIRS[@]}; do
/bin/rmdir $OUTPUT/$dir 2>/dev/null
done
fi
#If -z used, convert OUTPUT to a zip archive
if [ $ZIP == "TRUE" ] ; then
/usr/bin/zip -r $OUTPUT.zip $OUTPUT >/dev/null
/bin/rm -rf $OUTPUT 2>/dev/null
/bin/chown $SUDO_USER:$SUDO_USER $OUTPUT.zip
fi
fi
#Remove user_env
/bin/rm -f $ENVFILE
#Unmount and remove contents of all union directories
for dir in ${DIRS[@]}; do
/bin/umount -lf /mnt/n$dir 2>/dev/null
/bin/rm -rf /mnt/n$dir 2>/dev/null
done
#Restore updatedb.conf to no longer include ResidueFree directories
#/bin/sed -i "/PRUNEPATHS/s/$PRUNE_LAST /$PRUNE_LAST\"\n/" $UPDATEDB_CONF && /bin/sed -i "/\/mnt\/nbin \/mnt\/n/d" $UPDATEDB_CONF
#Restore write access to mlocate files
for file in /var/lib/mlocate/*; do
/bin/chmod 660 $file
done
### Restore daemons and system services ###
# Runs in background to re-enable gnome state tracker after five minutes
/bin/bash ./restore_appstate.sh &
/bin/rm $PULSE_CONF
## Restart user daemons
/bin/su -c "/usr/bin/pulseaudio --start --log-target=syslog" $SUDO_USER
/bin/su -c "/usr/bin/gnome-keyring-daemon --daemonize --login &" $SUDO_USER
/bin/su -c "/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets &" $SUDO_USER
## Revert and restart system daemons
/bin/sed -i "s/Storage=none/$JOURNAL_STORAGE/" /etc/systemd/journald.conf
/bin/systemctl restart systemd-journald.service
# Messages in kernel buffer will write to kern.log once syslog turns back on. Have them write to /dev/null.
/bin/mv /var/log/kern.log /var/log/kern.log.bk
/bin/ln -s /dev/null /var/log/kern.log
/bin/systemctl start syslog.socket
/bin/systemctl start syslog.service &&
/bin/rm /var/log/kern.log
/bin/mv /var/log/kern.log.bk /var/log/kern.log
exit 1
}
## End Cleanup
# If program recieves the "disarm" signal from ResidueFree, it does not run.
trap disarm USR1
# Otherwise it waits for ResidueFree to die then runs cleanup
tail --pid=$1 -f /dev/null && echo "emergency cleanup" && cleanup