2015-11-12 01:26:38 +01:00
|
|
|
#!/usr/bin/env bash
|
2013-06-23 13:44:48 +02:00
|
|
|
|
2016-03-14 21:50:40 +01:00
|
|
|
##### osync / obackup ssh command filter
|
2015-08-25 15:26:36 +02:00
|
|
|
##### This script should be located in /usr/local/bin in the remote system to sync / backup
|
2013-06-23 22:53:47 +02:00
|
|
|
##### It will filter the commands that can be run remotely via ssh.
|
|
|
|
##### Please chmod 755 and chown root:root this file
|
2013-06-23 13:44:48 +02:00
|
|
|
|
2017-02-09 12:28:30 +01:00
|
|
|
##### Any command that has env _REMOTE_TOKEN= with the corresponding token in it will be run
|
|
|
|
##### Any other command will return a "syntax error"
|
|
|
|
##### For details, see ssh_filter.log
|
2015-08-25 15:26:36 +02:00
|
|
|
|
2017-02-09 12:28:30 +01:00
|
|
|
SCRIPT_BUILD=2017020802
|
|
|
|
|
|
|
|
## Allow sudo
|
2013-06-23 13:53:22 +02:00
|
|
|
SUDO_EXEC=yes
|
2013-06-23 22:53:47 +02:00
|
|
|
|
2017-02-09 12:28:30 +01:00
|
|
|
## Log all valid commands too
|
|
|
|
_DEBUG=no
|
|
|
|
|
|
|
|
## Set remote token in authorized_keys
|
|
|
|
if [ "$1" != "" ]; then
|
|
|
|
_REMOTE_TOKEN="${1}"
|
|
|
|
fi
|
|
|
|
|
|
|
|
LOG_FILE="${HOME}/.ssh/ssh_filter.log"
|
2013-06-23 22:53:47 +02:00
|
|
|
|
2015-11-12 01:26:38 +01:00
|
|
|
function Log {
|
2013-06-23 22:53:47 +02:00
|
|
|
DATE=$(date)
|
2017-02-09 12:28:30 +01:00
|
|
|
echo "$DATE - $1" >> "$LOG_FILE"
|
2013-06-23 22:53:47 +02:00
|
|
|
}
|
2013-06-23 13:44:48 +02:00
|
|
|
|
2015-11-12 01:26:38 +01:00
|
|
|
function Go {
|
2017-02-09 12:28:30 +01:00
|
|
|
if [ "$_DEBUG" == "yes" ]; then
|
|
|
|
Log "Executing [$SSH_ORIGINAL_COMMAND]."
|
|
|
|
fi
|
2016-03-14 21:50:40 +01:00
|
|
|
eval "$SSH_ORIGINAL_COMMAND"
|
2013-06-23 13:44:48 +02:00
|
|
|
}
|
|
|
|
|
2017-02-09 12:28:30 +01:00
|
|
|
case "${SSH_ORIGINAL_COMMAND}" in
|
|
|
|
*"env _REMOTE_TOKEN=$_REMOTE_TOKEN"*)
|
|
|
|
if [ "$SUDO_EXEC" != "yes" ] && [[ $SSH_ORIGINAL_COMMAND == *"sudo "* ]]; then
|
|
|
|
Log "Command [$SSH_ORIGINAL_COMMAND] contains sudo which is not allowed."
|
|
|
|
echo "Syntax error unexpected end of file"
|
2015-08-25 15:26:36 +02:00
|
|
|
exit 1
|
2013-06-23 13:53:22 +02:00
|
|
|
fi
|
2017-02-09 12:28:30 +01:00
|
|
|
Go
|
2013-06-23 13:44:48 +02:00
|
|
|
;;
|
|
|
|
*)
|
2013-06-23 23:11:35 +02:00
|
|
|
Log "Command [$SSH_ORIGINAL_COMMAND] not allowed."
|
2017-02-09 12:28:30 +01:00
|
|
|
echo "Syntax error near unexpected token"
|
2015-08-25 15:26:36 +02:00
|
|
|
exit 1
|
2017-02-09 12:28:30 +01:00
|
|
|
;;
|
2013-06-23 13:44:48 +02:00
|
|
|
esac
|