| Matthew Rosewarne on 1 Sep 2007 05:30:03 -0000 |
|
On Saturday 01 September 2007, Mag Gam wrote:
> I am in the process of writing a shell script to take history file (fc -l)
> and backup it up, while appending it.
>
> My strategy is, once the user exits out of his shell, i will dump the
> history into a file by using a trap() with EXIT. The file will be appended
> by the username... (ie, username.history.date
I would not attempt to rely on this for any measure of security, as it can be
easily circumvented by users. For example, one could:
A: Subshell, then remove the history file
$ bash
{nefarious commands...}
$ exit
$ rm ~/.bash_history
$ logout
B. Subshell, invoked with invalid or non-existant history file
$ HISTFILE="" bash
{nefarious commands...}
$ exit
$ logout
All of this could just as easily be hidden in a script, making it very
difficult to catch. It would be a better idea to use IDS/auditing software
than to rely on something controlled by the user.
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|