ports/155782: [PATCH] shells/bash3: Add logging user history to syslog
Alexander Kriventsov
avk at vl.ru
Tue Mar 22 13:20:01 UTC 2011
>Number: 155782
>Category: ports
>Synopsis: [PATCH] shells/bash3: Add logging user history to syslog
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Mar 22 13:20:00 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Alexander Kriventsov
>Release: 8.1-RELEASE
>Organization:
Hosting Community
>Environment:
FreeBSD localhost 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Aug 2 02:56:18 UTC 2010 root at localhost:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Add logging user history to syslog
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- shells/bash3/Makefile 2011-03-22 11:45:31.000000000 +0000
+++ shells/bash3/Makefile.orig 2011-03-22 11:42:03.000000000 +0000
@@ -9,7 +9,6 @@
PORTNAME= bash
PATCHLEVEL= 51
PORTVERSION= 3.2.${PATCHLEVEL:S/^0//g}
-PORTREVISION= 1
CATEGORIES= shells
MASTER_SITES= ${MASTER_SITE_GNU:S/$/:bash/} \
ftp://ftp.cwru.edu/pub/%SUBDIR%/:faq
@@ -42,10 +41,6 @@
EXTRA_PATCHES+= ${PATCHDIR}/xpatch-colonbreakswords
.endif
-.if defined(WITH_BASH_SYSLOG)
-EXTRA_PATCHES+= ${PATCHDIR}/xpatch-bash-3.1-bash-logger
-.endif
-
MAN1= bash.1 bashbug.1
INFO= bash
--- shells/bash3/files/xpatch-bash-3.1-bash-logger 2011-03-22 11:45:44.000000000 +0000
+++ shells/bash3/files/xpatch-bash-3.1-bash-logger 2011-03-22 11:42:49.000000000 +0000
@@ -0,0 +1,89 @@
+Add support for logging bash commands via syslog().
+Useful for deploying in honeypot environments.
+
+http://bugs.gentoo.org/91327
+http://www.nardware.co.uk/Security/html/bashlogger.htm
+
+--- bashhist.c
++++ bashhist.c
+@@ -705,7 +705,7 @@
+ {
+ hist_last_line_added = 1;
+ hist_last_line_pushed = 0;
+- add_history (line);
++ add_history (line, 1);
+ history_lines_this_session++;
+ }
+
+--- lib/readline/histexpand.c
++++ lib/readline/histexpand.c
+@@ -1222,9 +1222,7 @@
+
+ if (only_printing)
+ {
+-#if 0
+- add_history (result);
+-#endif
++ add_history (result, 1);
+ return (2);
+ }
+
+--- lib/readline/histfile.c
++++ lib/readline/histfile.c
+@@ -262,7 +262,7 @@
+ {
+ if (HIST_TIMESTAMP_START(line_start) == 0)
+ {
+- add_history (line_start);
++ add_history (line_start, 0);
+ if (last_ts)
+ {
+ add_history_time (last_ts);
+--- lib/readline/history.c
++++ lib/readline/history.c
+@@ -31,6 +31,8 @@
+
+ #include <stdio.h>
+
++#include <syslog.h>
++
+ #if defined (HAVE_STDLIB_H)
+ # include <stdlib.h>
+ #else
+@@ -246,10 +250,23 @@
+ /* Place STRING at the end of the history list. The data field
+ is set to NULL. */
+ void
+-add_history (string)
+- const char *string;
++add_history (string, logme)
++ const char *string;
++ int logme; /* 0 means no sending history to syslog */
+ {
+ HIST_ENTRY *temp;
++ if (logme) {
++ char trunc[600]; /* arbitrary max size of 600 bytes */
++ if (strlen(string) < sizeof(trunc)) {
++ syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s",
++ getpid(), getuid(), string);
++ } else {
++ memcpy(trunc, string, sizeof(trunc));
++ trunc[sizeof(trunc) - 1] = '\0';
++ syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
++ getpid(), getuid(), trunc);
++ }
++ }
+
+ if (history_stifled && (history_length == history_max_entries))
+ {
+--- lib/readline/history.h
++++ lib/readline/history.h
+@@ -80,7 +80,7 @@
+
+ /* Place STRING at the end of the history list.
+ The associated data field (if any) is set to NULL. */
+-extern void add_history PARAMS((const char *));
++extern void add_history PARAMS((const char *, int ));
+
+ /* Change the timestamp associated with the most recent history entry to
+ STRING. */
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list