#!/usr/bin/perl # # ---------------------------------------------------------------------------- # "THE BEER-WARE LICENSE" (Revision 42): # wrote this file. As long as you retain this notice you # can do whatever you want with this stuff. If we meet some day, and you think # this stuff is worth it, you can buy me a beer in return. Flemming Jacobsen # ---------------------------------------------------------------------------- # # The latest version of this program can be fund at: # http://www.batmule.dk/rsyncwrapper # # rsyncwrapper - Wrapper for rsync for use with the ssh command="" # autocommand. # Checks that the rsync command called will only recieve and # send data to/from a specific set of directories. # This will of course permit destruction of backup data, but # not data theft (apart for what has been exposed for backup). # # # To configure: # Edit $HOME/.rsyncwrapper.conf # Set: # $OKdest as a regexp defining the directories where files are allowed to # be put. # i.e. $OKdest="^/usr2/Backup/"; # $OKdest="^(/usr2/Backup/|/usr3/Backup1/)"; # $OKsrc like $OKdest, but for reading files. # $rsync as the path to rsync. # i.e. $rsync="/usr/local/bin/rsync"; # $log path to logfile, if set. # i.e. $log="/tmp/rsyncwrapper.log"; # Bear in mind that the logfile will contain the unfiltered # commandline, and that it might contain escape sequences that # could make your terminal execute commands. Allways use a pager # which filters control characters (like less) when reviewing # the log. # # After reading $HOME/.rsyncwrapper.conf, the # $HOME/.rsyncwrapper.`basename $0`.conf file will be read. This allows # per ssh-key configurations. For a default installation the following # files will be read in sequence: # $HOME/.rsyncwrapper.conf $HOME/.rsyncwrapper.rsyncwrapper.conf # # In .ssh/authorized_keys insert something like: # from="",command="/path/to/rsyncwrapper",no-pty,no-port-forwarding ssh-dss AAAAB3NzaC1kc3MAA [ rest of ssh public key ] # # # # $Id: rsyncwrapper,v 1.12 2010/03/27 19:25:13 fj Exp $ # use strict; # Regexp for legitimate destination directories. # Start with safe defaults. our $OKdest="^/nonexistent/"; our $OKsrc="^/nonexistent/"; # Path to rsync binary our $rsync="/usr/local/bin/rsync"; # Do logging? our $log="/dev/null"; # Read local config files. my $base=$0; $base =~ s,.*/,,; do '.rsyncwrapper.conf'; do ".rsyncwrapper.$base.conf"; # Used for examining the commandline my $line; my $line1; # $SSH_ORIGINAL_COMMAND keeps the command line that we overrode with # command="" in authorized_keys my $line=$ENV{SSH_ORIGINAL_COMMAND}; my $datestamp = localtime(time); open LOG,">>$log" or die; print LOG "---------------- $datestamp\n"; print LOG "Connection from: $ENV{SSH_CLIENT}\n"; print LOG "CMD: $line\n"; # Make sure that no funny (escape-)characters throws us off. # Might have to be extended slightly in order to not react to some legal # directory names. $line1=$line; $line1 =~ s;[^\w\d\s\-\/.=,+];;; if($line ne $line1) { print LOG "Funny characters in line\n"; exit 1; } # Bail out if rsync wasn't the command wanted. # We might have grief if a legitimate user has an other command # changed to rsync below. $line1=$line; $line1 =~ s, .*,,; $line1 =~ s,.*/,,; if($line1 ne "rsync") { print LOG "Command not rsync\n"; exit 1; } # Only allow rsync. Replace $0 with "rsync" $line =~ s,^\S+,$rsync,; # Don't allow ".." in commandline. # This could deny legitimate src/dest names, but we want to play it safe. if($line =~ m/\.\./) { print LOG ".. in line\n"; exit 1; } # Set $OK regexp according to send/recv mode. my $OK=$OKdest; if($line =~ m/\s--sender\s/) { print LOG "--sender mode\n"; $OK=$OKsrc; } # Check that the last argument (the destination/source) is OK. $line1=$line; $line1 =~ s/^.*\s+//; if(! ($line1 =~ m;$OK;)) { print LOG "Source/destination not OK\n"; exit 1; } print LOG "OK: $line\n"; close LOG; system split ' ', $line;