From d488a885cd818fb809a2c82e629bc4c37eeb7fc3 Mon Sep 17 00:00:00 2001
From: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat, 19 Apr 2008 14:01:04 +1200
Subject: [PATCH] Add support to always molly-guard a host, even if we're
 logged in at the console.

Based on patch by Andrew McMillan.
---
 checks.d/molly-guard | 33 ++++++++++++++++++++-------------
 shutdown             |  4 ++++
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/checks.d/molly-guard b/checks.d/molly-guard
index a9a2e90..968dd95 100755
--- a/checks.d/molly-guard
+++ b/checks.d/molly-guard
@@ -9,9 +9,11 @@ set -eu
 
 ME=molly-guard
 
+ALWAYS_MOLLY=${ALWAYS_MOLLY:-"0"}
+[ -f /etc/default/${ME} ] && . /etc/default/${ME}
+
+CMD=$1; shift
 PRETEND_SSH=0
-CMD=$1
-shift
 for arg in "$@"; do
   case "$arg" in
     (*-help)
@@ -26,18 +28,23 @@ done
 # require an interactive terminal connected to stdin
 test -t 0                    || exit 0
 
-# only run if we are being called over SSH, that is if the current terminal
-# was created by sshd.
-PTS=$(readlink /proc/$$/fd/0)
-if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
-  && [ -z "${SSH_CONNECTION:-}" ]; then
-    if [ $PRETEND_SSH -eq 1 ]; then
-      echo "I: this is not an SSH session, but --pretend-ssh was given..."
-    else
-      exit 0
-    fi
+# we've been asked to always protect this host
+if [ ${ALWAYS_MOLLY} -eq 1 ]; then
+  echo "W: $ME: ${CMD} is always molly-guarded on this server."
 else
-  echo "W: $ME: SSH session detected!"
+  # only run if we are being called over SSH, that is if the current terminal
+  # was created by sshd.
+  PTS=$(readlink /proc/$$/fd/0)
+  if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
+    && [ -z "${SSH_CONNECTION:-}" ]; then
+      if [ $PRETEND_SSH -eq 1 ]; then
+        echo "I: this is not an SSH session, but --pretend-ssh was given..."
+      else
+        exit 0
+      fi
+  else
+    echo "W: $ME: SSH session detected!"
+  fi
 fi
 
 
diff --git a/shutdown b/shutdown
index c68b572..775a93e 100755
--- a/shutdown
+++ b/shutdown
@@ -47,6 +47,10 @@ usage()
 	   terminal, and the actual command to execute is does not involve
            --help or is \`shutdown -c'.
 
+	  $ME will always interpose the prompt if the environment variable
+          ALWAYS_MOLLY is set to '1'.  This variable may be set in the file
+	  /etc/default/${ME} .
+
 	Only if the user satisfies all the checks will $ME take action.
 	Specifying --molly-guard-do-nothing as argument to the command will
 	make $ME echo the command it would execute rather than actually executing
-- 
2.39.2