From fea7b8cdf75e8aa668889f8db66270a5f971ef1a Mon Sep 17 00:00:00 2001
From: "martin f. krafft" <madduck@madduck.net>
Date: Sat, 19 Apr 2008 15:19:40 +0200
Subject: [PATCH] move README content to new manpage

---
 Makefile        |  18 ++++
 README          |  34 ------
 molly-guard.xml | 281 ++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 299 insertions(+), 34 deletions(-)
 create mode 100644 Makefile
 delete mode 100644 README
 create mode 100644 molly-guard.xml

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..242c36e
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,18 @@
+DB2MAN=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/manpages/docbook.xsl
+XP=xsltproc -''-nonet
+
+MANPAGE=molly-guard.8
+
+all: $(MANPAGE)
+
+%.8: %.xml
+	$(XP) $(DB2MAN) $<
+
+man: $(MANPAGE)
+	man -l $<
+.PHONY: man
+
+clean:
+	rm -f $(MANPAGE)
+.PHONY: clean
+
diff --git a/README b/README
deleted file mode 100644
index 529dcda..0000000
--- a/README
+++ /dev/null
@@ -1,34 +0,0 @@
-molly-guard
-===========
-
-molly-guard attempts to prevent you from accidentally shutting down or
-rebooting remote machines. It does this by injecting a couple of checks before
-the existing commands: halt, reboot, shutdown, and poweroff.
-
-It does this by putting scripts with the same names into /usr/sbin, so it only
-works if you have /usr/sbin before /sbin in your $PATH!
-
-The checks are:
-
-  - test whether the current pty has been created by sshd
-  - test whether a variable $SSH_CONNECTION exists
-
-If any of these tests are successful, molly-guard asks you to type the
-machine's hostname, which should be sufficient to prevent you from doing
-something by accident.
-
-The following situations are still UNGUARDED. If you can think of ways to
-protect against those, please let me know!
-
-  - running sudo within screen or screen within sudo; sudo eats the
-    $SSH_CONNECTION variable, and screen creates a new pty.
-
-  - executing those command in a remote terminal window, that is a XTerm
-    started on a remote machine but displaying on the local X server.
-
-You have been warned. You can use the --molly-guard-do-nothing switch to
-prevent anything from happening, e.g.
-
-  halt --molly-guard-do-nothing
-
- -- martin f. krafft <madduck@debian.org>  Wed, 12 Mar 2008 20:02:14 +0100
diff --git a/molly-guard.xml b/molly-guard.xml
new file mode 100644
index 0000000..01988ad
--- /dev/null
+++ b/molly-guard.xml
@@ -0,0 +1,281 @@
+<?xml version='1.0' encoding='ISO-8859-1'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!--
+
+Process this file with an XSLT processor: `xsltproc \
+-''-nonet /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\
+manpages/docbook.xsl manpage.dbk'.  A manual page
+<package>.<section> will be generated.  You may view the
+manual page with: nroff -man <package>.<section> | less'.  A
+typical entry in a Makefile or Makefile.am is:
+
+DB2MAN=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\
+manpages/docbook.xsl
+XP=xsltproc -''-nonet
+
+manpage.1: manpage.dbk
+        $(XP) $(DB2MAN) $<
+    
+The xsltproc binary is found in the xsltproc package.  The
+XSL files are in docbook-xsl.  Please remember that if you
+create the nroff version in one of the debian/rules file
+targets (such as build), you will need to include xsltproc
+and docbook-xsl in your Build-Depends control field.
+
+-->
+
+  <!-- Fill in your name for FIRSTNAME and SURNAME. -->
+  <!ENTITY dhfirstname "<firstname>martin f.</firstname>">
+  <!ENTITY dhsurname   "<surname>krafft</surname>">
+  <!-- Please adjust the date whenever revising the manpage. -->
+  <!ENTITY dhdate      "<date>Apr 19, 2008</date>">
+  <!-- SECTION should be 1-8, maybe w/ subsection other parameters are
+       allowed: see man(7), man(1). -->
+  <!ENTITY dhsection   "<manvolnum>8</manvolnum>">
+  <!ENTITY dhemail     "<email>madduck@madduck.net</email>">
+  <!ENTITY dhusername  "martin f. krafft">
+  <!ENTITY dhucpackage "<refentrytitle>molly-guard</refentrytitle>">
+  <!ENTITY dhpackage   "molly-guard">
+  <!ENTITY dhcommand   "<command>molly-guard</command>">
+
+  <!ENTITY debian      "<productname>Debian</productname>">
+  <!ENTITY gnu         "<acronym>GNU</acronym>">
+  <!ENTITY gpl         "&gnu; <acronym>GPL</acronym>">
+]>
+
+<refentry>
+  <refentryinfo>
+    <address>
+      &dhemail;
+    </address>
+    <copyright>
+      <year>2008</year>
+      <holder>&dhusername;</holder>
+    </copyright>
+    &dhdate;
+  </refentryinfo>
+  <refmeta>
+    &dhucpackage;
+
+    &dhsection;
+  </refmeta>
+  <refnamediv>
+    <refname>&dhcommand;</refname>
+
+    <refpurpose>guard against accidental shutdowns/reboots</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>shutdown</command>
+      <arg choice="opt">
+        -<option>hV</option>
+      </arg>
+      <arg choice="opt">
+        <option>--molly-guard-do-nothing</option>
+      </arg>
+      <arg choice="opt">
+        -- <replaceable>script_options</replaceable>
+      </arg>
+    </cmdsynopsis>
+    <cmdsynopsis>
+      <command>halt</command>
+      <arg choice="opt">
+        -<option>hV</option>
+      </arg>
+      <arg choice="opt">
+        <option>--molly-guard-do-nothing</option>
+      </arg>
+      <arg choice="opt">
+        -- <replaceable>script_options</replaceable>
+      </arg>
+    </cmdsynopsis>
+    <cmdsynopsis>
+      <command>reboot</command>
+      <arg choice="opt">
+        -<option>hV</option>
+      </arg>
+      <arg choice="opt">
+        <option>--molly-guard-do-nothing</option>
+      </arg>
+      <arg choice="opt">
+        -- <replaceable>script_options</replaceable>
+      </arg>
+    </cmdsynopsis>
+    <cmdsynopsis>
+      <command>poweroff</command>
+      <arg choice="opt">
+        -<option>hV</option>
+      </arg>
+      <arg choice="opt">
+        <option>--molly-guard-do-nothing</option>
+      </arg>
+      <arg choice="opt">
+        -- <replaceable>script_options</replaceable>
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+
+    <para> &dhcommand; attempts to prevent you from accidentally shutting down
+      or rebooting machines. It does this by injecting a couple of checks
+      before the existing commands: <command>halt</command>,
+      <command>reboot</command>, <command>shutdown</command>, and
+      <command>poweroff</command>. This happens via scripts with the same
+      names in <filename>/usr/sbin</filename>, so it only works if you have
+      <filename>/usr/sbin</filename> before <filename>/sbin</filename> in your
+      <envar>PATH</envar>!</para>
+
+    <para> Before &dhcommand; invokes the real command, all scripts in
+      <filename>/etc/molly-guard/run.d/</filename> have to run and exit
+      successfully; else, it aborts the command.
