Secure a KSH script


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Secure a KSH script
# 1  
Old 06-28-2010
Secure a KSH script

Hi:

I want to secure (prevent Ctrol+C, or Ctrol+Z, or any kind of aborting) this ksh script:


Code:
#!/usr/bin/ksh

clear
echo
print "CSIA RBAC -- CONFIGURACION --"
echo

print "1) Habilitar/Desabilitar RBAC en el sistema"
print "2) Configurar comandos privados"
print "6) Salir"

echo
echo "Seleccione la opcion:"
echo

while true; do
  read SELECT
  case $SELECT in
    1)    print "a) Habilitar RBAC?"
          print "b) Desabilitar RBAC?"
          while read SELECT2;do
            case $SELECT2 in
              "a") print "Habilitando RBAC" ;;
              "b") print "Desabilitando RBAC" ;;
            esac
            break 2
          done;;
    2)    print "a) Listar los comandos privilegiados activos"
          print "b) Anadir comando a RBAC"
          print "c) Eliminar comando a RBAC"
          while read SELECT2;do
            case $SELECT2 in
              "a") echo "Comandos activos:" && lssecattr -c ALL|grep csia|awk '{print $1}';;
              "b") ./addcmdrbac.ksh;;
              "c") ./delcmdrbac.ksh;;
            esac
            break 2
          done;;
   
    6) break;;
  esac
  ./menu2.ksh
done

I tried with trap but no sucess..

thx
Israel.

Last edited by pludi; 06-28-2010 at 06:10 AM.. Reason: code tags, please...
# 2  
Old 06-28-2010
Then either your trap was wrong or wrong placed.
Place it as 1st line after the shebang:
Code:
#!/usr/bin/ksh

trap 'echo "No way!"' 1 2 15

...

or whatever signals you want to trap.
# 3  
Old 06-28-2010
If you do it with "trap" I'd trap "1 2 3" but not "15" (Hangup) or you will accumulate orphan shells when users disconnect their session.

Personally I'd use "stty" to disable the keys.
First run "stty -a" to find out what keys you wish to disable.
Then set each relevant key to null:
Code:
e.g.
stty intr ""
stty quit ""
stty eof ""
stty kill ""

# 4  
Old 06-28-2010
umm.. where is trap command on aix6? I run 'which trap' but it doesn't returned nothing. How can I verify if trap is installed on my box?

thxs
Israel
# 5  
Old 06-28-2010
Code:
The trap command is a ksh builtin.
ksh type trap
trap is a shell builtin



Ignoring trap for the moment, there is an issue in this menu script where it calls itself. It will eventially fail because the shells will be nested too deep.
The following construct using shell functions and "return" is better:



Code:
#!/usr/bin/ksh

main_menu()
{
while true
do
        clear
        echo
        print "CSIA RBAC -- CONFIGURACION --"
        echo

        print "1) Habilitar/Desabilitar RBAC en el sistema"
        print "2) Configurar comandos privados"
        print "6) Salir"

        echo
        echo "Seleccione la opcion:"
        echo

        read SELECT
        case $SELECT in
                1)      menu_1
                        ;;
                2)      menu_2
                        ;;
                6)      return 
                        ;;
        esac
done
}
#
menu_1()
{
while true
do
        print "a) Habilitar RBAC?"
        print "b) Desabilitar RBAC?"
        echo
        echo "Seleccione la opcion:"
        echo
        read SELECT2
        case $SELECT2 in
                "a") print "Habilitando RBAC"
                        sleep 2
                        return
                        ;;
                "b") print "Desabilitando RBAC"
                        sleep 2
                        return
                        ;;
                "")     return
                        ;;
                *) print "Invalid"
                        sleep 2
                        ;;
        esac
done
}
#
menu_2()
{
while true
do
        print "a) Listar los comandos privilegiados activos"
        print "b) Anadir comando a RBAC"
        print "c) Eliminar comando a RBAC"
        echo
        echo "Seleccione la opcion:"
        echo
        read SELECT2
        case $SELECT2 in
                "a") echo "Comandos activos:" && lssecattr -c ALL|grep csia|awk
 '{print $1}'
                        sleep 2
                        return
                        ;;
                "b") ./addcmdrbac.ksh
                        sleep 2
                        return
                        ;;
                "c") ./delcmdrbac.ksh
                        sleep 2
                        return
                        ;;
                "")     return
                        ;;
                *) print "Invalid"
                        sleep 2
                        ;;
        esac
done
}
#
#######
main_menu
exit

