mirror of https://github.com/deajan/osync
Added 3-clause BSD Licence plus ssh_filter.sh
parent
50c4fe50e1
commit
354464495b
@ -0,0 +1,24 @@
|
||||
Copyright (c) 2013, Orsiris "Ozy" de Jong. ozy@netpower.fr
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
* Neither the name of the author nor the
|
||||
names of its contributors may be used to endorse or promote products
|
||||
derived from this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY
|
||||
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
@ -0,0 +1,103 @@
|
||||
#!/bin/bash
|
||||
|
||||
##### Obackup & Osync ssh command filter build 2408201301
|
||||
##### This script should be located in /usr/local/bin in the remote system to sync / backup
|
||||
##### It will filter the commands that can be run remotely via ssh.
|
||||
##### Please chmod 755 and chown root:root this file
|
||||
|
||||
##### Obackup needed commands: rsync find du mysql mysqldump (sudo)
|
||||
##### Osync needed commands: rsync find du echo mkdir rm if df (sudo)
|
||||
|
||||
## If enabled, execution of "sudo" command will be allowed.
|
||||
SUDO_EXEC=yes
|
||||
## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues.
|
||||
RSYNC_EXECUTABLE=rsync
|
||||
## Enable other commands, useful for remote execution hooks like remotely creating snapshots.
|
||||
CMD1=
|
||||
CMD2=
|
||||
CMD3=
|
||||
|
||||
LOG_FILE=~/.ssh/ssh_filter.log
|
||||
|
||||
function Log
|
||||
{
|
||||
DATE=$(date)
|
||||
echo "$DATE - $1" >> $LOG_FILE
|
||||
}
|
||||
|
||||
function Go
|
||||
{
|
||||
eval $SSH_ORIGINAL_COMMAND
|
||||
}
|
||||
|
||||
case ${SSH_ORIGINAL_COMMAND%% *} in
|
||||
"$RSYNC_EXECUTABLE")
|
||||
Go ;;
|
||||
"mysqldump")
|
||||
Go ;;
|
||||
"mysql")
|
||||
Go ;;
|
||||
"echo")
|
||||
Go ;;
|
||||
"find")
|
||||
Go ;;
|
||||
"du")
|
||||
Go ;;
|
||||
"mkdir")
|
||||
Go ;;
|
||||
"rm")
|
||||
Go ;;
|
||||
"df")
|
||||
Go ;;
|
||||
"$CMD1")
|
||||
Go ;;
|
||||
"$CMD2")
|
||||
Go ;;
|
||||
"$CMD3")
|
||||
Go ;;
|
||||
"sudo")
|
||||
if [ "$SUDO_EXEC" == "yes" ]
|
||||
then
|
||||
if [[ "$SSH_ORIGINAL_COMMAND" == "sudo $RSYNC_EXECUTABLE"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo du"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo mkdir"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo rm"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo echo"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo df"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD1"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD2"* ]]
|
||||
then
|
||||
Go
|
||||
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo $CMD3"* ]]
|
||||
then
|
||||
Go
|
||||
else
|
||||
Log "Command [$SSH_ORIGINAL_COMMAND] not allowed."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
Log "Command [$SSH_ORIGINAL_COMMAND] not allowed. sudo not enabled."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
Log "Command [$SSH_ORIGINAL_COMMAND] not allowed."
|
||||
exit 1
|
||||
esac
|
Loading…
Reference in New Issue