ASNMTAP
view release on metacpan or search on metacpan
applications/sbin/sshWrapperASNMTAP.pl view on Meta::CPAN
#!/usr/bin/env perl
# ----------------------------------------------------------------------------------------------------------
# © Copyright 2003-2011 Alex Peeters [alex.peeters@citap.be]
# ----------------------------------------------------------------------------------------------------------
# 2011/mm/dd, v3.002.003, sshWrapperASNMTAP.pl for ASNMTAP::Applications
# ----------------------------------------------------------------------------------------------------------
use strict;
use warnings; # Must be used in test mode only. This reduces a little process speed
#use diagnostics; # Must be used in test mode only. This reduces a lot of process speed
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
BEGIN { if ( $ENV{ASNMTAP_PERL5LIB} ) { eval 'use lib ( "$ENV{ASNMTAP_PERL5LIB}" )'; } }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
use Getopt::Long;
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
use ASNMTAP::Asnmtap::Applications v3.002.003;
use ASNMTAP::Asnmtap::Applications qw(:APPLICATIONS $APPLICATIONPATH $PIDPATH $PERLCOMMAND);
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
use vars qw($opt_C $PROGNAME);
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$PROGNAME = 'sshWrapperASNMTAP.pl';
my $prgtext = "ASNMTAP SSH Wrapper for the '$APPLICATION'";
my $version = do { my @r = (q$Revision: 3.002.003$ =~ /\d+/g); sprintf "%d."."%03d" x $#r, @r }; # must be all on one line or MakeMaker will get confused.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
my $debug = 1; # default
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Where to log successes and failures to set to /dev/null to turn off logging.
my $filename = "$LOGPATH/sshWrapperASNMTAP.log";
# What you want sent if access is denied.
my $denyString = 'Access Denied! Sorry';
my $sshCmdRm = 'remove';
my $sshCmdKill = 'killall';
my $sshCmdSRSR = 'script ';
my $sshCmdSRDA = 'archive ';
my $regex = '^((?:'. $sshCmdKill .' \d+)|(?:'. $sshCmdRm .' '. $PIDPATH .'\/(?:(?:Collector|Display)CT-(?:[\w-]+)|importDataThroughCatalog)\.pid)|(?:'. $sshCmdSRSR . $APPLICATIONPATH .'\/(?:master|slave|bin)\/(?:(?:Collector|Display)CT-(?:[\w-]...
my $commandRm = '/bin/rm';
my $commandKill = '/bin/kill -9';
my $commandSRSR = '';
my $commandSRDA = '';
my ($command, $rvOpen);
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Getopt::Long::Configure('bundling');
GetOptions ( "C:s" => \$opt_C, "command:s" => \$opt_C );
$command = $1 if ( defined $opt_C and $opt_C =~ /$regex/ );
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$rvOpen = open (SSHOUT, "+>>$filename");
unless ($rvOpen) { print STDERR "Couldn't open log '$filename'!\n"; exit 0; }
my $now = localtime;
# Unset the path, so all commands must have the full path. This avoids any path attacks.
delete $ENV{PATH};
unless ( defined $command ) {
# Since this script is called as a forced command, need to get the original ssh command given by the client.
my $commandSSH = $ENV{SSH_ORIGINAL_COMMAND};
unless ( defined $commandSSH ) {
print SSHOUT ("$now environment variable SSH_ORIGINAL_COMMAND not set\n\n"); close (SSHOUT);
print STDERR "$denyString\n"; exit 0;
}
# Log the command for tracking and debugging purposes
if ( $debug ) {
print SSHOUT ("$now EVALUATING: '$commandSSH'\n");
print "EVALUATING '$commandSSH'\n";
}
$command = $1 if ( $commandSSH =~ /$regex/ );
unless ( defined $command ) {
print SSHOUT ("$now SSH REQUEST FAILED INSPECTION - SKIPPING '$commandSSH'\n\n"); close (SSHOUT);
( run in 0.650 second using v1.01-cache-2.11-cpan-39bf76dae61 )