this is a very primitive and shamefull question that i have: how do i patch bash? i have bash source, and i am using patch, but either i dont know the syntax, or i dont know what, but i cannot patch bash... and i read patch man pages, and i still dont get it. can someone help me out a bit with this patching bussiness? thanks On Thu, 17 Aug 2000, Sotiris Tsimbonis wrote:
On Wed, 16 Aug 2000, Sridhar wrote:
hi i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
perhaps you will find ojnk's patch for bash stealthy enough.. it's available at http://ojnk.sourceforge.net/ and here's what it says in the readme file:
This patch to bash will:
* Log all user commands to (by default) /var/log/histories/<pw_name> (I chown each user's logfile to them, chmod 200 it and set it append-only)
* Disallows (and logs) execution attempts when: * uid != euid * gid != egid * stdin is a socket (this will break programs such as rsh)
* Implements a high uid and gid such that if the shell is executed with a uid or gid higher than that limit, the shell will close and log the attempt. (I run network daemons with a high gid)
-- _ _ _|_ o._ o _ _)(_) |_ || |_>
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com