1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
|
<?xml version='1.0' encoding='ISO-8859-1'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!--
Process this file with an XSLT processor: `xsltproc \
-''-nonet /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\
manpages/docbook.xsl manpage.dbk'. A manual page
<package>.<section> will be generated. You may view the
manual page with: nroff -man <package>.<section> | less'. A
typical entry in a Makefile or Makefile.am is:
DB2MAN=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\
manpages/docbook.xsl
XP=xsltproc -''-nonet
manpage.1: manpage.dbk
$(XP) $(DB2MAN) $<
The xsltproc binary is found in the xsltproc package. The
XSL files are in docbook-xsl. Please remember that if you
create the nroff version in one of the debian/rules file
targets (such as build), you will need to include xsltproc
and docbook-xsl in your Build-Depends control field.
-->
<!-- Fill in your name for FIRSTNAME and SURNAME. -->
<!ENTITY dhfirstname "<firstname>martin f.</firstname>">
<!ENTITY dhsurname "<surname>krafft</surname>">
<!-- Please adjust the date whenever revising the manpage. -->
<!ENTITY dhdate "<date>Apr 19, 2008</date>">
<!-- SECTION should be 1-8, maybe w/ subsection other parameters are
allowed: see man(7), man(1). -->
<!ENTITY dhsection "<manvolnum>8</manvolnum>">
<!ENTITY dhemail "<email>madduck@madduck.net</email>">
<!ENTITY dhusername "martin f. krafft">
<!ENTITY dhucpackage "<refentrytitle>molly-guard</refentrytitle>">
<!ENTITY dhpackage "molly-guard">
<!ENTITY dhcommand "<command>molly-guard</command>">
<!ENTITY debian "<productname>Debian</productname>">
<!ENTITY gnu "<acronym>GNU</acronym>">
<!ENTITY gpl "&gnu; <acronym>GPL</acronym>">
]>
<refentry>
<refentryinfo>
<address>
&dhemail;
</address>
<copyright>
<year>2008</year>
<holder>&dhusername;</holder>
</copyright>
&dhdate;
</refentryinfo>
<refmeta>
&dhucpackage;
&dhsection;
</refmeta>
<refnamediv>
<refname>&dhcommand;</refname>
<refpurpose>guard against accidental shutdowns/reboots</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>shutdown</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>halt</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>reboot</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>poweroff</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>coldreboot</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>pm-hibernate</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>pm-suspend</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>pm-suspend-hybrid</command>
<arg choice="opt">
-<option>hV</option>
</arg>
<arg choice="opt">
<option>--molly-guard-do-nothing</option>
</arg>
<arg choice="opt">
-- <replaceable>script_options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para> &dhcommand; attempts to prevent you from accidentally shutting down
or rebooting machines. It does this by injecting a couple of checks
before the existing commands: <command>coldreboot</command>,
<command>halt</command>, <command>reboot</command>,
<command>shutdown</command>, <command>poweroff</command>,
<command>pm-hibernate</command>,<command>pm-suspend</command>
and <command>pm-suspend-hybrid</command>.</para>
<para> Before &dhcommand; invokes the real command, all scripts in
<filename>/etc/molly-guard/run.d/</filename> have to run and exit
successfully; else, it aborts the command.
<command>run-parts(1)</command> is used to process the directory.</para>
<para> &dhcommand; passes any <replaceable>script_options</replaceable> to the
scripts, and also populates the environment with the following
variables:</para>
<itemizedlist>
<listitem><para><envar>MOLLYGUARD_CMD</envar> - the actual command
invoked by the user.</para></listitem>
<listitem><para><envar>MOLLYGUARD_DO_NOTHING</envar> - set to
<option>1</option> if this is a demo-run.</para></listitem>
<listitem><para><envar>MOLLYGUARD_SETTINGS</envar> - the path to
a shell script snippet which scripts can source to obtain
settings.</para></listitem>
</itemizedlist>
<para> &dhcommand; prints the contents of
<filename>/etc/molly-guard/messages.d/COMMAND</filename> or
<filename>/etc/molly-guard/messages.d/default</filename> to the console,
if either exists. This is due to
<filename>/etc/molly-guard/run.d/10-print-message</filename>.</para>
</refsect1>
<refsect1>
<title>GUARDING SSH SESSIONS</title>
<para> &dhcommand; was primarily designed to shield SSH connections. This
functionality (which should arguably be provided by the
<package>openssh-server</package> package) is implemented in
<filename>/etc/molly-guard/run.d/30-query-hostname</filename>.</para>
<para> This script first tests whether the command is being executed from
a <filename>tty</filename> which has been created by
<command>sshd</command>. It also checks whether the variable
<envar>SSH_CONNECTION</envar> is defined. If any of these tests are
successful, test script queries the user for the machine's hostname,
which should be sufficient to prevent the user from doing something by
accident.</para>
<para> You can pass the <option>--pretend-ssh</option> script option to
&dhcommand; to pretend that those tests succeeds. Alternatively, setting
<envar>ALWAYS_QUERY_HOSTNAME</envar> in
<filename>/etc/molly-guard/rc</filename> causes the script to
always query.</para>
<para> The following situations are still UNGUARDED. If you can think of
ways to protect against those, please let me know!</para>
<itemizedlist>
<listitem><para>running <application>sudo</application> within
<application>screen</application> or <application>screen</application> within
<application>sudo</application>; <application>sudo</application> eats the
<envar>SSH_CONNECTION</envar> variable, and
<application>screen</application> creates a new
<filename>pty</filename>.</para></listitem>
<listitem><para>executing those command in a remote terminal window,
that is a <application>XTerm</application> started on a remote
machine but displaying on the local <application>X</application>
server.</para></listitem>
</itemizedlist>
<para> You have been warned. You can use the
<option>--molly-guard-do-nothing</option> switch to prevent anything
from happening, e.g. <userinput>halt
--molly-guard-do-nothing</userinput>. </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>--molly-guard-do-nothing</term>
<listitem>
<para>
Cause &dhcommand; to print the command which would be executed,
after processing all scripts, instead of executing it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h</term>
<term>--help</term>
<listitem>
<para>
Display usage information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-V</term>
<term>--version</term>
<listitem>
<para>
Display version information.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>shutdown</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>halt</refentrytitle>
<manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>reboot</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>poweroff</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
<citerefentry>
<refentrytitle>coldreboot</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
<citerefentry>
<refentrytitle>pm-hibernate</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
<citerefentry>
<refentrytitle>pm-suspend</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
<citerefentry>
<refentrytitle>pm-suspend-hybrid</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
<refsect1>
<title>LEGALESE</title>
<para>
&dhpackage; is copyright by &dhusername;. Andrew Ruthven came up with
the idea of using the scripts directory and submitted a patch, which
I modified a bit.
</para>
<para>
This manual page was written by &dhusername; &dhemail;.
</para>
<para>
Permission is granted to copy, distribute and/or modify this document
under the terms of the Artistic License 2.0
</para>
</refsect1>
</refentry>
|
