#!/bin/sh
ssh_from=`echo $SSH_CLIENT | awk '{print$1}'`
ssh_to=`echo $SSH_CONNECTION | awk '{print$4}'`
log_file=/data/irsync/.sshval_log

if [ ! -e "$log_file" ]; then
        touch $log_file
        chmod 644 $log_file
fi

if [ "$(wc -l $log_file | awk '{print$1}')" -gt "50000" ]; then
        rm -f $log_file.1
        tail -n 25000 $log_file > $log_file.1
        mv $log_file.1 $log_file
        touch $log_file
        chmod 644 $log_file
fi

eout() {
APPN="sshval"
arg=$1
        if [ ! "$arg" == "" ]; then
                echo "$(date +"%b %d %H:%M:%S") $(hostname -s) $APPN($$): $arg"                                                                                                  >> $log_file
                if [ "$2" == "1" ]; then
                        echo "$APPN($$): $arg"
                fi
        fi
}

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
        eout "ssh command rejected from $ssh_from: $SSH_ORIGINAL_COMMAND" 1
        ;;
*\;*)
        eout "ssh command rejected from $ssh_from: $SSH_ORIGINAL_COMMAND" 1
        ;;
rsync\ --server*)
        eout "ssh command accepted from $ssh_from: $SSH_ORIGINAL_COMMAND"
        $SSH_ORIGINAL_COMMAND
        ;;
cp*)
        eout "ssh command accepted from $ssh_from: $SSH_ORIGINAL_COMMAND"
        $SSH_ORIGINAL_COMMAND
        ;;
cd*)
        eout "ssh command accepted from $ssh_from: $SSH_ORIGINAL_COMMAND"
        $SSH_ORIGINAL_COMMAND
        ;;
mkdir*)
        eout "ssh command accepted from $ssh_from: $SSH_ORIGINAL_COMMAND"
        $SSH_ORIGINAL_COMMAND
        ;;
touch*)
        eout "ssh command accepted from $ssh_from: $SSH_ORIGINAL_COMMAND"
        $SSH_ORIGINAL_COMMAND
        ;;
*)
        if [ -z "$SSH_ORIGINAL_COMMAND" ]; then
                eout "interactive shell rejected from $ssh_from" 1
        else
                eout "ssh command rejected from $ssh_from: $SSH_ORIGINAL_COMMAND                                                                                                 " 1
        fi
        ;;
esac