linux – 用于日志检索的有限SSH访问

这是一个例子.这里的设置是在服务器上,有一个cron作业将每日日志移动到/ var / log / logfetch.另一台具有IP 10.1.2.3的服务器将连接并发送命令.如果该命令是BACKUP,则客户端将在/ var / log / logfetch目录中接收文件的gzip压缩文件.如果它是文件名,则将删除/ var / log / logfetch中具有该名称的文件.任何其他命令都将被忽略.将记录所有命令.仅允许来自该IP地址的连接.

from="10.1.2.3",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="read ARG;HOST=$(/usr/bin/hostname);if [ "$ARG" = "BACKUP" ]; then cd /var/log/logfetc;/usr/bin/tar -cf - *;/usr/bin/logger -t LOGFETCH -p daemon.info "INFO: Backup-files on $HOST fetched from ${SSH_CLIENT%% *} by $USER";else cd /var/log/logfetch; if [ -f $ARG ]; then /usr/bin/rm $ARG;/usr/bin/logger -t LOGFETCH -p daemon.info "INFO: Backup-file "$ARG" removed on $HOST by $USER";else /usr/bin/logger -t LOGFETCH -p daemon.info "WARNING: $USER failed to remove "$ARG" on $HOST";exit -1;fi;fi " ssh-dss AA.....

对于您的特定情况,这可能是过度的,但是第三方滥用并且应该可以适应您的特定需求是相当困难的.