[debian-edu-commits] debian-edu/ 02/02: Imported Upstream version 0.90
Alexander Alemayhu
ccscanf-guest at moszumanska.debian.org
Mon Jun 9 22:40:46 UTC 2014
This is an automated email from the git hooks/post-receive script.
ccscanf-guest pushed a commit to branch upstream
in repository killer.
commit 889f6813bcf4853dced27dbb59172a62edc7660d
Author: Alexander Alemayhu <alexander at bitraf.no>
Date: Tue Jun 10 00:19:12 2014 +0200
Imported Upstream version 0.90
---
COPYING | 339 +++++++++++++++
ChangeLog | 17 +
Makefile | 25 ++
killer | 1406 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 1787 insertions(+)
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..a43ea21
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ Appendix: How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..717bea7
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,17 @@
+Fri Mar 26 14:16:50 CST 1999 Mike Gerdts <gerdts at cae.wisc.edu
+
+ * Initial public release.
+
+ * Fixed bug that caused users to lose decendents of su(1).
+
+ * Fixed bug that caused users that logged in while it was between
+ stages of execution from being wrongly logged out.
+
+ * Added documentation
+
+August 1998 Mike Gerdts <gerdts at cae.wisc.edu>
+
+ * Initial in-house version completed (no version number). Based on
+ concepts from earlier versions known as bgjk, but free from
+ earlier version's code, algorithms, and shortcomings (I hope!).
+
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..451db93
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,25 @@
+SCRIPTNAME = killer
+
+# Man page information
+SECTION = 1
+RELEASE = " "
+CENTER = " "
+
+TARGETS = $(SCRIPTNAME).html $(SCRIPTNAME).$(SECTION) $(SCRIPTNAME).txt
+
+all: $(TARGETS)
+
+$(SCRIPTNAME).html: $(SCRIPTNAME)
+ pod2html $(SCRIPTNAME) --outfile=$@
+
+$(SCRIPTNAME).$(SECTION): $(SCRIPTNAME)
+ pod2man --section=$(SECTION) --release=$(RELEASE) --center=$(CENTER) $(SCRIPTNAME) > $@
+
+$(SCRIPTNAME).txt: $(SCRIPTNAME)
+ pod2text $(SCRIPTNAME) > $(SCRIPTNAME).txt
+
+clean:
+ -rm -f $(TARGETS) pod2html-*cache
+
+install:
+ @echo "You probably want to customize the script then copy it into place yourself." 1>&2
diff --git a/killer b/killer
new file mode 100755
index 0000000..1f95f2e
--- /dev/null
+++ b/killer
@@ -0,0 +1,1406 @@
+#! /usr/bin/perl -w
+
+# #############################################################################
+#
+# Copyright (C) 1999, 2000 Michael Gerdts (gerdts at cae.wisc.edu)
+#
+# This software was written to ease my work at the University of Wisconsin.
+# The University of Wisconsin may use this software under any terms that
+# they see fit. The use of an Open Source license, as recognized by the
+# Open Source Initiative (http://www.opensource.org/), is encouraged by the
+# author.
+#
+# As for everyone else:
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# #############################################################################
+
+my $version = "0.90";
+
+=head1 NAME
+
+killer - Background job killer
+
+=head1 SYNOPSIS
+
+killer [B<-h>] [B<-V>]
+
+=head1 DESCRIPTION
+
+I<killer> is a perl script that gets rid of background jobs. Background
+jobs are defined as processes that belong to users who are not currently
+logged into the machine. Jobs can be run in the background (and are
+expempt from I<killer>'s acctions) if their scheduling priority has been
+reduced by increasing their nice(1) value or if they are being run through
+I<condor>. For more details, see the I<PACKAGE main> section of this
+document.
+
+The following sections describe the perl(1) packages that make up the
+killer program. I don't expect that the version that works for me will
+work for everyone. I think that the ProcessTable and Terminals packages
+offer enough flexibility that most modifications can be done in the main
+package.
+
+Command line options
+
+=over 4
+
+=item -h
+
+Tell me how to get help
+
+=item -V
+
+Display version number
+
+=back
+
+=cut
+
+use strict;
+use Sys::Syslog;
+
+package ProcessTable;
+
+use Sys::Syslog;
+
+=head1 PACKAGE ProcessTable
+
+Each ProcessTable object contains hashes (or associative arrays) that map
+various aspects of a job to the process ID (PID). The following hashes are
+provided:
+
+=over 12
+
+=item pid2user
+
+Login name associated with the effective UID that the process is running
+as.
+
+=item pid2ruser
+
+Login name associate with the real UID that the process is running as.
+
+=item pid2uid
+
+Effective UID that the process is running as.
+
+=item pid2ruid
+
+Real UID that the process is running as.
+
+=item pid2tty
+
+Terminal associated with the process.
+
+=item pid2ppid
+
+Parent process of the process
+
+=item pid2nice
+
+nice(1) value of the process.
+
+=item pid2comm
+
+Command name of the process.
