1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
Add support for logging bash commands via syslog().
Useful for deploying in honeypot environments.
http://bugs.gentoo.org/show_bug.cgi?id=91327
http://www.nardware.co.uk/Security/html/bashlogger.htm
--- bashhist.c
+++ bashhist.c
@@ -705,7 +705,7 @@
{
hist_last_line_added = 1;
hist_last_line_pushed = 0;
- add_history (line);
+ add_history (line, 1);
history_lines_this_session++;
}
--- lib/readline/histexpand.c
+++ lib/readline/histexpand.c
@@ -1222,9 +1222,7 @@
if (only_printing)
{
-#if 0
- add_history (result);
-#endif
+ add_history (result, 1);
return (2);
}
--- lib/readline/histfile.c
+++ lib/readline/histfile.c
@@ -262,7 +262,7 @@
{
if (HIST_TIMESTAMP_START(line_start) == 0)
{
- add_history (line_start);
+ add_history (line_start,0);
if (last_ts)
{
add_history_time (last_ts);
--- lib/readline/history.c
+++ lib/readline/history.c
@@ -31,6 +31,8 @@
#include <stdio.h>
+#include <syslog.h>
+
#if defined (HAVE_STDLIB_H)
# include <stdlib.h>
#else
@@ -246,10 +250,24 @@
/* Place STRING at the end of the history list. The data field
is set to NULL. */
void
-add_history (string)
- const char *string;
+add_history (string, logme)
+ const char *string;
+ int logme; /* 0 means no sending history to syslog */
{
HIST_ENTRY *temp;
+ if (logme) {
+ if (strlen(string)<600) {
+ syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s",
+ getpid(), getuid(), string);
+ }
+ else {
+ char trunc[600];
+ strncpy(trunc,string,sizeof(trunc));
+ trunc[sizeof(trunc)-1]='\0';
+ syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
+ getpid(), getuid(), trunc);
+ }
+ }
if (history_stifled && (history_length == history_max_entries))
{
--- lib/readline/history.h
+++ lib/readline/history.h
@@ -80,7 +80,7 @@
/* Place STRING at the end of the history list.
The associated data field (if any) is set to NULL. */
-extern void add_history PARAMS((const char *));
+extern void add_history PARAMS((const char *, int ));
/* Change the timestamp associated with the most recent history entry to
STRING. */
|