jyotishp/restrict.py

## restrict.py
#!/usr/bin/env python

from __future__ import print_function
import os
import sys
from datetime import datetime as time

log_path = '/var/log/ssh.log'
client = os.environ['SSH_CLIENT'].split()[0]

def log(msg):
    with open(log_path, 'a') as f:
        f.write(str(time.now()))
        f.write(' {} {}\n'.format(client, msg))


try:
    # Get SSH command
    cmd = os.environ['SSH_ORIGINAL_COMMAND']
except:
    print('SSH is not allowed!')
    log('SSH_DENIED -')
    sys.exit(1)

# Split SSH command with known delimiteers
delimiters = [';', '&']
cmd_count = 0
for delimiter in delimiters:
    cmd_count = len(cmd.split(delimiter))

if cmd_count > 1 or cmd.split()[0] != 'rsync':
    print('Access denied! Command not allowed!')
    log('COMMAND_DENIED ' + cmd)
    sys.exit(1)

log('GRANTED ' + cmd)
os.system(cmd)
sys.exit(0)
	#!/usr/bin/env python

	from __future__ import print_function
	import os
	import sys
	from datetime import datetime as time

	log_path = '/var/log/ssh.log'
	client = os.environ['SSH_CLIENT'].split()[0]

	def log(msg):
	with open(log_path, 'a') as f:
	f.write(str(time.now()))
	f.write(' {} {}\n'.format(client, msg))


	try:
	# Get SSH command
	cmd = os.environ['SSH_ORIGINAL_COMMAND']
	except:
	print('SSH is not allowed!')
	log('SSH_DENIED -')
	sys.exit(1)

	# Split SSH command with known delimiteers
	delimiters = [';', '&']
	cmd_count = 0
	for delimiter in delimiters:
	cmd_count = len(cmd.split(delimiter))

	if cmd_count > 1 or cmd.split()[0] != 'rsync':
	print('Access denied! Command not allowed!')
	log('COMMAND_DENIED ' + cmd)
	sys.exit(1)

	log('GRANTED ' + cmd)
	os.system(cmd)
	sys.exit(0)