diff options
| -rw-r--r-- | z-distfiles/Makefile | 2 | ||||
| -rw-r--r-- | z-distfiles/scripts-gw/Makefile | 2 | ||||
| -rwxr-xr-x | z-distfiles/scripts-gw/ssh_wrapper | 30 |
3 files changed, 32 insertions, 2 deletions
diff --git a/z-distfiles/Makefile b/z-distfiles/Makefile index 5d617f9..ed74175 100644 --- a/z-distfiles/Makefile +++ b/z-distfiles/Makefile @@ -1,5 +1,5 @@ DOWNLOAD_DIR=/var/www/www.gunnarwrobel.de/htdocs/downloads/ -VERSION=1.2.2 +VERSION=1.2.3 TAR=tar cvfj TAREX=--exclude="CVS" --exclude=".svn" --exclude=*~ diff --git a/z-distfiles/scripts-gw/Makefile b/z-distfiles/scripts-gw/Makefile index 1dd36c9..8932cbb 100644 --- a/z-distfiles/scripts-gw/Makefile +++ b/z-distfiles/scripts-gw/Makefile @@ -1,7 +1,7 @@ DESTDIR= SBINSCRIPTS = SVN-dump SVN-monthly birthDay check-SUID tripUpdate SVN-daily check-ALLWRITE dailyRoutine mysql-dump-all -BINSCRIPTS = emerge-single svm-replicate svm-expanded svm-start svn-add svn-del +BINSCRIPTS = emerge-single svm-replicate svm-expanded svm-start svn-add svn-del ssh_wrapper all: echo "No compilation necessary!" diff --git a/z-distfiles/scripts-gw/ssh_wrapper b/z-distfiles/scripts-gw/ssh_wrapper new file mode 100755 index 0000000..0d9a7b4 --- /dev/null +++ b/z-distfiles/scripts-gw/ssh_wrapper @@ -0,0 +1,30 @@ +#!/bin/sh +# +# This script checks to make sure that an incoming SSH command is a +# permitted command, and executes it if it is. If not, the script +# simply exits, which will cause a read timeout at the other end of +# the connection. +# +LOGFILE=${HOME}/.log/ssh.check + +check_run () { + if [ "$SSH_ORIGINAL_COMMAND" = "$1" ]; then + echo "Command OK!" >> $LOGFILE + exec $SSH_ORIGINAL_COMMAND + return 0 + fi + echo "Command REJECTED!" >> $LOGFILE + return 1 +} + +/bin/date >> $LOGFILE +echo "Remote command: ${SSH_ORIGINAL_COMMAND}" >> $LOGFILE + +if [ -d "${HOME}/.ssh_wrap" ]; then + for allowed in ${HOME}/.ssh_wrap/* + do + check_run `head -n 1 "${allowed}"` + done +else + echo "No commands allowed!" >> $LOGFILE +fi |