#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-10; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -Ceuo pipefail

printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"

cp -u /etc/security/limits.conf /root/.ciss/cdlb/backup/limits.conf.bak
chmod 0644 /root/.ciss/cdlb/backup/limits.conf.bak

### Comment any existing active core settings to avoid conflicts, both soft/hard, any domain including "*".
sed -i -E '
/^[[:space:]]*\*[[:space:]]+soft[[:space:]]+core[[:space:]]+0[[:space:]]*$/d
/^[[:space:]]*\*[[:space:]]+hard[[:space:]]+core[[:space:]]+0[[:space:]]*$/d
/^[[:space:]]*#\*               soft    core            0$/d
/^[[:space:]]*#root            hard    core            100000$/d
/^[[:space:]]*#\*               hard    rss             10000$/d
/^[[:space:]]*#@student        hard    nproc           20$/d
/^[[:space:]]*#@faculty        soft    nproc           20$/d
/^[[:space:]]*#@faculty        hard    nproc           50$/d
/^[[:space:]]*#ftp             hard    nproc           0$/d
/^[[:space:]]*#ftp             -       chroot          \/ftp$/d
/^[[:space:]]*#@student        -       maxlogins       4$/d
/^[[:space:]]*# End of file/i\
*               soft    core            0\
*               hard    core            0
' /etc/security/limits.conf

mkdir -p /etc/systemd/coredump.conf.d
mkdir -p /etc/security/limits.d

cat << EOF >| /etc/security/limits.d/9999-ciss-coredump-disable.conf
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-10; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

*               soft    core            0
*               hard    core            0
root            soft    core            0
root            hard    core            0

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
chmod 0644 /etc/security/limits.d/9999-ciss-coredump-disable.conf

cat << EOF >| /etc/systemd/coredump.conf.d/9999-ciss-coredump-disable.conf
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-10; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

[Coredump]
Storage=none
ProcessSizeMax=0
ExternalSizeMax=0
JournalSizeMax=0
MaxUse=0
KeepFree=0

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
chmod 0644 /etc/systemd/coredump.conf.d/9999-ciss-coredump-disable.conf

printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"

exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh