mirror of
https://github.com/deajan/obackup.git
synced 2024-11-14 03:33:41 +01:00
83 lines
1.6 KiB
Bash
Executable File
83 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
##### Obackup ssh command filter build 2306201301
|
|
##### This script should be located in /usr/local/bin in the remote system that will be backed up
|
|
##### It will filter the commands that can be run remotely via ssh.
|
|
##### Please chmod 755 and chown root:root this file
|
|
|
|
## If enabled, execution of "sudo" command will be allowed.
|
|
SUDO_EXEC=yes
|
|
## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues.
|
|
RSYNC_EXECUTABLE=rsync
|
|
## Enable other commands, useful for remote execution hooks like remotely creating snapshots.
|
|
CMD1=
|
|
CMD2=
|
|
CMD3=
|
|
|
|
LOG_FILE=/var/log/obackup_ssh_filter.log
|
|
|
|
function Log
|
|
{
|
|
DATE=$(date)
|
|
if [ "$2" != "1" ]
|
|
then
|
|
echo "$1"
|
|
fi
|
|
echo "$DATE - $1" >> $LOG_FILE
|
|
}
|
|
|
|
function Go
|
|
{
|
|
$SSH_ORIGINAL_COMMAND
|
|
}
|
|
|
|
case ${SSH_ORIGINAL_COMMAND%% *} in
|
|
"$RSYNC_EXECUTABLE")
|
|
Go ;;
|
|
"mysqldump")
|
|
Go ;;
|
|
"find")
|
|
Go ;;
|
|
"du")
|
|
Go ;;
|
|
"$CMD1")
|
|
Go ;;
|
|
"$CMD2")
|
|
Go ;;
|
|
"$CMD3")
|
|
Go ;;
|
|
"sudo")
|
|
if [ "$SUDO_EXEC" == "yes" ]
|
|
then
|
|
if [[ "$SSH_ORIGINAL_COMMAND" == "sudo $RSYNC_EXECUTABLE"* ]]
|
|
then
|
|
Go
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo du"* ]]
|
|
then
|
|
Go
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
|
|
then
|
|
Go
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD1"* ]]
|
|
then
|
|
Go
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD2"* ]]
|
|
then
|
|
Go
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD3"* ]]
|
|
then
|
|
Go
|
|
else
|
|
Log "Sudo command not allowed."
|
|
Log "$SSH_ORIGINAL_COMMAND" 1
|
|
fi
|
|
else
|
|
Log "Sudo command not enabled."
|
|
Log "$SSH_ORIGINAL_COMMAND" 1
|
|
fi
|
|
;;
|
|
*)
|
|
Log "Not allowed."
|
|
Log "$SSH_ORIGINAL_COMMAND" 1
|
|
esac
|