From: martin f. krafft Date: Sat, 19 Apr 2008 13:19:10 +0000 (+0200) Subject: rework the scripts given andrew's patch X-Git-Tag: 0.4~6 X-Git-Url: https://git.madduck.net/code/molly-guard.git/commitdiff_plain/3fb8d0418be397c5f4e29aa2e74dd2cf378b68e0 rework the scripts given andrew's patch --- diff --git a/checks.d/10-print-message b/checks.d/10-print-message deleted file mode 100755 index cb4a483..0000000 --- a/checks.d/10-print-message +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# -# print a warning message before rebooting/shutting down etc a machine. -# -# Copyright Andrew Ruthven -# Released under the terms of the Artistic Licence 2.0 -# -# Cat out either /etc/molly-guard.$CMD.message -# or /etc/molly-guard.message -# If present. -CMD=$1; shift - -FILE= -BANNER= - -if [ -f /etc/molly-guard.$CMD.message ]; then - echo "$(hostname -s) has a $CMD warning message:" - FILE=/etc/molly-guard.$CMD.message -elif [ -f /etc/molly-guard.message ]; then - FILE=/etc/molly-guard.message - echo "$(hostname -s) has a warning message:" -fi - -if [ "x$FILE" != "x" ]; then - echo $BANNER - cat $FILE - echo "" -fi diff --git a/run.d/10-print-message b/run.d/10-print-message new file mode 100755 index 0000000..0e19526 --- /dev/null +++ b/run.d/10-print-message @@ -0,0 +1,22 @@ +#!/bin/sh +# +# 10-print-message - print a (command-specific or default) message +# +# Copyright © Andrew Ruthven +# Copyright © martin f. krafft +# Released under the terms of the Artistic Licence 2.0 +# +# Prints either /etc/molly-guard/messages.d/$MOLLYGUARD_CMD +# or /etc/molly-guard/messages.d/default +# depending on whether the first exists. +# +set -eu + +MESSAGESDIR=/etc/molly-guard/messages.d + +for i in $MOLLYGUARD_CMD default; do + if [ -f "$MESSAGESDIR/$i" ] && [ -r "$MESSAGESDIR/$i" ]; then + cat $MESSAGESDIR/$i + exit 0 + fi +done diff --git a/checks.d/30-ask-hostname b/run.d/30-ask-hostname similarity index 61% rename from checks.d/30-ask-hostname rename to run.d/30-ask-hostname index 968dd95..6e33fe1 100755 --- a/checks.d/30-ask-hostname +++ b/run.d/30-ask-hostname @@ -1,6 +1,6 @@ #!/bin/sh # -# molly-guard -- wrapper script to prevent erroneous shutdowns via SSH +# 30-ask-hostname - request the user to type in the hostname of the local host # # Copyright © martin f. krafft # Released under the terms of the Artistic Licence 2.0 @@ -9,28 +9,24 @@ set -eu ME=molly-guard -ALWAYS_MOLLY=${ALWAYS_MOLLY:-"0"} -[ -f /etc/default/${ME} ] && . /etc/default/${ME} +[ -f "$MOLLYGUARD_SETTINGS" ] && . "$MOLLYGUARD_SETTINGS" -CMD=$1; shift PRETEND_SSH=0 for arg in "$@"; do case "$arg" in - (*-help) - usage 2>&1 - eval $EXEC --help 2>&1 - exit 1 - ;; (*-pretend-ssh) PRETEND_SSH=1;; esac done # require an interactive terminal connected to stdin -test -t 0 || exit 0 +if ! test -t 0; then + echo "E: $ME: not connected to a terminal." + exit 1 +fi # we've been asked to always protect this host -if [ ${ALWAYS_MOLLY} -eq 1 ]; then - echo "W: $ME: ${CMD} is always molly-guarded on this server." +if [ ${ALWAYS_QUERY_HOSTNAME:-0} -eq 1 ]; then + echo "I: $ME: $MOLLYGUARD_CMD is always molly-guarded on this system." else # only run if we are being called over SSH, that is if the current terminal # was created by sshd. @@ -38,7 +34,7 @@ else if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \ && [ -z "${SSH_CONNECTION:-}" ]; then if [ $PRETEND_SSH -eq 1 ]; then - echo "I: this is not an SSH session, but --pretend-ssh was given..." + echo "I: $ME: this is not an SSH session, but --pretend-ssh was given..." else exit 0 fi @@ -47,18 +43,17 @@ else fi fi - HOSTNAME="$(hostname --short)" sigh() { - echo "Good thing I asked; I won't $CMD $HOSTNAME ..." + echo "Good thing I asked; I won't $MOLLYGUARD_CMD $HOSTNAME ..." exit 1 } trap 'echo;sigh' 1 2 3 9 10 12 15 -echo -n "Please type in hostname of the machine to $CMD: " +echo -n "Please type in hostname of the machine to $MOLLYGUARD_CMD: " read HOSTNAME_USER || : [ "$HOSTNAME_USER" = "$HOSTNAME" ] || sigh diff --git a/shutdown b/shutdown index f12fde0..be733b7 100755 --- a/shutdown +++ b/shutdown @@ -1,6 +1,6 @@ #!/bin/sh # -# shutdown -- wrapper script to prevent erroneous shutdowns via SSH +# shutdown -- wrapper script to guard against accidental shutdowns # # Copyright © martin f. krafft # Released under the terms of the Artistic Licence 2.0 @@ -8,7 +8,9 @@ set -eu ME=molly-guard -CHECKSDIR=/etc/molly-guard/checks.d +VERSION=0.4 +SCRIPTSDIR=/etc/molly-guard/run.d +SCRIPTSDIR="${0%/*}/run.d" CMD="${0##*/}" EXEC="/sbin/$CMD" @@ -33,44 +35,31 @@ esac usage() { cat <<-_eousage - Usage: $ME [options] + Usage: $ME [options] [-- script options] (shielding $EXEC) + + molly-guard's primary goal is to guard against accidental + shutdowns/reboots. $ME will run all scripts in $SCRIPTSDIR and only + invokes $EXEC if all scripts exited successfully. - Instead of invoking $EXEC directly, $ME will run a number of checks - to guard against accidental shutdowns/reboots. - - Some of the checks available are: - - Prompt the user for the machine's if the current shell is a child - of an SSH connection (or --pretend-ssh) has been given on the - command line, if the shell is connected to an interactive - terminal, and the actual command to execute is does not involve - --help or is \`shutdown -c'. - - $ME will always interpose the prompt if the environment variable - ALWAYS_MOLLY is set to '1'. This variable may be set in the file - /etc/default/${ME} . - - - Print out a warning message with information about this host - before the action takes place. You can use: - /etc/molly-guard..message - To print out a message specific to the command you're trying to - use. Or: - /etc/molly-guard.message - For a general warning message. - - Only if the user satisfies all the checks will $ME take action. Specifying --molly-guard-do-nothing as argument to the command will - make $ME echo the command it would execute rather than actually executing - it. + make $ME echo the command it would execute rather than actually + executing it. + + Options following the double hyphen will be passed unchanged to the + scripts. + + Please see molly-guard(8) for more information. The actual command's help output follows: _eousage } -ARGS= +CMDARGS= +SCRIPTARGS= +END_OF_ARGS=0 DO_NOTHING=0 -CHECK_ARGS= for arg in "$@"; do case "$arg" in (*-molly-guard-do-nothing) DO_NOTHING=1;; @@ -79,18 +68,24 @@ for arg in "$@"; do eval $EXEC --help 2>&1 exit 0 ;; - (*-pretend-ssh) CHECK_ARGS="${CHECK_ARGS:+$CHECK_ARGS }--arg --pretend-ssh";; - *) ARGS="${ARGS:+$ARGS }$arg";; + --) END_OF_ARGS=1;; + *) + if [ $END_OF_ARGS -eq 0 ]; then + CMDARGS="${args:+$args }$arg" + else + SCRIPTARGS="${args:+$args }--arg $arg" + fi + ;; esac done do_real_cmd() { if [ $DO_NOTHING -eq 1 ]; then - echo "$ME: would run: $EXEC $ARGS" + echo "$ME: would run: $EXEC $CMDARGS" exit 0 else - eval exec $EXEC "$ARGS" + eval exec $EXEC "$CMDARGS" fi } @@ -99,17 +94,25 @@ if [ $DO_NOTHING -eq 1 ]; then fi # pass through certain commands -case "$CMD $ARGS" in - (*shutdown\ *-c*) - echo "I: executing $CMD $ARGS regardless of check results." +case "$CMD $CMDARGS" in + (*shutdown\ *-c*) + # allow canceling shutdowns + echo "I: executing $CMD $CMDARGS regardless of check results." do_real_cmd ;; esac -run-parts --exit-on-error --arg $CMD $CHECK_ARGS /etc/molly-guard/checks.d +MOLLYGUARD_CMD=$CMD; export MOLLYGUARD_CMD +MOLLYGUARD_DO_NOTHING=$DO_NOTHING; export MOLLYGUARD_DO_NOTHING +MOLLYGUARD_SETTINGS="/etc/default/$ME"; export MOLLYGUARD_SETTINGS -# run-parts won't return to us if there are failures, but I'm paranoid. -if [ $? == 0 ]; then - do_real_cmd - exit -fi +for script in $(run-parts --test $SCRIPTSDIR); do + ret=0 + eval $script $SCRIPTARGS || ret=$? + if [ $ret -ne 0 ]; then + echo "W: aborting $CMD due to ${script##*/} exiting with code $ret." + exit $ret + fi +done + +do_real_cmd