Matthew Rosewarne on 1 Sep 2007 05:30:03 -0000 |
On Saturday 01 September 2007, Mag Gam wrote: > I am in the process of writing a shell script to take history file (fc -l) > and backup it up, while appending it. > > My strategy is, once the user exits out of his shell, i will dump the > history into a file by using a trap() with EXIT. The file will be appended > by the username... (ie, username.history.date I would not attempt to rely on this for any measure of security, as it can be easily circumvented by users. For example, one could: A: Subshell, then remove the history file $ bash {nefarious commands...} $ exit $ rm ~/.bash_history $ logout B. Subshell, invoked with invalid or non-existant history file $ HISTFILE="" bash {nefarious commands...} $ exit $ logout All of this could just as easily be hidden in a script, making it very difficult to catch. It would be a better idea to use IDS/auditing software than to rely on something controlled by the user. Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|