summaryrefslogtreecommitdiff
blob: 3bc29daf7552a3a3f5036bf59cee88eec18669ba (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
Add support for logging bash commands via syslog().
Useful for deploying in honeypot environments.

http://bugs.gentoo.org/show_bug.cgi?id=91327
http://www.nardware.co.uk/Security/html/bashlogger.htm

--- bashhist.c
+++ bashhist.c
@@ -705,7 +705,7 @@
 {
   hist_last_line_added = 1;
   hist_last_line_pushed = 0;
-  add_history (line);
+  add_history (line, 1);
   history_lines_this_session++;
 }
 
--- lib/readline/histexpand.c
+++ lib/readline/histexpand.c
@@ -1222,9 +1222,7 @@
 
   if (only_printing)
     {
-#if 0
-      add_history (result);
-#endif
+      add_history (result, 1);
       return (2);
     }
 
--- lib/readline/histfile.c
+++ lib/readline/histfile.c
@@ -262,7 +262,7 @@
 	  {
 	    if (HIST_TIMESTAMP_START(line_start) == 0)
 	      {
-		add_history (line_start);
+		add_history (line_start,0);
 		if (last_ts)
 		  {
 		    add_history_time (last_ts);
--- lib/readline/history.c
+++ lib/readline/history.c
@@ -31,6 +31,8 @@
 
 #include <stdio.h>
 
+#include <syslog.h>
+
 #if defined (HAVE_STDLIB_H)
 #  include <stdlib.h>
 #else
@@ -246,10 +250,24 @@
 /* Place STRING at the end of the history list.  The data field
    is  set to NULL. */
 void
-add_history (string)
-     const char *string;
+add_history (string, logme)
+     const char *string;
+     int logme; /* 0 means no sending history to syslog */
 {
   HIST_ENTRY *temp;
+  if (logme) {
+    if (strlen(string)<600) {
+      syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s",
+        getpid(), getuid(), string);
+    }
+    else {
+      char trunc[600];
+      strncpy(trunc,string,sizeof(trunc));
+      trunc[sizeof(trunc)-1]='\0';
+      syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
+          getpid(), getuid(), trunc);
+    }
+  }
 
   if (history_stifled && (history_length == history_max_entries))
     {
--- lib/readline/history.h
+++ lib/readline/history.h
@@ -80,7 +80,7 @@
 
 /* Place STRING at the end of the history list.
    The associated data field (if any) is set to NULL. */
-extern void add_history PARAMS((const char *));
+extern void add_history PARAMS((const char *, int ));
 
 /* Change the timestamp associated with the most recent history entry to
    STRING. */