Differences

This shows you the differences between two versions of the page.

Link to this comparison view

rb:ftponlyshell [06/08/2019 15:17] (current)
andrew created
Line 1: Line 1:
 +====== FTP only shell ======
 +
 +
 +==== ftponly.sh ====
 +
 +This shell only allows ftp access, an alert message is sent if an interactive login is attempted. This needs adding to /etc/shells to be a valid shell.
 +
 +
 +  #!/bin/bash
 +  #/​bin/​ftponly.sh
 +  #Written by Andrew Stringer ages ago.
 +  #Use this script as a login shell for users where you don't want shell access,
 +  #ie. ftp only users on a webserver.
 +  #You will probably have to add this to the /etc/shells file to have the system use it.
 +  ​
 +  TERM=vt100
 +  export TERM
 +  ​
 +  #Set this to point to where policy queries should be sent.
 +  ADMIN=sean.mcgivern@igt.com
 +  #Set this to the alert recipient.
 +  MAILTO=ww-noc@igt.com
 +  ​
 +  #This may have to be modified to suit how your system defines itself.
 +  SYSTEM='​gy-asp-cms01.gyprod.int.igt.com'​
 +  NOW=`date +%c`
 +  ​
 +  MSG=/​tmp/​ftpmsg.txt
 +  echo "​${LOGNAME}@${REMOTEHOST}${SSH_CLIENT} has attempted access to a shell on gy-asp-cms01 at ${NOW}."​ > ${MSG}
 +  ​
 +  ​
 +  clear
 +  echo "​$TODAY ${LOGNAME}@${REMOTEHOST} ${SSH_CLIENT}"​ >>/​var/​log/​shellaccess.log
 +  echo
 +  echo "​*************************************************************************"​
 +  echo " "
 +  echo " ​  It is $NOW"
 +  echo " "
 +  echo " ​  ​Sorry,​ ${LOGNAME}@${REMOTEHOST}${SSH_CLIENT},​ you are not allowed"​
 +  echo " ​  ​interactive access to reports-ftp.rgsgames.com."​
 +  echo " "
 +  echo " ​  This access attempt has been logged by username, date and hostname."​
 +  echo " "
 +  echo " ​  FTP User accounts are restricted to ftp access."​
 +  echo " "
 +  echo " ​  ​Direct questions concerning this policy to ${ADMIN}."​
 +  echo " "
 +  echo "​*************************************************************************"​
 +  echo
 +  ​
 +  #send alert mail
 +  /bin/mail ${MAILTO} -s "Login attempt to ftp only account"​ < ${MSG}
 +  ​
 +  rm ${MSG}
 +  ​
 +  sleep 10
 +  ​
 +  exit 0
 +
 +
 +==== Example /etc/passwd entry ====
 +
 +
  

rb/ftponlyshell.txt ยท Last modified: 06/08/2019 15:17 by andrew