{"id":2143,"date":"2018-09-27T06:34:31","date_gmt":"2018-09-26T21:34:31","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=2143"},"modified":"2018-09-27T06:35:30","modified_gmt":"2018-09-26T21:35:30","slug":"prevents-erroneous-system-outages-in-ssh-environment-molly-guard","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2018\/09\/27\/prevents-erroneous-system-outages-in-ssh-environment-molly-guard\/","title":{"rendered":"ssh\u74b0\u5883\u3067\u306e\u8aa4\u3063\u305f\u30b7\u30b9\u30c6\u30e0\u505c\u6b62\u3092\u9632\u3050molly-guard"},"content":{"rendered":"
\n
\n
\n

\u6700\u8fd1 shutdown \u306e man \u3092\u898b\u6bd4\u3079\u305f\u308a\u3057\u3066\u305f\u306e\u3067\u3059\u304c\uff0c\u305d\u306e\u3068\u304d\u306b systemd, sysvinit \u4ee5\u5916\u306b molly-guard<\/code> \u3068\u3044\u3046\u898b\u77e5\u3089\u306c\u3082\u306e\u304c\uff0e<\/p>\n<\/div>\n

\n
\n
$ apt-file search \/sbin\/shutdown\r\nmolly-guard: \/sbin\/shutdown\r\nsystemd-sysv: \/sbin\/shutdown\r\nsysvinit-core: \/sbin\/shutdown<\/pre>\n<\/div>\n<\/div>\n
\n
\u30d1\u30c3\u30b1\u30fc\u30b8\u60c5\u5831\u3092\u307f\u308b\u3068 shutdown \u30b3\u30de\u30f3\u30c9\u306a\u3069\u3092\u7f6e\u304d\u63db\u3048\u3066 ssh \u63a5\u7d9a\u6642\u306b\u306f\u78ba\u8a8d\u306e\u305f\u3081\u306b\u30db\u30b9\u30c8\u540d\u3092\u805e\u304f\u3088\u3046\u306b\u306a\u308b\u3088\u3046\u3067\u3059\uff0e
\n\u3053\u308c\u306b\u3088\u308a\u624b\u5143\u306ePC\u306e\u518d\u8d77\u52d5\u3092\u3057\u305f\u3064\u3082\u308a\u304c\u30ea\u30e2\u30fc\u30c8\u306e\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3066\u3057\u307e\u3046\u306a\u3069\u3068\u3044\u3063\u305f\u3053\u3068\u304c\u9632\u3052\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\uff0e<\/p>\n<\/div>\n
\n
\n
$ apt show molly-guard\r\nPackage: molly-guard\r\nVersion: 0.6.4\r\nPriority: extra\r\nSection: admin\r\nMaintainer: Francois Marier <francois@debian.org>\r\nInstalled-Size: 57.3 kB\r\nDepends: procps\r\nEnhances: init, kexec-tools, mosh, openssh-server, pm-utils, systemd, sysvinit, upstart\r\nTag: implemented-in::shell, interface::commandline, network::server,\r\n protocol::ssh, role::program, scope::utility\r\nDownload-Size: 13.8 kB\r\nAPT-Manual-Installed: yes\r\nAPT-Sources: http:\/\/ftp.jp.debian.org\/debian stretch\/main amd64 Packages\r\nDescription: protects machines from accidental shutdowns\/reboots\r\n The package installs a shell script that overrides the existing\r\n shutdown\/reboot\/halt\/poweroff\/coldreboot\/pm-hibernate\/pm-suspend* commands\r\n and first runs a set of scripts, which all have to exit successfully,\r\n before molly-guard invokes the real command.\r\n .\r\n One of the scripts checks for existing SSH sessions. If any of the four\r\n commands are called interactively over an SSH session, the shell script\r\n prompts you to enter the name of the host you wish to shut down. This should\r\n adequately prevent you from accidental shutdowns and reboots.\r\n .\r\n molly-guard diverts the real binaries to \/lib\/molly-guard\/.  You can bypass\r\n molly-guard by running those binaries directly.<\/pre>\n<\/div>\n<\/div>\n
\n
\u65e9\u901f\u8a66\u3057\u3066\u307f\u307e\u3059\uff0e<\/p>\n<\/div>\n
\n
\n
$ sudo apt install molly-guard\r\n    :\r\npackage diverts others to: \/lib\/molly-guard\/coldreboot\r\n\/sbin\/halt\r\npackage diverts others to: \/lib\/molly-guard\/halt\r\n\/sbin\/pm-hibernate\r\n\/sbin\/pm-suspend\r\n\/sbin\/pm-suspend-hybrid\r\n\/sbin\/poweroff\r\npackage diverts others to: \/lib\/molly-guard\/poweroff\r\n\/sbin\/reboot\r\npackage diverts others to: \/lib\/molly-guard\/reboot\r\n\/sbin\/shutdown\r\npackage diverts others to: \/lib\/molly-guard\/shutdown<\/pre>\n<\/div>\n<\/div>\n
\n
\u3053\u306e\u3042\u305f\u308a\u306e\u30b3\u30de\u30f3\u30c9\u304c\u7f6e\u304d\u63db\u308f\u3063\u3066\u3044\u307e\u3059\uff0e<\/p>\n<\/div>\n
\n
\n
$ ls -l \/sbin | grep molly\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 coldreboot -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 halt -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 pm-hibernate -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 pm-suspend -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 pm-suspend-hybrid -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 poweroff -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 reboot -> \/lib\/molly-guard\/molly-guard\r\nlrwxrwxrwx 1 root root        28 Aug 16  2016 shutdown -> \/lib\/molly-guard\/molly-guard<\/pre>\n<\/div>\n<\/div>\n