# 6  
Old 06-28-2010
nice.. thanks methyl :-)
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Making a script secure to code injection

Heyas I've been told my scipts would be insecure, and to fix that. Figured i might rethink some parts of my coding style, meanwhile i tried to write an additional catcher. After reading: fail : Security Issues - didnt help too much, infact - it confused me even more. n/a:... (8 Replies)
Discussion started by: sea
8 Replies

2. Shell Programming and Scripting

Bash Script - Mail Secure.log

I'm putting together a fairly simple script, to check "secure.log" for content and email the results in a cron, nightly. The script runs fine upon manual execution, it's a problem when ran in cron. This is on a Mac server. Any thoughts? #!bin/bash #Email secure.log, nightly. Subject="Secure... (6 Replies)
Discussion started by: Nvizn
6 Replies

3. Shell Programming and Scripting

KSH script to run other ksh scripts and output it to a file and/or email

Hi I am new to this Scripting process and would like to know How can i write a ksh script that will call other ksh scripts and write the output to a file and/or email. For example ------- Script ABC ------- a.ksh b.ksh c.ksh I need to call all three scripts execute them and... (2 Replies)
Discussion started by: pacifican
2 Replies

4. Shell Programming and Scripting

import var and function from ksh script to another ksh script

Ih all, i have multiples ksh scripts for crontab's unix jobs they all have same variables declarations and some similar functions i would have a only single script file to declare my variables, like: var1= "aaa" var2= "bbb" var3= "ccc" ... function ab { ...} function bc { ... }... (2 Replies)
Discussion started by: wolfhurt
2 Replies

5. Shell Programming and Scripting

tracing a ksh script within a ksh script

I normally trace a script with the ksh -x <script name> and redirect strderr to file. But if you have a script like the examble below...... vi hairy bear=`grep bear animals` if then ksh more_animals fi If I ksh -x hairy it won't trace "more_animals" unless I put a -x in it. Is... (1 Reply)
Discussion started by: shorty
1 Replies

6. Solaris

Secure FTP Problem using Sun SSH on Client system F-Secure on Server system

I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details: FTP Client has Sun SSH. FTP Server has F-Secure. I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error scp:... (2 Replies)
Discussion started by: ftpguy
2 Replies

7. Shell Programming and Scripting

executing a ksh script from another ksh script

Hi, I'm new to unix scripting.How can i call a script from another script. I have a.ksh and b.ksh .I have to call b.ksh from a.ksh after it is successfully exceuted. I tried using #!/bin/ksh -x in a.ksh and at the end i have used /path/b.ksh My problem is it is executing only a.ksh.it... (6 Replies)
Discussion started by: ammu
6 Replies

8. UNIX for Dummies Questions & Answers

ksh autocomplete; f-secure/ssh character mapping

I'm coming from a c-shell environment where I was spoiled with the tab completion on the command line, only to find that using korn-shell I don't have this capability. The only thing I can find by googling is to use 'set filec' - but that doesn't work (and I think is only for c-shell anyway). ... (0 Replies)
Discussion started by: uacheesehead
0 Replies

9. Shell Programming and Scripting

f-secure sftp in shell script

Hi, I am trying to use sftp in a ksh - Shell script, but not even a simple script like this returns not output: sftp username@remotehost <<END ls END If I do something like this: sftp username@remotehost <<END | tee logfile ls END I get this error message: Warning: tcgetattr... (1 Reply)
Discussion started by: friand
1 Replies

10. Shell Programming and Scripting

How to secure my script from Ctrl-C

Hi all I am looking for a way to ensure that once a user is logged in and running a script, he cannot break out of it. Thanks J (12 Replies)
Discussion started by: jhansrod
12 Replies
Login or Register to Ask a Question