Vulnerability Development mailing list archives
Re: History Files
From: cgrey () WCFAMILY COM (Corwin J. Grey)
Date: Sat, 15 Apr 2000 17:35:59 -0700
Oops...sorry...forgot that bit. :) You do have to patch the bash shell to not allow changes to those vars. I set this up a couple years ago on several boxes I admin and forgot about it. Though, just for safety's sake, I'd suggest you log them to somplace under /var rather than root. Also for consistency.:) ----- Original Message ----- From: Omachonu Ogali <oogali () INTRANOVA NET> To: <VULN-DEV () SECURITYFOCUS COM> Sent: April 15, 2000 16:55 Subject: Re: History Files
1) Apply the following patch to make the history-related variables read-only in a restricted shell. -- snip -- --- shell.c.orig Sat Apr 15 19:44:29 2000 +++ shell.c Sat Apr 15 19:45:03 2000 @@ -1013,2 +1013,5 @@ set_var_read_only ("BASH_ENV"); + set_var_read_only ("HISTFILE"); + set_var_read_only ("HISTFILESIZE"); + set_var_read_only ("HISTSIZE"); restricted++; -- snip -- 2) Recompile and install the new binary. 3) Add the history path to /etc/bashrc resulting in the variable being set globally. HISTFILE=/path/to/wherever/you/want/the/history/for/$USER export HISTFILE 4) Create a symbolic link for a restricted bash shell. ln -s /bin/bash /bin/rbash 5) Change the user's shell to /bin/rbash. usermod -s /bin/rbash username The patch marks three variables (HISTSIZE, HISTFILESIZE, HISTSIZE) as read-only when started as a restricted shell (as rbash or bash -r), so once started, the user shouldn't be able to change the values. And I think that should be it, some things I stated may be incorrect so feel free to flame^H^H^H^H^H reply to me/mailing list with the correction. That patch is for bash 2.03, it's quite simple so if it doesnt work you can implement by hand. P.S. This was a rather sloppy post, forgive me. =] On Sat, 15 Apr 2000, audit wrote:Greeting's, I admin a few Linux servers and have a question about user's
.bash_history
files. The users on the systems keep their history files but I would
like
to have what they type logged to /root/history/$user_history I know that this is not polite on my end or the other co-admin's but we need to know what our users are doing at all times. These are slackware boxes and some RedHat boxes. Thanks--
+-------------------------------------------------------------------------+
| Omachonu Ogali oogali () intranova net
|
| Intranova Networking Group http://tribune.intranova.net
|
| PGP Key ID: 0xBFE60839
|
| PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34
|
+-------------------------------------------------------------------------+
Current thread:
- Re: Controlling a program's resource usage on Unix, (continued)
- Re: Controlling a program's resource usage on Unix Pavel Kankovsky (Apr 18)
- Re: History Files David Taylor (Apr 16)
- Re: History Files Boris Sagadin (Apr 17)
- Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)
- Re: History Files iconoclast (Apr 18)
- Re: History Files Bluefish (Apr 19)
- Re: History Files Dragos Ruiu (Apr 15)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Gert-Jan Hagenaars (Apr 16)
- Re: History Files Bluefish (Apr 17)
- Re: History Files Mark Rafn (Apr 16)
- Alternative to historyfile logging. Joel Eriksson (Apr 17)
- Re: History Files Joel Eriksson (Apr 17)
- Re: History Files spiff (Apr 18)