\n
\u30b3\u30de\u30f3\u30c9\u985e\u306f \/lib\/molly-guard<\/code> \u4ee5\u4e0b\u306b\u9000\u907f\u3055\u308c\u308b\u3088\u3046\u3067\u3059\uff0e<\/p>\n<\/div>\n
\n
sysvinit<\/div>\n
\n
$ ls -lA \/lib\/molly-guard\r\ntotal 48\r\n-rwxr-xr-x 1 root root 18952 Feb 13  2017 halt\r\n-rwxr-xr-x 1 root root  2767 Aug 16  2016 molly-guard\r\nlrwxrwxrwx 1 root root     4 Feb 13  2017 poweroff -> halt\r\nlrwxrwxrwx 1 root root     4 Feb 13  2017 reboot -> halt\r\n-rwxr-xr-x 1 root root 23368 Feb 13  2017 shutdown<\/pre>\n<\/div>\n<\/div>\n
\n
systemd<\/div>\n
\n
$ ls -lA \/lib\/molly-guard\r\ntotal 4\r\nlrwxrwxrwx 1 root root   14 Jun 14 05:20 halt -> \/bin\/systemctl\r\n-rwxr-xr-x 1 root root 2767 Aug 16  2016 molly-guard\r\nlrwxrwxrwx 1 root root   14 Jun 14 05:20 poweroff -> \/bin\/systemctl\r\nlrwxrwxrwx 1 root root   14 Jun 14 05:20 reboot -> \/bin\/systemctl\r\nlrwxrwxrwx 1 root root   14 Jun 14 05:20 shutdown -> \/bin\/systemctl<\/pre>\n<\/div>\n<\/div>\n
\n
ssh \u7d4c\u7531\u3067 shutdown(sysvinit) \u3092\u8a66\u307f\u308b\u3068\u3053\u306e\u3088\u3046\u306b hostname \u3092\u6c42\u3081\u3089\u308c\u307e\u3059\uff0e\u3053\u3053\u3067\u8aa4\u3063\u305f hostname \u3092\u66f8\u304f\u3068 shutdown \u304c\u30ad\u30e3\u30f3\u30bb\u30eb\u3055\u308c\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n
\n
\n
$ sudo shutdown -f -P -h +10 \"kernel update (`uname -r`)\"\r\nW: molly-guard: SSH session detected!\r\nPlease type in hostname of the machine to shutdown: desktop\r\nGood thing I asked; I won't shutdown debian ...\r\nW: aborting shutdown due to 30-query-hostname exiting with code 1.<\/pre>\n<\/div>\n<\/div>\n
\n
\u6b63\u3057\u3044 hostname \u3092\u6307\u5b9a\u3059\u308b\u3068 shutdown \u304c\u547c\u3070\u308c\u307e\u3059\uff0e<\/p>\n<\/div>\n
\n
\n
$ sudo shutdown -f -P -h +10 \"kernel update (`uname -r`)\"\r\nW: molly-guard: SSH session detected!\r\nPlease type in hostname of the machine to shutdown: debian\r\n\r\nBroadcast message from root@debian (pts\/0) (Thu Sep 27 06:15:28 2018):\r\n\r\nkernel update (4.9.0-3-amd64)\r\nThe system is going DOWN for system halt in 10 minutes!\r\n^C\r\nShutdown cancelled.<\/pre>\n<\/div>\n<\/div>\n
\n
ssh\u7d4c\u7531\u3067\u306a\u3044\u5834\u5408\u306f molly-guard \u306f\u3059\u3050\u306b shutdown \u3092\u547c\u3073\u307e\u3059\uff0e<\/p>\n<\/div>\n
\n
\n
$ sudo shutdown -f -P -h +10 'poweroff'\r\n^C\r\nShutdown cancelled.<\/pre>\n<\/div>\n<\/div>\n<\/div>\n
\n
\u74b0\u5883<\/h2>\n
\n
\n
\n
$ dpkg-query -W systemd-sysv molly-guard\r\nmolly-guard     0.6.4\r\nsystemd-sysv    232-25+deb9u4\r\n$ dpkg-query -W sysvinit-core\r\nsysvinit-core   2.88dsf-59.9\r\n$ cat \/etc\/os-release\r\nPRETTY_NAME=\"Debian GNU\/Linux 9 (stretch)\"\r\nNAME=\"Debian GNU\/Linux\"\r\nVERSION_ID=\"9\"\r\nVERSION=\"9 (stretch)\"\r\nID=debian\r\nHOME_URL=\"https:\/\/www.debian.org\/\"\r\nSUPPORT_URL=\"https:\/\/www.debian.org\/support\"\r\nBUG_REPORT_URL=\"https:\/\/bugs.debian.org\/\"\r\n$ cat \/etc\/debian_version\r\n9.5\r\n$ uname -m\r\nx86_64<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
\u6700\u8fd1 shutdown \u306e man \u3092\u898b\u6bd4\u3079\u305f\u308a\u3057\u3066\u305f\u306e\u3067\u3059\u304c\uff0c\u305d\u306e\u3068\u304d\u306b systemd, sysvinit \u4ee5\u5916\u306b molly-guard \u3068\u3044\u3046\u898b\u77e5\u3089\u306c\u3082\u306e\u304c\uff0e $ apt-file search \/sbin\/sh […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[7,6,75],"tags":[412,413,341],"class_list":["post-2143","post","type-post","status-publish","format-standard","hentry","category-debian-linux","category-linux","category-stretch","tag-molly-guard","tag-shutdown","tag-ssh"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=2143"}],"version-history":[{"count":0,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2143\/revisions"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=2143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=2143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=2143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}