| #!/bin/sh |
| |
| # Copyright 2015-2024 Rivoreo |
| |
| # Permission is hereby granted, free of charge, to any person obtaining a copy |
| # of this software and associated documentation files (the "Software"), to |
| # deal in the Software without restriction, including without limitation the |
| # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
| # sell copies of the Software, and to permit persons to whom the Software is |
| # furnished to do so, subject to the following conditions: |
| |
| # The above copyright notice and this permission notice shall be included in |
| # all copies or substantial portions of the Software. |
| |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR |
| # IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| # SOFTWARE. |
| |
| |
| isdigit() { |
| printf %s\\n "$1" | grep -Eq '^[0-9]+$' |
| } |
| |
| isdigit "$EUID" || EUID="`id -u`" |
| isdigit "$UID" || UID="`id -ru`" |
| |
| if [ $# -gt 0 ]; then |
| printf "[%s] %s %s [%s %s] (#=%s)\\n" "`date +%F.%T.%Z`" "$USER" "$SSH_CLIENT" "$0" "$*" "$#" >> /var/log/shd.log |
| fi 2> /dev/null |
| |
| [ $# = 0 ] && [ "`ps -p $PPID -o comm=`" = sshd ] && set -- --login |
| |
| # This script only logs any requested command line, then exec to bash(1) |
| # directly, if the user is privileged |
| #[ "$EUID" = 0 ] && [ "$UID" = 0 ] && exec /bin/bash "$@" |
| # Or only if no command was specified via '-c' |
| if [ "$EUID" = 0 ] && [ "$UID" = 0 ]; then |
| [ $# = 0 ] && exec /bin/bash "$@" |
| [ $# = 1 ] && [ "$1" = --login ] && exec /bin/bash "$@" |
| fi |
| |
| SFTP_SERVER_PROGRAM=/usr/lib/openssh/sftp-server |
| MAX_PROCESSES= |
| #MAX_PROCESSES=64 |
| |
| if [ "$1" = -c ]; then case "$2" in |
| "scp "*) |
| exec $2 |
| ;; |
| "$SFTP_SERVER_PROGRAM") |
| exec $SFTP_SERVER_PROGRAM -l DEBUG1 |
| ;; |
| |
| #"uname -s -v -n -r -m") |
| # buffer="`uname -vnr`" || exit |
| # printf 'Linux %s x86_64\n' "$buffer" |
| # exit |
| # ;; |
| |
| "echo -"*"| passwd") |
| exec 1>&2 |
| echo "New password: Re-enter new password: Sorry, passwords do not match" |
| echo "passwd: Authentication token manipulation error" |
| echo "passwd: password unchanged" |
| exit 10 |
| ;; |
| |
| #"uptime -p") |
| # buffer=", 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute" |
| # printf "\\x1b[9;0t\\x1b[3;18034;34039t\\x1b[2tup " |
| # while printf %s "$buffer"; do true; done |
| # ;; |
| |
| #uptime) |
| # exec uptime |
| # ;; |
| |
| # Enable this if fake nproc(1) from fuck-vvnnmm is installed |
| #"nproc --all"|nproc) |
| # exec $2 |
| # ;; |
| |
| #"lspci | grep VGA | cut "*) |
| # exec yes "NVIDIA Corporation GA102 [GeForce RTX 3090] (rev a1)" |
| # ;; |
| esac fi |
| |
| if [ -n "$MAX_PROCESSES" ]; then |
| if [ -n "$BASH" ]; then |
| ulimit -u "$MAX_PROCESSES" |
| else |
| ulimit -p "$MAX_PROCESSES" |
| fi > /dev/null 2>&1 |
| fi |
| |
| export SHELL=/bin/sh |
| LOG_FILE="/var/log/noshell/$USER.`date -u +%F.%H-%M-%S`" |
| exec script -c " export SHELL=/bin/bash; exec /bin/bash $*" -f -q -t $LOG_FILE 2> $LOG_FILE.time |