+      <command>run-parts(1)</command> is used to process the directory.</para>
+
+    <para> &dhcommand; passes any <replaceable>script_options</replaceable> to the
+      scripts, and also populates the environment with the following
+      variables:</para>
+
+    <itemizedlist>
+      <listitem><para><envar>MOLLYGUARD_CMD</envar> - the actual command
+          invoked by the user.</para></listitem>
+
+      <listitem><para><envar>MOLLYGUARD_DO_NOTHING</envar> - set to
+          <option>1</option> if this is a demo-run.</para></listitem>
+
+      <listitem><para><envar>MOLLYGUARD_SETTINGS</envar> - the path to
+          a shell script snippet which scripts can source to obtain
+          settings.</para></listitem>
+    </itemizedlist>
+
+    <para> &dhcommand; prints the contents of
+      <filename>/etc/molly-guard/messages.d/COMMAND</filename> or
+      <filename>/etc/molly-guard/messages.d/default</filename> to the console,
+      if either exists. This is due to
+      <filename>/etc/molly-guard/run.d/10-print-message</filename>.</para>
+
+  </refsect1>
+  <refsect1>
+    <title>GUARDING SSH SESSIONS</title>
+
+    <para> &dhcommand; was primarily designed to shield SSH connections. This
+      functionality (which should arguably be provided by the
+      <package>openssh-server</package> package) is implemented in
+      <filename>/etc/molly-guard/run.d/10-print-message</filename>.</para>
+
+    <para> This script first tests whether the command is being executed from
+      a <filename>tty</filename> which has been created by
+      <command>sshd</command>. It also checks whether the variable
+      <envar>SSH_CONNECTION</envar> is defined. If any of these tests are
+      successful, test script queries the user for the machine's hostname,
+      which should be sufficient to prevent the user from doing something by
+      accident.</para>
+
+    <para> You can pass the <option>--pretend-ssh</option> script option to
+      &dhcommand; to pretend that those tests succeeds. Alternatively, setting
+      <envar>ALWAYS_QUERY_HOSTNAME</envar> in
+      <filename>/etc/default/molly-guard</filename> causes the script to
+      always query.</para>
+
+    <para> The following situations are still UNGUARDED. If you can think of
+      ways to protect against those, please let me know!</para>
+
+    <itemizedlist>
+      <listitem><para>running <application>sudo</application> within
+          <application>screen</application> or <application>screen</application> within
+          <application>sudo</application>; <application>sudo</application> eats the
+          <envar>SSH_CONNECTION</envar> variable, and
+          <application>screen</application> creates a new
+          <filename>pty</filename>.</para></listitem>
+      <listitem><para>executing those command in a remote terminal window,
+          that is a <application>XTerm</application> started on a remote
+          machine but displaying on the local <application>X</application>
+          server.</para></listitem>
+    </itemizedlist>
+
+    <para> You have been warned. You can use the
+      <option>--molly-guard-do-nothing</option> switch to prevent anything
+      from happening, e.g. <userinput>halt
+        --molly-guard-do-nothing</userinput>. </para>
+  </refsect1>
+
+  <refsect1>
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+	<term>--molly-guard-do-nothing</term>
+	<listitem>
+	  <para>
+	    Cause &dhcommand; to print the command which would be executed,
+	    after processing all scripts, instead of executing it.
+          </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term>-h</term>
+	<term>--help</term>
+	<listitem>
+	  <para>
+            Display usage information.
+          </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term>-V</term>
+	<term>--version</term>
+	<listitem>
+	  <para>
+            Display version information.
+          </para>
+	</listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>shutdown</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>halt</refentrytitle>
+	<manvolnum>1</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>reboot</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>poweroff</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>LEGALESE</title>
+
+    <para>
+      &dhpackage; is copyright by &dhusername;. Andrew Ruthven came up with
+      the idea of using the scripts directory and submitted a patch, which
+      I modified a bit.
+    </para>
+
+    <para>
+      This manual page was written by &dhusername; &dhemail;.
+    </para>
+
+    <para>
+      Permission is granted to copy, distribute and/or modify this document
+      under the terms of the Artistic License 2.0
+    </para>
+
+  </refsect1>
+</refentry>
-- 
2.39.2