April 11th, 2008 @ 18:07

Have you ever mistakenly shut down or rebooted your operation-critical server while you were willing to halt your desktop computer through ssh before going to bed, or anything like this? If so, and if you are on Debian/Ubuntu, molly-guard is designed for you: this nifty bash script gets between you and the shutdown/reboot/halt tools, checking if you are connecting through ssh and if so asking for the hostname of the machine before proceeding.

Wondering how it looks? Here is the output of a little test:

ixce@timmy:~$ sudo shutdown -r
W: molly-guard: SSH session detected!
Please type in hostname of the machine to shutdown: 
Good thing I asked; I won't shutdown timmy ...

Since it doesn’t correctly handle sudo yet (actually sudo is at fault here, since it drops SSH_CONNECTION environment variable when doing its stuff), you might want to add PRETEND_SSH around the beginning of /usr/sbin/shutdown as specified on Nico “nion” Golde’s blog.

You might also want to grab the molly-guard 0.3.2 etch package I backported from sid (all I changed is downgrade debhelper build-dep version and debhelper compatibility level in debian/compat since etch only has debhelper 5 and the sid package required debhelper 6 ; this shouldn’t break anything since the newer debhelper just seems to be needed to recognize a few fields in debian/control about where the package is maintained). Sources are also available, anyway.

Thanks hr for the tip :)

This entry was posted on Friday, April 11th, 2008 at 6:07 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.