diff options
| -rw-r--r-- | files/scripts/confine-ssh.sh | 16 | ||||
| -rw-r--r-- | tasks/confine_ssh.yml | 6 |
2 files changed, 22 insertions, 0 deletions
diff --git a/files/scripts/confine-ssh.sh b/files/scripts/confine-ssh.sh new file mode 100644 index 000000000..07a448fc4 --- /dev/null +++ b/files/scripts/confine-ssh.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Confine ssh commands +case "$SSH_ORIGINAL_COMMAND" in +*\&*) +echo "Rejected" +;; +*\;*) +echo "Rejected" +;; +rsync\ --server\ --sender*) +$SSH_ORIGINAL_COMMAND +;; +*) +echo "Rejected" +;; +esac diff --git a/tasks/confine_ssh.yml b/tasks/confine_ssh.yml new file mode 100644 index 000000000..914d5ad1e --- /dev/null +++ b/tasks/confine_ssh.yml @@ -0,0 +1,6 @@ +--- +- name: install the confine-ssh script + copy: > + src={{files}}/scripts/confine-ssh.sh + dest=/usr/local/bin/confine-ssh.sh + mode=0755 |