Backported some minor stuff from osync

CHANGELOG.md

@@ -21,7 +21,9 @@ UNDER WORK
 
 CHANGELOG
 ---------
-
+- Backported some fixes from Osync
+	- Small improvments on install script
+	- Copy ssh_filter.sh from osync project
 - Quick and dirty hack to get the full last run log in SendAlert email
 - Added detection of obackup.sh script in obackup-batch.sh to overcome mising path in crontab
 - Moved command line arguments after config file load for allowing command line overrides

install.sh

@@ -1,14 +1,25 @@
 #!/usr/bin/env bash
 
-SCRIPT_BUILD=2404201501
+SCRIPT_BUILD=2015082501
 
 ## Obackup install script
 ## Tested on RHEL / CentOS 6 & 7
 ## Please adapt this to fit your distro needs
 
+if [ "$(whoami)" != "root" ]
+then
+  echo "Must be run as root."
+  exit 1
+fi
+
 mkdir /etc/obackup
 cp ./host_backup.conf /etc/obackup/host_backup.conf.example
 cp ./exclude.list.example /etc/obackup
 cp ./obackup.sh /usr/local/bin
 cp ./obackup-batch.sh /usr/local/bin
+cp ./ssh_filter.sh /usr/local/bin
+chmod 755 /usr/local/bin/obackup.sh
+chmod 755 /usr/local/bin/obackup-batch.sh
+chmod 755 /usr/local/bin/ssh_filter.sh
+chown root:root /usr/local/bin/ssh_filter.sh
 

ssh_filter.sh

@@ -1,10 +1,13 @@
 #!/bin/bash
 
-##### Obackup / Osync ssh command filter build 2306201301
-##### This script should be located in /usr/local/bin in the remote system that will be backed up / synced
+##### Osync ssh command filter build 2015070203
+##### This script should be located in /usr/local/bin in the remote system to sync / backup
 ##### It will filter the commands that can be run remotely via ssh.
 ##### Please chmod 755 and chown root:root this file
 
+##### Obackup needed commands: rsync find du mysql mysqldump (sudo)
+##### Osync needed commands: rsync find du echo mkdir rm if df (sudo)
+
 ## If enabled, execution of "sudo" command will be allowed.
 SUDO_EXEC=yes
 ## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues.
@@ -30,22 +33,35 @@ function Go
 case ${SSH_ORIGINAL_COMMAND%% *} in
 	"$RSYNC_EXECUTABLE")
 	Go ;;
-	"mysqldump")
-	Go ;;
-	"mysql")
-	Go ;;
 	"echo")
 	Go ;;
 	"find")
 	Go ;;
 	"du")
 	Go ;;
+	"mkdir")
+	Go ;;
+	"rm")
+	Go ;;
+	"df")
+	Go ;;
+	"mv")
+	Go ;;
 	"$CMD1")
-	Go ;;
+	if [ "$CMD1" != "" ]
+	then
+		Go ;;
+	fi
 	"$CMD2")
-	Go ;;
+	if [ "$CMD2" != "" ]
+	then
+		Go ;;
+	fi
 	"$CMD3")
-	Go ;;
+	if [ "$CMD3" != "" ]
+	then
+		Go ;;
+	fi
 	"sudo")
 	if [ "$SUDO_EXEC" == "yes" ]
 	then
@@ -58,22 +74,49 @@ case ${SSH_ORIGINAL_COMMAND%% *} in
 		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
 		then
 			Go
+                elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo mkdir"* ]]
+                then
+                        Go
+                elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo rm"* ]]
+                then
+                        Go
+                elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo echo"* ]]
+                then
+                        Go
+                elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo df"* ]]
+                then
+                        Go
+                elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo mv"* ]]
+                then
+                        Go
 		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD1"* ]]
 		then
+			if [ "$CMD1" != "" ]
+			then
 			Go
+			fi
 		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD2"* ]]
 		then
+			if [ "$CMD2" != "" ]
+			then
 			Go
+			fi
 		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD3"* ]]
 		then
+			if [ "$CMD3" != "" ]
+			then
 			Go
+			fi
 		else
 			Log "Command [$SSH_ORIGINAL_COMMAND] not allowed."
+			exit 1
 		fi
 	else
 		Log "Command [$SSH_ORIGINAL_COMMAND] not allowed. sudo not enabled."
+		exit 1
 	fi
 	;;
 	*)
 	Log "Command [$SSH_ORIGINAL_COMMAND] not allowed."
+	exit 1
 esac