]> git.madduck.net Git - code/molly-guard.git/commitdiff

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

add a readme 0.3.1
authormartin f. krafft <madduck@madduck.net>
Wed, 12 Mar 2008 19:08:44 +0000 (20:08 +0100)
committermartin f. krafft <madduck@madduck.net>
Wed, 12 Mar 2008 19:16:13 +0000 (20:16 +0100)
README [new file with mode: 0644]

diff --git a/README b/README
new file mode 100644 (file)
index 0000000..529dcda
--- /dev/null
+++ b/README
@@ -0,0 +1,34 @@
+molly-guard
+===========
+
+molly-guard attempts to prevent you from accidentally shutting down or
+rebooting remote machines. It does this by injecting a couple of checks before
+the existing commands: halt, reboot, shutdown, and poweroff.
+
+It does this by putting scripts with the same names into /usr/sbin, so it only
+works if you have /usr/sbin before /sbin in your $PATH!
+
+The checks are:
+
+  - test whether the current pty has been created by sshd
+  - test whether a variable $SSH_CONNECTION exists
+
+If any of these tests are successful, molly-guard asks you to type the
+machine's hostname, which should be sufficient to prevent you from doing
+something by accident.
+
+The following situations are still UNGUARDED. If you can think of ways to
+protect against those, please let me know!
+
+  - running sudo within screen or screen within sudo; sudo eats the
+    $SSH_CONNECTION variable, and screen creates a new pty.
+
+  - executing those command in a remote terminal window, that is a XTerm
+    started on a remote machine but displaying on the local X server.
+
+You have been warned. You can use the --molly-guard-do-nothing switch to
+prevent anything from happening, e.g.
+
+  halt --molly-guard-do-nothing
+
+ -- martin f. krafft <madduck@debian.org>  Wed, 12 Mar 2008 20:02:14 +0100