+
+=back
+
+Additionally, the %remainingprocs hash provides the list of processes that
+will be killed.
+
+The intended use of this package calls for I<readProcessTable> to be called
+to fill in all of the hashes defined above. Then, processes that meet
+specific requirements are removed from the %remainingprocs hash. Those
+that are not removed are considered to be background processes and may be
+killed.
+
+=cut
+
+# On HP-UX be sure that env var UNIX95 is defined for ps -o to work!
+my $pscmd = '/usr/bin/ps -e -o "user ruser uid ruid tty pid ppid nice comm"';
+
+my $errmsg;
+
+my %pid2user = (); # login name of effective uid
+my %pid2ruser = (); # login name of real user id
+my %pid2uid = (); # effective UID of user
+my %pid2ruid = (); # real UID of user
+my %pid2tty = (); # tty associated with process
+my %pid2ppid = (); # parent process ID
+my %pid2nice = (); # nice value
+my %pid2comm = (); # Command name being executed
+my %remainingprocs = (); # The processes that have not been eliminated
+
+=head2 new
+
+This function creates a new I<ProcessTable> object.
+
+Example:
+
+ my $ptable = new ProcessTable;
+
+=cut
+
+sub new {
+ my $this = shift;
+ my $class = ref($this) || $this;
+ my $self = {} ;
+ bless $self, $class;
+ $self->initialize();
+ $errmsg = "";
+ return $self;
+}
+
+=head2 initialize
+
+This function (re)initializes arrays and any environment variables for external
+commands. It generally will not need to be called, as it is invoked by
+new().
+
+Example:
+
+ # Empty out the process table for reuse
+ $ptable->initialize();
+
+=cut
+
+sub initialize() {
+ # This is required for ps(1) to work right on HP's
+ defined($ENV{UNIX95}) || ($ENV{UNIX95} = 1);
+
+ # Make sure that these are all empty...
+ %pid2user = (); # login name of effective uid
+ %pid2ruser = (); # login name of real user id
+ %pid2uid = (); # effective UID of user
+ %pid2ruid = (); # real UID of user
+ %pid2tty = (); # tty associated with process
+ %pid2ppid = (); # parent process ID
+ %pid2nice = (); # nice value
+ %pid2comm = (); # Command name being executed
+ %remainingprocs = (); # The processes that have not been eliminated
+ return;
+}
+
+=head2 readProcessTable
+
+This function executes the ps(1) command to figure out which processes are
+running. Note that it requires a SYSV style ps(1).
+
+Example:
+
+ # Get a list of processes from the OS
+ $ptable->readProcessTable();
+
+=cut
+
+sub readProcessTable {
+ my $self = shift;
+ my ($user, $ruser, $uid, $ruid, $tty, $pid, $ppid, $nice, $comm);
+
+ open ( PS, "$pscmd|" ) || do {
+ $errmsg = "\"$pscmd\" failed: $!";
+ return undef;
+ };
+
+ # skip the first line of input
+ <PS>;
+ while (<PS>) {
+ #print "\t$_";
+ chop;
+
+ # strip leading white space
+ $_ =~ s/^[ ]*//;
+
+ ($user, $ruser, $uid, $ruid, $tty, $pid, $ppid, $nice, $comm)
+ = split( /[ \t]+/, $_, 9 );
+
+ $pid2user{$pid} = $user;
+ $pid2ruser{$pid} = $ruser;
+ $pid2uid{$pid} = int $uid;
+ $pid2ruid{$pid} = int $ruid;
+ $pid2tty{$pid} = $tty;
+ $pid2ppid{$pid} = int $ppid;
+ $pid2nice{$pid} = $nice;
+ if ( defined $comm ) {
+ $pid2comm{$pid} = $comm;
+ } else {
+ $pid2comm{$pid} = '<defunct>';
+ }
+ $remainingprocs{$pid} = 1;
+ }
+
+ close(PS);
+}
+
+=head2 cleanForkBombs
+
+This function looks for a large number of processes owned by one user, and
+assumes that it is someone that is using fork() for the first time. An
+effective way to clean up such a mess is to "kill -STOP" each process then
+"kill -KILL" each process.
+
+Note this function ignores such mistakes by root. If root is running a
+fork(2) bomb, this script wouldn't run, right? Also, you should be sure
+that the number of processes mentioned below (490) is less (equal to would
+be better, right?) than the maximum number of processes per user. Also,
+the OS should have a process limit at least a couple hundred higher than
+any individual. Otherwise, you will have to use the power switch to get
+rid of fork bombs.
+
+Each time a process is sent a signal, it is logged via syslog(3C).
+
+Example:
+
+ # Get rid of fork bombs. Keep track of who did it in @idiots.
