From 9e4c2ebb218f00b58edf94373ece85b709ad50f4 Mon Sep 17 00:00:00 2001
From: deajan <ozy@badministrateur.com>
Date: Sun, 23 Jun 2013 22:53:47 +0200
Subject: [PATCH] Updated ssh filter and obackup ssh command output logging.

---
 CHANGELOG.md          |  3 +++
 obackup.sh            | 23 +++++++++++++++++----
 obackup_ssh_filter.sh | 47 +++++++++++++++++++++++++++++++++++++------
 3 files changed, 63 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9bf89a..8a34718 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## Latest changelog
 
+- Updated obackup to log failed ssh command results
+- Updated ssh command filter to log failed commands
+- Updated ssh command filter to accept personalized commands
 - 23/06/2013 v 1.84 RC1 approaching
 - Added ssh commands filter, updated documentation
 - Rewrote local space check function
diff --git a/obackup.sh b/obackup.sh
index 9d01137..2f468a3 100755
--- a/obackup.sh
+++ b/obackup.sh
@@ -2,7 +2,8 @@
 
 ###### Remote (or local) backup script for files & databases
 ###### (L) 2013 by Ozy de Jong (www.badministrateur.com)
-OBACKUP_VERSION=1.83 #### Build 2206201301
+OBACKUP_VERSION=1.83
+OBACKUP_BUILD=2306201301
 
 DEBUG=no
 SCRIPT_PID=$$
@@ -300,8 +301,10 @@ function RunRemoteCommand
 			LogError "Running command [$1] failed."
 		fi
 		
-		Log "Command output:"
-		Log "$(cat /dev/shm/obackup_run_remote_$SCRIPT_PID)"
+		if [ -f /dev/shm/obackup_run_remote_$SCRIPT_PID ]
+		then
+			Log "Command output: $(cat /dev/shm/obackup_run_remote_$SCRIPT_PID)"
+		fi
 	fi
 }
 
@@ -537,6 +540,10 @@ function ListDatabases
 		Log "Listing databases succeeded."
 	else
 		LogError "Listing databases failed."
+		if [ -f /dev/shm/obackup_dblist_$SCRIPT_PID ]
+		then
+			LogError "Command output: $(cat /dev/shm/obackup_dblist_$SCRIPT_PID)"
+		fi
 		return $retval
 	fi
 	
@@ -663,6 +670,10 @@ function ListDirectories
 		if  [ $retval != 0 ]
 		then
 			LogError "Could not enumerate recursive directories in $i."
+			if [ -f /dev/shm/obackup_dirs_recurse_list_$SCRIPT_PID ]
+			then
+				LogError "Command output: $(cat /dev/shm/obackup_dirs_recurse_list_$SCRIPT_PID)"
+			fi
 			return 1
 		else
 			Log "Listing of recursive directories succeeded for $i."
@@ -733,6 +744,10 @@ function GetDirectoriesSize
 	if  [ $retval != 0 ]
 	then
 		LogError "Could not get files size."
+		if [ -f /dev/shm/obackup_fsize_$SCRIPT_PID ]
+		then
+			LogError "Command output: $(cat /dev/shm/obackup_fsize_$SCRIPT_PID)"
+		fi
 		return 1
 	else
 		Log "File size fetched successfully."
@@ -992,7 +1007,7 @@ function Main
 
 function Usage
 {
-	echo "Obackup $OBACKUP_VERSION"
+	echo "Obackup $OBACKUP_VERSION $OBACKUP_BUILD"
 	echo ""
 	echo "usage: obackup backup_name [--dry] [--silent]"
 	echo ""
diff --git a/obackup_ssh_filter.sh b/obackup_ssh_filter.sh
index 10fc8e1..50e0ca5 100755
--- a/obackup_ssh_filter.sh
+++ b/obackup_ssh_filter.sh
@@ -1,11 +1,30 @@
 #!/bin/bash
 
-##### Obackup ssh command filter
+##### Obackup ssh command filter build 2306201301
+##### This script should be located in /usr/local/bin in the remote system that will be backed up
+##### It will filter the commands that can be run remotely via ssh.
+##### Please chmod 755 and chown root:root this file
 
 ## If enabled, execution of "sudo" command will be allowed.
 SUDO_EXEC=yes
 ## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues.
 RSYNC_EXECUTABLE=rsync
+## Enable other commands, useful for remote execution hooks like remotely creating snapshots.
+CMD1=
+CMD2=
+CMD3=
+
+LOG_FILE=/var/log/obackup_ssh_filter.log
+
+function Log
+{
+	DATE=$(date)
+	if [ "$2" != "1" ]
+	then
+		echo "$1"
+	fi
+	echo "$DATE - $1" >> $LOG_FILE
+}
 
 function Go
 {
@@ -21,6 +40,12 @@ case ${SSH_ORIGINAL_COMMAND%% *} in
 	Go ;;
 	"du")
 	Go ;;
+	"$CMD1")
+	Go ;;
+	"$CMD2")
+	Go ;;
+	"$CMD3")
+	Go ;;
 	"sudo")
 	if [ "$SUDO_EXEC" == "yes" ]
 	then
@@ -31,17 +56,27 @@ case ${SSH_ORIGINAL_COMMAND%% *} in
 		then
 			Go
 		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
+		then
+			Go
+		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD1"* ]]
+		then
+			Go
+		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD2"* ]]
+		then
+			Go
+		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD3"* ]]
 		then
 			Go
 		else
-			echo "Sudo command not allowed."
+			Log "Sudo command not allowed."
+			Log "$SSH_ORIGINAL_COMMAND" 1
 		fi
 	else
-		echo "Sudo command not enabled."
+		Log "Sudo command not enabled."
+		Log "$SSH_ORIGINAL_COMMAND" 1
 	fi
 	;;
 	*)
-	echo "Not allowed."
+	Log "Not allowed."
+	Log "$SSH_ORIGINAL_COMMAND" 1
 esac
- 
-