| #!/bin/sh |
| |
| if [ $# -gt 0 ]; then |
| printf "[%s] %s %s [%s %s] (#=%s)\\n" "`date +%F.%T.%Z`" "$USER" "$SSH_CLIENT" "$0" "$*" "$#" >> /var/log/shd.log |
| fi 2> /dev/null |
| |
| # This script only logs any requested command line, then exec to bash(1) |
| # directly, if the user is privileged |
| #[ "$EUID" = 0 ] && [ "$UID" = 0 ] && exec /bin/bash "$@" |
| # Or only if no command was specified via '-c' |
| [ "$EUID" = 0 ] && [ "$UID" = 0 ] && [ $# = 0 ] && exec /bin/bash |
| |
| SFTP_SERVER_PROGRAM=/usr/lib/openssh/sftp-server |
| MAX_PROCESSES= |
| #MAX_PROCESSES=64 |
| |
| if [ "$1" = -c ]; then case "$2" in |
| "scp "*) |
| exec $2 |
| ;; |
| "$SFTP_SERVER_PROGRAM") |
| exec $SFTP_SERVER_PROGRAM -l DEBUG1 |
| ;; |
| |
| #"uname -s -v -n -r -m") |
| # buffer="`uname -vnr`" || exit |
| # printf 'Linux %s x86_64\n' "$buffer" |
| # exit |
| # ;; |
| |
| "echo -"*"| passwd") |
| exec 1>&2 |
| echo "New password: Re-enter new password: Sorry, passwords do not match" |
| echo "passwd: Authentication token manipulation error" |
| echo "passwd: password unchanged" |
| exit 10 |
| ;; |
| |
| #"uptime -p") |
| # buffer=", 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute" |
| # printf "\\x1b[9;0t\\x1b[3;18034;34039t\\x1b[2tup " |
| # while printf %s "$buffer"; do true; done |
| # ;; |
| |
| #uptime) |
| # exec uptime |
| # ;; |
| |
| # Enable this if fake nproc(1) from fuck-vvnnmm is installed |
| #"nproc --all") |
| # exec nproc --all |
| # ;; |
| |
| #"lspci | grep VGA | cut "*) |
| # exec yes "NVIDIA Corporation GA102 [GeForce RTX 3090] (rev a1)" |
| # ;; |
| esac fi |
| |
| if [ -n "$MAX_PROCESSES" ]; then |
| if [ -n "$BASH" ]; then |
| ulimit -u "$MAX_PROCESSES" |
| else |
| ulimit -p "$MAX_PROCESSES" |
| fi > /dev/null 2>&1 |
| fi |
| |
| export SHELL=/bin/sh |
| LOG_FILE="/var/log/noshell/$USER.`date -u +%F.%H-%M-%S`" |
| exec script -c " export SHELL=/bin/bash; exec /bin/bash $*" -f -q -t $LOG_FILE 2> $LOG_FILE.time |