Re: [PLUG] shell script help...

JP Vossen on 1 Sep 2007 06:31:54 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] shell script help...

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] shell script help...

Date: Sat, 01 Sep 2007 02:31:26 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Date: Sat, 1 Sep 2007 01:29:42 -0400 From: Matthew Rosewarne <mukidohime@case.edu> Subject: Re: [PLUG] shell script help...

On Saturday 01 September 2007, Mag Gam wrote: > > I am in the process of writing a shell script to take history file > > (fc -l) and backup it up, while appending it. > > > > My strategy is, once the user exits out of his shell, i will dump > > the history into a file by using a trap() with EXIT. The file will > > be appended by the username... (ie, username.history.date

> I would not attempt to rely on this for any measure of security, as it > can be easily circumvented by users.

I strongly agree. To the best of my knowledge there is *no way* to do this without using a modified kernel (or maybe kernel module) that captures keystrokes. This is discussed in _Know Your Enemy_ on pages 38-40 and is probably covered in various places at http://honeynet.org/.

Someone above noted that you can lock down shells by editing /etc/shells, but that won't prevent someone from simply running a different shell. You could attempt to remove all shells but bash from the system, then try to implement some trap/history scheme as described, but I'd bet *something* on the system will break if you do that.

Bash's history is pretty handy (try 'help fc' and 'help history') but it's not intended for security or auditing.

Later, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- Microsoft has single-handedly nullified Moore's Law. Innate design flaws of Windows make a personal firewall, anti-virus and anti-malware software mandatory. The resulting software arms race has effectively flattened Moore's Law on hardware running Windows. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] shell script help...
From: "K.S. Bhaskar" <bhaskar@bhaskars.com>

Re: [PLUG] shell script help...
From: JP Vossen <jp@jpsdomain.org>

Prev by Date: Re: [PLUG] .bash_history

Next by Date: Re: [PLUG] shell script help...

Previous by thread: Re: [PLUG] shell script help...

Next by thread: Re: [PLUG] shell script help...

Index(es):

Date

Thread