+ my @idiots = $ptable->cleanForkBombs();
+
+=cut
+
+sub cleanForkBombs {
+ my $self = shift;
+ my ( @procs, $pid, $user, @bombers);
+ @bombers = ();
+
+ foreach $user ( $self->getUsers() ) {
+ next if ( $user eq "root" );
+ @procs = $self->getUserProcessIds($user);
+ if ( $#procs > 490 ) {
+ # first send a SIGSTOP
+ foreach $pid ( @procs ) {
+ if ( kill(23, $pid) > 0 ) {
+ syslog('info', "kill(23, $pid) user=%s command=%s nice=%d",
+ $pid2ruser{$pid}, $pid2comm{$pid},
+ $pid2nice{$pid});
+ }
+ }
+ # next send a SIGKILL
+ foreach $pid ( @procs ) {
+ if ( kill(9, $pid) > 0 ) {
+ syslog('info', "kill(9, $pid) user=%s command=%s nice=%d",
+ $pid2ruser{$pid}, $pid2comm{$pid},
+ $pid2nice{$pid});
+ }
+ }
+ push @bombers, $user;
+ }
+ }
+ return(@bombers);
+}
+
+=head2 getUserProcessIds user
+
+This returns the list of process ID's where the login associated with the real
+UID of the process matches the argument to the function.
+
+Example:
+
+ # Find all processes owned by httpd
+ my @webservers = $ptable->getUserProcessIds('httpd');
+
+=cut
+
+sub getUserProcessIds($) {
+ my $self = shift;
+ my ($login) = @_;
+ my @pids = ();
+
+ my ( $key, $value );
+
+ while ( ($key, $value) = each(%pid2ruser) ) {
+ next unless ( $value eq $login );
+ push @pids, $key;
+ }
+ return(@pids);
+}
+
+=head2 getUniqueTtys
+
+This function returns a list of terminals in use. Note that the format
+will be the same as given by ps(1), which will generally lack the leading
+"/dev/".
+
+Example:
+
+ # Get a list of all terminals that processes are attached to
+ my @ttylist = $ptable->getUniqueTtys();
+
+=cut
+
+sub getUniqueTtys {
+ my $self = shift;
+
+ my %ttys;
+ my $tty;
+
+ foreach $tty ( keys %pid2tty ) {
+ $ttys{$tty} = 1;
+ }
+
+ return(keys %ttys);
+}
+
+=head2 removeProcessId pid
+
+This function removes pid from the list of processes to be killed. That
+is, it gets rid of a process that should be allowed to run. Most likely
+this will only be called by other functions in this package.
+
+Example:
+
+ # For some reason I know that PID 1234 should be allowed to run
+ $ptable->removeProcessId(1234);
+
+=cut
+
+sub removeProcessId($) {
+ my $self = shift;
+ my ($pid) = @_;
+
+ if (defined $remainingprocs{$pid} ) {
+ delete $remainingprocs{$pid}
+ }
+}
+
+=head2 removeProcesses psfield, psvalue
+
+This function removes processes that possess certain traits. For example,
+if you want to get rid of all processes owned by the user "lp" or all
+processes that have /dev/console as their controlling terminal, this is the
+function for you.
+
+psfield can be any of the following
+
+=over 8
+
+=item pid
+
+Removes process id given in second argument.
+
+=item user
+
+Removes processes with effective UID associated with login name given in
+second argument.
+
+=item ruser
+
+Removes processes with real UID associated with login name given in second
+argument.
+
+=item uid
+
+Removes processes with effective UID given in second argument.
+
+=item ruid
+
+Removes processes with real UID given in second argument.
+
+=item tty
+
+Removes processes with controlling terminal given in second argument. Note
+that it should NOT start with "/dev/".
+
+=item ppid
+
+Removes children of process with PID given in second argument.
+
+=item nice
+
+Removes children with a nice value equal to the second argument.
+
+=item comm
+
+Removes children with a command name that is the same as the second
+argument.
+
+=back
+
+Examples:
+
+ # Allow all imapd processes to run
+ $ptable->removeProcesses('comm', 'imapd');
+
+ # Be sure not to kill print jobs
+ $ptable->removeProcesses('ruser', 'lp');
+
+=cut
+
+sub removeProcesses($$) {
+ my $self = shift;
+ my ( $field, $value ) = @_;
+ my ( $pid );
+
+ SWITCH: {
+ ($field eq "pid") && do {
+ $self->removeProcessId($value);
+ last SWITCH;
+ };
+ ($field eq "user") && do {
+ foreach $pid ( keys %pid2user ) {
+ if ( $pid2user{$pid} eq $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "ruser") && do {
+ foreach $pid ( keys %pid2ruser ) {
+ if ( $pid2ruser{$pid} eq $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "uid") && do {
+ foreach $pid ( keys %pid2uid ) {
+ if ( $pid2uid{$pid} == $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "ruid") && do {
+ foreach $pid ( keys %pid2ruid ) {
+ if ( $pid2ruid{$pid} == $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "tty") && do {
+ foreach $pid ( keys %pid2tty ) {
+ if ( $pid2tty{$pid} eq $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "ppid") && do {
+ foreach $pid ( keys %pid2ppid ) {
+ if ( $pid2ppid{$pid} == $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "nice") && do {
+ foreach $pid ( keys %pid2nice ) {
+ if ( $pid2nice{$pid} eq $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ ($field eq "comm") && do {
+ foreach $pid ( keys %pid2comm ) {
+ if ( $pid2comm{$pid} eq $value ) {
+ $self->removeProcessId($pid);
+ }
+ }
+ last SWITCH;
+ };
+ };
+}
+
+=head2 removeChildren pid
+
+This function removes all decendents of the given pid. That is, if the pid
+argument is 1, it will ensure that nothing is killed.
+
+Example:
+
+ # Be sure not to kill off any mail deliveries (assumes you have
+ # written getSendmailPid()). (Sendmail changes uid when it does
+ # local delivery.)
+ $ptable->removeChildren(getSendmailPid);
+
+=cut
+
+sub removeChildren($) {
+ my $self = shift;
+ my ($ppid) = @_;
+ my ( @children);
+ my ( $child, $parent );
+
+ while ( ($child, $parent) = each(%pid2ppid) ) {
+ if ( $parent == $ppid ) {
+ push(@children, $child);
+ }
+ }
+ foreach $child ( @children ) {
+ $self->removeChildren($child);
+ $self->removeProcessId($child);
+ }
+}
+
+=head2 removeCondorChildren
+
+Condor is a batch job system that allows migration of jobs between
+machines (see http://www.cs.wisc.edu/condor/). This ensures that condor
+jobs are left alone.
+
+Example:
+
+ # Be nice to the people that are running their jobs through condor.
+ $ptable->removeCondorChildren();
+
+=cut
+
+sub removeCondorChildren {
+ my $self = shift;
+ my $pid;
+
+ foreach $pid ( keys %pid2comm ) {
+ # find the command with the right name
+ next unless ( $pid2comm{$pid} eq 'condor_master' );
+
+ # be sure that it is owned by root
+ next unless ( $pid2uid{$pid} == 0 );
+
+ # Remove all of its child processes
+ $self->removeChildren($pid);
+ };
+}
+
+=head2 findChildProcs pid
+
+This function finds and returns a list of all of the processess that are
+descendents of a the PID given in the first argument.
+
+Example:
+
+ # Find the processes that are decendents of PID 1234
+ my @procs = $ptable->findChildProcs(1234);
+
+=cut
+
+sub findChildProcs($) {
+ my $self = shift;
+ my ($ppid) = (@_);
+
+ my ( $child, $parent, @children, @returnchildren );
+
+ while ( ($child, $parent) = each(%pid2ppid) ) {
+ if ( $parent == $ppid ) {
+ push(@children, $child);
+ }
+ }
+ push ( @returnchildren, @children);
+ foreach $child ( @children ) {
+ push @returnchildren, $self->findChildProcs($child);
+ }
+ return(@returnchildren);
+}
+
+=head2 getTtys user
+
+This function returns a list of tty's that are in use by processes owned by
+a particular user.
+
+Example:
+
+ # find all tty's in use by gerdts.
+ my @ttylist = getTtys('gerdts');
+
+=cut
+
+sub getTtys ($) {
+ my $self = shift;
+ my ($user) = ( @_ );
+
+ my ( $pid, $login, %ttys );
+ while ( ($pid, $login ) = each(%pid2user) ) {
+ next unless ( $login eq $user );
+
+ $ttys{${pid2tty{$pid}}} = 1;
+ }
+
+ return (keys %ttys);
+}
+
+=head2 getUsers
+
+This function lists all the users that have active processes.
+
+Example:
+
+ # Get all users that are logged in
+ my @lusers = $ptable->getUsers()
+
+=cut
+
+sub getUsers() {
+ my $self = shift;
+
+ my ( $pid, $login, %logins );
+ while ( ($pid, $login) = each(%pid2user) ) {
+ $logins{$login} = 1;
+ }
+ return(keys %logins);
+}
+
+=head2 removeNiceJobs
+
+This function removes all jobs that have a nice value greater than 20.
+That is, they have a lower sceduling priority than the default.
+
+Example:
+
+ # Allow people to run background jobs so long as they yield to
+ # those with "foreground" jobs
+ $ptable->removeNiceJobs();
+
+=cut
+
+sub removeNiceJobs() {
+ my $self = shift;
+ my ( $key, $val );
+
+ while ( ($key, $val) = each(%pid2nice) ) {
+ # Get rid of things not in the "default" scheduling class
+ next unless ($val =~ /^[0-9]+$/);
+
+ if ( int($val) > 20 ) {
+ $self->removeProcessId($key);
+ }
+ }
+}
+
+=head2 printProcess filehandle, pid
+
+This function displays information about the process, kinda like "ps | grep"
+would.
