ports/155782: [PATCH] shells/bash3: Add logging user history to syslog

Alexander Kriventsov avk at vl.ru
Tue Mar 22 13:20:01 UTC 2011


>Number:         155782
>Category:       ports
>Synopsis:       [PATCH] shells/bash3: Add logging user history to syslog
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 22 13:20:00 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Kriventsov
>Release:        8.1-RELEASE
>Organization:
Hosting Community
>Environment:
FreeBSD localhost 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Aug  2 02:56:18 UTC 2010     root at localhost:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Add logging user history to syslog
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- shells/bash3/Makefile	2011-03-22 11:45:31.000000000 +0000
+++ shells/bash3/Makefile.orig	2011-03-22 11:42:03.000000000 +0000
@@ -9,7 +9,6 @@
 PORTNAME=		bash
 PATCHLEVEL=		51
 PORTVERSION=		3.2.${PATCHLEVEL:S/^0//g}
-PORTREVISION=		1
 CATEGORIES=		shells
 MASTER_SITES=		${MASTER_SITE_GNU:S/$/:bash/} \
 			ftp://ftp.cwru.edu/pub/%SUBDIR%/:faq
@@ -42,10 +41,6 @@
 EXTRA_PATCHES+=		${PATCHDIR}/xpatch-colonbreakswords
 .endif
 
-.if defined(WITH_BASH_SYSLOG)
-EXTRA_PATCHES+=		${PATCHDIR}/xpatch-bash-3.1-bash-logger
-.endif
-
 MAN1=			bash.1 bashbug.1
 INFO=			bash
 
--- shells/bash3/files/xpatch-bash-3.1-bash-logger	2011-03-22 11:45:44.000000000 +0000
+++ shells/bash3/files/xpatch-bash-3.1-bash-logger	2011-03-22 11:42:49.000000000 +0000
@@ -0,0 +1,89 @@
+Add support for logging bash commands via syslog().
+Useful for deploying in honeypot environments.
+
+http://bugs.gentoo.org/91327
+http://www.nardware.co.uk/Security/html/bashlogger.htm
+
+--- bashhist.c
++++ bashhist.c
+@@ -705,7 +705,7 @@
+ {
+   hist_last_line_added = 1;
+   hist_last_line_pushed = 0;
+-  add_history (line);
++  add_history (line, 1);
+   history_lines_this_session++;
+ }
+ 
+--- lib/readline/histexpand.c
++++ lib/readline/histexpand.c
+@@ -1222,9 +1222,7 @@
+ 
+   if (only_printing)
+     {
+-#if 0
+-      add_history (result);
+-#endif
++      add_history (result, 1);
+       return (2);
+     }
+ 
+--- lib/readline/histfile.c
++++ lib/readline/histfile.c
+@@ -262,7 +262,7 @@
+ 	  {
+ 	    if (HIST_TIMESTAMP_START(line_start) == 0)
+ 	      {
+-		add_history (line_start);
++		add_history (line_start, 0);
+ 		if (last_ts)
+ 		  {
+ 		    add_history_time (last_ts);
+--- lib/readline/history.c
++++ lib/readline/history.c
+@@ -31,6 +31,8 @@
+ 
+ #include <stdio.h>
+ 
++#include <syslog.h>
++
+ #if defined (HAVE_STDLIB_H)
+ #  include <stdlib.h>
+ #else
+@@ -246,10 +250,23 @@
+ /* Place STRING at the end of the history list.  The data field
+    is  set to NULL. */
+ void
+-add_history (string)
+-     const char *string;
++add_history (string, logme)
++     const char *string;
++     int logme; /* 0 means no sending history to syslog */
+ {
+   HIST_ENTRY *temp;
++  if (logme) {
++    char trunc[600]; /* arbitrary max size of 600 bytes */
++    if (strlen(string) < sizeof(trunc)) {
++      syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s",
++        getpid(), getuid(), string);
++    } else {
++      memcpy(trunc, string, sizeof(trunc));
++      trunc[sizeof(trunc) - 1] = '\0';
++      syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
++        getpid(), getuid(), trunc);
++    }
++  }
+ 
+   if (history_stifled && (history_length == history_max_entries))
+     {
+--- lib/readline/history.h
++++ lib/readline/history.h
+@@ -80,7 +80,7 @@
+ 
+ /* Place STRING at the end of the history list.
+    The associated data field (if any) is set to NULL. */
+-extern void add_history PARAMS((const char *));
++extern void add_history PARAMS((const char *, int ));
+ 
+ /* Change the timestamp associated with the most recent history entry to
+    STRING. */


>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list