Secure a KSH script | Unix Linux Forums | Shell Programming and Scripting

  Go Back    


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

Secure a KSH script

Shell Programming and Scripting


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 06-28-2010
iga3725 iga3725 is offline
Registered User
 
Join Date: Oct 2009
Last Activity: 21 July 2011, 11:43 AM EDT
Location: Andorra
Posts: 125
Thanks: 5
Thanked 0 Times in 0 Posts
Secure a KSH script

Hi:

I want to secure (prevent Ctrol+C, or Ctrol+Z, or any kind of aborting) this ksh script:



Code:
#!/usr/bin/ksh

clear
echo
print "CSIA RBAC -- CONFIGURACION --"
echo

print "1) Habilitar/Desabilitar RBAC en el sistema"
print "2) Configurar comandos privados"
print "6) Salir"

echo
echo "Seleccione la opcion:"
echo

while true; do
  read SELECT
  case $SELECT in
    1)    print "a) Habilitar RBAC?"
          print "b) Desabilitar RBAC?"
          while read SELECT2;do
            case $SELECT2 in
              "a") print "Habilitando RBAC" ;;
              "b") print "Desabilitando RBAC" ;;
            esac
            break 2
          done;;
    2)    print "a) Listar los comandos privilegiados activos"
          print "b) Anadir comando a RBAC"
          print "c) Eliminar comando a RBAC"
          while read SELECT2;do
            case $SELECT2 in
              "a") echo "Comandos activos:" && lssecattr -c ALL|grep csia|awk '{print $1}';;
              "b") ./addcmdrbac.ksh;;
              "c") ./delcmdrbac.ksh;;
            esac
            break 2
          done;;
   
    6) break;;
  esac
  ./menu2.ksh
done

I tried with trap but no sucess..

thx
Israel.

Last edited by pludi; 06-28-2010 at 05:10 AM.. Reason: code tags, please...
Sponsored Links
    #2  
Old 06-28-2010
zaxxon's Avatar
zaxxon zaxxon is offline Forum Staff  
code tag tagger
 
Join Date: Sep 2007
Last Activity: 18 October 2014, 5:56 AM EDT
Location: St. Gallen, Switzerland
Posts: 6,234
Thanks: 121
Thanked 453 Times in 412 Posts
Then either your trap was wrong or wrong placed.
Place it as 1st line after the shebang:

Code:
#!/usr/bin/ksh

trap 'echo "No way!"' 1 2 15

...

or whatever signals you want to trap.
Sponsored Links
    #3  
Old 06-28-2010
methyl methyl is offline Forum Advisor  
Advisor
 
Join Date: Mar 2008
Last Activity: 18 April 2014, 5:13 AM EDT
Posts: 6,396
Thanks: 287
Thanked 673 Times in 642 Posts
If you do it with "trap" I'd trap "1 2 3" but not "15" (Hangup) or you will accumulate orphan shells when users disconnect their session.

Personally I'd use "stty" to disable the keys.
First run "stty -a" to find out what keys you wish to disable.
Then set each relevant key to null:

Code:
e.g.
stty intr ""
stty quit ""
stty eof ""
stty kill ""

    #4  
Old 06-28-2010
iga3725 iga3725 is offline
Registered User
 
Join Date: Oct 2009
Last Activity: 21 July 2011, 11:43 AM EDT
Location: Andorra
Posts: 125
Thanks: 5
Thanked 0 Times in 0 Posts
umm.. where is trap command on aix6? I run 'which trap' but it doesn't returned nothing. How can I verify if trap is installed on my box?

thxs
Israel
Sponsored Links
    #5  
Old 06-28-2010
methyl methyl is offline Forum Advisor  
Advisor
 
Join Date: Mar 2008
Last Activity: 18 April 2014, 5:13 AM EDT
Posts: 6,396
Thanks: 287
Thanked 673 Times in 642 Posts

Code:
The trap command is a ksh builtin.
ksh type trap
trap is a shell builtin



Ignoring trap for the moment, there is an issue in this menu script where it calls itself. It will eventially fail because the shells will be nested too deep.
The following construct using shell functions and "return" is better:




Code:
#!/usr/bin/ksh

main_menu()
{
while true
do
        clear
        echo
        print "CSIA RBAC -- CONFIGURACION --"
        echo

        print "1) Habilitar/Desabilitar RBAC en el sistema"
        print "2) Configurar comandos privados"
        print "6) Salir"

        echo
        echo "Seleccione la opcion:"
        echo

        read SELECT
        case $SELECT in
                1)      menu_1
                        ;;
                2)      menu_2
                        ;;
                6)      return 
                        ;;
        esac
done
}
#
menu_1()
{
while true
do
        print "a) Habilitar RBAC?"
        print "b) Desabilitar RBAC?"
        echo
        echo "Seleccione la opcion:"
        echo
        read SELECT2
        case $SELECT2 in
                "a") print "Habilitando RBAC"
                        sleep 2
                        return
                        ;;
                "b") print "Desabilitando RBAC"
                        sleep 2
                        return
                        ;;
                "")     return
                        ;;
                *) print "Invalid"
                        sleep 2
                        ;;
        esac
done
}
#
menu_2()
{
while true
do
        print "a) Listar los comandos privilegiados activos"
        print "b) Anadir comando a RBAC"
        print "c) Eliminar comando a RBAC"
        echo
        echo "Seleccione la opcion:"
        echo
        read SELECT2
        case $SELECT2 in
                "a") echo "Comandos activos:" && lssecattr -c ALL|grep csia|awk
 '{print $1}'
                        sleep 2
                        return
                        ;;
                "b") ./addcmdrbac.ksh
                        sleep 2
                        return
                        ;;
                "c") ./delcmdrbac.ksh
                        sleep 2
                        return
                        ;;
                "")     return
                        ;;
                *) print "Invalid"
                        sleep 2
                        ;;
        esac
done
}
#
#######
main_menu
exit

Sponsored Links
    #6  
Old 06-28-2010
iga3725 iga3725 is offline
Registered User
 
Join Date: Oct 2009
Last Activity: 21 July 2011, 11:43 AM EDT
Location: Andorra
Posts: 125
Thanks: 5
Thanked 0 Times in 0 Posts
nice.. thanks methyl :-)
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to secure ftp in AIX pchangba AIX 1 07-26-2009 01:34 PM
Secure ftp using ssl/tls DANNYC UNIX for Dummies Questions & Answers 4 02-27-2008 10:45 AM
Secure FTP Problem using Sun SSH on Client system F-Secure on Server system ftpguy Solaris 2 01-11-2007 11:19 AM
f-secure sftp in shell script friand Shell Programming and Scripting 1 07-08-2005 10:15 AM
How to secure my script from Ctrl-C jhansrod Shell Programming and Scripting 12 05-17-2005 11:38 AM



All times are GMT -4. The time now is 12:25 AM.