+
+Example:
+
+ # Print info about init to STDERR
+ $ptable->printProcess(\*STDERR, 1);
+
+=cut
+
+sub printProcess($$) {
+ my $self = shift;
+ my ( $fh, $pid ) = @_;
+
+ printf $fh "%8s %8s %5d %5d %s\n", $pid2user{$pid}, $pid2ruser{$pid},
+ $pid, $pid2ppid{$pid}, $pid2comm{$pid};
+}
+
+=head2 printProcessTable
+
+=head2 printProcessTable filehandle
+
+This function prints info about all the processes discoverd by
+I<readProcessTable>. If an argument is given, it should be a file handle
+to which the output should be printed.
+
+Examples:
+
+ # Print the process table to stdout
+ $ptable->printProcessTable();
+
+ # Mail the process table to someone
+ open MAIL '|/usr/bin/mail someone';
+ $ptable->printProcessTable(\*MAIL);
+ close(MAIL);
+
+=cut
+
+sub printProcessTable {
+ my $self = shift;
+ my ( $fh ) = shift || \*STDOUT;
+ my $pid;
+
+ print $fh " user ruser pid ppid command\n";
+ print $fh "======== ======== ===== ===== =================================================\n";
+ foreach $pid ( sort keys %pid2comm ) {
+ $self->printProcess($fh, $pid);
+ }
+ print $fh "======== ======== ===== ===== =================================================\n";
+}
+
+=head2 printRemainingProcesses
+
+=head2 printRemainingProcesses filehandle
+
+This function prints info about all the processes discoverd by
+I<readProcessTable>, but not removed from %remainingprocs.
+If an argument is given, it should be a file handle
+to which the output should be printed.
+
+Examples:
+
+ # Print the jobs to be killed to stdout
+ $ptable->printRemainingProcesses();
+
+ # Mail the jobs to be killed to someone
+ open MAIL '|/usr/bin/mail someone';
+ $ptable->printRemainingProcesses(\*MAIL);
+ close(MAIL);
+
+=cut
+
+sub printRemainingProcesses {
+ my $self = shift;
+ my $fh = shift || \*STDOUT;
+
+ print $fh " user ruser pid ppid command\n";
+ print $fh "======== ======== ===== ===== =================================================\n";
+ foreach my $pid ( keys %remainingprocs ) {
+ $self->printProcess($fh, $pid);
+ }
+ print $fh "======== ======== ===== ===== =================================================\n";
+}
+
+=head2 getRemainingProcesses
+
+Returns a list of processes that are likely background jobs.
+
+Example:
+
+ # Get a list of the processes that I plan to kill
+ my @procsToKill = $ptable->getRemainingProcesses();
+
+=cut
+
+sub getRemainingProcesses {
+ my $self = shift;
+
+ return keys %remainingprocs;
+}
+
+=head2 killAll signalNumber
+
+Sends the specified signal to all the processes listed. A syslog entry is
+made for each signal sent.
+
+Example:
+
+ # Send all of the remaining processes a TERM signal, then a
+ # KILL signal
+ $ptable->killAll(15);
+ sleep(10); # Give them a bit of a chance to clean up
+ $ptable->killAll(9);
+
+=cut
+
+sub killAll($) {
+ my $self = shift;
+ my ( $signum ) = @_;
+
+ my $killcount = 0;
+
+ foreach my $pid ( keys %remainingprocs ) {
+ if ( kill($signum, $pid) > 0 ) {
+ $killcount ++;
+ syslog('info', "kill($signum, $pid) user=%s command=%s nice=%d",
+ $pid2ruser{$pid}, $pid2comm{$pid},
+ $pid2nice{$pid});
+ }
+ }
+ return $killcount;
+}
+
+package Terminals;
+
+=head1 PACKAGE Terminals
+
+The Terminals package provides a means for figuring out how long various
+users have been idle.
+
+=cut
+
+my %tty2user;
+my %user2ttys;
+my %tty2idletime;
+my $consoleuser;
+
+my $whocmd = '/usr/bin/who';
+
+=head2 new
+
+This function is used to instantiate a new Terminals object.
+
+Example:
+
+ # Get a new Terminals object.
+ my $term = new Terminals;
+
+=cut
+
+sub new {
+ my $this = shift;
+ my $class = ref($this) || $this;
+ my $self = {} ;
+ bless $self, $class;
+ $self->initialize();
+ $errmsg = "";
+ return $self;
+}
+
+=head2 initialize
+
+This function figures out who is on the system and how long they have been
+idle for. It will generally only be called by new().
+
+Example:
+
+ # Refresh the state of the terminals.
+ $term->initialize();
+
+=cut
+
+sub initialize {
+ my $self = shift;
+
+ my @parts;
+
+ $consoleuser = "";
+
+ open ( W, "$whocmd|") || return;
+
+ while ( <W> ) {
+ chop;
+ @parts = split(/[ \t]+/);
+ if ( $parts[1] eq 'console' ) {
+ $consoleuser = $parts[0];
+ }
+ $self->initializeTty($parts[1], stat("/dev/" . $parts[1]));
+ }
+ close(W);
+}
+
+=head2 showConsoleUser
+
+This function returns the login of the person that is physically sitting at
+the machine.
