Matthew Rosewarne on 1 Sep 2007 05:30:03 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] shell script help...


On Saturday 01 September 2007, Mag Gam wrote:
> I am in the process of writing a shell script to take history file (fc -l)
> and backup it up, while appending it.
>
> My strategy is, once the user exits out of his shell, i will dump the
> history into a file by using a trap() with EXIT. The file will be appended
> by the username... (ie, username.history.date

I would not attempt to rely on this for any measure of security, as it can be 
easily circumvented by users.  For example, one could:

A: Subshell, then remove the history file
	$ bash
		{nefarious commands...}
	$ exit
	$ rm ~/.bash_history
	$ logout

B. Subshell, invoked with invalid or non-existant history file
	$ HISTFILE="" bash
		{nefarious commands...}
	$ exit
	$ logout

All of this could just as easily be hidden in a script, making it very 
difficult to catch.  It would be a better idea to use IDS/auditing software 
than to rely on something controlled by the user.

Attachment: signature.asc
Description: This is a digitally signed message part.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug