限制ROOT用户远程登录的SHELL
时间:2006-09-09 来源:netop5
下面是做了一个限制ROOT用户远程登录的SHELL,同时,允许本地网的部分机器可以登录。这里变量WH是取所登录的机器名,TRAP命令主要是防止登录用户恶意中断SHELL,此程序并没有限制用户用SU命令登录超级用户,因此,普通用户远程登录也可以通过SU命令来防问ROOT用户,如果想完全限制,则需要将TELNET和RELOGIN的应用端口关闭。
TY=`tty|cut -b 9-12`
WH=`finger|cut -b 32-79|grep "$TY"|cut -b 29-39`
KK=`tty|cut -b 6-9`
if [ "$KK" = "ttyp" ]
then
WH=$WH
else
WH="local"
fi
trap "" 1 2 3 9 15
if [ "$WH" = "local" -o "$WH" = "sys_term" -o "$WH" = "HOSTNAME1" -o "$WH" = "HOSTNAME2"
-o "$WH" = "HOSTNAME3" -o "$WH" = "sys_term1" ]
then SHELL=/bin/sh
HOME=/
PATH=/bin:/etc:/usr/bin:/tcb/bin
PS1="`logname`@`uname -n`:# " TERM=ansi
export TERM
# set terminal type
eval `tset -m scoansi:${TERM:-ansi} -m :\?${TERM:-ansi} -e -r -s -Q`
export TERM PATH SHELL HOME PS1 [ -x /bin/mesg ] && mesg n # if mesg is installed... else
echo "限制root用户使用telnet,rlogin登录:\07\07 " #拒绝登录并响铃告警
echo "按任一键退出!"
read sad
exit
fi
TY=`tty|cut -b 9-12`
WH=`finger|cut -b 32-79|grep "$TY"|cut -b 29-39`
KK=`tty|cut -b 6-9`
if [ "$KK" = "ttyp" ]
then
WH=$WH
else
WH="local"
fi
trap "" 1 2 3 9 15
if [ "$WH" = "local" -o "$WH" = "sys_term" -o "$WH" = "HOSTNAME1" -o "$WH" = "HOSTNAME2"
-o "$WH" = "HOSTNAME3" -o "$WH" = "sys_term1" ]
then SHELL=/bin/sh
HOME=/
PATH=/bin:/etc:/usr/bin:/tcb/bin
PS1="`logname`@`uname -n`:# " TERM=ansi
export TERM
# set terminal type
eval `tset -m scoansi:${TERM:-ansi} -m :\?${TERM:-ansi} -e -r -s -Q`
export TERM PATH SHELL HOME PS1 [ -x /bin/mesg ] && mesg n # if mesg is installed... else
echo "限制root用户使用telnet,rlogin登录:\07\07 " #拒绝登录并响铃告警
echo "按任一键退出!"
read sad
exit
fi
相关阅读 更多 +