+
+Example:
+
+ # Print out the login of the person on the console
+ printf "%s is on the console\n", $term->showConsoleUser();
+
+=cut
+
+sub showConsoleUser() {
+ my $self = shift;
+
+ return $consoleuser;
+}
+
+=head2 initializeTty terminal statparts
+
+This initializes internal structures for the given terminal.
+
+=cut
+
+sub initializeTty($@) {
+ my $self = shift;
+ my ( $key, @statparts ) = @_;
+
+ # Argument check
+ return unless defined ( $statparts[4] );
+
+ # Figure out how long the tty has been idle
+ $tty2idletime{$key} = time - $statparts[8];
+
+ # Figure out who is on the terminal
+ my ( @pwparts ) = getpwuid($statparts[4]);
+ return unless defined ( $pwparts[0] );
+
+ $tty2user{$key} = $pwparts[0];
+ push (@{$user2ttys{$pwparts[0]}}, $key);
+
+}
+
+=head2 getIdleTime user
+
+Figure out how long a user has been idle. This is accomplished by
+examining all terminals that the user owns and returns the amount of time
+since the most recently accessed one was used. Additionally, if the user
+is at the console it is possible that he/she is not typing, yet is quite
+active with the mouse or typing into an application that does not use a
+terminal.
+
+Example:
+
+ # Figure out how long the user on the console has been idle
+ my $consoleIdle = $term-getIdleTime($term->showConsoleUser());
+
+=cut
+
+sub getIdleTime($) {
+ my $self = shift;
+ my ( $user ) = @_;
+
+ my $idletime = 99999999;
+ my $tty;
+ return $idletime if ( ! defined $user2ttys{$user} );
+ my ( @ttys ) = ( @{$user2ttys{$user}} );
+
+ foreach $tty ( @ttys ) {
+ next unless defined($tty2idletime{$tty});
+
+ if ( int($tty2idletime{$tty}) < int($idletime) ) {
+ $idletime = int($tty2idletime{$tty});
+ }
+ }
+
+ if ( $consoleuser eq $user ) {
+ my (@statparts, $device);
+ foreach $device ( '/dev/ps2mouse', '/dev/ps2kbd', '/dev/mouse',
+ '/dev/kbd' ) {
+ @statparts = stat($device);
+ next unless defined($statparts[8]);
+
+ if ( ( time - $statparts[8] ) < $idletime ) {
+ $idletime = (time - $statparts[8]);
+ }
+ }
+ }
+ return $idletime;
+}
+
+=head2 printEverything
+
+Prints to stdout who is on what terminal and how long they have been idle.
+Only useful for debugging.
+
+Example:
+
+ # Take a look at the contents of structures in my
+ # Terminals object
+ $term->printEverything();
+
+=cut
+
+sub printEverything {
+ my $self = shift;
+
+ my ( $k, $v);
+ print "\ntty -> user\n";
+ while ( ($k, $v) = each(%tty2user) ) {
+ print "$k -> $v\n";
+ }
+ print "\ntty -> idle\n";
+ while ( ($k, $v) = each(%tty2idletime) ) {
+ print "$k -> $v\n";
+ }
+ print "\nuser -> ttys\n";
+ while ( ($k, $v) = each(%user2ttys) ) {
+ print "$k -> ", join( ',', @{$v}), "\n";
+ }
+}
+
+package main;
+
+if ( $#ARGV != -1 ) {
+ foreach my $opt ( @ARGV ) {
+ $opt eq '-h' && do {
+ print STDERR "Type \"perldoc $0\" for lots of help.\n";
+ next;
+ };
+ $opt eq '-V' && do {
+ print STDERR "killer version $version\n";
+ next;
+ };
+ print STDERR "killer: option \"$opt\" not recognized\n";
+ print STDERR "Type \"perldoc $0\" for lots of help.\n";
+ }
+ exit(1);
+}
+
+=head1 PACKAGE main
+
+The main package is the version used on the Unix workstations at the
+University of Wisonsin's Computer-Aided Engineering Center (CAE). I
+suspect that folks at places other than CAE will want to do things slightly
+differently. Feel free to take this as an example of how you can make
+effective use of the processTable and Terminals packages.
+
+=head2 Configuration options
+
+=over 12
+
+=cut
+
+# ########
+# Configuration options:
+# ########
+
+my $domainname = `domainname`;
+chop $domainname;
+
+=item $forkadmin
+
+Email address to notify of fork bombs
+
+=cut
+
+my $forkadmin = "killer\@$domainname";
+
+=item $killadmin
+
+Email address to notify of run-of-the-mill kills
+
+=cut
+
+my $killadmin = "killer\@$domainname";
+
+=item $fromaddr
+
+Who do email messages claim to be from?
+
+=cut
+
+my $fromaddr = "\"Background Job Killer v. $version\" <root\@$domainname>";
+
+=item $stubbornadmin
+
+Email address to notify when jobs will not die
+
+=cut
+
+my $stubbornadmin = "killer\@$domainname";
+
+=item @validusers
+
+These are the folks that you should never kill off
+
+=cut
+
+my @validusers = ( 'condor', 'root', 'daemon' );
+
+=item $maxidletime
+
+The maximum number of seconds that a user can be idle without being
+classified as having "background" jobs.
