]> git.madduck.net Git - code/molly-guard.git/commitdiff

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

projects / code / molly-guard.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ecdbd1c)
Add support to always molly-guard a host, even if we're logged in at the console.
authorAndrew Ruthven <andrew@etc.gen.nz>
Sat, 19 Apr 2008 02:01:04 +0000 (14:01 +1200)
committerAndrew Ruthven <puck@dirk.wgtn.cat-it.co.nz>
Sat, 19 Apr 2008 02:01:04 +0000 (14:01 +1200)
Based on patch by Andrew McMillan.

checks.d/molly-guard patch | blob | history
shutdown patch | blob | history

diff --git a/checks.d/molly-guard b/checks.d/molly-guard
index a9a2e90fdd6a9bfb38ef46160e3f36cee75c1123..968dd954f4fb694c2e37b3fcbf9f76a7127dfcd3 100755 (executable)
--- a/checks.d/molly-guard
+++ b/checks.d/molly-guard
@@ -9,9 +9,11 @@ set -eu
 
 ME=molly-guard
 
+ALWAYS_MOLLY=${ALWAYS_MOLLY:-"0"}
+[ -f /etc/default/${ME} ] && . /etc/default/${ME}
+
+CMD=$1; shift
 PRETEND_SSH=0
-CMD=$1
-shift
 for arg in "$@"; do
   case "$arg" in
     (*-help)
@@ -26,18 +28,23 @@ done
 # require an interactive terminal connected to stdin
 test -t 0                    || exit 0
 
-# only run if we are being called over SSH, that is if the current terminal
-# was created by sshd.
-PTS=$(readlink /proc/$$/fd/0)
-if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
-  && [ -z "${SSH_CONNECTION:-}" ]; then
-    if [ $PRETEND_SSH -eq 1 ]; then
-      echo "I: this is not an SSH session, but --pretend-ssh was given..."
-    else
-      exit 0
-    fi
+# we've been asked to always protect this host
+if [ ${ALWAYS_MOLLY} -eq 1 ]; then
+  echo "W: $ME: ${CMD} is always molly-guarded on this server."
 else
-  echo "W: $ME: SSH session detected!"
+  # only run if we are being called over SSH, that is if the current terminal
+  # was created by sshd.
+  PTS=$(readlink /proc/$$/fd/0)
+  if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
+    && [ -z "${SSH_CONNECTION:-}" ]; then
+      if [ $PRETEND_SSH -eq 1 ]; then
+        echo "I: this is not an SSH session, but --pretend-ssh was given..."
+      else
+        exit 0
+      fi
+  else
+    echo "W: $ME: SSH session detected!"
+  fi
 fi
 
 
diff --git a/shutdown b/shutdown
index c68b57254297888114a1bea7792e480ae9890774..775a93ed6ffe0d205966dd27951886c7f85b965f 100755 (executable)
--- a/shutdown
+++ b/shutdown
@@ -47,6 +47,10 @@ usage()
           terminal, and the actual command to execute is does not involve
            --help or is \`shutdown -c'.
 
+         $ME will always interpose the prompt if the environment variable
+          ALWAYS_MOLLY is set to '1'.  This variable may be set in the file
+         /etc/default/${ME} .
+
        Only if the user satisfies all the checks will $ME take action.
        Specifying --molly-guard-do-nothing as argument to the command will
        make $ME echo the command it would execute rather than actually executing
prevent accidental system shutdowns/reboots

Legalese

All content available in this repository is copyright © martin f. krafft, unless otherwise noted.

All files and their content are released under the terms of the Artistic Licence 2.0, unless otherwise noted.

The operator of this repository shall not be held liable for offending content in pages linking to or linked from these page, nor does he endorse their content unless stated otherwise.