NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q2

Subject: Re: History Files
From: Omachonu Ogali (oogaliINTRANOVA.NET)
Date: Sat Apr 15 2000 - 18:55:48 CDT

Next message: Tomas Westin: "Re: History Files"
Previous message: audit: "Re: History Files"
In reply to: audit: "History Files"
Next in thread: Corwin J. Grey: "Re: History Files"
Reply: Omachonu Ogali: "Re: History Files"
Reply: Corwin J. Grey: "Re: History Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

1) Apply the following patch to make the history-related variables
read-only in a restricted shell.

   -- snip --
   --- shell.c.orig Sat Apr 15 19:44:29 2000
   +++ shell.c Sat Apr 15 19:45:03 2000
    -1013,2 +1013,5
          set_var_read_only ("BASH_ENV");
   + set_var_read_only ("HISTFILE");
   + set_var_read_only ("HISTFILESIZE");
   + set_var_read_only ("HISTSIZE");
          restricted++;
   -- snip --

2) Recompile and install the new binary.

3) Add the history path to /etc/bashrc resulting in the variable being
set globally.

HISTFILE=/path/to/wherever/you/want/the/history/for/$USER
export HISTFILE

4) Create a symbolic link for a restricted bash shell.
ln -s /bin/bash /bin/rbash

5) Change the user's shell to /bin/rbash.
usermod -s /bin/rbash username

The patch marks three variables (HISTSIZE, HISTFILESIZE, HISTSIZE) as
read-only when started as a restricted shell (as rbash or bash -r), so
once started, the user shouldn't be able to change the values.

And I think that should be it, some things I stated may be incorrect so
feel free to flame^H^H^H^H^H reply to me/mailing list with the correction.

That patch is for bash 2.03, it's quite simple so if it doesnt work you
can implement by hand.

P.S. This was a rather sloppy post, forgive me. =]

On Sat, 15 Apr 2000, audit wrote:

> Greeting's,
>
> I admin a few Linux servers and have a question about user's .bash_history
> files. The users on the systems keep their history files but I would like
> to have what they type logged to /root/history/$user_history
> I know that this is not polite on my end or the other co-admin's but we
> need to know what our users are doing at all times. These are slackware
> boxes and some RedHat boxes.
>
> Thanks
>

--
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogaliintranova.net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+

Next message: Tomas Westin: "Re: History Files"
Previous message: audit: "Re: History Files"
In reply to: audit: "History Files"
Next in thread: Corwin J. Grey: "Re: History Files"
Reply: Omachonu Ogali: "Re: History Files"
Reply: Corwin J. Grey: "Re: History Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]