+
+=cut
+
+my $maxidletime = ( 6 * 60 * 60 );
+
+
+# ########
+# End of (intended) configuration options.
+# ########
+
+=back
+
+If I am a user really trying to avoid a background job killer, I would
+likely include a signal handler that would wait for signal 15. When I saw
+it, I would fork causing the parent to die and the child would continue on
+to do my work.
+
+Assuming that everyone thinks like me, I figure that I will
+need to make at least two complete passes to clear up the bad users. The
+first pass is relatively nice (sends a signal 15, followed a bit later by a
+signal 9). A well-written program will take the signal 15 as a sign that
+it should clean up and then shut down. When a process gets a signal 9, it
+has no choice but to die.
+
+The second pass is not so nice. It finds all background processes, sends
+them a signal 23 (SIGSTOP), then a signal 9 (SIGKILL). This pretty much
+(but not absolutely) guarantees that processes are unable to find a way
+around the background job killer.
+
+=cut
+
+my @ttys;
+my @users;
+my $user;
+
+=head2 gatherInfo
+
+This function gathers information from the Terminals and ProcessTable
+packages, then based on that information decides which jobs should be
+allowed to run. Specifically it does the following:
+
+=over 2
+
+=cut
+
+sub gatherInfo {
+
+=item *
+
+Instantiates new ProcessTable and Terminals objects. Note that
+Terminals::new fills in all the necessary structures to catch users that
+have logged in between calls to I<gatherinfo>.
+
+=cut
+
+ my $ptable = new ProcessTable;
+ my $term = new Terminals;
+
+=item *
+
+Reads the process table
+
+=cut
+
+ $ptable->readProcessTable();
+
+=item *
+
+Removes condor processes and condor jobs from the list of processes to be
+killed.
+
+=cut
+
+ $ptable->removeCondorChildren();
+
+=item *
+
+Removes all jobs belonging to all users in the configuration array
+ at validusers from the list of processes to be killed.
+
+=cut
+
+ foreach $user ( @validusers ) {
+ $ptable->removeProcesses('ruser', $user);
+ }
+
+=item *
+
+Removes all nice(1) jobs from the list of jobs to be killed.
+
+=cut
+
+ $ptable->removeNiceJobs();
+
+=item *
+
+Removes all jobs belonging to users where the user has less than
+$maxidletime idle time on at least one terminal. Additionally, jobs
+associated with ttys that are owned by users that have less than
+$maxidletime idle time on at least one terminal are preserved. This makes
+it so that if luser uses su(1) to gain the privileges of boozer, processes
+owned by boozer will not be killed.
+
+=cut
+
+ foreach $user ( $ptable->getUsers() ) {
+ if ( $term->getIdleTime($user) < $maxidletime ) {
+ $ptable->removeProcesses('ruser', $user);
+ # Be aware that some users may have su'd to others. The two users
+ # will share the same tty.
+ $ptable->removeProcesses('tty', $ptable->getTtys($user));
+ }
+ }
+
+=item *
+
+Finally, the process table and terminal objects are returned.
+
+=back
+
+=cut
+
+ return($ptable, $term);
+}
+
+openlog('killer', 'pid', 'local4');
+my $sendmail;
+if ( -x '/usr/lib/sendmail' ) {
+ $sendmail = '/usr/lib/sendmail';
+} elsif ( -x '/usr/sbin/sendmail' ) {
+ $sendmail = '/usr/sbin/sendmail';
+} else {
+ die "Cannot find executable sendmail\n";
+}
+
+my $outfile;
+
+# #########
+# Read the process table, then check for fork() bombs.
+# #########
+my ($ptable, $term) = gatherInfo();
+my @bombers = $ptable->cleanForkBombs();
+if ( $#bombers != -1 ) {
+ if ( open(MAIL, "|$sendmail -t") ) {
+ $outfile = \*MAIL;
+ print $outfile "From: $fromaddr\n";
+ print $outfile "To: $forkadmin\n";
+ print $outfile 'Subject: Fork bombs found on ' . `uname -n`;
+ print $outfile "\n";
+ print $outfile "The following users had lots of processes running on " .
