From 9e4c2ebb218f00b58edf94373ece85b709ad50f4 Mon Sep 17 00:00:00 2001 From: deajan Date: Sun, 23 Jun 2013 22:53:47 +0200 Subject: [PATCH] Updated ssh filter and obackup ssh command output logging. --- CHANGELOG.md | 3 +++ obackup.sh | 23 +++++++++++++++++---- obackup_ssh_filter.sh | 47 +++++++++++++++++++++++++++++++++++++------ 3 files changed, 63 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9bf89a..8a34718 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ## Latest changelog +- Updated obackup to log failed ssh command results +- Updated ssh command filter to log failed commands +- Updated ssh command filter to accept personalized commands - 23/06/2013 v 1.84 RC1 approaching - Added ssh commands filter, updated documentation - Rewrote local space check function diff --git a/obackup.sh b/obackup.sh index 9d01137..2f468a3 100755 --- a/obackup.sh +++ b/obackup.sh @@ -2,7 +2,8 @@ ###### Remote (or local) backup script for files & databases ###### (L) 2013 by Ozy de Jong (www.badministrateur.com) -OBACKUP_VERSION=1.83 #### Build 2206201301 +OBACKUP_VERSION=1.83 +OBACKUP_BUILD=2306201301 DEBUG=no SCRIPT_PID=$$ @@ -300,8 +301,10 @@ function RunRemoteCommand LogError "Running command [$1] failed." fi - Log "Command output:" - Log "$(cat /dev/shm/obackup_run_remote_$SCRIPT_PID)" + if [ -f /dev/shm/obackup_run_remote_$SCRIPT_PID ] + then + Log "Command output: $(cat /dev/shm/obackup_run_remote_$SCRIPT_PID)" + fi fi } @@ -537,6 +540,10 @@ function ListDatabases Log "Listing databases succeeded." else LogError "Listing databases failed." + if [ -f /dev/shm/obackup_dblist_$SCRIPT_PID ] + then + LogError "Command output: $(cat /dev/shm/obackup_dblist_$SCRIPT_PID)" + fi return $retval fi @@ -663,6 +670,10 @@ function ListDirectories if [ $retval != 0 ] then LogError "Could not enumerate recursive directories in $i." + if [ -f /dev/shm/obackup_dirs_recurse_list_$SCRIPT_PID ] + then + LogError "Command output: $(cat /dev/shm/obackup_dirs_recurse_list_$SCRIPT_PID)" + fi return 1 else Log "Listing of recursive directories succeeded for $i." @@ -733,6 +744,10 @@ function GetDirectoriesSize if [ $retval != 0 ] then LogError "Could not get files size." + if [ -f /dev/shm/obackup_fsize_$SCRIPT_PID ] + then + LogError "Command output: $(cat /dev/shm/obackup_fsize_$SCRIPT_PID)" + fi return 1 else Log "File size fetched successfully." @@ -992,7 +1007,7 @@ function Main function Usage { - echo "Obackup $OBACKUP_VERSION" + echo "Obackup $OBACKUP_VERSION $OBACKUP_BUILD" echo "" echo "usage: obackup backup_name [--dry] [--silent]" echo "" diff --git a/obackup_ssh_filter.sh b/obackup_ssh_filter.sh index 10fc8e1..50e0ca5 100755 --- a/obackup_ssh_filter.sh +++ b/obackup_ssh_filter.sh @@ -1,11 +1,30 @@ #!/bin/bash -##### Obackup ssh command filter +##### Obackup ssh command filter build 2306201301 +##### This script should be located in /usr/local/bin in the remote system that will be backed up +##### It will filter the commands that can be run remotely via ssh. +##### Please chmod 755 and chown root:root this file ## If enabled, execution of "sudo" command will be allowed. SUDO_EXEC=yes ## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues. RSYNC_EXECUTABLE=rsync +## Enable other commands, useful for remote execution hooks like remotely creating snapshots. +CMD1= +CMD2= +CMD3= + +LOG_FILE=/var/log/obackup_ssh_filter.log + +function Log +{ + DATE=$(date) + if [ "$2" != "1" ] + then + echo "$1" + fi + echo "$DATE - $1" >> $LOG_FILE +} function Go { @@ -21,6 +40,12 @@ case ${SSH_ORIGINAL_COMMAND%% *} in Go ;; "du") Go ;; + "$CMD1") + Go ;; + "$CMD2") + Go ;; + "$CMD3") + Go ;; "sudo") if [ "$SUDO_EXEC" == "yes" ] then @@ -31,17 +56,27 @@ case ${SSH_ORIGINAL_COMMAND%% *} in then Go elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]] + then + Go + elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD1"* ]] + then + Go + elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD2"* ]] + then + Go + elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD3"* ]] then Go else - echo "Sudo command not allowed." + Log "Sudo command not allowed." + Log "$SSH_ORIGINAL_COMMAND" 1 fi else - echo "Sudo command not enabled." + Log "Sudo command not enabled." + Log "$SSH_ORIGINAL_COMMAND" 1 fi ;; *) - echo "Not allowed." + Log "Not allowed." + Log "$SSH_ORIGINAL_COMMAND" 1 esac - -