+ `uname -n`;
+ print $outfile "\t", join(' ', @bombers);
+ print $outfile "\nYou can find more information in the syslog logs\n";
+ close($outfile);
+ }
+}
+
+# ##########
+# In the first round, try to nicely kill off processes, giving them
+# time to clean up before they get the kill -9
+# ##########
+my ( @remaining ) = $ptable->getRemainingProcesses();
+if ( $#remaining == -1 ) {
+ exit(0);
+}
+
+if ( open(MAIL, "|$sendmail -t") ) {
+ $outfile = \*MAIL;
+} else {
+ $outfile = \*STDERR;
+}
+
+print $outfile "From: $fromaddr\n";
+print $outfile "To: $killadmin\n";
+print $outfile 'Subject: Jobs killed on ' . `uname -n`;
+print $outfile "\n";
+
+print $outfile "Attempt 1: Nicely killing the following processes\n";
+$ptable->printRemainingProcesses($outfile);
+$ptable->killAll(15);
+sleep(30);
+$ptable->killAll(9);
+
+# #########
+# The second time around, assume that when a process got killed
+# before, it either spawned a new process (at the kill 15) or
+# freed up a process table entry so that another process could
+# be spawned. This should catch fork() bombs as well
+# ##########
+
+sleep(5);
+($ptable, $term) = gatherInfo();
+( @remaining ) = $ptable->getRemainingProcesses();
+if ( $#remaining == -1 ) {
+ close(MAIL);
+ exit(0);
+}
+
+# first send all the processes a STOP. This makes it so that
+# none of the processes can do anything once they notice that
+# there are free process slots, etc.
+print $outfile "\nAttempt 2: Taking care of stubborn jobs\n";
+$ptable->printRemainingProcesses($outfile);
+
+$ptable->killAll(23);
+$ptable->killAll(9);
+
+# ########
+# The third time around, I just can't figure out how to kill
+# the processes. Let's just whine through email.
+# ########
+
+sleep(5);
+($ptable, $term) = gatherInfo();
+( @remaining ) = $ptable->getRemainingProcesses();
+if ( $#remaining == -1 ) {
+ close(MAIL);
+ exit(0);
+}
+
+print $outfile "\nHELP ME: Unable to kill the following jobs\n";
+$ptable->printRemainingProcesses($outfile);
+close(MAIL);
+
+if ( open(MAIL, "|$sendmail -t") ) {
+ $outfile = \*MAIL;
+ print $outfile "From: $fromaddr\n";
+ print $outfile "To: $stubbornadmin\n";
+ print $outfile 'Subject: Cannot kill some jobs on ' . `uname -n`;
+ print $outfile "\n";
+ print $outfile "The background job killer could not kill some jobs on " .
+ `uname -n` . "\n";
+ $ptable->printRemainingProcesses($outfile);
+ print $outfile "\nMore info can be found in syslog and the killer mailbox\n";
+ close(MAIL);
+}
+
+exit(0);
+
+=head1 BUGS
+
+There is a small window of opportunity for a user that reaches $maxidletime
+in the middle of this script to get unfair treatment. This could probably
+be reconciled by shaving some time off of maxidletime for the second call
+to main::gatherInfo.
+
+It is still possible to get around the background job killer by having a
+lot of proceses that watch each other to be sure that they are still
+responding (have not yet gotten a signal 23). As soon as a stopped process
+is found, the still running process could fork(), thus leaving a background
+process that is not going to be killed.
+
+Different operating systems have different notions of nice values. Some go
+from -20 to +19. Some go from 0 to 39. Solaris and HP-UX (using System V
+ps command) report nice values between 0 and 39.
+
+It is bad to assume that all systems that run this have the same number of
+processes per user. The script should ask the OS how many processes normal
+(non-root) users can run.
+
+=head1 TODO
+
+The configuration is quite minimalistic. It should be made possible to have
+per-host configuration directives so that you can, for instance, allow
+certain people to run background jobs on certain hosts.
+
+People that really care about finding habitual offenders will probably want
+to have a way to add entries to a database and flag those that pop up too
+often.
+
+Thoroughly test on more operating systems. A very close relative of this
+code has performed well on about 60 Solaris 2.5.1 machines. It has been
+lightly tested on HP-UX 10.20 as well.
+
+Make mailing to someone optional. If you have a lot of workstations
+killing off boring stuff all the time, too much meaningless mail traffic is
+generated.
+
+If you plan to run this on a machine that runs special processes like a POP
+or IMAP server, it would be handy to be able to check multiple conditions
+easily. Perhaps
+
+ $ptable->removeProcesses( { comm => 'imapd',
+ parentComm => 'inetd',
+ parentUser => 'root' } );
+
+This would make it so that people don't rename the crack binary imapd to
+escape the wrath of killer.
+
+=head1 LICENSE
+
+This program is released under the terms of the General Public License
+(GPL) version 2. The the file COPYING with the distribution. If you have
+lost your copy, you can get a new one at
+http://www.gnu.org/copyleft/gpl.html. In particular remember that this
+code is distributed for free without warranty.
+
+If you make use of this code, please send me some email. While I am open
+to suggestions to improvement, I by no means guarantee that I will
+implement them.
+
+=head1 SEE ALSO
+
+nice(1) perl(1) ps(1) su(1) who(1) fork(2) signal(5)
+
+http://www.cs.wisc.edu/condor/
+
+http://www.cae.wisc.edu/~gerdts/killer/
+
+=head1 AUTHOR
+
+killer was written by Mike Gerdts, gerdts at cae.wisc.edu.
+
+
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/killer.git
More information about the debian-edu-commits
mailing list